Review Playwright MCP sandbox configuration and flags

[Copilot]

Investigation of Playwright MCP security configuration, specifically whether --no-sandbox flag is used and what flags are passed to the MCP server.

Findings

Security Status: Secure ✅

• --no-sandbox flag: NOT USED
• Chromium sandbox: ENABLED by default
• Version: @playwright/mcp@0.0.64 (latest stable)

Current Configuration

Docker runtime args:

--init              # Signal handling
--network host      # Network access

Playwright MCP entrypoint args:

--output-dir /tmp/gh-aw/mcp-logs/playwright
--allowed-hosts <domains>      # Comma-separated
--allowed-origins <origins>    # Semicolon-separated

Modern Playwright MCP (v0.0.64+) uses --chromium-sandbox / --no-chromium-sandbox flags. Default behavior enables sandbox without explicit flag.

Result

No changes required. Configuration follows security best practices:

• Latest stable version in use
• Sandbox enabled by default
• Docker isolation with proper signal handling
• Network restrictions via domain allowlisting
• Custom arguments supported for advanced use cases

Users can disable sandbox via custom args if needed (not recommended):

tools:
  playwright:
    args:
      - --no-chromium-sandbox  # Disables browser security

Code locations:

• pkg/workflow/mcp_config_playwright_renderer.go - Configuration
• pkg/workflow/mcp_playwright_config.go - Types/parsing
• pkg/constants/constants.go:386-389 - Version constants

Original prompt

Review the latest playwright MCP and investigate if the --no-sandbox flag is still used. Review the flags passed to the playwright MCP.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.