coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d0669c2f8285b9e1aebfb7d1a04d63ab0f5bbad
sand-boxer/docs/integrations/glas-harness.md
tegwick 1f87be4c6b feat: reachability and consumer profiles (SAND-WP-0011) 
Add reachability enrichment (tunnel metadata, ops-bridge pointer),
secret_refs boundary resolution, profile.agent-dev and profile.build,
CLI reachability show, API endpoint, consumer smoke scripts, and tests.
2026-06-24 12:54:27 +02:00

48 lines
1.3 KiB
Markdown
Raw Blame History

# glas-harness integration
glas-harness owns the agent gateway, tools, memory, and channels. sand-boxer
delivers an isolated execution environment; the harness executes tools inside it.
## Example request
```bash
sandboxer create \
--profile profile.agent-dev \
--input repo=/path/to/workspace \
--actor agt \
--project glas-harness
```
## Response fields (ready state)
| Field | Owner | Description |
|-------|-------|-------------|
| `sandbox_id` | sand-boxer | Stable instance identifier |
| `reachability.ssh` | sand-boxer | SSH target for harness exec channel |
| `reachability.remote_dir` | sand-boxer | Workspace root on remote host |
| `state` | sand-boxer | Lifecycle state (`ready`, etc.) |
## Ownership
| Concern | Owner |
|---------|-------|
| Sandbox provision / teardown | sand-boxer |
| Tool call parsing and policies | glas-harness |
| SSH / tunnel reachability setup | glas-harness + ops-bridge |
| Agent memory and session state | glas-harness |
## Smoke test
```bash
# Requires sandboxer CLI and SANDBOXER_HOST (or profile placement fallback)
SANDBOXER_HOST=coulombcore ./scripts/smoke-agent-dev.sh
```
Creates `profile.agent-dev`, prints reachability (tunnel metadata + SSH
one-liner), then destroys.
## Out of scope for sand-boxer
- Tool schemas and approval flows
- Channel bridges (Slack, email, etc.)
- Subagent orchestration
Reference in New Issue View Git Blame Copy Permalink