feat: standalone sandbox-proxy with test suite, SNI router, and CI#1
Open
clementblaise wants to merge 8 commits into
Open
feat: standalone sandbox-proxy with test suite, SNI router, and CI#1clementblaise wants to merge 8 commits into
clementblaise wants to merge 8 commits into
Conversation
clementblaise
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Establishes
sandbox-proxyas a standalone repository for the Ridges inference proxy sidecar.This proxy sits between miner agents and OpenRouter, enforcing cost budgets, model restrictions,
API key validation, and workspace safety policies. It runs as a Docker sidecar in both
Kubernetes Pods and Docker Compose task environments.
Architecture
The proxy has two entry points:
HTTPS proxy (port 443/80) — A FastAPI application (
main.py) that intercepts HTTPrequests to the OpenRouter API. It validates the runtime API key against a pre-registered
SHA-256 hash, checks that the OpenRouter workspace has logging/data-sharing disabled,
enforces model restrictions, rewrites provider preferences (ZDR, Chutes), sanitizes request
bodies to a known-safe field allowlist, tracks per-request costs against a USD budget, and
returns 429 when the budget is exhausted.
SNI router (port 15443) — A TCP-level router (
sni_router.py) that reads TLSClientHello messages to extract the SNI hostname. Traffic to
openrouter.aiis forwarded tothe local HTTPS proxy for policy enforcement. During the agent phase, all other egress is
blocked. During the verification phase (signaled by a sentinel file), non-OpenRouter traffic
is transparently tunneled to its destination without decryption.