Thales Maciel f57454bcb4 Add workspace-first roadmap milestones

Break the updated workspace vision into a checked-in roadmap from 2.4.0 through 3.1.0 so later implementation can be driven milestone by milestone.

Link the roadmap from the vision doc and keep each release slice scoped to one product capability, from the workspace contract pivot through shells, export/diff, services, snapshots, secrets, networking, and GA promotion.

This is a docs-only planning scaffold; runtime behavior stays unchanged in this commit.

2026-03-12 01:21:26 -03:00

1.3 KiB

Raw Blame History

`2.10.0` Network Policy And Host Port Publication

Goal

Replace the coarse current network toggle with an explicit workspace network policy and make services host-probeable through controlled published ports.

Public API Changes

workspace create gains explicit network policy instead of a simple boolean
workspace service start gains published-port configuration
workspace service status/list returns published-port information

Recommended policy model:

off
egress
egress+published-ports

Implementation Boundaries

Host port publication is localhost-only by default.
Ports remain attached to services, not generic VM networking.
Published-port details are queryable from CLI, SDK, and MCP.
Keep network access explicit and visible in the workspace spec.

Non-Goals

no remote exposure defaults
no advanced ingress routing
no general-purpose networking product surface

Acceptance Scenarios

start a service, wait for readiness, probe it from the host, inspect logs, then stop it
keep a workspace fully offline and confirm no implicit network access exists

Required Repo Updates

docs that show app validation from the host side
examples that use typed readiness plus localhost probing
real Firecracker smoke for published-port probing

1.3 KiB Raw Blame History

2.10.0 Network Policy And Host Port Publication