/tag/sandbox

1.卸载用微软商店安装的PowerShell，使用WinGet安装PowerShell 2.将Codex配置文件sandbox = "elevated"改成sandbox = “unelevated” 1 个帖子 - 1 位参与者 阅读完整话题

model = “gpt-5.5” model_provider = “cpa” sandbox_mode = “danger-full-access” [model_providers.cpa] name = “CPA号池” base_url = “ http://6X.XX.XXX.XX:8317/v1 ” wire_api = “chat” experimental_bearer_token = “sk-XXXXXXXXXXXXX” requires_openai_auth = true [windows] sandbox = “unelevated” [projects.‘c:\users\ky\documents\new project’] trust_level = “trusted” 有没有佬帮忙看看为什么同样的config配置，这台电脑怎么调都是这个报错呀，同样的配置其他电脑能正常对话，这台电脑上始终报这个错误，发送到cpa的请求也是报同样的 (“'detail”:“Bad Request”} 1 个帖子 - 1 位参与者 阅读完整话题

每次使用Codex不管是在客户端还是VSCode里面都会出现这一段，他说总是被拦住，但是会找别的办法继续做，不过我希望能直接点，问下佬们这个怎么解决？ 4 个帖子 - 2 位参与者 阅读完整话题

目前公司想做简单的开发自动化，短时间落地，这套方案可以落地不？配合公司自己的 skill 库、prompt 库。 流程如下： 需求/Issue → 任务拆分 → 创建 Git Worktree → 启动 Sandbox 容器 → Codex CLI 修改代码 → 自动编译/测试 → Reviewer 审核 → 自动创建 PR → 合并发布 有看过 langchain 这些 agent 开发，觉得短时间难上手，大佬们有什么更好的方法么？

目前公司想做简单的开发自动化，短时间落地，这套方案可以落地不？配合公司自己的 skill 库、prompt 库。 流程如下： 需求/Issue → 任务拆分 → 创建 Git Worktree → 启动 Sandbox 容器 → Codex CLI 修改代码 → 自动编译/测试 → Reviewer 审核 → 自动创建 PR → 合并发布 有看过 langchain 这些 agent 开发，觉得短时间难上手，大佬们有什么更好的方法么？

用codex和opencode开发了一个redmine的插件 codex各种提问，报错要求不在sandbox里面跑。代码倒是写完就成功了。 opencode基本一次写完，就是代码有点问题，告诉他没有成功后自己修复了。 codex用的gpt5.5 opencode用的deepseek4 free. 4 个帖子 - 3 位参与者 阅读完整话题

无意中看到腾讯Cube Sandbox以及之前A÷发的blog，就在线能不能自己构建几个云端的agent给hermes或者claude code调用 项目地址： https://github.com/TencentCloud/CubeSandbox 1 个帖子 - 1 位参与者 阅读完整话题

BleepingComputer Critical vm2 sandbox bug lets attackers execute code on hosts A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [!quote]+ 该安全问题被追踪为 CVE-2026-26956，已确认会影响 vm2 3.10.4 版，但早期版本也可能存在漏洞。已发布概念验证 (PoC) 漏洞利用代码。 维护者在安全公告中称，该问题只影响已启用 WebAssembly 异常处理和 JSTag 支持的 Node.js 25 环境（已在 Node.js 25.6.1 上确认）。 vm2 是一个开源 Node.js 库，用于在受限沙箱环境中运行不受信任的 JavaScript 代码。在线编码平台、自动化工具和 SaaS 应用程序通常使用它来执行用户提供的脚本。 该库试图将沙盒代码与主机系统隔离，并阻止对进程和文件系统等敏感 Node.js API 的访问。 CVE-2026-26956 源自该库对沙盒环境和主机之间交叉异常的错误处理。 该公告解释说，vm2 通常依赖 JavaScript 级保护措施来防止基于主机的错误，并依赖桥接代理来封装跨上下文对象，两者都完全在 JavaScript 中运行。 不过，WebAssembly 异常处理可以在 Google V8 引擎内部的较低层次拦截 JavaScript 错误，从而绕过 vm2 基于 JavaScript 的安全防御。 通过使用符号到字符串的转换触发特制的 TypeError，攻击者可导致主机端错误对象未经 vm2 净化而泄漏回沙箱。 由于泄漏的对象来自主机环境，攻击者可以滥用其构造函数链，重新获得对 Node.js 内部（如进程对象）的访问权限，最终允许在主机系统上执行任意命令。 维护者的安全公告还包括一个 PoC 漏洞利用程序，演示了在主机上远程执行代码的过程。 建议 vm2 用户尽快升级到 3.10.5 或更高版本（最新版本为 3.11.2），以降低 CVE-2026-26956 被利用的风险。 6 个帖子 - 4 位参与者 阅读完整话题

github.com GitHub - mksglu/context-mode: Context window optimization for AI coding agents.... Context window optimization for AI coding agents. Sandboxes tool output, 98% reduction. 14 platforms 有使用这个项目大佬请教下，这个都有噪音或者精度丢失吗 ？体验结果怎么样？期待大佬指导 1 个帖子 - 1 位参与者 阅读完整话题

github.com/vmoranv/jshookmcp fix: harden webcrack sandbox, block path traversal, expand deob foundation (#27) master ← hmkklol:pr1/foundation-security-fixes 已打开 11:20PM - 24 Apr 26 UTC hmkklol +4787 -1937 ## What Resubmitting the deobfuscation expansion in smaller PRs after the origi … nal got auto-closed for hitting the 150k diff char limit. Also rolls in the four issues Gemini Code Assist flagged on the original. This is PR 1/5: webcrack hardening + shared config/utils. The rest follow. ## The fixes **Sandbox escape via `node:vm` fallback** (`webcrack.ts`) We were falling back to `node:vm.createContext()` when `isolated-vm` wasn't available. That's not a sandbox — `this.constructor.constructor('return process')()` walks straight out. Killed the fallback. If `isolated-vm` is missing we log a warning and pass `sandbox: false` so webcrack skips eval-based string-array decoding. Don't process untrusted samples without isolated-vm installed. **Path traversal in `outputDir`** (`webcrack.ts`) `path.resolve(outputDir)` followed by `rm(savedTo, { recursive: true, force: true })` was effectively `rm -rf` on attacker-controlled input. Added a containment check (`startsWith(cwd + sep)`) plus a `realpath()` pass so a symlinked outputDir pointing outside cwd gets rejected. Non-existent paths are fine — there's nothing to symlink yet. ## What else is in here - `DeobfuscationConfig` — shared constants, timeout guards, input size limits - `DeobfuscationPipeline` — base pipeline orchestration - `ProApiClient` — JavaScript Obfuscator Pro API integration - Refreshed types, utils, config, logger, and CI workflow - Updated README with new deobfuscation capabilities ## Test plan - [ ] webcrack runs with `isolated-vm` installed and uses it - [ ] webcrack runs without `isolated-vm` and warns instead of falling back to vm - [ ] outputDir of `../foo` rejected - [ ] outputDir of `/etc/foo` rejected - [ ] outputDir that resolves through a symlink outside cwd rejected - [ ] outputDir inside cwd succeeds and saves artifacts - [ ] vitest green, oxlint clean Closes the four findings from the original PR's review thread. ## Summary by Sourcery Harden webcrack sandboxing and HTTP health endpoint, introduce a structured deobfuscation pipeline with optional Obfuscator.io Pro API integration, and tighten configuration, logging, and filesystem security across the project. New Features: - Add a configurable deobfuscation pipeline that chains unpacking, AST-based cleanup, and webcrack, with detailed step tracking and readability scoring. - Integrate optional Obfuscator.io Pro API support via ProApiClient, including CLI flags and env-based configuration for Pro features. - Extend deobfuscation capabilities with detection/handling of additional obfuscation types (e.g., base64/hex encoding, JSFuck, jsdecode, proxy/with obfuscation) and richer AST optimizations. - Add secure file utilities and logger file output support for writing logs and cache data with restrictive permissions. - Expose new validation config surface for runtime and transport tuning, including structured env validation and failure on invalid configuration. Bug Fixes: - Remove insecure node:vm fallback from webcrack sandbox usage and add path traversal/symlink escape protections for output directories. - Prevent HTTP health endpoint from leaking token budget details and gate verbose output behind auth and a query flag. - Handle malformed URLEncoding more safely in deobfuscation by downgrading specific URI errors to warnings instead of generic failures. Enhancements: - Broaden bundle support in webcrack and deobfuscation types to include vite, rollup, parcel and generic bundle identifiers. - Strengthen deobfuscator error reporting with structured JSON error payloads from AST and VM deobfuscation failures. - Improve config validation with stricter schemas for URLs, ports, API keys, numeric ranges, and path safety, and fail fast on invalid env. - Refine obfuscation detection and readability scoring heuristics for more nuanced analysis of input code. - Allow deobfuscators that use ExecutionSandbox to accept an injected sandbox instance for better testability and reuse. - Enhance HTTP transport with centralized security headers (except for health checks) and a slightly expanded health handler interface. - Update logger to support levelled file logging while redacting sensitive values and preserving MCP stdout semantics. Build: - Adjust dependencies to add deobfuscation-related tooling (AST, HTTP, DB, rate limiting) and dev utilities like nodemon, while updating some existing versions. CI: - Extend CI workflow with a security audit step using pnpm audit before running tests and linters. Documentation: - Document CLI and environment configuration for Obfuscator.io Pro API usage in the README, including examples for tokens and versions. Tests: - Add and update tests for config validation, logger file output, webcrack path handling, new obfuscation detectors, VM deobfuscator behavior, and Pro API client integration paths to keep coverage over new functionality. 不想多说啥了整个项目一窍不通提的pr比整个src都大回复我的评论也是纯ai写的 还有这个plan都没打勾你没看过吗 同样5个push全都是force-push我问问了lefthook我就是强制配置所有测试都要通过的覆盖率得达标才可以push非要强制push是连test都过不了吗 还有联系方式啥都能写是吧欢迎打爆7/24小时available的+1 (555) 123-4567 2 个帖子 - 2 位参与者 阅读完整话题

最近研究Hermes，但是老是比较害怕被删文件，而且服务器上面还部署了其他项目，虽然给它设置了一些常见的危害指令和提示词黑名单，但还是感觉不保险 1 个帖子 - 1 位参与者 阅读完整话题

36氪获悉，阿里云发布容器计算服务 ACS Agent Sandbox（default 算力质量）降价通告，将于北京时间2026年6月15日12点起对该算力进行价格下调。本次降价调整仅涉及 ACS Agent Sandbox（default算力质量），其他算力如ACS通用型（default、best-effort算力质量）、ACS性能型（default、best-effort算力质量）价格不变。

AI云基础设施提供商CoreWeave宣布正式推出Sandboxes服务，为AI研究人员和平台团队提供安全、隔离的执行环境，用于运行强化学习、智能体工具调用和模型评估等工作负载。（新浪���经）

36氪获悉，今天，腾讯云宣布正式开源Cube Sandbox。这是一套面向AI Agent的执行环境底座，也是业内首个兼顾硬件级隔离与亚百毫秒启动的开源沙箱服务���据介绍，Cube Sandbox对E2B接口的兼容是Drop-in级别的——无论基于Manus技术栈、OpenAI Agents SDK，还是其他E2B生态框架构建的Agent应用，都可以在不修改业务代码的前提下，直接指向Cube完成运行。