fix(whatsapp): sandbox chromium by default

docs/plans/analysis/2026-02-16-codebase-audit-report.md

@@ -13,6 +13,7 @@ Scope: Production-risk-first audit of bugs, code improvements, and feature oppor
 - ✅ F-010 addressed: `session.compact` audit events now emit actual message counts for `messages_before/messages_after` (tokens remain in token fields).
 - ✅ F-012 addressed: synthetic repeated-tool nudge no longer emits invalid `tool_result.tool_use_id`; nudge is injected as plain user text guidance.
 - ✅ F-009 addressed: gateway now enforces per-connection WebSocket ingress rate limits with deterministic throttle errors and close-on-repeated-violation behavior.
+- ✅ F-008 addressed: WhatsApp Chromium launch is now sandboxed by default; no-sandbox mode is behind explicit `whatsapp.no_sandbox: true` opt-in.
 
 ## Executive Summary
 

docs/plans/state.json

@@ -2496,6 +2496,22 @@
         "docs/plans/analysis/2026-02-16-codebase-audit-report.md"
       ],
       "test_status": "pnpm test:run src/gateway/server.test.ts src/config/schema.test.ts + pnpm typecheck passing"
+    },
+    "audit-followup-whatsapp-sandbox-default": {
+      "status": "completed",
+      "date": "2026-02-16",
+      "updated": "2026-02-16",
+      "summary": "Hardened WhatsApp adapter Chromium launch defaults: sandbox enabled by default, with explicit opt-in no-sandbox mode via whatsapp.no_sandbox. Added adapter and schema regression tests.",
+      "files_modified": [
+        "src/channels/whatsapp/adapter.ts",
+        "src/channels/whatsapp/adapter.test.ts",
+        "src/config/schema.ts",
+        "src/config/schema.test.ts",
+        "src/daemon/channels.ts",
+        "README.md",
+        "docs/plans/analysis/2026-02-16-codebase-audit-report.md"
+      ],
+      "test_status": "pnpm test:run src/channels/whatsapp/adapter.test.ts src/config/schema.test.ts + pnpm typecheck passing"
     }
   },
   "overall_progress": {