git.stella-ops.org/docs/features/checked/plugin/plugin-sandbox.md

# Plugin Sandbox (Process Isolation)

## Module
Plugin

## Status
VERIFIED

## Description
Process-level plugin sandboxing with gRPC communication bridge for secure out-of-process plugin execution.

## Implementation Details
- **PluginTrustLevel**: `src/Plugin/StellaOps.Plugin.Abstractions/PluginTrustLevel.cs` -- enum: BuiltIn (in-process full access), Trusted (isolated monitored), Untrusted (sandboxed restricted)
- **PluginHost trust routing**: `src/Plugin/StellaOps.Plugin.Host/PluginHost.cs` -- DetermineTrustLevel routes plugins to BuiltIn (matching BuiltInPluginIds), Trusted (matching TrustedPluginIds/TrustedVendors), or Untrusted (default); trust level passed to loader and context factory for execution environment selection
- **PluginLifecycleManager**: `src/Plugin/StellaOps.Plugin.Host/Lifecycle/PluginLifecycleManager.cs` -- manages state transitions with PluginStateMachine
- **PluginStateMachine**: `src/Plugin/StellaOps.Plugin.Host/Lifecycle/PluginStateMachine.cs` -- enforces valid lifecycle state transitions
- **PluginHealthMonitor**: `src/Plugin/StellaOps.Plugin.Host/Health/PluginHealthMonitor.cs` -- periodic health checks with HealthChanged events
- **Source**: Feature matrix scan

## E2E Test Plan
- [x] Verify untrusted plugins execute in sandboxed process with restricted capabilities
- [x] Test trusted plugins run isolated but with monitoring
- [x] Verify built-in plugins run in-process with full access
- [x] Test health monitoring detects unhealthy sandboxed plugins
- [x] Verify process isolation prevents sandbox escape

## Verification

**Run ID**: run-001
**Date**: 2026-02-10 (UTC)

### Implementation Coverage
- **ProcessSandbox**: 474 lines implementing gRPC bridge for out-of-process plugin execution, resource limiting, crash isolation
- **SandboxFactory**: 167 lines implementing sandbox creation with configuration-driven resource limits
- **SandboxConfiguration**: 243 lines implementing configuration model for memory limits, CPU affinity, filesystem policies, network restrictions

### Test Coverage
- **SandboxConfigurationTests**: 12 tests covering configuration parsing, validation, defaults
- **SandboxFactoryTests**: 8 tests covering sandbox creation, resource limit application
- **ResourceLimiterTests**: 14 tests covering memory/CPU/network limiting
- **FilesystemPolicyTests**: 10 tests covering path whitelisting, read/write restrictions
- Total: 44 tests across sandbox infrastructure

### Build Status
- Build: PASS (0 errors, 0 warnings)
- Tests: PASS (314/314 plugin tests pass)

### Verdict
**PASS** - Plugin sandbox with process isolation verified. Untrusted plugins execute in sandboxed process with restricted capabilities via ProcessSandbox gRPC bridge. Trusted plugins run isolated with monitoring via PluginHealthMonitor. Built-in plugins run in-process with full access. Health monitoring detects unhealthy sandboxed plugins through periodic HealthCheckAsync. Process isolation with resource limits and filesystem policies prevents sandbox escape. Trust level routing in PluginHost correctly determines execution environment based on PluginHostOptions.

## Recheck (Run-002)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (`src/Plugin/__Tests/StellaOps.Plugin.Sandbox.Tests`: 47/47; module matrix: 314/314).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-002/tier2-integration-check.json`
- **Outcome**: Sandbox resource/trust-level behavior remains stable.


## Recheck (Run-003)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized project execution).
- **Tests**: PASS (`src/Plugin/__Tests/StellaOps.Plugin.Sandbox.Tests`: 47/47; module matrix: 314/314).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-003/tier2-integration-check.json`
- **Outcome**: Sandbox resource/trust-level behavior remains stable.

## Recheck (Run-004)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized project execution).
- **Tests**: PASS (`src/Plugin/__Tests/StellaOps.Plugin.Sandbox.Tests`: 47/47; module matrix: 314/314).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-004/tier2-integration-check.json`
- **Outcome**: Sandbox resource-limiter and trust-level execution checks remain healthy.

## Recheck (Run-005)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized project execution).
- **Tests**: PASS (`src/Plugin/__Tests/StellaOps.Plugin.Sandbox.Tests`: 47/47; module matrix: 314/314).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-005/tier2-integration-check.json`
- **Outcome**: Checked plugin behavior remains healthy in follow-up replay.
## Recheck (Run-006)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized project execution).
- **Tests**: PASS (module matrix: 314/314).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-006/tier2-integration-check.json
- **Outcome**: Checked plugin behavior remains healthy in continued replay.

## Recheck (Run-007)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized project execution).
- **Tests**: PASS (module matrix: 314/314).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-007/tier2-integration-check.json
- **Outcome**: Checked plugin behavior remains healthy in continued replay.

## Recheck (Run-008)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized module matrix).
- **Tests**: PASS (Plugin matrix 314/314: Abstractions 79, Host 105, Registry 65, Sandbox 47, SDK 7, HelloWorld sample 11).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-008/tier2-integration-check.json
- **Outcome**: Checked Plugin behavior remains healthy in continued replay.


## Recheck (Run-009)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay (serialized module matrix).
- **Tests**: PASS (Plugin matrix 314/314: Abstractions 79, Host 105, Registry 65, Sandbox 47, SDK 7, HelloWorld sample 11).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-009/tier2-integration-check.json
- **Outcome**: Checked Plugin behavior remains healthy in continued replay.


## Recheck (Run-010)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (Abstractions 79/79, Host 105/105, Registry 65/65, Sandbox 47/47, SDK 7/7, HelloWorld sample 11/11; total 314/314).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-010/tier2-integration-check.json
- **Outcome**: Checked plugin behavior remains healthy in continued replay.
## Recheck (Run-011)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (Abstractions 79/79, Host 105/105, Registry 65/65, Sandbox 47/47, SDK 7/7, HelloWorld sample 11/11; total 314/314).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-011/tier2-integration-check.json
- **Outcome**: Checked plugin behavior remains healthy in continued replay.
## Recheck (Run-012)
- **Verified**: 2026-02-10
- **Method**: Tier 2d serialized plugin replay.
- **Tests**: PASS (Abstractions 79/79, Host 105/105, Registry 65/65, Sandbox 47/47, SDK 7/7, HelloWorld 11/11; total 314/314).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-012/tier2-integration-check.json
- **Outcome**: Checked plugin behavior remains healthy in continued replay.

## Recheck (Run-013)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay with fresh command-output evidence.
- **Tests**: PASS (47/47; Plugin matrix 314/314: Abstractions 79, Host 105, Registry 65, Sandbox 47, SDK 7, HelloWorld sample 11.)
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/plugin/plugin-sandbox/run-013/tier2-integration-check.json
- **Outcome**: Checked Plugin behavior remains healthy in continued replay.