Skip to content

feat(compute): sandbox ssh command#276

Open
samcm wants to merge 1 commit into
masterfrom
compute-sandbox-ssh
Open

feat(compute): sandbox ssh command#276
samcm wants to merge 1 commit into
masterfrom
compute-sandbox-ssh

Conversation

@samcm

@samcm samcm commented Jul 2, 2026

Copy link
Copy Markdown
Member

Adds panda compute sandboxes ssh <id> — the missing last hop for compute sandboxes:

  1. Reads the public half of --identity (default ~/.ssh/id_ed25519, register it once with panda compute keys add).
  2. Calls the new compute.prepare_sandbox_ssh op (POST /v1/sandboxes/{id}/ssh on the compute backend, rides the existing caller-token forwarding — no proxy changes).
  3. Writes the short-lived gateway certificate under the user cache dir and execs ssh against the gateway immediately (certs expire in ~2 minutes). --print renders the command instead; args after -- pass through to ssh.

Also adds prepare_sandbox_ssh to the Python compute module.

Verified end-to-end against the shadowrealm farplane deployment: minted a cert and opened an interactive shell in a running ethereum-devnet microVM through the gateway. Note: the guest agent currently accepts only interactive sessions (pty-req+shell), so ssh ... <command> fails until farplane#107 lands exec support — interactive use works today.

Adds 'panda compute sandboxes ssh <id>': sends the public half of
--identity to the control plane (compute.prepare_sandbox_ssh -> POST
/v1/sandboxes/{id}/ssh), writes the returned short-lived gateway
certificate under the user cache dir, and execs ssh against the gateway
immediately (certificates expire within minutes). --print renders the
ssh command instead. Arguments after -- pass through to ssh.

Also exposes prepare_sandbox_ssh in the Python compute module so
sandboxed analysis code can mint certificates.
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🐼 Smoke eval — 158559f: ❌ 0/8 pass

📊 Interactive report — tokens p50 0 · tokens/solve 0.

Reference points: v0.37.0 100% · master@9dd4c95 0%.

question result tokens tools
forky_node_coverage 16,184 5
tracoor_node_coverage 13,881 4
mainnet_block_arrival_p50 15,639 7
list_datasources 12,745 2
block_count_24h 15,200 8
missed_slots_24h 15,385 7
chartkit_default_arrival_distribution 45,489 17
storage_upload_session_scoped 18,134 12
🔭 Langfuse traces (8 runs; ⚠️ = failed)

The report walks this branch's commits against the master baseline and the most recent release. A self-contained copy is in the run's eval-smoke-* artifact.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant