Add comprehensive security review documentation

[A5HW1NR]

Summary

This PR adds a comprehensive security review document (docs/security-review.md) that audits the OpenSandbox codebase across all components (Python/FastAPI server, Go execd, egress, and ingress). The review identifies 14 security findings across critical, high, medium, and low severity levels, along with detailed remediation recommendations and architectural designs for future security features.

The document serves as:

• A baseline security posture assessment for the project
• Actionable guidance for addressing identified vulnerabilities before production deployment
• Reference designs for implementing multi-agent communication channels, observability, kill switches, and audit logging

Key Findings

Critical Issues (2):

• C-1: No authentication by default when API keys are commented out in example config
• C-2: Wildcard CORS with allow_credentials=True creates a security contradiction

High Issues (3):

• H-1: Proxy routes bypass API key authentication entirely
• H-2: execd token comparison uses non-constant-time string comparison (timing side-channel)
• H-3: Unrestricted filesystem access in execd HTTP API

Medium Issues (6):

• M-1 through M-6: Label injection, env var sanitization, missing body size limits, no rate limiting, registry probing, and TOCTOU race in port allocation

Low Issues (3):

• L-1 through L-3: Sensitive data in error responses, f-string logging, and unquoted Content-Disposition headers

Architecture Designs Included

The document proposes three tiered designs for each of:

1. Multi-agent communication channels (label-gated, message bus, mTLS)
2. Traffic observability (DNS correlation, eBPF, execd audit stream)
3. Kill switches for agent termination (label-based, circuit breaker, Kubernetes namespace)
4. Structured logging recommendations with a unified schema across all components

Testing

• Not run — This is documentation only; no code changes to test

Breaking Changes

• None — This is a new documentation file with no impact on existing functionality

Checklist

• Linked Issue or clearly described motivation — Security review of full codebase before production
• Added/updated docs (if needed) — Added comprehensive security review document
• Added/updated tests (if needed) — N/A (documentation)
• Security impact considered — This entire document is a security assessment
• Backward compatibility considered — N/A (documentation only)

https://claude.ai/code/session_013xUrJ15HtXmpD88NHEZAiF

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}