8c6e7831e9
Major additions: - marketplace/: Agent template registry with FTS5 search, ratings, versioning - observability/: Prometheus metrics, distributed tracing, structured logging - ledger/migrations/: Database migration scripts for multi-tenant support - tests/governance/: 15 new test files for phases 6-12 (295 total tests) - bin/validate-phases: Full 12-phase validation script New features: - Multi-tenant support with tenant isolation and quota enforcement - Agent marketplace with semantic versioning and search - Observability with metrics, tracing, and log correlation - Tier-1 agent bootstrap scripts Updated components: - ledger/api.py: Extended API for tenants, marketplace, observability - ledger/schema.sql: Added tenant, project, marketplace tables - testing/framework.ts: Enhanced test framework - checkpoint/checkpoint.py: Improved checkpoint management Archived: - External integrations (Slack/GitHub/PagerDuty) moved to .archive/ - Old checkpoint files cleaned up Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sandbox Environment
Overview
The sandbox environment provides a safe space for agents to execute tasks without affecting production systems. Currently configured to use localhost (the current VM) as the primary sandbox target.
Structure
/opt/agent-governance/sandbox/
├── README.md # This file
├── FIRST_TASK.md # First task for Tier 1 promotion
├── ansible/
│ ├── deploy-service.yml # Deploy Docker services
│ └── rollback-service.yml # Rollback deployments
└── terraform/
└── docker-service/
└── main.tf # Terraform Docker provider config
Current Environment
| Component | Status | Port |
|---|---|---|
| Docker | Running | - |
| Vault | Running | 8200 |
| DragonflyDB | Running | 6379 |
| Spark Master | Running | 9944, 7077 |
| Spark Worker | Running | - |
| Redis Cache | Running | 6380 |
| Nginx Proxy | Running | 8888 |
| Prometheus | Running | 9090 |
Inventory
The sandbox inventory is defined in /opt/agent-governance/inventory/sandbox.yml.
Available Targets:
| Host | Access | Purpose |
|---|---|---|
| localhost | Tier 0-4 | Primary sandbox (current VM) |
| staging-local | Tier 2-4 | Staging (Docker namespace) |
Usage by Tier
Tier 0 (Observer)
- Can read inventory and documentation
- Can generate plans using Ansible
--checkmode - Can run
terraform plan(no apply) - Cannot execute any changes
Tier 1 (Operator)
- Can execute Ansible playbooks on sandbox hosts
- Can run
terraform applyon sandbox - Limited to sandbox targets only
Tier 2+ (Builder, Executor, Architect)
- Full sandbox access
- Staging access
- Production access varies by tier
Quick Start
Deploy a Service (Tier 1+)
# Ansible
ansible-playbook -i /opt/agent-governance/inventory/sandbox.yml \
/opt/agent-governance/sandbox/ansible/deploy-service.yml \
-e service_name=my-service \
-e image=nginx:alpine \
-e port=8080
# Terraform
cd /opt/agent-governance/sandbox/terraform/docker-service
terraform init
terraform apply -var="service_name=my-service"
Plan Only (Tier 0)
# Ansible check mode
ansible-playbook --check deploy-service.yml -e service_name=test
# Terraform plan
terraform plan -var="service_name=test"
Future Expansion
When Proxmox is available:
- Add dedicated sandbox VMs (sandbox-vm-01, sandbox-vm-02, sandbox-vm-03)
- Configure network isolation
- Enable snapshot-based rollback
- Add more complex multi-VM scenarios