INTENT ↔ SCOPE Gap Analysis — Post SAND-WP-0007
Date: 2026-06-24
Author: codex
Trigger: SAND-WP-0001–0008 finished; SAND-WP-0007 (snapshots) shipped.
SCOPE.md refreshed 2026-06-24. Prior assessment:
history/2026-06-23-post-wp0003-intent-scope-gap-analysis.md (superseded).
1. Executive summary
sand-boxer is v0 feature-complete for establishment: compose provision,
vm-packer attach, SaaS stub + routing + credits, workspace checkpoints, host
telemetry, and sibling migration arc (wise-validator + the-custodian shim).
Remaining distance to INTENT is operational hardening (TTL enforcement —
the largest functional gap), registry hygiene (classification + federation),
reachability depth (ops-bridge descriptor), and extension breadth
(real cloud adapters, Packer orchestration). Host topology (sandboxer01) and
some sibling sign-offs sit outside this repo.
Vector movement: D5/A3/C3/R3 (post-WP-0003) → D5/A4/C4/R3
| Dimension |
Post-WP-0003 |
Now (post-WP-0007) |
Next target |
| Discovery |
D5 |
D5 |
D6 after registry publish |
| Availability |
A3 |
A4 |
A5 after TTL + HTTP parity |
| Completeness |
C3 |
C4 |
C5 after cloud adapters |
| Reliability |
R3 |
R3 |
R4 after TTL auto-expire |
2. Workplan deliverables (cumulative)
| Workplan |
Status |
Key deliverable |
| SAND-WP-0001 |
finished |
Python scaffold, AGENTS.md |
| SAND-WP-0002 |
finished |
Meta-framework, ext.compose-ssh, CLI, HTTP stub |
| SAND-WP-0003 |
finished |
wise-validator sibling (validate run) |
| SAND-WP-0004 |
finished |
the-custodian make e2e shim |
| SAND-WP-0005 |
finished |
Extension SDK, ext.vm-packer attach |
| SAND-WP-0006 |
finished |
Routing, payments, ext.saas-stub |
| SAND-WP-0007 |
finished |
Snapshot/restore, profile.compose-checkpoint |
| SAND-WP-0008 |
finished |
Canary telemetry, inspect / reap-stale |
Open deferred tasks in finished workplans:
| Task |
Workplan |
Status |
Gap |
| T06 Packer orchestration |
SAND-WP-0005 |
wait |
No create-triggered builds |
| T06 Real E2B/Modal/BYOK/fin-hub |
SAND-WP-0006 |
wait |
Stub only |
| T09 Remote smoke sign-off |
SAND-WP-0003 |
wait |
wise-validator operator task |
3. INTENT — four pillars (current)
Pillar 1: Unified establishment API
| Capability |
INTENT |
Status |
Gap |
create / get / list / destroy / recreate |
v0 |
Done |
CLI; HTTP missing recreate |
snapshot / restore |
Completeness |
Done |
SAND-WP-0007; cross-host deferred |
extend_ttl |
API shape |
Absent |
Schema only; no parser, no expires_at |
| TTL auto-expiry |
Isolation enforcement |
Absent |
expired state unused |
active state transition |
Optional |
Absent |
Not wired |
| Consumer attribution |
Required |
Done |
— |
| HTTP surface parity |
Parallel CLI |
Partial |
No recreate, extend_ttl |
Pillar 2: Profile catalog
| Capability |
INTENT |
Status |
Gap |
| Compose + checkpoint profiles |
Reference |
Done |
Remote-verified compose |
| Canary self-deploy |
Dogfood |
Done |
SAND-WP-0008 |
| vm-haskell-build |
build-machines attach |
Done |
SAND-WP-0005 |
| saas-stub / burst-sandbox |
SaaS routing |
Done |
SAND-WP-0006 |
| Agent-dev / glas-harness profile |
Consumer |
Absent |
Integration doc only |
| Setup metadata / secret refs |
Blitzy pattern |
Schema only |
No resolution at provision |
| Registry federation publish |
Registry-first |
Draft |
No reuse-surface validate run |
Pillar 3: Extension platform
| Capability |
INTENT |
Status |
Gap |
ext.compose-ssh |
Self-hosted |
Done |
+ tar snapshots |
ext.vm-packer attach |
build-machines |
Done |
Build orchestration deferred |
ext.saas-stub |
Metered stub |
Done |
— |
| Extension SDK |
Author contract |
Done |
docs/extension-sdk.md |
| Routing engine |
Multi-backend |
Done |
SAND-WP-0006 |
| E2B / Modal / Daytona |
SaaS class |
Absent |
WP-0006-T06 deferred |
| Cross-host snapshot transfer |
Checkpoint |
Absent |
Same-host only in v0 |
Pillar 4: Payments and metering
| Capability |
INTENT |
Status |
Gap |
| Credits + estimate + debit |
SaaS v0 |
Done |
SAND-WP-0006 |
| BYOK for provider keys |
SaaS |
Absent |
OpenBao routing only |
| fin-hub billing export |
Platform |
Absent |
— |
| Self-hosted duration metering |
Host/duration |
Partial |
Telemetry deltas; no billing |
4. Governing principle scorecard
| # |
Question |
Status |
Evidence / gap |
| 1 |
Which sandbox recipe? |
Met |
6 profiles, loader |
| 2 |
Which backend? |
Met |
Routing + 3 extensions |
| 3 |
Where does it run? |
Partial |
Placement works; sandboxer01 not live |
| 4 |
How is isolation enforced? |
Partial |
Compose isolation; TTL not enforced |
| 5 |
How reachable? |
Partial |
SSH direct; ops-bridge not in descriptor |
| 6 |
What happened? |
Met |
State Hub + stores |
| 7 |
What did it cost? |
Partial |
Metered stub; no fin-hub export |
Score: 3 met, 4 partial, 0 not met (was 2/4/1 post-WP-0003)
5. Self-sufficiency and sibling boundaries
| Criterion |
Status |
Notes |
| Operates without wise-validator |
Met |
Full CLI surface |
| wise-validator optional consumer |
Met |
One-way dependency |
| sand-boxer does not validate |
Met |
— |
| the-custodian shim complete |
Met |
SAND-WP-0004 |
| glas-harness / snuggle consumer smoke |
Not met |
Docs only |
| activity-core TTL reap hook |
Not met |
No contract or scheduler |
6. Maturity target gaps
| Maturity statement |
Status |
Track |
| glas-harness requests sandboxes without backend choice |
Partial |
burst-sandbox routes; no agent-dev profile |
| wise-validator validation environments |
Met |
validate run |
| snuggle-inventor build sandboxes + secret refs |
Not met |
Secret boundary open |
| activity-core bounded venues + visibility |
Partial |
Events yes; TTL reap no |
| Operators route self-hosted vs SaaS spend |
Met |
Routing + credits |
| Workstation optional for runtime |
Met |
Remote compose + shim |
7. Registry and hygiene gaps
| Item |
Status |
Impact |
.repo-classification.yaml |
Missing |
State Hub C-24 warn |
capability.execution.sandbox-provision maturity |
Stale |
Still cites WP-0002 in-progress |
reuse-surface validate publish |
Not run |
Federation blocked |
| Security runbook (blast-radius honesty) |
Absent |
INTENT design principle undocumented |
8. Remaining gaps (prioritized)
| Prio |
Gap |
Owner |
Proposed track |
P1 |
TTL enforcement + extend_ttl + expires_at |
sand-boxer |
SAND-WP-0009 — done |
P2 |
TTL reap / activity-core contract |
sand-boxer |
SAND-WP-0009 — docs/integrations/activity-core.md |
P3 |
.repo-classification.yaml + registry refresh |
sand-boxer |
SAND-WP-0009 — done |
P4 |
HTTP API parity (recreate, extend_ttl) |
sand-boxer |
SAND-WP-0009 — done |
| P5 |
Real E2B / Modal adapters + BYOK |
sand-boxer |
SAND-WP-0010 |
| P6 |
ops-bridge tunnel in reachability descriptor |
sand-boxer |
SAND-WP-0011 |
| P7 |
Consumer profiles (glas-harness, snuggle) |
sand-boxer |
SAND-WP-0011 |
| P8 |
Packer build orchestration + remote-build shim |
sand-boxer |
SAND-WP-0012 |
| P9 |
Cross-host snapshot transfer |
sand-boxer |
Future |
| P10 |
fin-hub billing export |
sand-boxer + platform |
With SAND-WP-0010 |
| P11 |
sandboxer01 dedicated host |
infra / operator |
Outside repo |
| P12 |
wise-validator remote smoke (T09) |
wise-validator |
Operator |
9. Recommended workplans (2026-06-24)
| Workplan |
Status |
Closes |
| SAND-WP-0009 |
finished |
P1–P4 (TTL, hygiene, HTTP parity) |
| SAND-WP-0010 |
ready |
P5, P10 (E2B/Modal, BYOK, fin-hub) |
| SAND-WP-0011 |
ready |
P6, P7 (reachability, consumer profiles) |
| SAND-WP-0012 |
ready |
P8 (Packer orchestration, remote-build shim) |
Suggested implementation order: 0010 and 0011 may parallelize; 0012 depends
on stable vm-packer attach (done). Operator tracks P11/P12 outside repo.
10. Evidence references
workplans/SAND-WP-0005 through SAND-WP-0008 (all finished)SCOPE.md (updated 2026-06-24)docs/snapshots.md, docs/routing.md, docs/payments.mddocs/migration-gaps.md- 54 pytest cases;
make check green
tegwick
5466330cf4