coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: TTL enforcement and operational hardening (SAND-WP-0009)

Browse Source 
Add TTL parser, expires_at on create, extend_ttl and expire/reap APIs,
activity-core integration doc, repo classification, registry refresh,
HTTP parity, and 69 tests.
This commit is contained in:
Bernd Worsch
2026-06-24 12:44:04 +02:00
parent b58191b23e
commit df658e7ef9
20 changed files with 913 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
workplans/SAND-WP-0009-ttl-and-operational-hardening.md
View File

@@ -4,7 +4,7 @@ type: workplan
title: "TTL enforcement and operational hardening"
domain: infotech
repo: sand-boxer
status: ready
status: finished
owner: codex
topic_slug: custodian
created: "2026-06-24"
@@ -30,7 +30,7 @@ consumer profiles), SAND-WP-0012 (Packer orchestration)
```task
id: SAND-WP-0009-T01
status: todo
status: done
priority: high
state_hub_task_id: "44cee754-2874-40eb-9cb3-168e5bc8dd54"
```
@@ -43,7 +43,7 @@ max-cap enforcement.
```task
id: SAND-WP-0009-T02
status: todo
status: done
priority: high
state_hub_task_id: "a5a6503c-56a3-4876-8211-e06b9eed6292"
```
@@ -56,7 +56,7 @@ Persist in `SandboxStore`. Emit expiry in State Hub `detail`.
```task
id: SAND-WP-0009-T03
status: todo
status: done
priority: high
state_hub_task_id: "ff32a3e5-0bf6-479c-8373-d601588461e7"
```
@@ -69,7 +69,7 @@ HTTP: `PATCH /v1/sandboxes/{id}/ttl` with body `{"duration": "2h"}`.
```task
id: SAND-WP-0009-T04
status: todo
status: done
priority: high
state_hub_task_id: "ce597f28-a2f3-44ed-8e85-f8bd254bc4ce"
```
@@ -83,7 +83,7 @@ with existing `reap-stale` docs (host inventory vs TTL are distinct concerns).
```task
id: SAND-WP-0009-T05
status: todo
status: done
priority: medium
state_hub_task_id: "9ad34d90-bbc7-4ede-8549-f4291e27ba22"
```
@@ -96,7 +96,7 @@ state; no Temporal code in this repo.
```task
id: SAND-WP-0009-T06
status: todo
status: done
priority: medium
state_hub_task_id: "ffde8196-18e3-4762-8cfd-1b69874e51e1"
```
@@ -110,7 +110,7 @@ run validate if reuse-surface CLI available in environment.
```task
id: SAND-WP-0009-T07
status: todo
status: done
priority: medium
state_hub_task_id: "69b192c7-8599-46e7-bb63-8457bfb72a81"
```
@@ -122,21 +122,20 @@ Align OpenAPI with CLI surface from SAND-WP-0007.
```task
id: SAND-WP-0009-T08
status: todo
status: done
priority: medium
state_hub_task_id: "69d1a23f-b3a3-4aa7-846c-e953f02977f3"
```
`docs/ttl.md` — semantics, extend, expire, profile fields. Update
`docs/meta-framework.md`, `SCOPE.md`, `docs/migration-gaps.md`. Brief security
note in `docs/runbooks/` or `docs/security.md`: sandbox limits blast radius, not
intent enforcement (INTENT design principle).
note in `docs/security.md`: sandbox limits blast radius, not intent enforcement.
## Tests
```task
id: SAND-WP-0009-T09
status: todo
status: done
priority: high
state_hub_task_id: "0683b09a-0dd9-4880-9bd0-13003e3621a6"
```