|
191 | 191 | {"id":"vz-9gz","title":"Authorization and policy-enforcement verification across all entrypoints","description":"Validate that policy checks and authorization behavior are consistent across CLI, control sockets, gRPC, and OpenAPI adapters.\n\nAcceptance:\n- Authorization matrix exists for all mutating operations.\n- Deny/allow behavior and machine errors are parity-tested per transport.\n- Privilege bypass paths are eliminated or blocked by tests.","status":"open","priority":1,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-24T18:16:08Z","created_by":"James Lal","updated_at":"2026-02-24T18:16:08Z"} |
192 | 192 | {"id":"vz-9y4","title":"stop_signal and stop_grace_period compose fields","description":"Services like Postgres need SIGTERM + grace period for clean shutdown. Currently containers get hard-killed. Add:\n1. Parse stop_signal and stop_grace_period in compose.rs (add to ACCEPTED keys)\n2. Add fields to ServiceSpec, RunConfig (contract + macOS)\n3. Wire through to oci_kill signal and timeout in runtime stop path\n\nFiles: crates/vz-stack/src/compose.rs, spec.rs, convert.rs, crates/vz-runtime-contract/src/types.rs, crates/vz-oci-macos/src/config.rs, runtime.rs","status":"closed","priority":2,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-22T14:55:23Z","created_by":"James Lal","updated_at":"2026-02-22T15:15:18Z","closed_at":"2026-02-22T15:15:18Z","close_reason":"stop_signal and stop_grace_period threaded from compose parsing through to oci_kill. 4 new tests."} |
193 | 193 | {"id":"vz-a0v","title":"Wire executor into vz stack CLI","description":"Connect StackExecutor to the existing vz stack up/down/ps CLI commands. Replace the current reconcile-only flow with actual container execution. Wire --dry-run to skip execution. Show real container status in vz stack ps.","status":"closed","priority":1,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-20T19:53:51Z","created_by":"James Lal","updated_at":"2026-02-20T20:15:59Z","closed_at":"2026-02-20T20:15:59Z","close_reason":"OciContainerRuntime bridge wired into cmd_up/cmd_down with --dry-run flag. PS shows ready status. 84 CLI tests pass, clippy clean.","dependencies":[{"issue_id":"vz-a0v","depends_on_id":"vz-n19","type":"blocks","created_at":"2026-02-20T12:54:03Z","created_by":"James Lal","metadata":"{}"},{"issue_id":"vz-a0v","depends_on_id":"vz-p44","type":"blocks","created_at":"2026-02-20T12:54:03Z","created_by":"James Lal","metadata":"{}"}]} |
194 | | -{"id":"vz-a2u","title":"Security threat model and hardening closure for sandbox isolation boundary","description":"Produce and execute a threat model for sandbox escape, privilege escalation, data exfiltration, and host compromise risks. Track and close hardening actions.\n\nAcceptance:\n- Threat model and attack surface inventory are reviewed and approved.\n- Critical/high findings are remediated or accepted with explicit sign-off.\n- Security regression tests are added for fixed classes of issues.","status":"open","priority":0,"issue_type":"feature","owner":"james@littlebearlabs.io","created_at":"2026-02-24T18:16:08Z","created_by":"James Lal","updated_at":"2026-02-24T18:16:08Z"} |
| 194 | +{"id":"vz-a2u","title":"Security threat model and hardening closure for sandbox isolation boundary","description":"Produce and execute a threat model for sandbox escape, privilege escalation, data exfiltration, and host compromise risks. Track and close hardening actions.\n\nAcceptance:\n- Threat model and attack surface inventory are reviewed and approved.\n- Critical/high findings are remediated or accepted with explicit sign-off.\n- Security regression tests are added for fixed classes of issues.","notes":"Findings/changes applied: (1) Added default sandbox exec user hardening in crates/vz-sandbox/src/session.rs with DEFAULT_EXEC_USER=dev and resolve_exec_user, preserving root override behavior in exec_as_root. Added unit tests resolve_exec_user_defaults_to_dev and resolve_exec_user_preserves_explicit_override. (2) Added guest vsock accept-side CID allowlist in crates/vz-guest-agent/src/listener.rs to accept only host CID=2, rejecting/closing non-host peers, with unit test source_cid_accepted_only_for_host. (3) Added planning/06-sandbox-isolation-threat-model.md covering attack surface, findings F-01..F-04, remediation mapping, and explicit sign-off. Validation from crates/ used: cargo check -p vz-sandbox -p vz-guest-agent (pass), cargo nextest run -p vz-sandbox -p vz-guest-agent (47/47), cargo clippy -p vz-sandbox -p vz-guest-agent -- -D warnings (fails due pre-existing unused-unsafe warnings in vz crate only).","status":"closed","priority":0,"issue_type":"feature","owner":"james@littlebearlabs.io","created_at":"2026-02-24T18:16:08Z","created_by":"James Lal","updated_at":"2026-02-24T18:38:50Z","closed_at":"2026-02-24T18:38:50Z","close_reason":"Implemented sandbox isolation hardening closure and documented threat model. Host-CID allowlist enforced in guest vsock accept, default exec user set to dev unless explicitly overridden, and regression coverage added (resolve_exec_user defaults/override, host-only CID). Validation: cargo check nextest pass for vz-sandbox/vz-guest-agent; clippy still fails only in unrelated vz crate due pre-existing unused-unsafe warnings. Remaining external blocker: vz-2l0."} |
195 | 195 | {"id":"vz-a31","title":"Linux Native Host Support","description":"Enable vz to run sandbox/container workloads on Linux hosts while keeping the macOS Virtualization.framework path intact. Introduces backend abstraction with a shared runtime contract so both macOS and Linux backends implement the same trait.\n\n## Success Criteria\n- Linux host can run `vz oci run ubuntu:24.04 -- echo ok` successfully\n- `vz stack up` works on Linux for supported Compose subset\n- Existing macOS tests continue to pass with no functional regression\n- Backend selection is explicit and test-covered\n\n## Architecture\n- New `vz-runtime-contract` crate: backend traits + backend-neutral runtime types\n- New `vz-linux-native` crate: Linux host primitives and lifecycle executor\n- macOS adapter wrapping existing vz-oci runtime in `MacosRuntimeBackend`\n- `vz-oci::Runtime` becomes facade delegating to `Arc\u003cdyn RuntimeBackend\u003e`\n\n## Plan Reference\n- planning/linux-native-support/README.md\n- planning/linux-native-support/01-shared-runtime-contract.md\n- planning/linux-native-support/02-linux-native-backend.md\n- planning/linux-native-support/03-runtime-selection-and-integration.md\n- planning/linux-native-support/04-testing-rollout-and-risks.md","status":"closed","priority":2,"issue_type":"epic","owner":"james@littlebearlabs.io","created_at":"2026-02-22T01:40:02Z","created_by":"James Lal","updated_at":"2026-02-22T03:11:43Z","closed_at":"2026-02-22T03:11:43Z","close_reason":"All 5 features complete: (1) Shared runtime contract trait, (2) Linux-native backend with OCI bundle/ns/cgroup/network support, (3) Runtime selection with MacosRuntimeBackend adapter, (4) CLI/stack cross-platform compilation with platform dispatch, (5) CI, capability probes, and documentation. 430 tests passing."} |
196 | 196 | {"id":"vz-a31.1","title":"Shared Runtime Contract","description":"Create vz-runtime-contract crate with backend-neutral RuntimeBackend trait and shared types. Wrap existing macOS runtime in MacosRuntimeBackend adapter. Refactor vz-oci::Runtime to delegate to Arc\u003cdyn RuntimeBackend\u003e.\n\n## Scope\n- New crate: vz-runtime-contract with RuntimeBackend trait\n- Move shared types (RunConfig, ExecConfig, PortMapping, ContainerInfo, ExecOutput) to contract crate\n- MacosRuntimeBackend adapter around existing vz-oci runtime\n- vz-oci::Runtime holds Arc\u003cdyn RuntimeBackend\u003e, delegates internally\n\n## Pre-conditions\nNone — this is the foundation phase.\n\n## Plan Reference\n- planning/linux-native-support/01-shared-runtime-contract.md","status":"closed","priority":2,"issue_type":"feature","owner":"james@littlebearlabs.io","created_at":"2026-02-22T01:40:11Z","created_by":"James Lal","updated_at":"2026-02-22T01:56:06Z","closed_at":"2026-02-22T01:56:06Z","close_reason":"All 4 tasks complete: vz-runtime-contract crate created with RuntimeBackend trait + types, MacosRuntimeBackend adapter, re-exports wired, validation passed.","dependencies":[{"issue_id":"vz-a31.1","depends_on_id":"vz-a31","type":"parent-child","created_at":"2026-02-21T18:40:10Z","created_by":"James Lal","metadata":"{}"}]} |
197 | 197 | {"id":"vz-a31.1.1","title":"Create vz-runtime-contract crate with backend traits and shared types","description":"Create a new crate vz-runtime-contract that defines the backend-neutral RuntimeBackend trait and owns shared runtime-facing types.\n\n## Files\n- crates/vz-runtime-contract/Cargo.toml (new)\n- crates/vz-runtime-contract/src/lib.rs (new)\n- crates/vz-runtime-contract/src/types.rs (new — RunConfig, ExecConfig, PortMapping, ContainerInfo, ExecOutput, ImageInfo, PruneResult)\n- crates/vz-runtime-contract/src/error.rs (new — RuntimeError)\n- crates/Cargo.toml (add workspace member)\n\n## Approach\nMove shared types from vz-oci into the new crate. Define RuntimeBackend trait with async methods: pull, run, create_container, exec_container, stop_container, remove_container, list_containers, images, prune_images. Keep trait surface minimal and lifecycle-focused. Use async-trait or native async fn in trait (edition 2024).\n\n## Plan Reference\n- planning/linux-native-support/01-shared-runtime-contract.md (Core Types, Backend Trait Shape)","status":"closed","priority":2,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-22T01:40:59Z","created_by":"James Lal","updated_at":"2026-02-22T01:50:08Z","closed_at":"2026-02-22T01:50:08Z","close_reason":"Created vz-runtime-contract crate with RuntimeBackend trait, shared types (RunConfig, ExecConfig, ExecOutput, ContainerInfo, ImageInfo, etc.), RuntimeError, and stack support methods. 3 unit tests.","dependencies":[{"issue_id":"vz-a31.1.1","depends_on_id":"vz-a31.1","type":"parent-child","created_at":"2026-02-21T18:40:58Z","created_by":"James Lal","metadata":"{}"}]} |
|
233 | 233 | {"id":"vz-bsk","title":"Auto-discover compose file (compose.yaml/yml, docker-compose.yml/yaml)","description":"vz stack up fails when no compose.yaml exists even if docker-compose.yml is present. Fix: try all 4 standard names in Docker Compose priority order.","status":"closed","priority":1,"issue_type":"bug","owner":"james@littlebearlabs.io","created_at":"2026-02-22T15:19:32Z","created_by":"James Lal","updated_at":"2026-02-22T15:19:41Z","closed_at":"2026-02-22T15:19:41Z","close_reason":"Implemented compose file auto-discovery. Tries compose.yaml, compose.yml, docker-compose.yml, docker-compose.yaml in order. Updated UpArgs, ConfigArgs, RunArgs to use Option\u003cPathBuf\u003e. 3 new tests. 99 CLI tests pass."} |
234 | 234 | {"id":"vz-bx5","title":"Make vz-oci platform-agnostic","description":"Remove #![cfg(target_os = macos)] from lib.rs. Remove vz, vz-linux, vz-sandbox deps from Cargo.toml. Delete runtime.rs and macos_backend.rs (moved to vz-oci-macos). Clean error.rs to remove Linux variant. Make bundle types pub (not pub(crate)). Keep bundle.rs, container_store.rs, config.rs with shared types. Re-export vz-image types.","status":"closed","priority":1,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-22T05:39:18Z","created_by":"James Lal","updated_at":"2026-02-22T05:51:54Z","closed_at":"2026-02-22T05:51:54Z","close_reason":"Removed #![cfg(target_os = macos)] gate from vz-oci. Removed macOS deps (vz, vz-linux, vz-sandbox, tokio, tracing). vz-oci is now platform-agnostic with bundle, container_store, and error modules. 17 tests pass.","dependencies":[{"issue_id":"vz-bx5","depends_on_id":"vz-yff","type":"blocks","created_at":"2026-02-21T22:39:32Z","created_by":"James Lal","metadata":"{}"}]} |
235 | 235 | {"id":"vz-c5b","title":"Test networking between replicas and for replicas","description":"## Context\nWhen implementing replicas/scaling support, we need to verify that:\n\n1. **Inter-replica networking**: Multiple replicas of the same service can communicate with each other (e.g., for load balancing)\n2. **External access to replicas**: Traffic from host can reach all replicas (port mapping strategy)\n3. **Service discovery**: Replicas should be reachable via the service name\n\n## Test Scenarios\n\n### Test 1: Basic replica networking\n\n- Verify all 3 replicas start\n- Verify each replica is accessible on port 8080\n- Test load balancing across replicas\n\n### Test 2: Replica-to-replica communication\n\n- From client, should reach one of the replicas\n- Round-robin should distribute requests across replicas\n\n### Test 3: Cross-service replicas\n\n- Frontend should resolve 'backend' to one of the replicas\n","status":"open","priority":2,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-23T18:55:12Z","created_by":"James Lal","updated_at":"2026-02-23T18:55:12Z"} |
236 | | -{"id":"vz-c8y","title":"Release engineering: staged rollout, canary analysis, and auto-rollback","description":"Make release process production-safe with staged promotion, canary health evaluation, and automated rollback on policy violations.\n\nAcceptance:\n- Promotion pipeline supports dev, staging, and production stages.\n- Canary analysis uses SLO/health metrics with explicit pass/fail criteria.\n- Rollback procedure is automated, tested, and documented.","status":"open","priority":0,"issue_type":"feature","owner":"james@littlebearlabs.io","created_at":"2026-02-24T18:16:09Z","created_by":"James Lal","updated_at":"2026-02-24T18:16:09Z"} |
| 236 | +{"id":"vz-c8y","title":"Release engineering: staged rollout, canary analysis, and auto-rollback","description":"Make release process production-safe with staged promotion, canary health evaluation, and automated rollback on policy violations.\n\nAcceptance:\n- Promotion pipeline supports dev, staging, and production stages.\n- Canary analysis uses SLO/health metrics with explicit pass/fail criteria.\n- Rollback procedure is automated, tested, and documented.","notes":"Scoped plan: implement staged release pipeline (release-candidate \u003e canary \u003e promoted) driven by existing CI gates; define explicit SLO pass/fail criteria and an automated rollback path for artifact promotion; document runbook + policy thresholds.","status":"in_progress","priority":0,"issue_type":"feature","owner":"james@littlebearlabs.io","created_at":"2026-02-24T18:16:09Z","created_by":"James Lal","updated_at":"2026-02-24T18:36:03Z"} |
237 | 237 | {"id":"vz-cb7","title":"[vz-build] Fancy TUI: surface meaningful stderr without rawjson noise","description":"Fancy build TUI currently suppresses all raw buildctl stderr chunks to avoid rawjson transport noise. Add selective passthrough for meaningful non-rawjson diagnostics while keeping parsed solve-status rendering clean.","status":"open","priority":3,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-23T21:41:48Z","created_by":"James Lal","updated_at":"2026-02-23T21:41:57Z"} |
238 | 238 | {"id":"vz-cdy","title":"[vz-stack] Failed stacks show 'partial' status instead of 'failed'","status":"open","priority":2,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-23T05:57:36Z","created_by":"James Lal","updated_at":"2026-02-23T05:57:36Z"} |
239 | 239 | {"id":"vz-ces","title":"[vz-stack] Add replicas/scaling support - cannot scale services to multiple instances","description":"REPLICAS IMPLEMENTATION PLAN\n\nCurrent: deploy.replicas rejected at parse time with \"replicas is not supported\"\n\nSteps to implement:\n1. Parse: Accept replicas in parse_deploy(), add to ResourcesSpec\n2. Executor: Create multiple containers when replicas \u003e 1\n3. State: Track replica count and individual states\n4. CLI: Add scale command, show replicas in ps\n\nThis is significant feature work - will require changes across multiple files.","status":"in_progress","priority":2,"issue_type":"task","owner":"james@littlebearlabs.io","created_at":"2026-02-23T16:46:08Z","created_by":"James Lal","updated_at":"2026-02-23T18:59:32Z"} |
|
0 commit comments