Implement SAND-WP-0002 meta-framework foundation (T01–T09)

Add meta-framework spec, pydantic schemas, profile/extension YAML, extension
registry, ext.compose-ssh backend, SandboxManager with State Hub events, CLI
commands, integration docs, capability registry entry, and compose-e2e runbook.
Nine unit tests pass. T10 remote smoke test remains for operator.
This commit is contained in:
2026-06-22 23:27:31 +02:00
parent b0a57cf9d3
commit d6d3155792
28 changed files with 1796 additions and 15 deletions

29
extensions/README.md Normal file
View File

@@ -0,0 +1,29 @@
# Extensions
Backend adapters for sandbox establishment. Each extension is declared in
`ext.<name>.yaml` and implements `provision`, `wait_ready`, and `teardown`.
## ext.compose-ssh
Self-hosted extension migrated from `the-custodian/e2e-framework/`.
**Provision:** SSH to configured host → isolated directory per sandbox id → rsync
repo → `docker compose up` with unique project name.
**wait_ready:** Confirms compose services are running (`docker compose ps`). Does
not run HTTP health checks — wise-validator owns that.
**teardown:** `docker compose down -v` + remove remote directory (idempotent).
### Compatibility note for `make e2e` callers
Legacy `make e2e REPO=<repo>` runs provision + health + tests + teardown in one
step. sand-boxer splits responsibilities:
| Step | Owner |
|------|-------|
| rsync + compose up/down | sand-boxer (`ext.compose-ssh`) |
| health checks + test_command | wise-validator (SAND-WP-0003) |
Interim workflow: `sandboxer create --profile profile.compose-e2e --input repo=...`
then run validation separately until wise-validator migration lands.

View File

@@ -0,0 +1,16 @@
id: ext.compose-ssh
title: Compose over SSH
description: >
Self-hosted extension migrated from the-custodian/e2e-framework. Provisions an
isolated directory on a remote host, rsyncs the consumer repo, and runs docker
compose. Test execution and health polling are consumer-owned (wise-validator).
handler: sandboxer.extensions.compose_ssh:ComposeSSHExtension
capabilities:
isolation_levels: [container]
regions: []
persistence: false
pricing_model: self-hosted
config:
base_dir: /tmp/sandboxer
ssh_user: root
compose_timeout_s: 180