Implement SAND-WP-0005: extension SDK and ext.vm-packer

Add SandboxExtension base class, extension SDK docs, vm-packer attach mode
for build-machines VMs, profile.vm-haskell-build, SSH port support, tests,
and migration docs.
This commit is contained in:
2026-06-24 01:47:07 +02:00
parent c8126672ee
commit cec0fc6348
20 changed files with 679 additions and 16 deletions

View File

@@ -104,12 +104,10 @@ own tunnels or CAs.
## Current State
- **Status:** v0 operational — self-hosted compose path proven on CoulombCore
- **Workplans finished:** SAND-WP-0001 (bootstrap), 0002 (meta-framework +
`ext.compose-ssh`), 0003 (wise-validator extraction, sibling repo), 0008 (host
telemetry / self-canary)
- **Workplans finished:** SAND-WP-00010005, 0008 (see `workplans/`)
- **Package:** `src/sandboxer/` — CLI, manager, extensions, telemetry, HTTP API
- **Profiles:** `profile.compose-e2e`, `profile.sandbox-canary`
- **Extensions:** `ext.compose-ssh` only
- **Profiles:** `profile.compose-e2e`, `profile.sandbox-canary`, `profile.vm-haskell-build`
- **Extensions:** `ext.compose-ssh`, `ext.vm-packer` (attach mode)
- **Registry:** `capability.execution.sandbox-provision` indexed (draft)
- **Tests:** 26 pytest cases; `make check` green
- **Sibling:** wise-validator ships `validate run` (SAND-WP-0003)
@@ -145,7 +143,7 @@ cd ~/the-custodian && make e2e REPO=activity-core
- ~~`make e2e REPO=` shim~~ — done (SAND-WP-0004; delegates to `validate run`)
- TTL auto-expiry / `extend_ttl` enforcement
- `ext.vm-packer` / build-machines migration (SAND-WP-0005)
- ~~`ext.vm-packer` attach mode~~ — done (SAND-WP-0005); Packer build orchestration deferred
- SaaS extensions (E2B, Modal) or payments layer (SAND-WP-0006)
- Snapshot / restore / checkpoint profiles (SAND-WP-0007)
- Formal ops-bridge tunnel attachment in reachability descriptor