# Cloud adapters (E2B, Modal)

Metered SaaS sandbox backends — SAND-WP-0010.

## Extensions

| Extension | Profile | Provider API |
|-----------|---------|--------------|
| `ext.e2b` | `profile.e2b-burst` | `https://api.e2b.dev` |
| `ext.modal` | `profile.modal-gpu` | `https://api.modal.com` |
| `ext.saas-stub` | `profile.saas-stub` | None (local stub) |

`profile.burst-sandbox` routes: compose-ssh → E2B → Modal → saas-stub.

## BYOK credentials

Resolve keys at provision boundary only — never in Git, workplans, or State Hub.

```bash
warden route find "E2B API key" --json
warden route find "Modal token" --json
```

| Extension | Primary env | secret_ref env fallback |
|-----------|-------------|-------------------------|
| `ext.e2b` | `E2B_API_KEY` | `SANDBOXER_SECRET_E2B_API_KEY` |
| `ext.modal` | `MODAL_TOKEN_ID` | `SANDBOXER_SECRET_MODAL_TOKEN_ID` |

OpenBao custody via railiance-platform; sand-boxer reads env injected by operator.

## Usage

```bash
export E2B_API_KEY=...   # operator-injected, not in repo

sandboxer create --profile profile.e2b-burst
sandboxer create --profile profile.burst-sandbox   # SaaS when self-hosted unavailable
sandboxer destroy <id>
```

## fin-hub export

On metered destroy, optional POST to `SANDBOXER_FIN_HUB_URL/usage/sandbox`.
Disabled by default. Set `SANDBOXER_NO_FIN_HUB=1` to suppress.

## CI

Unit tests mock HTTP — no live provider calls in `make check`.

Operator smoke (credentials required):

```bash
./scripts/smoke-cloud-adapter.sh e2b
```