Edit Issue - .issue.db

Title *

Description

## Issue
code_executor.py and shell_command.py run untrusted code without sandboxing.

## Sandbox Image
`python:3.12-bookworm` - includes Python + Debian tools (bash, curl, wget, git, etc.)

If jq is needed, tests should use Python's json module instead.

## Detection Logic (Revised)

```python
def _can_use_docker_sandbox() -> bool:
    """Check if Docker socket is accessible."""
    docker_socket = '/var/run/docker.sock'
    if os.path.exists(docker_socket):
        try:
            import docker
            client = docker.from_env()
            client.ping()
            return True
        except:
            return False
    return False

def _is_running_in_docker() -> bool:
    """Check if inside a Docker container."""
    if os.path.exists('/.dockerenv'):
        return True
    try:
        with open('/proc/1/cgroup', 'r') as f:
            return 'docker' in f.read() or 'lxc' in f.read()
    except:
        return False
```

## Decision Flow
1. Docker socket accessible? → Use sandbox container (python:3.12-bookworm)
2. No socket + inside Docker? → Execute directly (already sandboxed)
3. No socket + not in Docker? → Execute directly + LOG WARNING (unsandboxed)

## Docker-in-Docker Behavior
- Worker in Docker WITH socket mount → Creates sibling containers on host ✓
- Worker in Docker WITHOUT socket → Executes directly (container is sandbox) ✓

## Tools to Sandbox
- `code_executor.py` (tools.code.exec) - arbitrary Python code
- `shell_command.py` (tools.shell.run) - arbitrary shell commands

## Config (config.ini)
```ini
[sandbox]
enabled = true
image = python:3.12-bookworm
network = none  # or bridge for network access
timeout = 300
```

## Security Settings for Container
- `cap_drop=["ALL"]`
- `security_opt=["no-new-privileges:true"]`
- `network_mode="none"` (default, configurable)
- `read_only=true` for filesystem
- `mem_limit="512m"` (configurable)
- Non-root user inside container

Due Date (YYYY-MM-DD)

Tags (comma separated)

Related Issues (IDs)

Enter IDs of issues related to this one. They will be linked as 'related'.

Edit Issue #357