Samuel Aubertin e7112db3d7 Harden launcher overrides and fix opencode backend regressions ...

- remove codex auth mounts from opencode run/shell paths
  - reject opencode login and invalid backend values
  - harden opencode config writes against symlink clobbering
  - fix opencode build args and packages_extra handling
  - enforce cap-drop and read-only rootfs in runtime commands
  - reject dangerous runtime/build env overrides
  - update README and test docs to match actual behavior
  - extend regression coverage for backend safety and hardening

2026-04-16 18:17:17 +02:00

172 B

Raw Blame History

View Raw