ci(sandbox): MCP-3236 integration tests + workflow + snap-docker harness (MCP-34.5)#782
Merged
Conversation
…arness - .github/workflows/sandbox-integration.yml: dedicated CI job on ubuntu-latest (kernel 6.8, Landlock ABI 3) — runs sandbox package tests, upstream/core wrapper integration tests, scanner isolation-mode degradation tests, binary build, and server startup probe with isolation.mode=sandbox - docs/development/sandbox-snap-docker-harness.md: manual harness for Ubuntu snap-docker hosts — negative baseline (mode=docker → AppArmor failure reproducing GH #71) and positive case (mode=sandbox → Landlock confinement, scanner graceful degradation) - docs/qa/mcpproxy-qa-mcp3236-2026-06-29.html: HTML QA report (10/11 pass, 1 skip — linux-only Landlock tests skip on darwin as designed) Satisfies exit criterion #4 of MCP-34 (MCP-3236).
Dumbris
changed the title
Deploying mcpproxy-docs with
|
| Latest commit: |
9aab9fa
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://c6419a20.mcpproxy-docs.pages.dev |
| Branch Preview URL: | https://qa-mcp3236-sandbox-it.mcpproxy-docs.pages.dev |
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
📦 Build ArtifactsWorkflow Run: View Run Available Artifacts
How to DownloadOption 1: GitHub Web UI (easiest)
Option 2: GitHub CLI gh run download 28358437321 --repo smart-mcp-proxy/mcpproxy-go
|
…tup race) The 'Verify server health' step checked /api/v1/status once, immediately after the start step's readiness loop broke on the first HTTP-200 — but the server responds to /status before it finishes warming up (Bleve index, capability registration), so 'running' was still False and the step failed on CI. Retry for running:True up to 30s before failing. Related #71
The health probe checked d.get('running') in /api/v1/status, but the response
shape is {"status": {"phase": "Ready"}} — there is no top-level 'running'
field, so the check was always False even though the server was up and serving.
Poll for status.phase == Ready instead.
Related #71
Parsing /api/v1/status JSON was fragile (the status object is nested and the healthy phase is 'Running', not 'Ready'). /readyz is the canonical readiness endpoint — controller-backed, returns 200 when IsReady() is true — so poll it for 200 instead. Structure-independent and idiomatic. Related #71
…actually resolved CodexReviewer caught the probe was vacuous: the config used a top-level "isolation" key, but the GLOBAL isolation mode is docker_isolation.mode (per-server isolation is the only 'isolation' key). The wrong key was silently ignored, so the server started with isolation_mode=none — the 'sandbox' probe never tested sandbox. - workflow + harness: isolation -> docker_isolation for the global mode - workflow: assert the server log shows isolation_mode=sandbox (fail if not), so a future wrong-key regression can't pass vacuously - harness positive case now actually runs the stdio 'everything' server under Landlock (inherits global sandbox); negative baseline under docker (AppArmor) Related #71
![mcpproxy-gatekeeper[bot]](https://avatars.githubusercontent.com/u/216428285?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Gatekeeper approval — Codex review verdict: ACCEPT.
This approval is posted automatically by the MCPProxy Gatekeeper App on behalf of the Codex reviewer (verdict of record lives in the Paperclip review thread). Author≠approver satisfied; QA + CI gates enforced separately.
Auto-approved per Model B (MCP-1249).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Lands the MCP-34.5 sandbox-integration verification artifacts that QATester produced for [MCP-3236] but which were left on the local checkout, never pushed. No production code — CI workflow + docs + QA report.
Changes
.github/workflows/sandbox-integration.yml— dedicated CI job on ubuntu-latest (Landlock ABI 3): runs the sandbox package tests, upstream/core wrapper integration tests, scanner isolation-mode degradation tests, a binary build, and a server-startup probe withisolation.mode=sandbox.docs/development/sandbox-snap-docker-harness.md— manual harness for Ubuntu snap-docker hosts (negative baselinemode=docker→ AppArmor failure reproducing GH Process compose option #71; positivemode=sandbox→ Landlock confinement + scanner graceful degradation).docs/qa/mcpproxy-qa-mcp3236-2026-06-29.html— QA report (10/11 pass, 1 skip — linux-only Landlock tests skip on darwin by design).Closes the last exit criterion (#4) of the MCP-34 non-Docker sandbox isolation epic, so the CI gate that validates the sandbox feature ships alongside it (#768 launcher + #781 scanner parity).
Related #71