fix: delete docker-compose.yml after container startup

SECURITY: The docker-compose.yml file contains sensitive environment
variables (GITHUB_TOKEN, etc.) and was accessible via the /tmp volume
mount. Now deleted immediately after docker compose up succeeds, since
Docker only needs the file during startup.

- Added fs.unlinkSync call after successful container startup
- Added test verifying compose file is deleted
- Logs debug message on successful deletion

Author: lpcox

src/docker-manager.test.ts

@@ -1528,6 +1528,20 @@ describe('docker-manager', () => {
 
       await expect(startContainers(testDir, ['github.com'])).rejects.toThrow();
     });
+
+    it('should delete docker-compose.yml after containers start (security: removes sensitive env vars)', async () => {
+      // Create a docker-compose.yml file with sensitive data
+      const composeFile = path.join(testDir, 'docker-compose.yml');
+      fs.writeFileSync(composeFile, 'environment:\n  GITHUB_TOKEN: secret123\n');
+
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+      mockExecaFn.mockResolvedValueOnce({ stdout: '', stderr: '', exitCode: 0 } as any);
+
+      await startContainers(testDir, ['github.com']);
+
+      // docker-compose.yml should be deleted after containers start
+      expect(fs.existsSync(composeFile)).toBe(false);
+    });
   });
 
   describe('stopContainers', () => {

src/docker-manager.ts

@@ -932,6 +932,20 @@ export async function startContainers(workDir: string, allowedDomains: string[],
       stdio: 'inherit',
     });
     logger.success('Containers started successfully');
+
+    // SECURITY: Immediately delete docker-compose.yml after containers start
+    // This file contains sensitive environment variables (tokens, secrets) that
+    // would otherwise be readable by the agent via the /tmp mount until cleanup.
+    // Docker Compose only needs the file at startup, not during execution.
+    const composeFile = path.join(workDir, 'docker-compose.yml');
+    try {
+      if (fs.existsSync(composeFile)) {
+        fs.unlinkSync(composeFile);
+        logger.debug('Deleted docker-compose.yml (contained sensitive environment variables)');
+      }
+    } catch (err) {
+      logger.debug('Could not delete docker-compose.yml:', err);
+    }
   } catch (error) {
     // Check if this is a healthcheck failure
     const errorMsg = error instanceof Error ? error.message : String(error);