Implement CG-013 Podman-first detonation runtime provider and sandbox image flow by ysqander · Pull Request #12 · ysqander/clawguard

ysqander · 2026-03-13T12:52:54Z

Provide the detonation runtime foundation required by CG-013 so behavioral detonation can be built on a Podman-first provider with Docker parity.

Add a new runtime provider module packages/detonation/src/runtime-provider.ts exposing createDetonationRuntimeProvider, a DetonationRuntimeProvider contract, and sandbox image preparation helpers with a defaultSandboxImageTag.
Add a repeatable sandbox Containerfile at packages/detonation/sandbox/Containerfile used by the provider build/pull logic.
Export the new runtime-provider APIs from the detonation package entrypoint via packages/detonation/src/index.ts and make the preflight benchmark prefer Podman explicitly.
Extend detonation tests in packages/detonation/src/index.test.ts to validate Podman-first preference and shared image-cache/build semantics for Podman and Docker.
Update planning docs to mark CG-013 complete and adjust the remaining detonation-ticket snapshot (docs/clawguard-ticket-breakdown.md and docs/clawguard-development-plan.md).

Ran pnpm lint and the linter reported no blocking issues.
Ran pnpm build and pnpm typecheck and both completed successfully.
Ran pnpm --filter @clawguard/detonation test and the detonation package tests passed (validating runtime preference and image cache/build semantics).
Ran full pnpm test; the run exited non-zero due to an existing unrelated failure in the discovery tests (buildSkillSnapshot returns read-failed when a file cannot be read) that appears environment-dependent and is not caused by these changes.

Implement CG-013 detonation runtime provider and sandbox image prep

9485753

ysqander added the codex label Mar 13, 2026 — with ChatGPT Codex Connector

Provide feedback