feat: E2E Docker testing + CLI tool sandbox test audit#14
Merged
NathanFlurry merged 9 commits intomainfrom Mar 19, 2026
Merged
Conversation
…erfile Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ol sandbox tests PRD Archive completed e2e-docker-testing and kernel-hardening PRDs. New PRD targets rewriting all 6 cli-tools tests to run through the secure-exec sandbox instead of bypassing it on the host. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
secure-exec
@secure-exec/browser
@secure-exec/core
@secure-exec/node
@secure-exec/python
@secure-exec/typescript
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
netis implemented.cli-tools/test files (Pi, Claude Code, OpenCode — headless + interactive) completely bypass the secure-exec sandbox, spawning tools directly on the host. New PRD (ralph/cli-tool-sandbox-tests) tracks rewriting them to run through the sandbox properly.What was added
docs-internal/specs/docker-testing.md— full spec for Docker-backed e2e testingpackages/secure-exec/tests/e2e-docker.test.ts— test runner with container lifecyclepg-connect,mysql2-connect,ioredis-connect,ssh2-connect,ssh2-sftp-transferpackages/secure-exec/tests/e2e-docker/dockerfiles/sshd.Dockerfile— custom SSH test imagepackages/secure-exec/tests/utils/docker.ts—buildImage()helper.github/workflows/e2e-docker.yml— CI workflow with GitHub Actions servicesCLI tool sandbox test findings
pi-headless.test.tsspawn(node, [pi-cli])pi-interactive.test.tsscript -qefcopencode-headless.test.tsspawn('opencode')+ host SDK clientopencode-interactive.test.tsscript -qefcclaude-headless.test.tsspawn(claude)claude-interactive.test.tsscript -qefcAll other tests (test-suite, runtime-driver, project-matrix, etc.) are clean — they properly use
NodeRuntime/proc.exec().Test plan
skipUnlessDocker())net.*errors (net bridge deferred)🤖 Generated with Claude Code