RFC 0005: Sandbox proxy egress adapter model#2155
Conversation
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
|
Thanks for this RFC — the adapter/authorization/relay separation is a clean model. I wanted to flag #1633 (supervisor-proxied host-local endpoints) as a consumer of this design. The The RFC's local service adapter category is the natural home for this, but Phase 8 currently models only the three existing services ( A few questions:
Our use case: we're designing host-side API servers for fullsend (container builder, repo provisioner) and have an ADR and early experiments around it. Today the experiments bind to |
Summary
Drafts RFC 0005 for reshaping sandbox proxy egress around transport adapters, shared
EgressIntent/EgressDecisionauthorization, and relay-owned byte handling. The proposal covers CONNECT, forward HTTP, DNS, local services, native TCP, supervisor middleware, credential injection, WebSocket/body injection, JSON-RPC, MCP, and optional process identity for sidecar-style modes.Related Issue
N/A - RFC proposal.
Changes
Testing
mise run pre-commitpassesRFC-only documentation change. Ran
git diff --checkand ASCII scans on the RFC files. Pre-commit was intentionally not run for this RFC draft.Checklist