Implement SAND-WP-0005: extension SDK and ext.vm-packer

Add SandboxExtension base class, extension SDK docs, vm-packer attach mode
for build-machines VMs, profile.vm-haskell-build, SSH port support, tests,
and migration docs.
This commit is contained in:
2026-06-24 01:47:07 +02:00
parent c8126672ee
commit cec0fc6348
20 changed files with 679 additions and 16 deletions

View File

@@ -0,0 +1,86 @@
---
id: SAND-WP-0005
type: workplan
title: "Extension SDK and ext.vm-packer"
domain: infotech
repo: sand-boxer
status: finished
owner: codex
topic_slug: custodian
created: "2026-06-23"
updated: "2026-06-23"
---
# Extension SDK and ext.vm-packer
Deliver INTENT near-term outcome #7 (extension SDK sketch) and begin
`infra/build-machines/` migration via `ext.vm-packer` attach mode.
**Predecessor:** SAND-WP-0004 (e2e shim — finished)
**Follow-on:** SAND-WP-0006 (SaaS extensions + payments), SAND-WP-0007 (snapshots)
## Extension SDK
```task
id: SAND-WP-0005-T01
status: done
priority: high
```
`SandboxExtension` base class (`src/sandboxer/extensions/base.py`),
`docs/extension-sdk.md` author guide. `ComposeSSHExtension` refactored to subclass base.
## ext.vm-packer attach mode
```task
id: SAND-WP-0005-T02
status: done
priority: high
```
`VMPackerExtension` — SSH attach to pre-built VM, workspace under `/build/sbx-<id>/`,
optional repo rsync, teardown removes workspace only. Registration:
`extensions/ext.vm-packer.yaml`.
## profile.vm-haskell-build
```task
id: SAND-WP-0005-T03
status: done
priority: high
```
Profile + runbook for Haskell build VM (build-machines lineage).
`docs/migration-build-machines.md` maps legacy workflows.
## SSH port support
```task
id: SAND-WP-0005-T04
status: done
priority: medium
```
`SSHConfig.port` for reverse-tunnel ports (12222). Manager stores `vm_target` /
`ssh_port` on destroy handle.
## Tests
```task
id: SAND-WP-0005-T05
status: done
priority: high
```
Unit tests: `test_vm_packer.py`, `test_extension_base.py`, `test_extension_registry.py`.
## Deferred
```task
id: SAND-WP-0005-T06
status: wait
priority: low
```
Packer build orchestration from `sandboxer create`; the-custodian `make remote-build`
shim; port-registry automation.