Sandboxing

Every conversion runs in a Docker container with the following hardening:

• cap_drop: ALL and no-new-privileges:true — no Linux capabilities, no setuid escapes.
• read_only: true root filesystem; the only writable surface is a per-job /tmp/job-{uuid} on tmpfs that's wiped after the job.
• No network egress to the public internet. Worker hosts run iptables/nftables rules that drop everything except Redis + MinIO + the hub API on the LAN.
• Per-job CPU/memory caps and a wall-clock timeout (default 600 s, 900 s for video).
• Scoped MinIO credentials, issued per-exchange, that can only read the input object and write to the matching output bucket prefix.

Worker tokens

Each worker replica boots with a unique token. Tokens are SHA-256 hashed at rest, shown only once at issuance, and can be revoked instantly from the admin UI. Revoked tokens fail their next exchange call with a 401, the in-flight job completes, and the heartbeat key expires naturally.