generated from coulomb/repo-seed
tegwick
1f87be4c6b
Add reachability enrichment (tunnel metadata, ops-bridge pointer), secret_refs boundary resolution, profile.agent-dev and profile.build, CLI reachability show, API endpoint, consumer smoke scripts, and tests.
1.3 KiB
1.3 KiB
glas-harness integration
glas-harness owns the agent gateway, tools, memory, and channels. sand-boxer delivers an isolated execution environment; the harness executes tools inside it.
Example request
sandboxer create \
--profile profile.agent-dev \
--input repo=/path/to/workspace \
--actor agt \
--project glas-harness
Response fields (ready state)
| Field | Owner | Description |
|---|---|---|
sandbox_id |
sand-boxer | Stable instance identifier |
reachability.ssh |
sand-boxer | SSH target for harness exec channel |
reachability.remote_dir |
sand-boxer | Workspace root on remote host |
state |
sand-boxer | Lifecycle state (ready, etc.) |
Ownership
| Concern | Owner |
|---|---|
| Sandbox provision / teardown | sand-boxer |
| Tool call parsing and policies | glas-harness |
| SSH / tunnel reachability setup | glas-harness + ops-bridge |
| Agent memory and session state | glas-harness |
Smoke test
# Requires sandboxer CLI and SANDBOXER_HOST (or profile placement fallback)
SANDBOXER_HOST=coulombcore ./scripts/smoke-agent-dev.sh
Creates profile.agent-dev, prints reachability (tunnel metadata + SSH
one-liner), then destroys.
Out of scope for sand-boxer
- Tool schemas and approval flows
- Channel bridges (Slack, email, etc.)
- Subagent orchestration