sand-boxer/profiles/profile.sandbox-canary.yaml

id: profile.sandbox-canary
version: "1.0.0"
extension: ext.compose-ssh
isolation:
  level: container
network:
  default: deny
  egress: []
workspace:
  mode: remote-canonical
  access: rw
scope_default: session
ttl:
  default: 1h
  max: 4h
  idle_reap: null
resources:
  cpu: null
  memory_mb: null
setup:
  instructions: ""
  secret_refs: []
placement:
  prefer: [sandboxer01]
  fallback: [coulombcore]
reachability:
  tunnel: ops-bridge
  identity: ops-warden
metadata:
  cost_class: self-hosted
  latency_class: standard
  observability: canary