Skip to content

fix(js): update exec security test for sandbox-safe exec behavior#851

Merged
chaliy merged 1 commit intomainfrom
claude/fix-ci-main-3qztA
Mar 26, 2026
Merged

fix(js): update exec security test for sandbox-safe exec behavior#851
chaliy merged 1 commit intomainfrom
claude/fix-ci-main-3qztA

Conversation

@chaliy
Copy link
Copy Markdown
Contributor

@chaliy chaliy commented Mar 26, 2026

Summary

  • Fix JS CI failure on main caused by stale security test
  • PR feat(interpreter): exec with command argument — execute and don't return #815 changed exec cmd to run within VFS sandbox instead of blocking
  • The Rust threat model tests were updated but the JS security test was not
  • exec ls now succeeds (exit 0) since ls is a valid builtin in the sandbox
  • Changed test to use exec /bin/bash which correctly fails (external binary not in VFS)

Test plan

  • All 321 JS tests pass (including updated security test)
  • All JS examples pass (bash_basics, data_pipeline, llm_tool, langchain_integration)
  • All Rust tests pass (cargo test --all-features)
  • cargo fmt --check and cargo clippy clean

@chaliy
fix(js): update exec security test for sandbox-safe exec behavior
03ec201 
PR #815 made `exec cmd` run within VFS sandbox instead of blocking.
The JS security test still expected `exec ls` to fail, but `ls` is a
builtin that succeeds in the sandbox. Changed to test `exec /bin/bash`
which correctly fails (external binary not in VFS).
@chaliy chaliy merged commit 461f29b into main Mar 26, 2026
16 checks passed
@chaliy chaliy deleted the claude/fix-ci-main-3qztA branch March 26, 2026 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chaliy