generated from coulomb/repo-seed
tegwick
15f031fd65
Add credentialed E2B and Modal extensions, burst routing fallback, fin-hub meter export hook, BYOK docs, and 77 tests.
1.5 KiB
1.5 KiB
Cloud adapters (E2B, Modal)
Metered SaaS sandbox backends — SAND-WP-0010.
Extensions
| Extension | Profile | Provider API |
|---|---|---|
ext.e2b |
profile.e2b-burst |
https://api.e2b.dev |
ext.modal |
profile.modal-gpu |
https://api.modal.com |
ext.saas-stub |
profile.saas-stub |
None (local stub) |
profile.burst-sandbox routes: compose-ssh → E2B → Modal → saas-stub.
BYOK credentials
Resolve keys at provision boundary only — never in Git, workplans, or State Hub.
warden route find "E2B API key" --json
warden route find "Modal token" --json
| Extension | Primary env | secret_ref env fallback |
|---|---|---|
ext.e2b |
E2B_API_KEY |
SANDBOXER_SECRET_E2B_API_KEY |
ext.modal |
MODAL_TOKEN_ID |
SANDBOXER_SECRET_MODAL_TOKEN_ID |
OpenBao custody via railiance-platform; sand-boxer reads env injected by operator.
Usage
export E2B_API_KEY=... # operator-injected, not in repo
sandboxer create --profile profile.e2b-burst
sandboxer create --profile profile.burst-sandbox # SaaS when self-hosted unavailable
sandboxer destroy <id>
fin-hub export
On metered destroy, optional POST to SANDBOXER_FIN_HUB_URL/usage/sandbox.
Disabled by default. Set SANDBOXER_NO_FIN_HUB=1 to suppress.
CI
Unit tests mock HTTP — no live provider calls in make check.
Operator smoke (credentials required):
./scripts/smoke-cloud-adapter.sh e2b