fix(security): migrate docker shell strings to argv arrays in agent-onboard

[Sanjays2402]

Summary\n\nPartial migration of shell-string run() calls to argv arrays in src/lib/agent-onboard.ts, as tracked in #1889.\n\n## Changes\n\nConverts 2 of 3 shell-string calls to structurally safe argv arrays:\n- docker image inspect — no longer uses shell interpolation\n- docker build — no longer uses shell interpolation\n\nThe third call (openshell sandbox connect with stdin < redirection) retains shell form because it requires stdin redirection and the openshell binary path is not directly accessible from the OnboardContext. A full migration of this callsite requires exposing getOpenshellBinary() or runOpenshell() in the context.\n\nPartial fix for #1889

Summary by CodeRabbit

Release Notes

This release contains internal maintenance and code improvements with no user-facing changes. Updates to underlying infrastructure components enhance reliability and code quality without affecting end-user functionality or features.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: a8bc7d58-1f6a-4acc-934b-acd352070dc5

📥 Commits

Reviewing files that changed from the base of the PR and between 4e6508d and 729beb4.

📒 Files selected for processing (1)

• src/lib/agent-onboard.ts

---

📝 Walkthrough

Walkthrough

The changes refactor Docker command execution in the agent onboarding setup from shell-constructed strings to argv-based calls. Two Docker commands—image inspection and build—are converted for improved safety and explicit stdio control. A clarifying comment is added explaining why the sandbox connect command must remain shell-based.

Changes

Cohort / File(s)	Summary
Docker Command Refactoring src/lib/agent-onboard.ts	Migrated Docker image inspect and build commands from shell strings to argv-based invocations with explicit stdio silencing. Added explanatory comment for sandbox connect command requiring shell-string form due to stdin redirection.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A rabbit hops through Docker's lanes,
Converting shells to argv chains,
With safety wrapped in each new call,
The sandbox builds more steadily tall—
No more shell tricks, just args so clear! 🐳✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately describes the main change: migrating Docker shell strings to argv arrays in agent-onboard.ts for security purposes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this PR that proposes a security fix for the agent-onboard by migrating docker shell strings to argv arrays, which could help prevent security issues with the agent-onboard.

---

Possibly related open issues:

• #1889 fix(security): migrate remaining shell-string callsites to argv arrays

[jyaunches]

Hey @Sanjays2402 — thanks for picking this up! Appreciate you diving into the argv migration tracked in #1889.

Heads up that this work was already covered by #1915 (merged Apr 20), which converted all three shellQuote callsites in agent-onboard.ts to argv arrays — including the same docker image inspect and docker build calls targeted here. On main today, agent-onboard.ts has zero shellQuote usage.

Timeline for reference:

• Apr 15 — fix(security): migrate remaining shell-string callsites to argv arrays #1915 created (bulk migration of all three files from fix(security): migrate remaining shell-string callsites to argv arrays #1889)
• Apr 19 — This PR created (targeting the same two callsites)
• Apr 20 — fix(security): migrate remaining shell-string callsites to argv arrays #1915 merged

Looks like the branches crossed in flight. Can you confirm whether everything you intended here is covered by #1915? If so, I'll go ahead and close this out.

There are still a few remaining shellQuote callsites in onboard.ts and the ESLint guard from #1889 that haven't landed yet — if you're interested in continuing to contribute to that effort, those would be great to pick up.