Tracking issue: fullsend-ai/experiments#25
- Basic API server lifecycle — two API servers started by the orchestrator, callable from inside an OpenShell sandbox via the L7 proxy
- Credential isolation — servers hold credentials internally, agents never see them
- Container build delegation — Go server builds images via podman on the host, working around OpenShell's seccomp restrictions
- API discoverability — three approaches compared: OpenAPI spec, tool-use schema, baked-in agent instructions
- Per-run auth — UUID bearer token generated per run
- Long-running operations — container builds that exceed MCP timeout
- L7 policy tuning — most restrictive policy that allows the API
See design spec.
See HOW_TO.md.
- Two servers in different languages (Go + Python) to validate the language-agnostic process contract
- Uniform process contract:
--port,--token,/healthz, SIGTERM - Repo provisioner depends on OpenShell#1272: if content inspection hooks ship in OpenShell, the scan-before-copy flow could be handled natively
See results/findings.md (populated after running).