Polymcp

The project demonstrates a strong commitment to security, particularly with its `DockerSandboxExecutor` which provides robust isolation, resource limits, and network/filesystem restrictions for untrusted code execution. For in-process code execution (`SandboxExecutor`), it employs a `vm2` sandbox with explicit blocking of dangerous patterns (`require`, `fs`, `eval`). File operations (`readFile`, `writeFile`, `listDirectory`) are protected against directory traversal by validating paths against the current working directory. The `shellCommand` tool also includes explicit blocking of high-risk commands (`rm -rf`, `sudo`, `|`, `>`). While `vm2` and shell command execution carry inherent risks (and `vm2` has had vulnerabilities in the past), the extensive mitigations, including logging redaction, tool allow/denylists, and budget controls in `UnifiedPolyAgent`, demonstrate a multi-layered security approach. Examples for hardcoded secrets (`JWT_SECRET`, `API_KEY`) are clearly marked for production changes.