feat: TTL enforcement and operational hardening (SAND-WP-0009)

Add TTL parser, expires_at on create, extend_ttl and expire/reap APIs, activity-core integration doc, repo classification, registry refresh, HTTP parity, and 69 tests.
2026-06-24 12:44:04 +02:00
parent b58191b23e
commit df658e7ef9
20 changed files with 913 additions and 39 deletions
--- a/registry/capabilities/execution.sandbox-provision.md
+++ b/registry/capabilities/execution.sandbox-provision.md
@@ -9,32 +9,35 @@ tags: [sandbox, isolation, provision, e2e, agentic, execution, profile]

 maturity:
  discovery:
-    current: D4
+    current: D5
    target: D6
    confidence: high
    rationale: >
-      Charter (INTENT.md), meta-framework spec (docs/meta-framework.md), and
-      research synthesis define scope. First extension (ext.compose-ssh) in progress.
+      Charter (INTENT.md), meta-framework spec, extension SDK, integration docs,
+      and research synthesis. Capability indexed in registry/.
  availability:
-    current: A2
+    current: A4
    target: A5
-    confidence: medium
+    confidence: high
    rationale: >
-      CLI v0 and ext.compose-ssh scaffold land in SAND-WP-0002. SaaS extensions
-      and payments deferred.
+      CLI v0 (create/destroy/snapshot/TTL), HTTP API, CoulombCore remote smoke.
+      SaaS stub + routing + credits shipped (SAND-WP-0006).

 external_evidence:
  completeness:
-    level: C2
-    name: Partial
-    confidence: medium
+    level: C4
+    name: Substantial
+    confidence: high
    basis: scope_vs_intent_and_consumer_expectations
    satisfied_expectations:
-      - profile-based create/destroy via CLI
+      - profile-based create/destroy/snapshot/restore via CLI
+      - TTL extend and expire/reap (SAND-WP-0009)
      - State Hub lifecycle events on transitions
+      - wise-validator and the-custodian migration arc complete
+      - extension SDK with compose-ssh, vm-packer attach, saas-stub
    broken_expectations:
-      - Real E2B/Modal adapters not yet built (saas-stub + credits v0 done)
-      - wise-validator migration not complete
+      - Real E2B/Modal adapters not yet built
+      - sandboxer01 dedicated host not live (CoulombCore interim)
    out_of_scope_expectations:
      - agent harness and tool orchestration (glas-harness)
      - e2e test semantics (wise-validator)
@@ -42,4 +45,4 @@ external_evidence:
 consumption_modes:
  - CLI (sandboxer)
  - core library (Python)
-  - HTTP API (planned)
+  - HTTP API (uvicorn sandboxer.api.app:app)