Skip to content

docs(agent-workflows): plan runner self-hosting cleanup#5288

Draft
mmabrouk wants to merge 4 commits into
big-agentsfrom
docs/runner-selfhosting-cleanup-plan
Draft

docs(agent-workflows): plan runner self-hosting cleanup#5288
mmabrouk wants to merge 4 commits into
big-agentsfrom
docs/runner-selfhosting-cleanup-plan

Conversation

@mmabrouk

Copy link
Copy Markdown
Member

Context

Runner self-hosting currently mixes runner routing, sandbox selection, Daytona configuration, runtime facts, subscription credentials, and mount behavior across overlapping environment variables. The local 8280 failure made the result concrete: Services reached a subscription sidecar without Daytona credentials, so a valid Daytona request failed before provisioning.

PR #5274 exposed immediate snapshot and mount follow-ups. PR #5285 proposes a provider allowlist and future Docker provider. PR #5286 adds useful runner authentication and provider-key narrowing, but also injects the broad Helm application environment into the runner.

Proposal

This docs-only PR defines a cleanup that:

  • uses one logical runner deployment for local and Daytona;
  • introduces explicit enabled and default sandbox-provider configuration;
  • scopes Daytona credentials, artifacts, and lifecycle values to the agent runner;
  • removes automatic Pi and Claude OAuth discovery or upload;
  • adds typed, data-only bootstrap assets for local and Daytona;
  • supports personal subscription authentication only on a trusted local runner;
  • removes runtime-fact and hidden policy booleans;
  • makes required session, artifact, and transcript mounts fail loudly;
  • keeps the runner token and provider-key narrowing from [fix] Land the v7 audit findings that need no product decision #5286 while rejecting broad commonEnv, static runner API credentials, and inherit-all fallbacks;
  • sequences the implementation, QA matrix, public documentation, and deferred work.

Review guide

The most consequential choices are in:

  1. interface.md: canonical names, ownership, capability discovery, bootstrap schema, and failure contracts.
  2. plan.md: implementation slices and reconciliation with [chore] Agent mounts followup and clean-up #5274, docs(design): plan docker sandbox provider + sandboxes allowlist #5285, and [fix] Land the v7 audit findings that need no product decision #5286.
  3. qa.md: supported and rejected sandbox, harness, and authentication combinations.
  4. documentation-plan.md: explanation, tutorial, how-to, reference, and troubleshooting pages.
  5. status.md: the complete owner decision checklist.

I will add inline threads to the key decision lines so review can happen in place.

Scope

This PR changes design documentation only. It does not change runtime behavior, hosting configuration, or public docs.

Verification

Related: #5274, #5285, #5286

@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agenta-documentation Ready Ready Preview, Comment Jul 14, 2026 12:36pm

Request Review

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/runner-selfhosting-cleanup-plan

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@mmabrouk mmabrouk added the needs-review Agent updated; awaiting Mahmoud's review label Jul 13, 2026

| Variable | Role | Default |
|---|---|---|
| `AGENTA_RUNNER_ENABLED_SANDBOX_PROVIDERS` | deployment capability configuration | `local` |

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 The AI agent says: Decision: provider naming and safe defaults. I prefer ENABLED_SANDBOX_PROVIDERS over an “allowlist” because this describes deployment capability, not an authorization exception. Unset means local only, so adding Docker or E2B to a future binary cannot silently enable it in existing installations. Please use this thread for alternate names or default semantics.


## 6. Bootstrap manifest

Bootstrap assets describe files or directories the operator intentionally makes available to a run. The manifest is mounted read-only and selected through `AGENTA_RUNNER_BOOTSTRAP_CONFIG`.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 The AI agent says: Decision: bootstrap version 1 is declarative data, not executable hooks. A mounted manifest gives local and Daytona the same typed copy contract, keeps operator sources read-only, and lets us validate paths, modes, size, and redaction. If scripts or VPN hooks are required for the first version, we should define their execution and secret boundary here before implementation.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is not bad. We decided not to go with an extension or something. At the end of the day, it's kind of the runners, as in the local hosters, who are going to add these, so it's their responsibility. I'm not sure if these are as extensible and as easy to use and to implement as we want them to be. It looks overly complicated for something I'm not sure we need even now.

Even if we are not talking about hooks, I don't know what other solution. What's the problem that you're trying to solve here? Really, let's be clear about that problem. Otherwise, let's keep it just simple. I don't know, but I'd like to revisit this. Simplicity is very important in the implementation for this PR.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: The problem this manifest solves is real but small: (a) stop the runner from auto-discovering its own Pi login and uploading it to Daytona, and (b) give a local operator a declared way to use their own subscription. Neither needs a manifest engine. Version 1 proposal: delete shouldUploadOwnLogin and uploadPiAuthToSandbox, and for local subscriptions document a plain read-only volume mount in Compose (mount the credential directory, point PI_CODING_AGENT_DIR / CLAUDE_CONFIG_DIR at it). No YAML schema, no validation engine, no AGENTA_RUNNER_BOOTSTRAP_CONFIG variable. The company-CA / runtime-config use case has no user demand yet; it belongs with RSH-4. This removes section 6 here and most of phase 4 in plan.md, and it matches how operators already customize the rest of the stack: by editing the Compose file they own.


- The local adapter creates a unique per-run harness configuration root, copies applicable assets, sets `PI_CODING_AGENT_DIR` or `CLAUDE_CONFIG_DIR`, and deletes the copy at teardown.
- The Daytona adapter uploads applicable non-auth assets before daemon start and applies the same logical destination mapping.
- Version 1 rejects `purpose: harness-auth` for Daytona.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 The AI agent says: Decision: no remote subscription authentication in version 1. This removes the current automatic Pi login upload. Daytona bootstraps still support non-auth runtime files, but a harness-auth asset is local-only until OpenAI or Anthropic confirms the third-party remote execution model and we design it explicitly.

5. transport-disconnected recovery gets one bounded remount attempt, then fails;
6. no plain directory is substituted at the durable path.

Errors name the failed mount kind and remediation category without exposing credentials. There is no public environment switch to disable transcript mounts.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 The AI agent says: Decision: persistence assertions fail loudly. A session id, workflow artifact, or resumable harness session promises durable state, so a signing or mount failure should fail the run. Only a truly sessionless invocation may degrade to an ephemeral cwd. This intentionally replaces the current best-effort fallback.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I don't agree. I don't think we should have it so hard on one hand, and I'm not sure if it's in scope. Obviously, if there's something really problematic, like a signing failure, yes, I agree GEC if it's not working. I would really not have it that hard.

Otherwise, we cannot release, right? The goal is obviously to clean up things and clean up the documentation so people can self-host it, release, and then iteratively improve, not add conditions that might break our implementation for the moment because of fighting millisecond issues or whatever. For example, had I think something with the GFC, if this mount or whatever, and then at some point there was some small race condition that broke everything.

Please think about that and review it, but I would add only what is needed to scope here. That was not the goal of the cleanup, right? Here, you're thinking really about the logic.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: Agree with the owner comment here: this is a behavior rewrite, not cleanup, and it is out of scope for the release. Rewriting mount semantics the night before a code freeze risks exactly the race-condition class that best-effort currently papers over. Version 1 proposal: keep the current best-effort behavior, add one structured warning log when a durable mount degrades to an ephemeral directory (so we can measure how often it actually happens), and move the fail-loud contract to a new open-issues entry. Keep only the cheap config-time startup validation from section 3, which fails before anything runs and cannot break a live run. This removes phase 5 from the release path.


### No Helm common environment

The PR includes `agenta.commonEnv` in the runner deployment. That block contains application license, Postgres password and URIs, Agenta auth and cryptographic keys, Redis credentials, store master credentials, and unrelated service configuration.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 The AI agent says: Decision on PR #5286: keep the runner token and provider-key narrowing, but do not inject agenta.commonEnv. A local harness can inspect the runner process through /proc, so that Helm include exposes database, auth, cryptographic, Redis, and store-master secrets. The proposal also removes the static runner AGENTA_API_KEY; callbacks and traces use the credential already scoped to each request.


No credential value, bootstrap content, or local source path is logged.

## 4. Provider capability discovery

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one looks very tricky to implement because now you're expecting the runner to provide capabilities, the service to fetch those capabilities, and then to show them to the frontend. Yes, it's the right way, probably, to do it, but it feels like it adds a lot of complexity into a codebase that still needs a lot of refactoring. I'm not sure about this. Would you go into either a redundant environment variable? Are we using that environment variable for some of us?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unless i am missing something about complexity

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: Agree, cut /capabilities from version 1. To answer the question in this thread: yes, the redundant environment variable already exists. The API gates sandbox availability today through AGENTA_SANDBOX_LOCAL_ALLOWED in api/oss/src/utils/env.py, and the SDK and services read it too. So the pragmatic v1 shape is: keep that pattern but rename it to the canonical value (AGENTA_RUNNER_ENABLED_SANDBOX_PROVIDERS), and have Compose and Helm feed both the API and the runner from one operator-facing entry in the env file. Drift then requires deliberate effort. The runner stays the final authority and rejects a disabled provider with a clear error, which is honest enough for an MVP. Park the /capabilities endpoint in RSH-7 for when multi-runner or heterogeneous deployments make one shared value insufficient. This deletes phase 2 from the release path.

@mmabrouk

Copy link
Copy Markdown
Member Author

🤖 Review agent: inline comments

Posted as one PR-level comment because a pending review on this PR blocks inline review comments via the API. Intended anchors noted per item.


Reply to this thread

🤖 Review agent says: Agree, cut /capabilities from version 1. To answer the question in this thread: yes, the redundant environment variable already exists. The API gates sandbox availability today through AGENTA_SANDBOX_LOCAL_ALLOWED in api/oss/src/utils/env.py, and the SDK and services read it too. So the pragmatic v1 shape is: keep that pattern but rename it to the canonical value (AGENTA_RUNNER_ENABLED_SANDBOX_PROVIDERS), and have Compose and Helm feed both the API and the runner from one operator-facing entry in the env file. Drift then requires deliberate effort. The runner stays the final authority and rejects a disabled provider with a clear error, which is honest enough for an MVP. Park the /capabilities endpoint in RSH-7 for when multi-runner or heterogeneous deployments make one shared value insufficient. This deletes phase 2 from the release path.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/interface.md line 192

🤖 Review agent says: The problem this manifest solves is real but small: (a) stop the runner from auto-discovering its own Pi login and uploading it to Daytona, and (b) give a local operator a declared way to use their own subscription. Neither needs a manifest engine. Version 1 proposal: delete shouldUploadOwnLogin and uploadPiAuthToSandbox, and for local subscriptions document a plain read-only volume mount in Compose (mount the credential directory, point PI_CODING_AGENT_DIR / CLAUDE_CONFIG_DIR at it). No YAML schema, no validation engine, no AGENTA_RUNNER_BOOTSTRAP_CONFIG variable. The company-CA / runtime-config use case has no user demand yet; it belongs with RSH-4. This removes section 6 here and most of phase 4 in plan.md, and it matches how operators already customize the rest of the stack: by editing the Compose file they own.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/interface.md line 253

🤖 Review agent says: Alignment check on customization: the operator owns it through scripts and images, not through runner environment machinery. Daytona: we ship and document the snapshot build scripts that already exist at services/runner/sandbox-images/daytona/ (create the snapshot, upload it, set AGENTA_RUNNER_DAYTONA_SNAPSHOT). Local: the operator edits their Compose file to mount extra folders, or builds a custom image from services/runner/docker/Dockerfile.gh when they need extra dependencies (chromium, gh, certificates). The only environment variables involved are the image and snapshot references that already exist. Everything else is documentation, not contract.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/interface.md line 286

🤖 Review agent says: Agree with the owner comment here: this is a behavior rewrite, not cleanup, and it is out of scope for the release. Rewriting mount semantics the night before a code freeze risks exactly the race-condition class that best-effort currently papers over. Version 1 proposal: keep the current best-effort behavior, add one structured warning log when a durable mount degrades to an ephemeral directory (so we can measure how often it actually happens), and move the fail-loud contract to a new open-issues entry. Keep only the cheap config-time startup validation from section 3, which fails before anything runs and cannot break a live run. This removes phase 5 from the release path.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/interface.md line 182

🤖 Review agent says: Release-risk flag on making credentialMode, provider, and deployment hard-required with no inference branch: any caller that does not send them yet starts failing contract validation. Before adopting this, audit what the API and SDK actually send today on every run path (playground, workflows, evaluations, SDK local). If every in-repo caller already sends them, the flip is free and correct. If any caller omits them, fix that caller in the same PR or keep a narrow default for the missing field, and do the strictness flip after the release. Same risk category as the mount rework: correctness hardening that can turn a working demo into a failing one.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/plan.md line 174

🤖 Review agent says: Proposed re-scope for the MVP release. Ship: phase 0 (QA repair), phase 1 (canonical names, typed runner config, startup validation; this is the open interface we cannot change after release), a slim phase 3 (keep the runner token and key narrowing, drop commonEnv, drop the inherit-all flag, but see the credentialMode strictness flag on interface.md section 5), and the docs plus hosting layout work. Defer: phase 2 (capability endpoint; shared env var instead, see the section 4 thread), phase 4 (bootstrap manifest; documented volume mounts instead, see the section 6 thread), phase 5 (fail-loud mounts; warning log instead, see the section 8 thread). That collapses the 7-PR stack to roughly 4 PRs: (1) QA repair, (2) rename plus typed config plus validation across code, Compose, Helm, Railway, (3) runner environment narrowing, (4) docs plus hosting README. Slices 2, 3, and 4 touch mostly disjoint files and can be built in parallel.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/plan.md line 159

🤖 Review agent says: Two gaps in this phase. First, the plan has no workstream for making the hosting tree itself self-explanatory, and that is a release requirement. Add a docs-only slice: a hosting/README.md that maps the layout (Compose variants per edition and per image mode, Helm, Railway, the runner image built from services/runner/docker/, the Daytona snapshot built from services/runner/sandbox-images/daytona/), plus a commented entry in every env.*.example for each canonical runner variable, plus a final grep check that no removed name survives anywhere under hosting/ or docs/. Second, sequencing: 'docs land after all phases' does not survive a release tomorrow. The only real prerequisite for the docs is the phase 1 rename. Land the docs with or immediately after that PR. Only the troubleshooting error strings genuinely depend on later implementation; add those entries as the code lands.


docs/design/agent-workflows/projects/runner-selfhosting-cleanup/documentation-plan.md line 3

🤖 Review agent says: The Diátaxis split is right but the plan is incomplete against the release goals. (1) It never reconciles with the existing docs/docs/self-host/ tree: quick-start, configuration, guides 07 (deploy the runner), 08 (custom images), and 09 (Daytona) already exist. Say explicitly which existing pages are replaced, which are rewritten, and where their URLs redirect; otherwise we ship two parallel doc sets. (2) Missing a security and trust concept page: local runs share the runner container and are not an isolation boundary; use Daytona when you need one. The content already exists in context.md and needs a public home, because self-hosters on Reddit will ask this first. (3) Missing how-tos people will actually search for: mount extra folders into local agent runs; add dependencies (chromium, gh CLI, certificates) via a custom runner image; use your own Claude or ChatGPT subscription locally (make Codex/ChatGPT explicit, not just Pi); and a short extension-points page saying another sandbox provider or harness is a feature request with a link to open an issue. (4) The runner reference page should note it is generated from or checked against the typed config so it cannot drift.

@mmabrouk

Copy link
Copy Markdown
Member Author

🤖 Review agent: overall assessment

This design gets the important thing right: one runner-owned namespace (AGENTA_RUNNER_*), explicit provider enablement defaulting to local, deletion of the overlapping DAYTONA_* / SANDBOX_AGENT_* / boolean-flag names, no automatic subscription upload, and no commonEnv in the runner pod. Those names are the open interface we cannot change after release, so phase 1 is exactly the right center of gravity.

But the plan wraps that cleanup in three engineering subsystems that are not needed to release, and each one is new logic with new failure modes the night before a code freeze:

  1. Capability discovery endpoint (phase 2). The API already gates providers via its own env var today (AGENTA_SANDBOX_LOCAL_ALLOWED). Rename that to the canonical variable, feed API and runner from one env-file entry, keep the runner as final authority. Endpoint parked in RSH-7.
  2. Bootstrap manifest (phase 4). The real v1 problems are: stop auto-uploading Pi auth, and let a local operator mount their own subscription. Solve them by deleting the upload path and documenting a read-only volume mount plus PI_CODING_AGENT_DIR/CLAUDE_CONFIG_DIR. No manifest, no schema, no new variable.
  3. Fail-loud mounts (phase 5). Behavior rewrite, not cleanup. Keep best-effort, add a warning log on durable-to-ephemeral degradation, park the contract as an open issue. Keep only startup config validation.

Two things the plan is missing that the release does need:

  • A hosting-layout workstream. Nothing in the plan makes hosting/ self-explanatory: a hosting/README.md mapping Compose variants, Helm, Railway, the runner image (services/runner/docker/), and the Daytona snapshot recipe (services/runner/sandbox-images/daytona/), plus commented env.*.example entries for every canonical variable, plus a removed-name grep gate.
  • Docs reconciliation and sequencing. The Diátaxis page list is good but ignores the existing self-host tree (guides 07/08/09 must be replaced, not duplicated), lacks the security/trust concept page and several high-demand how-tos (mount folders, add chromium/gh, use your subscription, request a provider), and gates all docs behind all six phases. Docs depend only on the phase 1 rename and should land with it.

Proposed release scope: ship phase 0, phase 1, slim phase 3 (token + narrowing, minus the credentialMode strictness flip unless a caller audit proves it free), docs + hosting README. Defer phases 2, 4, 5 as described in the inline threads. Roughly 4 PRs, largely parallelizable.

Inline comments on the specific sections carry the details.


No credential value, bootstrap content, or local source path is logged.

## 4. Provider capability discovery

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unless i am missing something about complexity


## 6. Bootstrap manifest

Bootstrap assets describe files or directories the operator intentionally makes available to a run. The manifest is mounted read-only and selected through `AGENTA_RUNNER_BOOTSTRAP_CONFIG`.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is not bad. We decided not to go with an extension or something. At the end of the day, it's kind of the runners, as in the local hosters, who are going to add these, so it's their responsibility. I'm not sure if these are as extensible and as easy to use and to implement as we want them to be. It looks overly complicated for something I'm not sure we need even now.

Even if we are not talking about hooks, I don't know what other solution. What's the problem that you're trying to solve here? Really, let's be clear about that problem. Otherwise, let's keep it just simple. I don't know, but I'd like to revisit this. Simplicity is very important in the implementation for this PR.

- Asset content and credential filenames are redacted from traces and normal logs.
- Version 1 does not execute scripts. Hooks, plugins, and VPN setup remain future work.

## 7. Harness installation

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'm sure you mean this. The way I see it is that, when we're talking about the daytona snapshot or whatever, we provide the scripts that allow you to create these images, upload them, and do whatever you need to do with them to kind of set yourself up for success.

For the runner, we have the docker compose. You can update it if you want to add something. I don't know, maybe you want to add other dependencies. It's your thing for the runner, so I'm not sure we need an environment variable at all. We just need scripts to kind of allow this, which I think is what you're saying, right? Just to make sure we're aligned

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: Alignment check on customization: the operator owns it through scripts and images, not through runner environment machinery. Daytona: we ship and document the snapshot build scripts that already exist at services/runner/sandbox-images/daytona/ (create the snapshot, upload it, set AGENTA_RUNNER_DAYTONA_SNAPSHOT). Local: the operator edits their Compose file to mount extra folders, or builds a custom image from services/runner/docker/Dockerfile.gh when they need extra dependencies (chromium, gh, certificates). The only environment variables involved are the image and snapshot references that already exist. Everything else is documentation, not contract.

5. transport-disconnected recovery gets one bounded remount attempt, then fails;
6. no plain directory is substituted at the durable path.

Errors name the failed mount kind and remediation category without exposing credentials. There is no public environment switch to disable transcript mounts.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I don't agree. I don't think we should have it so hard on one hand, and I'm not sure if it's in scope. Obviously, if there's something really problematic, like a signing failure, yes, I agree GEC if it's not working. I would really not have it that hard.

Otherwise, we cannot release, right? The goal is obviously to clean up things and clean up the documentation so people can self-host it, release, and then iteratively improve, not add conditions that might break our implementation for the moment because of fighting millisecond issues or whatever. For example, had I think something with the GFC, if this mount or whatever, and then at some point there was some small race condition that broke everything.

Please think about that and review it, but I would add only what is needed to scope here. That was not the goal of the cleanup, right? Here, you're thinking really about the logic.

| `runtime_provided` | the harness authenticates from explicitly prepared runtime state | local bootstrap asset |
| `none` | the run intentionally has no model credential | no credential |

Provider and deployment metadata required for model-key narrowing are also required. Missing or unknown values fail contract validation. There is no legacy "infer from hasApiKey" branch and no inherit-all escape hatch.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: Release-risk flag on making credentialMode, provider, and deployment hard-required with no inference branch: any caller that does not send them yet starts failing contract validation. Before adopting this, audit what the API and SDK actually send today on every run path (playground, workflows, evaluations, SDK local). If every in-repo caller already sends them, the flip is free and correct. If any caller omits them, fix that caller in the same PR or keep a narrow default for the missing field, and do the strictness flip after the release. Same risk category as the mount rework: correctness hardening that can turn a working demo into a failing one.

- The support matrix matches automated QA.
- The docs do not imply local isolation or remote subscription support.

## Proposed PR stack

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: Proposed re-scope for the MVP release. Ship: phase 0 (QA repair), phase 1 (canonical names, typed runner config, startup validation; this is the open interface we cannot change after release), a slim phase 3 (keep the runner token and key narrowing, drop commonEnv, drop the inherit-all flag, but see the credentialMode strictness flag on interface.md section 5), and the docs plus hosting layout work. Defer: phase 2 (capability endpoint; shared env var instead, see the section 4 thread), phase 4 (bootstrap manifest; documented volume mounts instead, see the section 6 thread), phase 5 (fail-loud mounts; warning log instead, see the section 8 thread). That collapses the 7-PR stack to roughly 4 PRs: (1) QA repair, (2) rename plus typed config plus validation across code, Compose, Helm, Railway, (3) runner environment narrowing, (4) docs plus hosting README. Slices 2, 3, and 4 touch mostly disjoint files and can be built in parallel.

- Store and FUSE failures surface a remediation-oriented error.
- Recovery tests prove one remount attempt and then failure.

## Phase 6: public documentation

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: Two gaps in this phase. First, the plan has no workstream for making the hosting tree itself self-explanatory, and that is a release requirement. Add a docs-only slice: a hosting/README.md that maps the layout (Compose variants per edition and per image mode, Helm, Railway, the runner image built from services/runner/docker/, the Daytona snapshot built from services/runner/sandbox-images/daytona/), plus a commented entry in every env.*.example for each canonical runner variable, plus a final grep check that no removed name survives anywhere under hosting/ or docs/. Second, sequencing: 'docs land after all phases' does not survive a release tomorrow. The only real prerequisite for the docs is the phase 1 rename. Land the docs with or immediately after that PR. Only the troubleshooting error strings genuinely depend on later implementation; add those entries as the code lands.

@@ -0,0 +1,169 @@
# Documentation plan

Public documentation lands after the runtime and hosting contract is stable. The pages follow Diátaxis so readers do not have to extract a tutorial from a configuration reference.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Review agent says: The Diátaxis split is right but the plan is incomplete against the release goals. (1) It never reconciles with the existing docs/docs/self-host/ tree: quick-start, configuration, guides 07 (deploy the runner), 08 (custom images), and 09 (Daytona) already exist. Say explicitly which existing pages are replaced, which are rewritten, and where their URLs redirect; otherwise we ship two parallel doc sets. (2) Missing a security and trust concept page: local runs share the runner container and are not an isolation boundary; use Daytona when you need one. The content already exists in context.md and needs a public home, because self-hosters on Reddit will ask this first. (3) Missing how-tos people will actually search for: mount extra folders into local agent runs; add dependencies (chromium, gh CLI, certificates) via a custom runner image; use your own Claude or ChatGPT subscription locally (make Codex/ChatGPT explicit, not just Pi); and a short extension-points page saying another sandbox provider or harness is a feature request with a link to open an issue. (4) The runner reference page should note it is generated from or checked against the typed config so it cannot drift.

@mmabrouk

mmabrouk commented Jul 13, 2026

Copy link
Copy Markdown
Member Author

🤖 Review agent: v2 pushed, ready for second-round review

Commit 1472d38 adopts every round-1 decision. What changed per file:

  • interface.md/capabilities replaced by one shared env value read by API and runner (section 4); the bootstrap manifest replaced by read-only Compose subscription mounts and image/snapshot customization (section 6); mounts stay best-effort with one structured degradation warning (section 8); the credentialMode strictness flip is now gated on a caller audit (section 5); added a deployment-postures note (local-only vs daytona-only) and the SANDBOX_AGENT_LOG_LEVELAGENTA_RUNNER_LOG_LEVEL rename.
  • plan.md — collapsed to 5 phases / 4 PRs: QA repair, canonical names + typed config (now includes the API-side gate rename), runner environment narrowing, subscription cleanup (deletion + mounts, no manifest), hosting layout + docs. Deferred work is listed explicitly.
  • documentation-plan.md — docs land with the phase 1 rename, not last; added the security/trust concept page, the customize-runtime how-to (disambiguating runner image vs sandbox snapshot), the subscription how-to (Pi, Claude, Codex), and extension points; section 10 gives every one of the 20 existing self-host pages a disposition (based on a full audit: only 5 pages carry stale vars, guides 07/08/09 are deleted with redirects).
  • open-issues.md — RSH-4 now holds the whole declarative-asset idea, RSH-7 the capability endpoint, RSH-11 (new) fail-loud mounts, RSH-12 (new) runner secret narrowing.
  • qa.md / status.md / context.md / research.md — aligned with the above; status.md records the round-1 decisions and lists the four round-2 questions.

Round-2 questions for the owner are in status.md: approve the re-scope as a whole, the docs dispositions, and the conditional strictness flip.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review Agent updated; awaiting Mahmoud's review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant