feat: cloud adapters E2B/Modal and billing export (SAND-WP-0010)

Add credentialed E2B and Modal extensions, burst routing fallback,
fin-hub meter export hook, BYOK docs, and 77 tests.
This commit is contained in:
2026-06-24 12:50:19 +02:00
parent 6d0a1a8b1e
commit 15f031fd65
26 changed files with 859 additions and 75 deletions

View File

@@ -5,6 +5,8 @@ route:
strategy: prefer-self-hosted
extensions:
- ext.compose-ssh
- ext.e2b
- ext.modal
- ext.saas-stub
max_cost_per_hour_usd: 1.0
isolation:
@@ -25,8 +27,8 @@ resources:
memory_mb: null
setup:
instructions: >
Prefer self-hosted compose on SANDBOXER_HOST; falls back to metered SaaS stub
when host is unavailable or SANDBOXER_FORCE_SAAS=1.
Prefer self-hosted compose on SANDBOXER_HOST; falls back to E2B/Modal when
credentials are configured, else metered saas-stub. Force SaaS: SANDBOXER_FORCE_SAAS=1.
secret_refs: []
placement:
prefer: [sandboxer01]

View File

@@ -0,0 +1,32 @@
id: profile.e2b-burst
version: "1.0.0"
extension: ext.e2b
isolation:
level: microvm
network:
default: deny
egress: []
workspace:
mode: remote-canonical
access: rw
scope_default: session
ttl:
default: 2h
max: 8h
idle_reap: null
resources:
cpu: null
memory_mb: null
setup:
instructions: "E2B burst sandbox — requires E2B_API_KEY."
secret_refs: [e2b-api-key]
placement:
prefer: []
fallback: []
reachability:
tunnel: ops-bridge
identity: ops-warden
metadata:
cost_class: saas-metered
latency_class: low
observability: none

View File

@@ -0,0 +1,32 @@
id: profile.modal-gpu
version: "1.0.0"
extension: ext.modal
isolation:
level: policy
network:
default: deny
egress: []
workspace:
mode: remote-canonical
access: rw
scope_default: session
ttl:
default: 2h
max: 8h
idle_reap: null
resources:
cpu: null
memory_mb: null
setup:
instructions: "Modal GPU/burst sandbox — requires MODAL_TOKEN_ID."
secret_refs: [modal-token-id]
placement:
prefer: []
fallback: []
reachability:
tunnel: ops-bridge
identity: ops-warden
metadata:
cost_class: saas-metered
latency_class: low
observability: none