mirror of
https://github.com/anthropic-experimental/sandbox-runtime.git
synced 2026-05-06 13:40:59 +08:00
e15986b0f3
* Add opt-in configuration for providing CA cert and key * Wire tlsTerminate CA loader into SandboxManager.initialize() When network.tlsTerminate is set, initialize() loads and validates the CA (throws on unreadable/non-PEM). reset() clears the cache. No behavior change when tlsTerminate is unset. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Add tests for tlsTerminate config and loadMitmCA - test/fixtures/tls-terminate/: committed test-only RSA-2048 self-signed CA (CN=srt-test-ca DO NOT TRUST, valid to 2126). README documents the generating openssl command. - test/sandbox/mitm-ca.test.ts: load/cache/reset plus all throw paths (missing file, non-PEM, swapped cert/key) against the fixture CA. - test/config-validation.test.ts: schema cases for network.tlsTerminate (optional, both paths required, non-empty). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>