sand-boxer/docs/migration-gaps.md

Migration gaps — SAND-WP-0002 smoke findings

Recorded after SAND-WP-0002-T10 remote verification on CoulombCore (92.205.130.254).

Host findings: CoulombCore has podman-compose (not docker compose). Use SANDBOXER_COMPOSE_CMD=podman-compose. Container images need fully qualified names (e.g. docker.io/library/nginx:alpine) due to short-name registry policy.

wise-validator (SAND-WP-0003) — delivered

Legacy (e2e-framework)	wise-validator today	Notes
schema.py	wisevalidator/schema.py	e2e/e2e.yml v1 contract
Health polling	wisevalidator/ssh.py	Remote curl after sand-boxer ready
test_command	wisevalidator/runner.py	SSH in reachability.remote_dir
reporter.py	wisevalidator/reporter.py	e2e_result State Hub events
Monolithic CLI	validate run	sand-boxer create/destroy via CLI client

the-custodian shim (SAND-WP-0004) — delivered

Legacy	Target	Status
make e2e REPO= in the-custodian	validate run (wise-validator + sand-boxer)	Done
python -m e2e_framework	Deprecation + delegate via e2e-framework/shim.py	Done
RUNBOOK.md in e2e-framework	Points to wise-validator + sand-boxer runbooks	Done
Verification	the-custodian/scripts/verify-e2e-shim.sh	Done

e2e-framework migration arc complete (provision: sand-boxer, validation: wise-validator, operator entry: make e2e).

build-machines (SAND-WP-0005) — attach mode delivered

Legacy (build-machines)	sand-boxer today	Notes
Packer OVA build	Operator-driven (unchanged)	Not triggered by create
make remote-build rsync + SSH	sandboxer create --profile profile.vm-haskell-build	Workspace /build/sbx-<id>/
VM teardown	N/A	destroy removes workspace only; VM persists
Extension author contract	docs/extension-sdk.md	SandboxExtension base class

Deferred: Packer orchestration from API, make remote-build shim.

sand-boxer follow-ons

Item	Workplan
SaaS extensions + payments	SAND-WP-0006
Snapshot / restore	SAND-WP-0007
TTL enforcement + scheduled reap	TBD