You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduce a three-way isolation mode (docker | sandbox | none) on both the
global DockerIsolationConfig and per-server IsolationConfig, laying the config
foundation for native (non-Docker) sandbox isolation (MCP-34).
- New `config.IsolationMode` type + constants and `IsValid()` helper.
- Global `DockerIsolationConfig.Mode` with `ResolvedMode()` back-compat mapping:
explicit Mode wins; else legacy enabled:true ⇒ docker, enabled:false ⇒ none.
- Per-server `IsolationConfig.Mode` (*IsolationMode, nil = inherit global).
- `IsolationManager.ResolveMode()` mode resolver; `ShouldIsolate()` reimplemented
as `ResolveMode() == docker` so existing Docker behavior is unchanged.
Precedence: per-server explicit Mode > global gate > per-server bool opt-out;
structural gates (HTTP / docker-command servers) apply to all modes.
- Config validation rejects unknown global/per-server mode strings.
- Per-server Mode round-trips through BBolt (UpstreamRecord) — test asserts it.
- Regenerated oas/swagger.yaml + docs.go for the new fields.
Sandbox-mode launch wiring (consuming ResolveMode==sandbox) is deferred to
MCP-34.3; no consumer acts on the sandbox value yet.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
NetworkModestring`json:"network_mode,omitempty" mapstructure:"network_mode"`// Custom network mode for this server
423
-
ExtraArgs []string`json:"extra_args,omitempty" mapstructure:"extra_args"`// Additional docker run arguments for this server
424
-
WorkingDirstring`json:"working_dir,omitempty" mapstructure:"working_dir"`// Custom working directory in container
425
-
LogDriverstring`json:"log_driver,omitempty" mapstructure:"log_driver"`// Docker log driver override for this server
426
-
LogMaxSizestring`json:"log_max_size,omitempty" mapstructure:"log_max_size"`// Maximum size of log files override
427
-
LogMaxFilesstring`json:"log_max_files,omitempty" mapstructure:"log_max_files"`// Maximum number of log files override
454
+
Enabled*bool`json:"enabled,omitempty" mapstructure:"enabled"`// Enable Docker isolation for this server (nil = inherit global; legacy, superseded by Mode)
0 commit comments