feat: wrap all commands with isolate.sh in entrypoint

Copilot · Mossaka · Copilot · commit 5c129274d5c6 · 2026-01-23T00:24:28.000Z
Co-authored-by: Mossaka &lt;5447827+Mossaka@users.noreply.github.com&gt;
diff --git a/containers/agent/entrypoint.sh b/containers/agent/entrypoint.sh
@@ -140,5 +140,6 @@ echo ""
 # The order of operations:
 # 1. capsh drops CAP_NET_ADMIN from the bounding set (cannot be regained)
 # 2. gosu switches to awfuser (drops root privileges)
-# 3. exec replaces the current process with the user command
-exec capsh --drop=cap_net_admin -- -c "exec gosu awfuser $(printf '%q ' "$@")"
+# 3. isolate.sh wraps the command, falling back to host chroot if binary not in container PATH
+# 4. exec replaces the current process with the user command
+exec capsh --drop=cap_net_admin -- -c "exec gosu awfuser /usr/local/bin/isolate.sh $(printf '%q ' "$@")"
