php-workflow-issues/tests/safe_workflow.yml

name: Safe Workflow Test

on:
  push:
  workflow_dispatch:

jobs:
  safe_operations:
    name: Safe Operations
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      
      - name: List files
        run: ls -la
      
      - name: Show current directory
        run: pwd
      
      - name: Echo message
        run: echo "Hello, this is a safe command!"
      
      - name: Create and read file
        run: |
          echo "test content" > safe-file.txt
          cat safe-file.txt
          rm safe-file.txt
      
      - name: Show environment (safe)
        run: echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"
      
      - name: Check if Rust is available
        run: which rustc && rustc --version || echo "Rust not found"
        continue-on-error: true
feat: Add comprehensive sandboxing for secure emulation mode Security Features: - Implement secure emulation runtime with command sandboxing - Add command validation, filtering, and dangerous pattern detection - Block harmful commands like 'rm -rf /', 'sudo', 'dd', etc. - Add resource limits (CPU, memory, execution time, process count) - Implement filesystem isolation and access controls - Add environment variable sanitization - Support shell operators (&&, \|\|, \|, ;) with proper parsing New Runtime Mode: - Add 'secure-emulation' runtime option to CLI - Update UI to support new runtime mode with green security indicator - Mark legacy 'emulation' mode as unsafe in help text - Default to secure mode for local development safety Documentation: - Create comprehensive security documentation (README_SECURITY.md) - Update main README with security mode information - Add example workflows demonstrating safe vs dangerous commands - Include migration guide and best practices Testing: - Add comprehensive test suite for sandbox functionality - Include security demo workflows for testing - Test dangerous command blocking and safe command execution - Verify resource limits and timeout functionality Code Quality: - Fix all clippy warnings with proper struct initialization - Add proper error handling and user-friendly security messages - Implement comprehensive logging for security events - Follow Rust best practices throughout This addresses security concerns by preventing accidental harmful commands while maintaining full compatibility with legitimate CI/CD workflows. Users can now safely run untrusted workflows locally without risk to their host system. 2025-08-13 14:30:51 +05:30			`name: Safe Workflow Test`

			`on:`
			`push:`
			`workflow_dispatch:`

			`jobs:`
			`safe_operations:`
			`name: Safe Operations`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v4`

			`- name: List files`
			`run: ls -la`

			`- name: Show current directory`
			`run: pwd`

			`- name: Echo message`
			`run: echo "Hello, this is a safe command!"`

			`- name: Create and read file`
			`run: \|`
			`echo "test content" > safe-file.txt`
			`cat safe-file.txt`
			`rm safe-file.txt`

			`- name: Show environment (safe)`
			`run: echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"`

			`- name: Check if Rust is available`
			`run: which rustc && rustc --version \|\| echo "Rust not found"`
			`continue-on-error: true`