# Extensions Backend adapters for sandbox establishment. Each extension is declared in `ext..yaml` and implements `provision`, `wait_ready`, and `teardown`. Author guide: `docs/extension-sdk.md` ## ext.compose-ssh Self-hosted extension migrated from `the-custodian/e2e-framework/`. **Provision:** SSH to configured host → isolated directory per sandbox id → rsync repo → `docker compose up` with unique project name. **wait_ready:** Confirms compose services are running (`docker compose ps`). Does not run HTTP health checks — wise-validator owns that. **teardown:** compose down + remove remote directory (idempotent). **Compose runtime:** defaults to `docker compose`. On CoulombCore set `SANDBOXER_COMPOSE_CMD=podman-compose`. ### Compatibility note for `make e2e` callers Legacy `make e2e REPO=` runs provision + health + tests + teardown in one step. sand-boxer splits responsibilities: | Step | Owner | |------|-------| | rsync + compose up/down | sand-boxer (`ext.compose-ssh`) | | health checks + test_command | wise-validator (SAND-WP-0003) | Interim workflow: `sandboxer create --profile profile.compose-e2e --input repo=...` then run validation separately until wise-validator migration lands. ## ext.vm-packer Attach mode for pre-built VMs (`the-custodian/infra/build-machines/` lineage). **Provision:** SSH to VM alias or tunnel port → isolated workspace under `/build/sbx-/` → optional rsync of `repo` input. **wait_ready:** Confirms workspace directory exists on VM. **teardown:** Removes workspace only; VM persists. **Profile:** `profile.vm-haskell-build` — see `docs/runbooks/profile-vm-haskell-build.md`. Packer build / OVA import remains operator-driven (not triggered by `create`). ## ext.saas-stub Metered SaaS stub for payments and routing v0 (SAND-WP-0006). No external API. **estimate_cost / meter_actual:** credits check on create; debit on destroy. **Profile:** `profile.saas-stub` (explicit), `profile.burst-sandbox` (self-hosted fallback). See `docs/payments.md` and `docs/routing.md`.