dexorder/ai
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sandbox connected and streaming

Browse Source
This commit is contained in:
Tim Olson
2026-03-30 23:29:03 -04:00
parent c3a8fae132
commit 998f69fa1a
130 changed files with 7416 additions and 2123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lifecycle-sidecar/README.md
View File

@@ -89,6 +89,6 @@ See `deploy/k8s/base/agent-deployment-example.yaml` for a complete example of ho
1. **Self-delete only**: The sidecar can only delete the deployment it's part of (enforced by label matching in admission policy)
2. **Non-privileged**: Runs as non-root user (UID 1000)
3. **Minimal permissions**: Only has `get` and `delete` on deployments/PVCs in the agents namespace
4. **No cross-namespace access**: Scoped to `dexorder-agents` namespace only
3. **Minimal permissions**: Only has `get` and `delete` on deployments/PVCs in the sandboxes namespace
4. **No cross-namespace access**: Scoped to `dexorder-sandboxes` namespace only
5. **Crash-safe**: Only triggers cleanup on exit code 42, never on crashes