Skip to content

ci: stabilize optional Docker workbench smoke#425

Merged
vibeforge1111 merged 2 commits into
masterfrom
security/fix-optional-docker-workbench-smoke
May 27, 2026
Merged

ci: stabilize optional Docker workbench smoke#425
vibeforge1111 merged 2 commits into
masterfrom
security/fix-optional-docker-workbench-smoke

Conversation

@vibeforge1111

@vibeforge1111 vibeforge1111 commented May 27, 2026

Copy link
Copy Markdown
Owner

Summary

  • keep optional Docker dev smoke bounded to Docker/access/entrypoint checks plus CLI help
  • align the optional sandbox workflow tmpfs ownership with the local sandbox wrappers
  • document the bounded dev lane and add regression coverage for both defaults

Proof

  • python -m pytest tests/test_access.py tests/test_docker_entrypoint.py -q
  • python -m pytest -q
  • git diff --check

Security

  • no participant PR code was run on the publishing machine
  • Docker remains optional/manual and no secrets are mounted
  • sandbox lane keeps network off, read-only root, no-new-privileges, and no Linux capabilities

@vibeforge1111 vibeforge1111 merged commit 0134443 into master May 27, 2026
9 checks passed
@vibeforge1111 vibeforge1111 deleted the security/fix-optional-docker-workbench-smoke branch May 27, 2026 14:45
@Ra229287 Ra229287 mentioned this pull request Jun 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vibeforge1111