feat: reachability and consumer profiles (SAND-WP-0011)

Add reachability enrichment (tunnel metadata, ops-bridge pointer), secret_refs boundary resolution, profile.agent-dev and profile.build, CLI reachability show, API endpoint, consumer smoke scripts, and tests.
2026-06-24 12:54:27 +02:00
parent 7cabf77fb6
commit 1f87be4c6b
20 changed files with 522 additions and 34 deletions
--- a/docs/meta-framework.md
+++ b/docs/meta-framework.md
@@ -65,7 +65,13 @@ Event `detail` payload (JSON):
  "consumer": {"actor": "atm", "project": "wise-validator", "run_id": "..."},
  "actor_type": "atm",
  "state": "ready",
-  "reachability": {"ssh": "root@coulombcore", "remote_dir": "/tmp/sandboxer/abc12345"},
+  "reachability": {
+    "ssh": "root@coulombcore",
+    "remote_dir": "/tmp/sandboxer/abc12345",
+    "tunnel": "localhost:12222",
+    "tunnel_via": "ops-bridge",
+    "identity": "ops-warden"
+  },
  "timestamps": {"created_at": "...", "ready_at": "..."}
 }
 ```
@@ -100,6 +106,36 @@ HTTP surface (optional v0; CLI calls core library directly):
 - `POST /v1/sandboxes/{id}/recreate` — recreate
 - `PATCH /v1/sandboxes/{id}/ttl` — extend TTL
 - `POST /v1/sandboxes/expire` — TTL reap (query `apply=true`)
+- `GET /v1/sandboxes/{id}/reachability` — enriched descriptor + SSH one-liner
+
+---
+
+## Reachability descriptor
+
+When a sandbox reaches `ready`, sand-boxer emits a **reachability** block on
+`SandboxStatus`, lifecycle events, and `sandboxer reachability show <id>`.
+
+| Field | Source | Description |
+|-------|--------|-------------|
+| `ssh` | Extension | SSH target (`user@host`) |
+| `remote_dir` | Extension | Workspace root on remote host |
+| `host` | Extension | Placement host name |
+| `tunnel` | Profile + env | Local port (`localhost:PORT`) or VM alias |
+| `tunnel_via` | Profile spec | Route owner (default `ops-bridge`) |
+| `identity` | Profile spec | Warden actor hint (default `ops-warden`) |
+
+Tunnel metadata is enriched from profile `reachability` and environment:
+
+- `SANDBOXER_TUNNEL_PORT` / handle `tunnel_port` or `ssh_port`
+- `SANDBOXER_TUNNEL_ALIAS` / handle `vm_target`
+- `SANDBOXER_TUNNEL_VIA` (optional override)
+
+sand-boxer **does not** bring tunnels up. Consumers use ops-bridge (MCP or
+`bridge` CLI) to attach SSH routes; the descriptor is a pointer only.
+
+`secret_refs` from `profile.setup` are resolved at the provision boundary and
+passed to the extension handle — they never appear on `SandboxStatus` or State
+Hub events.

 ---