security: tighten Docker isolation and subprocess env

- Pin @playwright/mcp to 0.0.68 instead of @latest to prevent supply chain risk
- Restrict MCP subprocess env to allowlist (PATH, HOME, NODE_PATH, DISPLAY, XDG_*) instead of spreading process.env
- Add path traversal guard to @include() directive in prompt templates
- Bind all Docker ports to 127.0.0.1 to prevent network exposure
- Remove ipc: host — shm_size: 2gb already covers Chromium shared memory needs
- Add prompt injection disclaimer for untrusted repositories to README
This commit is contained in:
ajmallesh
2026-03-06 17:06:07 -08:00
parent 01165382ed
commit 023cc953db
4 changed files with 45 additions and 14 deletions
+3 -4
View File
@@ -3,8 +3,8 @@ services:
image: temporalio/temporal:latest
command: ["server", "start-dev", "--db-filename", "/home/temporal/temporal.db", "--ip", "0.0.0.0"]
ports:
- "7233:7233" # gRPC
- "8233:8233" # Web UI (built-in)
- "127.0.0.1:7233:7233" # gRPC
- "127.0.0.1:8233:8233" # Web UI (built-in)
volumes:
- temporal-data:/home/temporal
healthcheck:
@@ -47,7 +47,6 @@ services:
- ./repos:/repos
- ${BENCHMARKS_BASE:-.}:/benchmarks
shm_size: 2gb
ipc: host
security_opt:
- seccomp:unconfined
@@ -63,7 +62,7 @@ services:
envsubst < /config/router-config.json > /root/.claude-code-router/config.json &&
ccr start"
ports:
- "3456:3456"
- "127.0.0.1:3456:3456"
volumes:
- ./configs/router-config.json:/config/router-config.json:ro
environment: