coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: reachability and consumer profiles (SAND-WP-0011)

Browse Source 
Add reachability enrichment (tunnel metadata, ops-bridge pointer),
secret_refs boundary resolution, profile.agent-dev and profile.build,
CLI reachability show, API endpoint, consumer smoke scripts, and tests.
This commit is contained in:
Bernd Worsch
2026-06-24 12:54:27 +02:00
parent 7cabf77fb6
commit 1f87be4c6b
20 changed files with 522 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
SCOPE.md
View File

@@ -116,24 +116,24 @@ own tunnels or CAs.
- **Status:** v0 operational — self-hosted compose path proven on CoulombCore;
routing, payments stub, and snapshots shipped
- **Workplans finished:** SAND-WP-00010010 (0003/0004 in sibling repos)
- **Workplans ready:** SAND-WP-00110012 (consumers, Packer)
- **Workplans finished:** SAND-WP-00010011 (0003/0004 in sibling repos)
- **Workplans ready:** SAND-WP-0012 (Packer orchestration)
- **Package:** `src/sandboxer/` — CLI, manager, extensions, routing, payments,
snapshots, telemetry, HTTP API
- **Profiles:** compose e2e/checkpoint, canary, vm-haskell-build, saas-stub,
burst-sandbox, e2b-burst, modal-gpu
burst-sandbox, e2b-burst, modal-gpu, agent-dev, build
- **Extensions:** `ext.compose-ssh`, `ext.vm-packer`, `ext.saas-stub`,
`ext.e2b`, `ext.modal`
- **Docs:** `meta-framework`, `extension-sdk`, `host-telemetry`, `routing`,
`payments`, `snapshots`, `migration-gaps`, `migration-build-machines`
- **Registry:** `capability.execution.sandbox-provision` indexed (draft)
- **Tests:** 77 pytest cases; `make check` green
- **Tests:** 86 pytest cases; `make check` green
- **Siblings:** wise-validator `validate run` (SAND-WP-0003); the-custodian
`make e2e REPO=` shim (SAND-WP-0004)
Latest gap analysis: `history/2026-06-24-post-wp0007-intent-scope-gap-analysis.md`
Gap analysis: `history/2026-06-24-post-wp0007-intent-scope-gap-analysis.md`
**Ready workplans:** SAND-WP-0011 (consumer profiles), 0012 (Packer orchestration).
**Ready workplans:** SAND-WP-0012 (Packer orchestration).
---
@@ -154,6 +154,9 @@ sandboxer expire [--apply]
sandboxer create --ttl 2h ...
sandboxer credits show / credits add <amount>
sandboxer inspect host / inspect stale / reap-stale [--apply]
sandboxer reachability show <id>
sandboxer create --profile profile.agent-dev --input repo=/path --actor agt --project glas-harness
sandboxer create --profile profile.build --input vm=haskell-build --actor agt --project snuggle-inventor
make smoke-remote # CoulombCore compose smoke (SANDBOXER_HOST)
# Full e2e validation (wise-validator, separate install):
@@ -174,9 +177,9 @@ cd ~/the-custodian && make e2e REPO=activity-core
- ~~TTL auto-expiry / `extend_ttl` enforcement~~ — done (SAND-WP-0009)
- Packer build orchestration from `create`**SAND-WP-0012**
- ~~Real E2B / Modal adapters~~ — done (SAND-WP-0010)
- Consumer profiles (agent-dev, build) — **SAND-WP-0011**
- ~~Consumer profiles (agent-dev, build)~~done (SAND-WP-0011)
- Cross-host snapshot transfer
- Formal ops-bridge tunnel attachment — **SAND-WP-0011**
- ~~Formal ops-bridge tunnel attachment~~done (SAND-WP-0011; descriptor only)
- Dedicated sandboxer01 host (CoulombCore interim only today)
- `reuse-surface validate` / federation publish workflow
- ~~`.repo-classification.yaml`~~ — done (SAND-WP-0009)