77655c298c
Phase 8 Production Hardening with complete governance infrastructure: - Vault integration with tiered policies (T0-T4) - DragonflyDB state management - SQLite audit ledger - Pipeline DSL and templates - Promotion/revocation engine - Checkpoint system for session persistence - Health manager and circuit breaker for fault tolerance - GitHub/Slack integrations - Architectural test pipeline with bug watcher, suggestion engine, council review - Multi-agent chaos testing framework Test Results: - Governance tests: 68/68 passing - E2E workflow: 16/16 passing - Phase 2 Vault: 14/14 passing - Integration tests: 27/27 passing Coverage: 57.6% average across 12 phases Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
100 lines
2.5 KiB
Markdown
100 lines
2.5 KiB
Markdown
# Sandbox Environment
|
|
|
|
## Overview
|
|
|
|
The sandbox environment provides a safe space for agents to execute tasks
|
|
without affecting production systems. Currently configured to use localhost
|
|
(the current VM) as the primary sandbox target.
|
|
|
|
## Structure
|
|
|
|
```
|
|
/opt/agent-governance/sandbox/
|
|
├── README.md # This file
|
|
├── FIRST_TASK.md # First task for Tier 1 promotion
|
|
├── ansible/
|
|
│ ├── deploy-service.yml # Deploy Docker services
|
|
│ └── rollback-service.yml # Rollback deployments
|
|
└── terraform/
|
|
└── docker-service/
|
|
└── main.tf # Terraform Docker provider config
|
|
```
|
|
|
|
## Current Environment
|
|
|
|
| Component | Status | Port |
|
|
|-----------|--------|------|
|
|
| Docker | Running | - |
|
|
| Vault | Running | 8200 |
|
|
| DragonflyDB | Running | 6379 |
|
|
| Spark Master | Running | 9944, 7077 |
|
|
| Spark Worker | Running | - |
|
|
| Redis Cache | Running | 6380 |
|
|
| Nginx Proxy | Running | 8888 |
|
|
| Prometheus | Running | 9090 |
|
|
|
|
## Inventory
|
|
|
|
The sandbox inventory is defined in `/opt/agent-governance/inventory/sandbox.yml`.
|
|
|
|
**Available Targets:**
|
|
|
|
| Host | Access | Purpose |
|
|
|------|--------|---------|
|
|
| localhost | Tier 0-4 | Primary sandbox (current VM) |
|
|
| staging-local | Tier 2-4 | Staging (Docker namespace) |
|
|
|
|
## Usage by Tier
|
|
|
|
### Tier 0 (Observer)
|
|
- Can read inventory and documentation
|
|
- Can generate plans using Ansible `--check` mode
|
|
- Can run `terraform plan` (no apply)
|
|
- Cannot execute any changes
|
|
|
|
### Tier 1 (Operator)
|
|
- Can execute Ansible playbooks on sandbox hosts
|
|
- Can run `terraform apply` on sandbox
|
|
- Limited to sandbox targets only
|
|
|
|
### Tier 2+ (Builder, Executor, Architect)
|
|
- Full sandbox access
|
|
- Staging access
|
|
- Production access varies by tier
|
|
|
|
## Quick Start
|
|
|
|
### Deploy a Service (Tier 1+)
|
|
|
|
```bash
|
|
# Ansible
|
|
ansible-playbook -i /opt/agent-governance/inventory/sandbox.yml \
|
|
/opt/agent-governance/sandbox/ansible/deploy-service.yml \
|
|
-e service_name=my-service \
|
|
-e image=nginx:alpine \
|
|
-e port=8080
|
|
|
|
# Terraform
|
|
cd /opt/agent-governance/sandbox/terraform/docker-service
|
|
terraform init
|
|
terraform apply -var="service_name=my-service"
|
|
```
|
|
|
|
### Plan Only (Tier 0)
|
|
|
|
```bash
|
|
# Ansible check mode
|
|
ansible-playbook --check deploy-service.yml -e service_name=test
|
|
|
|
# Terraform plan
|
|
terraform plan -var="service_name=test"
|
|
```
|
|
|
|
## Future Expansion
|
|
|
|
When Proxmox is available:
|
|
- Add dedicated sandbox VMs (sandbox-vm-01, sandbox-vm-02, sandbox-vm-03)
|
|
- Configure network isolation
|
|
- Enable snapshot-based rollback
|
|
- Add more complex multi-VM scenarios
|