RFC 0005: Sandbox proxy egress adapter model#2155
Conversation
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
|
Thanks for this RFC — the adapter/authorization/relay separation is a clean model. I wanted to flag #1633 (supervisor-proxied host-local endpoints) as a consumer of this design. The The RFC's local service adapter category is the natural home for this, but Phase 8 currently models only the three existing services ( A few questions:
Our use case: we're designing host-side API servers for fullsend (container builder, repo provisioner) and have an ADR and early experiments around it. Today the experiments bind to |
|
@maruiz93 have you tried using network_policies:
host_service:
name: host_service
endpoints:
- host: host.openshell.internal
port: 8080
binaries:
- path: /usr/bin/curlThe service you are running will need to be addressable by the driver infra you choose. For example with Docker the service you are running will need to be reachable by other containers in order for the sandbox workload to reach it through |
Summary
Drafts RFC 0005 for reshaping sandbox proxy egress around transport adapters, shared
EgressIntent/EgressDecisionauthorization, and relay-owned byte handling. The proposal covers CONNECT, forward HTTP, DNS, local services, native TCP, supervisor middleware, credential injection, WebSocket/body injection, JSON-RPC, MCP, and optional process identity for sidecar-style modes.Related Issue
N/A - RFC proposal.
Changes
Testing
mise run pre-commitpassesRFC-only documentation change. Ran
git diff --checkand ASCII scans on the RFC files. Pre-commit was intentionally not run for this RFC draft.Checklist