77655c298c
Phase 8 Production Hardening with complete governance infrastructure: - Vault integration with tiered policies (T0-T4) - DragonflyDB state management - SQLite audit ledger - Pipeline DSL and templates - Promotion/revocation engine - Checkpoint system for session persistence - Health manager and circuit breaker for fault tolerance - GitHub/Slack integrations - Architectural test pipeline with bug watcher, suggestion engine, council review - Multi-agent chaos testing framework Test Results: - Governance tests: 68/68 passing - E2E workflow: 16/16 passing - Phase 2 Vault: 14/14 passing - Integration tests: 27/27 passing Coverage: 57.6% average across 12 phases Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sandbox Environment
Overview
The sandbox environment provides a safe space for agents to execute tasks without affecting production systems. Currently configured to use localhost (the current VM) as the primary sandbox target.
Structure
/opt/agent-governance/sandbox/
├── README.md # This file
├── FIRST_TASK.md # First task for Tier 1 promotion
├── ansible/
│ ├── deploy-service.yml # Deploy Docker services
│ └── rollback-service.yml # Rollback deployments
└── terraform/
└── docker-service/
└── main.tf # Terraform Docker provider config
Current Environment
| Component | Status | Port |
|---|---|---|
| Docker | Running | - |
| Vault | Running | 8200 |
| DragonflyDB | Running | 6379 |
| Spark Master | Running | 9944, 7077 |
| Spark Worker | Running | - |
| Redis Cache | Running | 6380 |
| Nginx Proxy | Running | 8888 |
| Prometheus | Running | 9090 |
Inventory
The sandbox inventory is defined in /opt/agent-governance/inventory/sandbox.yml.
Available Targets:
| Host | Access | Purpose |
|---|---|---|
| localhost | Tier 0-4 | Primary sandbox (current VM) |
| staging-local | Tier 2-4 | Staging (Docker namespace) |
Usage by Tier
Tier 0 (Observer)
- Can read inventory and documentation
- Can generate plans using Ansible
--checkmode - Can run
terraform plan(no apply) - Cannot execute any changes
Tier 1 (Operator)
- Can execute Ansible playbooks on sandbox hosts
- Can run
terraform applyon sandbox - Limited to sandbox targets only
Tier 2+ (Builder, Executor, Architect)
- Full sandbox access
- Staging access
- Production access varies by tier
Quick Start
Deploy a Service (Tier 1+)
# Ansible
ansible-playbook -i /opt/agent-governance/inventory/sandbox.yml \
/opt/agent-governance/sandbox/ansible/deploy-service.yml \
-e service_name=my-service \
-e image=nginx:alpine \
-e port=8080
# Terraform
cd /opt/agent-governance/sandbox/terraform/docker-service
terraform init
terraform apply -var="service_name=my-service"
Plan Only (Tier 0)
# Ansible check mode
ansible-playbook --check deploy-service.yml -e service_name=test
# Terraform plan
terraform plan -var="service_name=test"
Future Expansion
When Proxmox is available:
- Add dedicated sandbox VMs (sandbox-vm-01, sandbox-vm-02, sandbox-vm-03)
- Configure network isolation
- Enable snapshot-based rollback
- Add more complex multi-VM scenarios