[pitboss] phase 03: M3 — Docker backend + sandbox-escape regression suite

2026-06-09 19:45:13 +02:00 · 2026-05-12 00:05:11 -04:00 · 2026-05-12 00:05:11 -04:00 · a8b9dcd72b
commit a8b9dcd72b
parent 3a4f1b177b
36 changed files with 1778 additions and 27 deletions
--- a/src/utils/config.rs
+++ b/src/utils/config.rs
@ -258,6 +258,14 @@ pub struct ScannerConfig {
    /// receives `verify: true`.
    #[serde(default)]
    pub verify: bool,
+
+    /// Sandbox backend for dynamic verification.
+    ///
+    /// `"auto"` (default): docker when available, else process.
+    /// `"docker"`: require docker; fail if unavailable.
+    /// `"process"`: in-process runner (same as `--unsafe-sandbox`).
+    #[serde(default)]
+    pub verify_backend: String,
 }
 impl Default for ScannerConfig {
    fn default() -> Self {
@ -296,6 +304,7 @@ impl Default for ScannerConfig {
            enable_panic_recovery: false,
            enable_auth_as_taint: false,
            verify: false,
+            verify_backend: "auto".to_owned(),
        }
    }
 }