Implement SAND-WP-0005: extension SDK and ext.vm-packer

Add SandboxExtension base class, extension SDK docs, vm-packer attach mode
for build-machines VMs, profile.vm-haskell-build, SSH port support, tests,
and migration docs.
This commit is contained in:
2026-06-24 01:47:07 +02:00
parent c8126672ee
commit cec0fc6348
20 changed files with 679 additions and 16 deletions

View File

@@ -3,6 +3,8 @@
Backend adapters for sandbox establishment. Each extension is declared in
`ext.<name>.yaml` and implements `provision`, `wait_ready`, and `teardown`.
Author guide: `docs/extension-sdk.md`
## ext.compose-ssh
Self-hosted extension migrated from `the-custodian/e2e-framework/`.
@@ -29,4 +31,19 @@ step. sand-boxer splits responsibilities:
| health checks + test_command | wise-validator (SAND-WP-0003) |
Interim workflow: `sandboxer create --profile profile.compose-e2e --input repo=...`
then run validation separately until wise-validator migration lands.
then run validation separately until wise-validator migration lands.
## ext.vm-packer
Attach mode for pre-built VMs (`the-custodian/infra/build-machines/` lineage).
**Provision:** SSH to VM alias or tunnel port → isolated workspace under `/build/sbx-<id>/`
→ optional rsync of `repo` input.
**wait_ready:** Confirms workspace directory exists on VM.
**teardown:** Removes workspace only; VM persists.
**Profile:** `profile.vm-haskell-build` — see `docs/runbooks/profile-vm-haskell-build.md`.
Packer build / OVA import remains operator-driven (not triggered by `create`).