profit/agent-governance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
agent-governance/sandbox/README.md
profit 77655c298c Initial commit: Agent Governance System Phase 8 
Phase 8 Production Hardening with complete governance infrastructure:

- Vault integration with tiered policies (T0-T4)
- DragonflyDB state management
- SQLite audit ledger
- Pipeline DSL and templates
- Promotion/revocation engine
- Checkpoint system for session persistence
- Health manager and circuit breaker for fault tolerance
- GitHub/Slack integrations
- Architectural test pipeline with bug watcher, suggestion engine, council review
- Multi-agent chaos testing framework

Test Results:
- Governance tests: 68/68 passing
- E2E workflow: 16/16 passing
- Phase 2 Vault: 14/14 passing
- Integration tests: 27/27 passing

Coverage: 57.6% average across 12 phases

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-23 22:07:06 -05:00

2.5 KiB
Raw Blame History

Sandbox Environment

Overview

The sandbox environment provides a safe space for agents to execute tasks without affecting production systems. Currently configured to use localhost (the current VM) as the primary sandbox target.

Structure

/opt/agent-governance/sandbox/
├── README.md           # This file
├── FIRST_TASK.md       # First task for Tier 1 promotion
├── ansible/
│   ├── deploy-service.yml    # Deploy Docker services
│   └── rollback-service.yml  # Rollback deployments
└── terraform/
    └── docker-service/
        └── main.tf           # Terraform Docker provider config

Current Environment

Component Status Port
Docker Running -
Vault Running 8200
DragonflyDB Running 6379
Spark Master Running 9944, 7077
Spark Worker Running -
Redis Cache Running 6380
Nginx Proxy Running 8888
Prometheus Running 9090

Inventory

The sandbox inventory is defined in /opt/agent-governance/inventory/sandbox.yml.

Available Targets:

Host Access Purpose
localhost Tier 0-4 Primary sandbox (current VM)
staging-local Tier 2-4 Staging (Docker namespace)

Usage by Tier

Tier 0 (Observer)

  • Can read inventory and documentation
  • Can generate plans using Ansible --check mode
  • Can run terraform plan (no apply)
  • Cannot execute any changes

Tier 1 (Operator)

  • Can execute Ansible playbooks on sandbox hosts
  • Can run terraform apply on sandbox
  • Limited to sandbox targets only

Tier 2+ (Builder, Executor, Architect)

  • Full sandbox access
  • Staging access
  • Production access varies by tier

Quick Start

Deploy a Service (Tier 1+)

# Ansible
ansible-playbook -i /opt/agent-governance/inventory/sandbox.yml \
  /opt/agent-governance/sandbox/ansible/deploy-service.yml \
  -e service_name=my-service \
  -e image=nginx:alpine \
  -e port=8080

# Terraform
cd /opt/agent-governance/sandbox/terraform/docker-service
terraform init
terraform apply -var="service_name=my-service"

Plan Only (Tier 0)

# Ansible check mode
ansible-playbook --check deploy-service.yml -e service_name=test

# Terraform plan
terraform plan -var="service_name=test"

Future Expansion

When Proxmox is available:

  • Add dedicated sandbox VMs (sandbox-vm-01, sandbox-vm-02, sandbox-vm-03)
  • Configure network isolation
  • Enable snapshot-based rollback
  • Add more complex multi-VM scenarios