Harden launcher overrides and fix opencode backend regressions
- remove codex auth mounts from opencode run/shell paths - reject opencode login and invalid backend values - harden opencode config writes against symlink clobbering - fix opencode build args and packages_extra handling - enforce cap-drop and read-only rootfs in runtime commands - reject dangerous runtime/build env overrides - update README and test docs to match actual behavior - extend regression coverage for backend safety and hardening
This commit is contained in:
Samuel Aubertin
@@ -1,4 +1,4 @@
|
||||
name=opencode-build
|
||||
packages_extra=
|
||||
packages_extra=htop
|
||||
agent=opencode
|
||||
allow_host_network=false
|
||||
|
||||
Reference in New Issue
Block a user