mystiatech/Mai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
543fe75150283a9a2efb08e591856603cc02764e
Mai/.planning/phases/02-safety-sandboxing/02-02-PLAN.md
Mai Development f7d263e173
Some checks failed
Discord Webhook / git (push) Has been cancelled
Details
docs(02): create phase plan 
Phase 02: Safety & Sandboxing
- 4 plans in 3 waves
- Security assessment, sandbox execution, audit logging, integration
- Wave 1 parallel: assessment (02-01) + sandbox (02-02)
- Wave 2: audit logging (02-03)
- Wave 3: integration (02-04)
- Ready for execution
2026-01-27 14:28:35 -05:00

106 lines
4.8 KiB
Markdown
Raw Blame History

---
phase: 02-safety-sandboxing
plan: 02
type: execute
wave: 1
depends_on: []
files_modified: [src/sandbox/__init__.py, src/sandbox/executor.py, src/sandbox/container_manager.py, config/sandbox.yaml]
autonomous: true
must_haves:
truths:
- "Code executes in isolated Docker containers"
- "Containers have configurable resource limits enforced"
- "Filesystem is read-only where possible for security"
- "Network access is restricted to dependency fetching only"
artifacts:
- path: "src/sandbox/executor.py"
provides: "Sandbox execution interface"
min_lines: 50
- path: "src/sandbox/container_manager.py"
provides: "Docker container lifecycle management"
min_lines: 40
- path: "config/sandbox.yaml"
provides: "Container security policies"
contains: "cpu_count, mem_limit, timeout"
key_links:
- from: "src/sandbox/executor.py"
to: "Docker Python SDK"
via: "docker.from_env()"
pattern: "docker.*from_env"
- from: "src/sandbox/container_manager.py"
to: "Docker daemon"
via: "container.run"
pattern: "containers.run.*mem_limit"
- from: "config/sandbox.yaml"
to: "container security"
via: "read-only filesystem"
pattern: "read_only.*true"
---
<objective>
Create secure Docker sandbox execution environment with resource limits and security hardening.
Purpose: Isolate generated code execution using Docker containers with strict resource controls, read-only filesystems, and network restrictions as defined in CONTEXT.md.
Output: Working sandbox executor that can run Python code securely with real-time resource monitoring.
</objective>
<execution_context>
@~/.opencode/get-shit-done/workflows/execute-plan.md
@~/.opencode/get-shit-done/templates/summary.md
</execution_context>
<context>
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md
# Research references
@.planning/phases/02-safety-sandboxing/02-RESEARCH.md
</context>
<tasks>
<task type="auto">
<name>Task 1: Create Docker sandbox manager</name>
<files>src/sandbox/__init__.py, src/sandbox/container_manager.py</files>
<action>Create ContainerManager class using Docker Python SDK. Implement create_container(image, runtime_configs) method with security hardening: --cap-drop=ALL, --no-new-privileges, non-root user, read-only filesystem where possible. Support network_mode='none' for no network access and network whitelist for read-only internet access. Include cleanup methods for container isolation.</action>
<verify>python -c "from src.sandbox.container_manager import ContainerManager; print('ContainerManager imported successfully')"</verify>
<done>ContainerManager creates secure containers with proper isolation, resource limits, and cleanup</done>
</task>
<task type="auto">
<name>Task 2: Implement sandbox execution interface</name>
<files>src/sandbox/executor.py, config/sandbox.yaml</files>
<action>Create SandboxExecutor class that uses ContainerManager to run Python code. Execute code in isolated containers with configurable limits from config/sandbox.yaml (2 CPU cores, 1GB RAM, 2 minute timeout for trusted code). Implement real-time resource monitoring using docker.stats(). Handle execution timeouts, resource violations, and return results with security metadata.</action>
<verify>python -c "from src.sandbox.executor import SandboxExecutor; print('SandboxExecutor imported successfully')"</verify>
<done>SandboxExecutor can execute Python code securely with resource limits and monitoring</done>
</task>
<task type="auto">
<name>Task 3: Configure sandbox policies</name>
<files>config/sandbox.yaml</files>
<action>Create config/sandbox.yaml with sandbox policies matching CONTEXT.md decisions: resource quotas (cpu_count: 2, mem_limit: "1g", timeout: 120), security settings (security_opt: ["no-new-privileges"], cap_drop: ["ALL"], read_only: true), and network policies (network_mode: "none" with whitelist for dependency access). Include dynamic allocation rules based on trust level.</action>
<verify>python -c "import yaml; print('Config loads:', yaml.safe_load(open('config/sandbox.yaml'))')"</verify>
<done>Configuration defines sandbox security policies, resource limits, and network restrictions</done>
</task>
</tasks>
<verification>
- ContainerManager creates Docker containers with proper security hardening
- SandboxExecutor can execute Python code in isolated containers
- Resource limits are enforced (CPU, memory, timeout, PIDs)
- Network access is properly restricted
- Container cleanup happens after execution
- Real-time resource monitoring works
</verification>
<success_criteria>
Docker sandbox execution environment ready with configurable resource limits, security hardening, and real-time monitoring for safe code execution.
</success_criteria>
<output>
After completion, create `.planning/phases/02-safety-sandboxing/02-02-SUMMARY.md`
</output>
Reference in New Issue View Git Blame Copy Permalink