thaloco/pyro-mcp
1
Fork 0
Code Pull requests Releases Packages Activity Actions
pyro-mcp/docs/roadmap/task-workspace-ga.md
Thales Maciel c82f4629b2 Add workspace network policy and published ports 
Replace the workspace-level boolean network toggle with explicit network policies and attach localhost TCP publication to workspace services.

Persist network_policy in workspace records, validate --publish requests, and run host-side proxy helpers that follow the service lifecycle so published ports are cleaned up on failure, stop, reset, and delete.

Update the CLI, SDK, MCP contract, docs, roadmap, and examples for the new policy model, add coverage for the proxy and manager edge cases, and validate with uv lock, UV_CACHE_DIR=.uv-cache make check, UV_CACHE_DIR=.uv-cache make dist-check, and a real guest-backed published-port probe smoke.
2026-03-12 18:12:57 -03:00

2.5 KiB
Raw Blame History

Task Workspace GA Roadmap

This roadmap turns the agent-workspace vision into release-sized milestones.

Current baseline is 2.10.0:

  • workspace persistence exists and the public surface is now workspace-first
  • host crossing currently covers create-time seeding, later sync push, and explicit export
  • persistent PTY shell sessions exist alongside one-shot workspace exec
  • immutable create-time baselines now power whole-workspace diff
  • multi-service lifecycle exists with typed readiness and aggregate workspace status counts
  • named snapshots and full workspace reset now exist
  • explicit secrets now exist for guest-backed workspaces
  • explicit workspace network policy and localhost published service ports now exist

Locked roadmap decisions:

  • no backward compatibility goal for the current task_* naming
  • workspace-first naming lands first, before later features
  • snapshots are real named snapshots, not only reset-to-baseline

Every milestone below must update CLI, SDK, and MCP together. Each milestone is also expected to update:

  • README.md
  • install/first-run docs
  • docs/public-contract.md
  • help text and runnable examples
  • at least one real Firecracker smoke scenario

Milestones

  1. 2.4.0 Workspace Contract Pivot - Done
  2. 2.5.0 PTY Shell Sessions - Done
  3. 2.6.0 Structured Export And Baseline Diff - Done
  4. 2.7.0 Service Lifecycle And Typed Readiness - Done
  5. 2.8.0 Named Snapshots And Reset - Done
  6. 2.9.0 Secrets - Done
  7. 2.10.0 Network Policy And Host Port Publication - Done
  8. 3.0.0 Stable Workspace Product
  9. 3.1.0 Secondary Disk Tools

Definition Of Done For The Roadmap

The workspace product is ready to leave beta when:

  • the public contract is workspace-first rather than task-first
  • an agent can inhabit a sandbox through shell, exec, service, diff, export, snapshot, reset, and explicit host-crossing operations
  • the main docs lead with the workspace product, not one-shot VM execution
  • the remaining deliberate deferrals are secondary disk tools rather than core workspace features