generated from coulomb/repo-seed
tegwick
15f031fd65
Add credentialed E2B and Modal extensions, burst routing fallback, fin-hub meter export hook, BYOK docs, and 77 tests.
54 lines
1.5 KiB
Markdown
54 lines
1.5 KiB
Markdown
# Cloud adapters (E2B, Modal)
|
|
|
|
Metered SaaS sandbox backends — SAND-WP-0010.
|
|
|
|
## Extensions
|
|
|
|
| Extension | Profile | Provider API |
|
|
|-----------|---------|--------------|
|
|
| `ext.e2b` | `profile.e2b-burst` | `https://api.e2b.dev` |
|
|
| `ext.modal` | `profile.modal-gpu` | `https://api.modal.com` |
|
|
| `ext.saas-stub` | `profile.saas-stub` | None (local stub) |
|
|
|
|
`profile.burst-sandbox` routes: compose-ssh → E2B → Modal → saas-stub.
|
|
|
|
## BYOK credentials
|
|
|
|
Resolve keys at provision boundary only — never in Git, workplans, or State Hub.
|
|
|
|
```bash
|
|
warden route find "E2B API key" --json
|
|
warden route find "Modal token" --json
|
|
```
|
|
|
|
| Extension | Primary env | secret_ref env fallback |
|
|
|-----------|-------------|-------------------------|
|
|
| `ext.e2b` | `E2B_API_KEY` | `SANDBOXER_SECRET_E2B_API_KEY` |
|
|
| `ext.modal` | `MODAL_TOKEN_ID` | `SANDBOXER_SECRET_MODAL_TOKEN_ID` |
|
|
|
|
OpenBao custody via railiance-platform; sand-boxer reads env injected by operator.
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
export E2B_API_KEY=... # operator-injected, not in repo
|
|
|
|
sandboxer create --profile profile.e2b-burst
|
|
sandboxer create --profile profile.burst-sandbox # SaaS when self-hosted unavailable
|
|
sandboxer destroy <id>
|
|
```
|
|
|
|
## fin-hub export
|
|
|
|
On metered destroy, optional POST to `SANDBOXER_FIN_HUB_URL/usage/sandbox`.
|
|
Disabled by default. Set `SANDBOXER_NO_FIN_HUB=1` to suppress.
|
|
|
|
## CI
|
|
|
|
Unit tests mock HTTP — no live provider calls in `make check`.
|
|
|
|
Operator smoke (credentials required):
|
|
|
|
```bash
|
|
./scripts/smoke-cloud-adapter.sh e2b
|
|
``` |