Sandbox Path Management Fixes

A collection of pull requests addressing various issues related to sandbox path management and security in the OpenClaw framework.

12 PRs

fix docker browser security Representative: #3907

#	Title	Author	Created	GitHub
3907	fix(sandbox): use absolute /bin/sh path + add allowedReadPaths config rep	pvoo	2026-01-29	View
8296	fix(browser): bind sandbox browser bridge to 0.0.0.0 for container access	gavinbmoore	2026-02-03	View
11054	fix(security): Add auth token to sandbox browser bridge (#11023)	shadril238	2026-02-07	View
11820	fix(sandbox): remap container paths in sandboxed file tools	steflsd	2026-02-08	View
12174	fix(agents): add path containment check in apply_patch for non-sandboxed mode	coygeek	2026-02-08	View
13873	fix(sandbox): prevent Windows PATH from poisoning docker exec	alessandrorodi	2026-02-11	View
14810	fix:sandbox file path Inconsistency	luckylhb90	2026-02-12	View
16509	Fix sandbox path validation rejecting Docker bind mount paths	Clawborn	2026-02-14	View
16929	fix(security): block access to sensitive directories from within sandbox	CornBrother0x	2026-02-15	View
17402	fix:sandbox path issue	luckylhb90	2026-02-15	View
21665	fix(sandbox): add /home and /Users to bind-mount denylist	AI-Reviewer-QS	2026-02-20	View
23805	Sandbox: default browser network to none and fail bridge without source range	bmendonca3	2026-02-22	View