thaloco/pyro-mcp
1
Fork 0
Code Pull requests Releases Packages Activity Actions
pyro-mcp/docs/roadmap/task-workspace-ga.md
Thales Maciel c82f4629b2 Add workspace network policy and published ports 
Replace the workspace-level boolean network toggle with explicit network policies and attach localhost TCP publication to workspace services.

Persist network_policy in workspace records, validate --publish requests, and run host-side proxy helpers that follow the service lifecycle so published ports are cleaned up on failure, stop, reset, and delete.

Update the CLI, SDK, MCP contract, docs, roadmap, and examples for the new policy model, add coverage for the proxy and manager edge cases, and validate with uv lock, UV_CACHE_DIR=.uv-cache make check, UV_CACHE_DIR=.uv-cache make dist-check, and a real guest-backed published-port probe smoke.
2026-03-12 18:12:57 -03:00

52 lines
2.5 KiB
Markdown
Raw Blame History

# Task Workspace GA Roadmap
This roadmap turns the agent-workspace vision into release-sized milestones.
Current baseline is `2.10.0`:
- workspace persistence exists and the public surface is now workspace-first
- host crossing currently covers create-time seeding, later sync push, and explicit export
- persistent PTY shell sessions exist alongside one-shot `workspace exec`
- immutable create-time baselines now power whole-workspace diff
- multi-service lifecycle exists with typed readiness and aggregate workspace status counts
- named snapshots and full workspace reset now exist
- explicit secrets now exist for guest-backed workspaces
- explicit workspace network policy and localhost published service ports now exist
Locked roadmap decisions:
- no backward compatibility goal for the current `task_*` naming
- workspace-first naming lands first, before later features
- snapshots are real named snapshots, not only reset-to-baseline
Every milestone below must update CLI, SDK, and MCP together. Each milestone is
also expected to update:
- `README.md`
- install/first-run docs
- `docs/public-contract.md`
- help text and runnable examples
- at least one real Firecracker smoke scenario
## Milestones
1. [`2.4.0` Workspace Contract Pivot](task-workspace-ga/2.4.0-workspace-contract-pivot.md) - Done
2. [`2.5.0` PTY Shell Sessions](task-workspace-ga/2.5.0-pty-shell-sessions.md) - Done
3. [`2.6.0` Structured Export And Baseline Diff](task-workspace-ga/2.6.0-structured-export-and-baseline-diff.md) - Done
4. [`2.7.0` Service Lifecycle And Typed Readiness](task-workspace-ga/2.7.0-service-lifecycle-and-typed-readiness.md) - Done
5. [`2.8.0` Named Snapshots And Reset](task-workspace-ga/2.8.0-named-snapshots-and-reset.md) - Done
6. [`2.9.0` Secrets](task-workspace-ga/2.9.0-secrets.md) - Done
7. [`2.10.0` Network Policy And Host Port Publication](task-workspace-ga/2.10.0-network-policy-and-host-port-publication.md) - Done
8. [`3.0.0` Stable Workspace Product](task-workspace-ga/3.0.0-stable-workspace-product.md)
9. [`3.1.0` Secondary Disk Tools](task-workspace-ga/3.1.0-secondary-disk-tools.md)
## Definition Of Done For The Roadmap
The workspace product is ready to leave beta when:
- the public contract is workspace-first rather than task-first
- an agent can inhabit a sandbox through shell, exec, service, diff, export,
snapshot, reset, and explicit host-crossing operations
- the main docs lead with the workspace product, not one-shot VM execution
- the remaining deliberate deferrals are secondary disk tools rather than core
workspace features
View git blame Copy permalink