---
phase: 02-safety-sandboxing
plan: 02
type: execute
wave: 1
depends_on: []
files_modified: [src/sandbox/__init__.py, src/sandbox/executor.py, src/sandbox/container_manager.py, config/sandbox.yaml]
autonomous: true

must_haves:
  truths:
    - "Code executes in isolated Docker containers"
    - "Containers have configurable resource limits enforced"
    - "Filesystem is read-only where possible for security"
    - "Network access is restricted to dependency fetching only"
  artifacts:
    - path: "src/sandbox/executor.py"
      provides: "Sandbox execution interface"
      min_lines: 50
    - path: "src/sandbox/container_manager.py"
      provides: "Docker container lifecycle management"
      min_lines: 40
    - path: "config/sandbox.yaml"
      provides: "Container security policies"
      contains: "cpu_count, mem_limit, timeout"
  key_links:
    - from: "src/sandbox/executor.py"
      to: "Docker Python SDK"
      via: "docker.from_env()"
      pattern: "docker.*from_env"
    - from: "src/sandbox/container_manager.py"
      to: "Docker daemon"
      via: "container.run"
      pattern: "containers.run.*mem_limit"
    - from: "config/sandbox.yaml"
      to: "container security"
      via: "read-only filesystem"
      pattern: "read_only.*true"
---

<objective>
Create secure Docker sandbox execution environment with resource limits and security hardening.

Purpose: Isolate generated code execution using Docker containers with strict resource controls, read-only filesystems, and network restrictions as defined in CONTEXT.md.
Output: Working sandbox executor that can run Python code securely with real-time resource monitoring.
</objective>

<execution_context>
@~/.opencode/get-shit-done/workflows/execute-plan.md
@~/.opencode/get-shit-done/templates/summary.md
</execution_context>

<context>
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md

# Research references
@.planning/phases/02-safety-sandboxing/02-RESEARCH.md
</context>

<tasks>

<task type="auto">
  <name>Task 1: Create Docker sandbox manager</name>
  <files>src/sandbox/__init__.py, src/sandbox/container_manager.py</files>
  <action>Create ContainerManager class using Docker Python SDK. Implement create_container(image, runtime_configs) method with security hardening: --cap-drop=ALL, --no-new-privileges, non-root user, read-only filesystem where possible. Support network_mode='none' for no network access and network whitelist for read-only internet access. Include cleanup methods for container isolation.</action>
  <verify>python -c "from src.sandbox.container_manager import ContainerManager; print('ContainerManager imported successfully')"</verify>
  <done>ContainerManager creates secure containers with proper isolation, resource limits, and cleanup</done>
</task>

<task type="auto">
  <name>Task 2: Implement sandbox execution interface</name>
  <files>src/sandbox/executor.py, config/sandbox.yaml</files>
  <action>Create SandboxExecutor class that uses ContainerManager to run Python code. Execute code in isolated containers with configurable limits from config/sandbox.yaml (2 CPU cores, 1GB RAM, 2 minute timeout for trusted code). Implement real-time resource monitoring using docker.stats(). Handle execution timeouts, resource violations, and return results with security metadata.</action>
  <verify>python -c "from src.sandbox.executor import SandboxExecutor; print('SandboxExecutor imported successfully')"</verify>
  <done>SandboxExecutor can execute Python code securely with resource limits and monitoring</done>
</task>

<task type="auto">
  <name>Task 3: Configure sandbox policies</name>
  <files>config/sandbox.yaml</files>
  <action>Create config/sandbox.yaml with sandbox policies matching CONTEXT.md decisions: resource quotas (cpu_count: 2, mem_limit: "1g", timeout: 120), security settings (security_opt: ["no-new-privileges"], cap_drop: ["ALL"], read_only: true), and network policies (network_mode: "none" with whitelist for dependency access). Include dynamic allocation rules based on trust level.</action>
  <verify>python -c "import yaml; print('Config loads:', yaml.safe_load(open('config/sandbox.yaml'))')"</verify>
  <done>Configuration defines sandbox security policies, resource limits, and network restrictions</done>
</task>

</tasks>

<verification>
- ContainerManager creates Docker containers with proper security hardening
- SandboxExecutor can execute Python code in isolated containers
- Resource limits are enforced (CPU, memory, timeout, PIDs)
- Network access is properly restricted
- Container cleanup happens after execution
- Real-time resource monitoring works

</verification>

<success_criteria>
Docker sandbox execution environment ready with configurable resource limits, security hardening, and real-time monitoring for safe code execution.
</success_criteria>

<output>
After completion, create `.planning/phases/02-safety-sandboxing/02-02-SUMMARY.md`
</output>