OpenShell sandbox uploads entire workdir — causes 20+ min hang #31
Description
Description
When AI_SDLC_SANDBOX_PROVIDER=openshell is set, executePipeline() calls sandbox.isolate() which runs:
openshell sandbox create --name ... --policy ... --keep -- sleep infinity
openshell sandbox upload <sandbox-name> <workDir> /sandbox/workdir
The sandbox upload step copies the entire monorepo (including node_modules/, .git/, dist/) into the OpenShell sandbox, which takes 20+ minutes and produces zero output — making it look like the pipeline is hanging.
Root Cause
reference/src/security/openshell-sandbox.ts lines 126-128 unconditionally upload config.workDir into the sandbox.
Proposed Fix
Option A: Don't upload workdir — use OpenShell's process-level isolation (Landlock, seccomp) without filesystem isolation. The agent runs on the host filesystem but with restricted syscalls and network.
Option B: Use bind mounts instead of upload — mount the workdir read-write into the sandbox namespace.
Option C: Upload only essential files (exclude node_modules/, .git/, dist/).
Complexity
4
Impact
Disabled OpenShell in CI workflow. Pipeline falls back to stub sandbox (no isolation).