fix(sandbox): use custom timeoutSeconds from SandboxConfig#3198
fix(sandbox): use custom timeoutSeconds from SandboxConfig#3198jlaportebot wants to merge 1 commit into
Conversation
- Store SandboxConfig per session in createSession() - Use timeoutSeconds in executeCode() with SIGKILL enforcement - Add --kill-after=5s backstop and validate timeoutSeconds >= 1 - Handle both SIGTERM (124) and SIGKILL (137) exit codes as timeout - Clean up configs map in destroySession()
🤖 AI Agent: security-scanner — Security Review
Security Review
|
🤖 AI Agent: breaking-change-detector — API Compatibility
API Compatibility
|
🤖 AI Agent: docs-sync-checker — Docs Sync
Docs Sync
|
🤖 AI Agent: test-generator — `agent-governance-typescript/src/sandbox.ts`
|
🤖 AI Agent: code-reviewer — View details
TL;DR: 1 blocker, 1 warning. The PR addresses a critical security issue but has a potential validation gap and a minor improvement opportunity.
Action items:
Warnings (fine as follow-up PRs):
|
PR Review Summary
Verdict: AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims. |
|
🔴 Contributor Check: HIGH
Automated check by AGT Contributor Check. |
Summary
Fixes issue #3118: TypeScript Docker sandbox ignores custom timeoutSeconds.
Changes
Test Plan
This is a security fix — SIGTERM can be caught/ignored by sandboxed code via , but SIGKILL cannot be caught.