Context
#3098 added the shared Reborn RuntimeHttpEgress service and #3123 left a ScriptRuntimeHttpAdapter seam that maps script host HTTP requests into RuntimeHttpEgressRequest { runtime: RuntimeKind::Script, ... }.
Today the Docker script backend is intentionally network-isolated with --network none, and there is no script-side HTTP host API that needs production wiring. This issue tracks the future guardrail: if/when scripts are given brokered HTTP, it must use shared host-mediated egress rather than container ambient networking.
Parent context: #3085, #3123.
Requirements
- Keep script containers without ambient network access by default (
--network none or equivalent sandbox policy).
- If a script HTTP surface is added (SDK, sidecar, host import, helper process, etc.), route every outbound request through
ScriptRuntimeHttpAdapter / shared RuntimeHttpEgress.
- Preserve host-supplied
ResourceScope, NetworkPolicy, credential injection plan, response body limit, and timeout propagation.
- Runtime/script input must not be able to invent secret handles or bypass host policy with raw headers/query credentials.
- Runtime-visible script HTTP errors must use stable sanitized categories.
- Do not add direct HTTP/DNS/private-IP checks to
ironclaw_scripts; shared egress and ironclaw_network own those concerns.
Suggested tests
- Script execution still has no ambient container network access by default.
- A production-like script HTTP call records a
RuntimeHttpEgressRequest with runtime == RuntimeKind::Script.
- Policy denial, sensitive request headers/query credentials, response body limits, and response redaction are exercised through the script adapter path.
- Timeout and response body limit fields are forwarded to shared egress.
- Dependency/architecture guardrails still prevent script runtime code from adding direct HTTP/DNS/SSRF logic.
Done when
Either scripts still have no HTTP egress surface and this is documented as an invariant, or any introduced script HTTP surface is demonstrably brokered through shared RuntimeHttpEgress with caller-level tests.
Context
#3098 added the shared Reborn
RuntimeHttpEgressservice and #3123 left aScriptRuntimeHttpAdapterseam that maps script host HTTP requests intoRuntimeHttpEgressRequest { runtime: RuntimeKind::Script, ... }.Today the Docker script backend is intentionally network-isolated with
--network none, and there is no script-side HTTP host API that needs production wiring. This issue tracks the future guardrail: if/when scripts are given brokered HTTP, it must use shared host-mediated egress rather than container ambient networking.Parent context: #3085, #3123.
Requirements
--network noneor equivalent sandbox policy).ScriptRuntimeHttpAdapter/ sharedRuntimeHttpEgress.ResourceScope,NetworkPolicy, credential injection plan, response body limit, and timeout propagation.ironclaw_scripts; shared egress andironclaw_networkown those concerns.Suggested tests
RuntimeHttpEgressRequestwithruntime == RuntimeKind::Script.Done when
Either scripts still have no HTTP egress surface and this is documented as an invariant, or any introduced script HTTP surface is demonstrably brokered through shared
RuntimeHttpEgresswith caller-level tests.