Problem
For E2B-backed CUA runs, downstream adopters need two boring-but-critical guarantees:
- Clear cleanup by run id for live resources that were actually launched.
- Early target reachability failures before spending model/provider budget.
Some cleanup exists in specific routes, and app-url validation exists at the manifest/policy level, but there is not yet a general product-lab cleanup/reachability workflow.
Proposal
Add generic E2B lab cleanup and target reachability preflight.
Possible commands/fields:
mimetic lab cleanup --run <run-id>
mimetic lab preflight <lab> --reachability sandbox
Possible reachability modes:
public-preview: target must be reachable from an E2B desktop sandbox.
sandbox-loopback: target is served inside each actor sandbox.
prepared-host: target is produced by a trusted prepare step and carries a safe provenance record.
Acceptance Criteria
- Cleanup by run id kills exact recorded sandbox ids where available.
- Cleanup does not use broad unscoped provider queries by default.
- Preflight catches host-loopback targets that cannot be reached from hosted desktops.
- Preflight can run before actor/model calls.
- Run bundles record safe cleanup and reachability provenance without secret values.
- Failures produce actionable CLI messages for downstream product repos.
Notes
This should remain generic and provider-safe. It should not assume any one product's service topology.
Problem
For E2B-backed CUA runs, downstream adopters need two boring-but-critical guarantees:
Some cleanup exists in specific routes, and app-url validation exists at the manifest/policy level, but there is not yet a general product-lab cleanup/reachability workflow.
Proposal
Add generic E2B lab cleanup and target reachability preflight.
Possible commands/fields:
Possible reachability modes:
public-preview: target must be reachable from an E2B desktop sandbox.sandbox-loopback: target is served inside each actor sandbox.prepared-host: target is produced by a trusted prepare step and carries a safe provenance record.Acceptance Criteria
Notes
This should remain generic and provider-safe. It should not assume any one product's service topology.