Skip to content

RFC 0026: scoped per-project debug sessions (replace the ssh-debug sidecar) #58

Description

@amiller

Draft RFC: rfcs/0026-scoped-debug-sessions.md (in the working tree; commit when blessed). Needs human review before autonomous build — esp. the attested-project policy.

Gap: no way to debug ONE project on a multi-tenant daemon. Host SSH = root over all tenants (incl. attested); prod-OS has no SSH. The privileged ssh-debug sidecar bypassed the broker (host-net, raw docker.sock + dstack.sock) and has been removed — nothing replaces it.

Proposal: daemon-brokered, audited, TTL'd debug session into a SINGLE project container (exec + tail logs + read its dataDir) via the existing DockerProxy — no host shell, no other-tenant access, no raw dstack.sock.

  • POST /_api/projects/<name>/debug → mint TTL grant (audited) + scoped attach (exec/logs/read, that container only)
  • DELETE /_api/debug/<session> → revoke; auto-expire on TTL
  • mirror proxy/tunnel.py lifecycle (RFC 0003/0018 are the structural model); every action → proxy/audit.py
  • Files: proxy/ingress.py, proxy/docker_client.py (scoped exec/logs), proxy/audit.py, proxy/tunnel.py (model)

Open question for review: opening a debug session against an attested-mode project must not silently break its attestation story — stricter gating, recorded-event, or disallow in attested mode?

Completes the narrow-audited-axis set (0003 tunnels / 0017 state / 0018 secrets / 0026 debug) that makes the privileged sidecar permanently unnecessary.

Metadata

Metadata

Assignees

No one assigned

    Labels

    p2Medium priority

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions