Phase 3c: formalize the three version axes and the negotiation flow#582
Open
MGudgin wants to merge 1 commit into
Open
Conversation
This PR rewrites the conceptual sections of docs/versioning.md to match the post-3a/3b reality. It formalizes the three independent, never-conflated version axes and replaces the old version-centric "Version Negotiation" steps with the three-stage, capability-driven runtime flow. Details: - Add a "Three version axes" section: schema/config version (the version field; semver; 0.6.x floor through 0.8.x dev ceiling; major.minor compared), product version (Rust workspace + npm; independent; check-version-sync.js), and host capability (negotiated at runtime, never a string in the config). States the Phase 3a invariant: schema version no longer selects the Windows backend. - Rewrite "Version Negotiation" as three ordered stages: (1) schema-range check at the trust boundary; (2) containment resolve (abstract process/vm intent -> concrete backend per host, independent of version); (3) host-capability negotiate (BaseContainer when is_base_container_usable(), else AppContainer BFS/DACL, logged; the only fallback). Updates the Data Flow diagram to match. - Correct the BaseContainer OS handshake: today MXC uses a fixed SANDBOX_SPEC_VERSION and calls Experimental_CreateProcessInSandbox directly; the EnumerateSandboxSpecVersionInfo spec-version handshake is marked forward-looking / not yet implemented (it had been written as current behavior). - Tighten the Error Contract: schema-range, capability (BackendUnavailable on the ScriptResponse / SDK spawn paths), and policy-unsupported (e.g. deniedPaths) failures are typed and actionable; security policy never fuzzy-falls-back. - Fixups surfaced while editing: bump a stale 0.4.0 example to 0.6.0-alpha; note retired 0.4/0.5 stable schemas are kept as artifacts; correct a promotion-step reference to a non-existent parser symbol. Tests: - Docs-only change; no code or CI gates affected. Draft fact-checked against config_parser.rs, models.rs, fallback_detector.rs, dispatcher.rs, and base_container_runner.rs (SANDBOX_SPEC_VERSION = "0.1.0", Experimental_CreateProcessInSandbox). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Generated-with: claude-opus-4.8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
.github/copilot-instructions.md.Summary
Phase 3c of the versioning remediation — the documentation half. It rewrites the conceptual sections of
docs/versioning.mdto match the post-3a/3b reality: it formalizes the three independent, never-conflated version axes and replaces the old version-centric "Version Negotiation" steps with the three-stage, capability-driven runtime flow. Docs-only; no code change.Details
versionfield; semver;0.6.xfloor through0.8.xdev ceiling;major.minorcompared), product version (Rust workspace + npm; independent;check-version-sync.js), and host capability (negotiated at runtime, never a string in the config). States the Phase 3a invariant: schema version no longer selects the Windows backend.process/vmintent → concrete backend per host, independent of version); (3) host-capability negotiate (BaseContainer whenis_base_container_usable(), else AppContainer BFS/DACL, logged; the only fallback). Updates the Data Flow diagram to match.SANDBOX_SPEC_VERSION("0.1.0") and callsExperimental_CreateProcessInSandboxdirectly; theEnumerateSandboxSpecVersionInfospec-version handshake is now marked forward-looking / not yet implemented (it had been written as current behavior).BackendUnavailableon theScriptResponse/ SDKspawnpaths), and policy-unsupported (e.g.deniedPaths) failures are typed and actionable; security policy never fuzzy-falls-back.0.4.0example to0.6.0-alpha; note retired0.4/0.5stable schemas are kept as artifacts; correct a promotion-step reference to a non-existent parser symbol.Tests
config_parser.rs,models.rs,fallback_detector.rs,dispatcher.rs, andbase_container_runner.rs.Microsoft Reviewers: Open in CodeFlow