feat(runtime): add resolved runtime policy support (#192)

* feat(runtime): add resolved runtime policy support

* fix(runtime): harden resolved runtime policy enforcement

* fix(runtime): stabilize runtime policy rollouts

* fix(runtime): preserve stable workload selectors

* fix(runtime): reserve runtime policy for services

Author: onutc

api/create_admission.go

@@ -163,6 +163,7 @@ func (s *server) resolveCreateAdmission(ctx context.Context, principal principal
 		requestContext.InstanceClassID = selectedClass.ID
 	}
 	serviceAccountResolved := false
+	runtimePolicyResolved := false
 	resolver, response, err := s.extensions.resolve(
 		ctx,
 		extensionOperationPresetCreateResolve,
@@ -190,6 +191,7 @@ func (s *server) resolveCreateAdmission(ctx context.Context, principal principal
 			return newAdmissionError(http.StatusBadRequest, err.Error(), nil, err)
 		}
 		serviceAccountResolved = mutationResult.serviceAccountResolved
+		runtimePolicyResolved = mutationResult.runtimePolicyResolved
 		switch response.Status {
 		case "", extensionStatusResolved:
 		case extensionStatusUnresolved:
@@ -211,6 +213,10 @@ func (s *server) resolveCreateAdmission(ctx context.Context, principal principal
 			err := fmt.Errorf("instance class %q requires resolver-produced field %q", selectedClass.ID, requiredResolvedFieldServiceAccountName)
 			return newAdmissionError(http.StatusBadRequest, err.Error(), nil, err)
 		}
+		if selectedClass.requiresResolvedField(requiredResolvedFieldRuntimePolicy) && normalizeSpritzRuntimePolicy(body.Spec.RuntimePolicy) != nil && !runtimePolicyResolved {
+			err := fmt.Errorf("instance class %q requires resolver-produced field %q", selectedClass.ID, requiredResolvedFieldRuntimePolicy)
+			return newAdmissionError(http.StatusBadRequest, err.Error(), nil, err)
+		}
 		if err := selectedClass.validateResolvedCreate(body); err != nil {
 			return newAdmissionError(http.StatusBadRequest, err.Error(), nil, err)
 		}
@@ -220,6 +226,7 @@ func (s *server) resolveCreateAdmission(ctx context.Context, principal principal
 
 type presetCreateMutationResult struct {
 	serviceAccountResolved bool
+	runtimePolicyResolved  bool
 }
 
 func applyPresetCreateResolverMutations(body *createRequest, response extensionResolverResponseEnvelope) (presetCreateMutationResult, error) {
@@ -236,6 +243,20 @@ func applyPresetCreateResolverMutations(body *createRequest, response extensionR
 			body.Spec.ServiceAccountName = resolvedServiceAccount
 			result.serviceAccountResolved = true
 		}
+		resolvedRuntimePolicy := normalizeSpritzRuntimePolicy(
+			response.Mutations.Spec.RuntimePolicy,
+		)
+		mergedRuntimePolicy, err := mergeSpritzRuntimePolicyStrict(
+			body.Spec.RuntimePolicy,
+			resolvedRuntimePolicy,
+		)
+		if err != nil {
+			return presetCreateMutationResult{}, err
+		}
+		body.Spec.RuntimePolicy = mergedRuntimePolicy
+		if resolvedRuntimePolicy != nil {
+			result.runtimePolicyResolved = true
+		}
 		mergedAgentRef, err := mergeSpritzAgentRefStrict(body.Spec.AgentRef, response.Mutations.Spec.AgentRef)
 		if err != nil {
 			return presetCreateMutationResult{}, err

api/create_admission_test.go

@@ -293,6 +293,116 @@ func TestCreateSpritzRejectsMissingRequiredResolvedFieldFromInstanceClass(t *tes
 	}
 }
 
+func TestCreateSpritzStoresResolvedRuntimePolicy(t *testing.T) {
+	s := newCreateSpritzTestServer(t)
+	var presetReceived map[string]any
+	resolver := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		if err := json.NewDecoder(r.Body).Decode(&presetReceived); err != nil {
+			t.Fatalf("failed to decode resolver request: %v", err)
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(map[string]any{
+			"status": "resolved",
+			"mutations": map[string]any{
+				"spec": map[string]any{
+					"serviceAccountName": "dev-agent-ag-123",
+					"runtimePolicy": map[string]string{
+						"networkProfile":  "dev-cluster-only",
+						"mountProfile":    "dev-default",
+						"exposureProfile": "internal-acp",
+						"revision":        "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+					},
+				},
+			},
+		})
+	}))
+	defer resolver.Close()
+
+	s.presets = presetCatalog{
+		byID: []runtimePreset{{
+			ID:            "devbox",
+			Name:          "Devbox",
+			Image:         "example.com/devbox:latest",
+			NamePrefix:    "devbox",
+			InstanceClass: "dev-runtime",
+		}},
+	}
+	s.instanceClasses = instanceClassCatalog{
+		byID: map[string]instanceClass{
+			"dev-runtime": {
+				ID:      "dev-runtime",
+				Version: "v1",
+				Creation: instanceClassCreationPolicy{
+					RequireOwner: true,
+					RequiredResolvedFields: []string{
+						requiredResolvedFieldRuntimePolicy,
+						requiredResolvedFieldServiceAccountName,
+					},
+				},
+			},
+		},
+	}
+	s.extensions = extensionRegistry{
+		resolvers: []configuredResolver{{
+			id:            "runtime-binding",
+			extensionType: extensionTypeResolver,
+			operation:     extensionOperationPresetCreateResolve,
+			match: extensionMatchRule{
+				presetIDs: map[string]struct{}{"devbox": {}},
+			},
+			transport: configuredHTTPTransport{
+				url:     resolver.URL,
+				timeout: time.Second,
+			},
+		}},
+	}
+
+	e := echo.New()
+	secured := e.Group("", s.authMiddleware())
+	secured.POST("/api/spritzes", s.createSpritz)
+
+	body := []byte(`{
+		"name":"devbox-lake",
+		"presetId":"devbox",
+		"spec":{}
+	}`)
+	req := httptest.NewRequest(http.MethodPost, "/api/spritzes", bytes.NewReader(body))
+	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+	req.Header.Set("X-Spritz-User-Id", "user-1")
+	rec := httptest.NewRecorder()
+
+	e.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusCreated {
+		t.Fatalf("expected status 201, got %d: %s", rec.Code, rec.Body.String())
+	}
+	contextPayload, ok := presetReceived["context"].(map[string]any)
+	if !ok {
+		t.Fatalf("expected resolver context payload, got %#v", presetReceived["context"])
+	}
+	if contextPayload["instanceClassId"] != "dev-runtime" {
+		t.Fatalf("expected resolver instanceClassId dev-runtime, got %#v", contextPayload["instanceClassId"])
+	}
+
+	stored := &spritzv1.Spritz{}
+	if err := s.client.Get(context.Background(), client.ObjectKey{Name: "devbox-lake", Namespace: s.namespace}, stored); err != nil {
+		t.Fatalf("expected created spritz resource: %v", err)
+	}
+	if stored.Spec.ServiceAccountName != "dev-agent-ag-123" {
+		t.Fatalf("expected resolved service account name, got %q", stored.Spec.ServiceAccountName)
+	}
+	if stored.Spec.RuntimePolicy == nil {
+		t.Fatal("expected resolved runtimePolicy to be stored")
+	}
+	if stored.Spec.RuntimePolicy.NetworkProfile != "dev-cluster-only" {
+		t.Fatalf("expected runtime policy networkProfile, got %#v", stored.Spec.RuntimePolicy)
+	}
+	if stored.Spec.RuntimePolicy.Revision != "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" {
+		t.Fatalf("expected runtime policy revision, got %#v", stored.Spec.RuntimePolicy)
+	}
+}
+
 func TestCreateSpritzProvisionerPresetResolverReplaysWithResolvedBinding(t *testing.T) {
 	s := newCreateSpritzTestServer(t)
 	configureProvisionerTestServer(s)
@@ -628,6 +738,159 @@ func TestCreateSpritzProvisionerRejectsManualServiceAccountForResolverRequiredFi
 	}
 }
 
+func TestCreateSpritzProvisionerRejectsManualRuntimePolicyForResolverRequiredField(t *testing.T) {
+	s := newCreateSpritzTestServer(t)
+	configureProvisionerTestServer(s)
+	s.presets = presetCatalog{
+		byID: []runtimePreset{{
+			ID:            "devbox",
+			Name:          "Devbox",
+			Image:         "example.com/devbox:latest",
+			NamePrefix:    "devbox",
+			InstanceClass: "dev-runtime",
+		}},
+	}
+	s.provisioners.allowedPresetIDs = map[string]struct{}{"devbox": {}}
+	s.instanceClasses = instanceClassCatalog{
+		byID: map[string]instanceClass{
+			"dev-runtime": {
+				ID:      "dev-runtime",
+				Version: "v1",
+				Creation: instanceClassCreationPolicy{
+					RequireOwner: true,
+					RequiredResolvedFields: []string{
+						requiredResolvedFieldRuntimePolicy,
+					},
+				},
+			},
+		},
+	}
+
+	e := echo.New()
+	secured := e.Group("", s.authMiddleware())
+	secured.POST("/api/spritzes", s.createSpritz)
+
+	body := []byte(`{
+		"presetId":"devbox",
+		"ownerId":"user-123",
+		"idempotencyKey":"manual-runtime-policy",
+		"spec":{
+			"runtimePolicy":{
+				"networkProfile":"dev-cluster-only",
+				"mountProfile":"dev-default",
+				"exposureProfile":"internal-acp",
+				"revision":"sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+			}
+		}
+	}`)
+	req := httptest.NewRequest(http.MethodPost, "/api/spritzes", bytes.NewReader(body))
+	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+	req.Header.Set("X-Spritz-User-Id", "zenobot")
+	req.Header.Set("X-Spritz-Principal-Type", "service")
+	req.Header.Set("X-Spritz-Principal-Scopes", "spritz.instances.create,spritz.instances.assign_owner")
+	rec := httptest.NewRecorder()
+
+	e.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("expected status 400, got %d: %s", rec.Code, rec.Body.String())
+	}
+	if !strings.Contains(rec.Body.String(), "resolver-produced field") {
+		t.Fatalf("expected resolver-produced field error, got %s", rec.Body.String())
+	}
+}
+
+func TestCreateSpritzProvisionerRejectsManualRuntimePolicyWhenResolverOnlySetsServiceAccount(t *testing.T) {
+	s := newCreateSpritzTestServer(t)
+	configureProvisionerTestServer(s)
+	resolver := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(map[string]any{
+			"status": "resolved",
+			"mutations": map[string]any{
+				"spec": map[string]string{
+					"serviceAccountName": "dev-agent-ag-123",
+				},
+			},
+		})
+	}))
+	defer resolver.Close()
+
+	s.presets = presetCatalog{
+		byID: []runtimePreset{{
+			ID:            "devbox",
+			Name:          "Devbox",
+			Image:         "example.com/devbox:latest",
+			NamePrefix:    "devbox",
+			InstanceClass: "dev-runtime",
+		}},
+	}
+	s.provisioners.allowedPresetIDs = map[string]struct{}{"devbox": {}}
+	s.instanceClasses = instanceClassCatalog{
+		byID: map[string]instanceClass{
+			"dev-runtime": {
+				ID:      "dev-runtime",
+				Version: "v1",
+				Creation: instanceClassCreationPolicy{
+					RequireOwner: true,
+					RequiredResolvedFields: []string{
+						requiredResolvedFieldRuntimePolicy,
+						requiredResolvedFieldServiceAccountName,
+					},
+				},
+			},
+		},
+	}
+	s.extensions = extensionRegistry{
+		resolvers: []configuredResolver{{
+			id:            "runtime-binding",
+			extensionType: extensionTypeResolver,
+			operation:     extensionOperationPresetCreateResolve,
+			match: extensionMatchRule{
+				presetIDs: map[string]struct{}{"devbox": {}},
+			},
+			transport: configuredHTTPTransport{
+				url:     resolver.URL,
+				timeout: time.Second,
+			},
+		}},
+	}
+
+	e := echo.New()
+	secured := e.Group("", s.authMiddleware())
+	secured.POST("/api/spritzes", s.createSpritz)
+
+	body := []byte(`{
+		"presetId":"devbox",
+		"ownerId":"user-123",
+		"idempotencyKey":"manual-runtime-policy-with-resolver",
+		"spec":{
+			"runtimePolicy":{
+				"networkProfile":"dev-cluster-only",
+				"mountProfile":"dev-default",
+				"exposureProfile":"internal-acp",
+				"revision":"sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+			}
+		}
+	}`)
+	req := httptest.NewRequest(http.MethodPost, "/api/spritzes", bytes.NewReader(body))
+	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+	req.Header.Set("X-Spritz-User-Id", "zenobot")
+	req.Header.Set("X-Spritz-Principal-Type", "service")
+	req.Header.Set("X-Spritz-Principal-Scopes", "spritz.instances.create,spritz.instances.assign_owner")
+	rec := httptest.NewRecorder()
+
+	e.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("expected status 400, got %d: %s", rec.Code, rec.Body.String())
+	}
+	if !strings.Contains(rec.Body.String(), requiredResolvedFieldRuntimePolicy) {
+		t.Fatalf("expected runtimePolicy resolver-produced field error, got %s", rec.Body.String())
+	}
+}
+
 func TestProvisionerRestoreStoredPayloadRestoresResolverMetadata(t *testing.T) {
 	tx := &provisionerCreateTransaction{body: &createRequest{}}
 	raw, err := createResolvedProvisionerPayload(createRequest{

api/create_request_normalization.go

@@ -99,6 +99,9 @@ func (s *server) normalizeCreateRequest(_ context.Context, principal principal,
 	if strings.TrimSpace(body.Spec.ServiceAccountName) != "" && !principalCanUseProvisionerFlow(principal) {
 		return nil, newCreateRequestError(http.StatusForbidden, errors.New("spec.serviceAccountName is reserved for provisioner use"))
 	}
+	if normalizeSpritzRuntimePolicy(body.Spec.RuntimePolicy) != nil && !principal.isService() {
+		return nil, newCreateRequestError(http.StatusForbidden, errors.New("spec.runtimePolicy is reserved for provisioner use"))
+	}
 	if !principal.isService() {
 		if err := validateReservedCreateAnnotations(body.Annotations); err != nil {
 			return nil, newCreateRequestError(http.StatusForbidden, err)
@@ -215,6 +218,10 @@ func validateCreateSpec(spec *spritzv1.SpritzSpec) error {
 	if err := validateSpritzAgentRef(spec.AgentRef); err != nil {
 		return err
 	}
+	spec.RuntimePolicy = normalizeSpritzRuntimePolicy(spec.RuntimePolicy)
+	if err := validateSpritzRuntimePolicy(spec.RuntimePolicy); err != nil {
+		return err
+	}
 	spec.ProfileOverrides = normalizeSpritzAgentProfile(spec.ProfileOverrides)
 	if len(spec.SharedMounts) > 0 {
 		normalized, err := normalizeSharedMounts(spec.SharedMounts)

api/extensions.go

@@ -122,8 +122,9 @@ type extensionResolverMutations struct {
 }
 
 type extensionResolverSpecMutation struct {
-	ServiceAccountName string                   `json:"serviceAccountName,omitempty"`
-	AgentRef           *spritzv1.SpritzAgentRef `json:"agentRef,omitempty"`
+	ServiceAccountName string                        `json:"serviceAccountName,omitempty"`
+	AgentRef           *spritzv1.SpritzAgentRef      `json:"agentRef,omitempty"`
+	RuntimePolicy      *spritzv1.SpritzRuntimePolicy `json:"runtimePolicy,omitempty"`
 }
 
 type configuredResolver struct {

api/instance_classes.go

@@ -13,6 +13,7 @@ const (
 	instanceClassAnnotationKey              = "spritz.sh/instance-class"
 	instanceClassVersionAnnotationKey       = "spritz.sh/instance-class-version"
 	requiredResolvedFieldServiceAccountName = "serviceAccountName"
+	requiredResolvedFieldRuntimePolicy      = "runtimePolicy"
 )
 
 type instanceClass struct {
@@ -96,6 +97,8 @@ func normalizeRequiredResolvedField(raw string) string {
 	switch strings.TrimSpace(raw) {
 	case requiredResolvedFieldServiceAccountName:
 		return requiredResolvedFieldServiceAccountName
+	case requiredResolvedFieldRuntimePolicy:
+		return requiredResolvedFieldRuntimePolicy
 	default:
 		return ""
 	}
@@ -140,6 +143,10 @@ func (c instanceClass) validateResolvedCreate(body *createRequest) error {
 			if strings.TrimSpace(body.Spec.ServiceAccountName) == "" {
 				return fmt.Errorf("instance class %q requires resolved field %q", c.ID, field)
 			}
+		case requiredResolvedFieldRuntimePolicy:
+			if normalizeSpritzRuntimePolicy(body.Spec.RuntimePolicy) == nil {
+				return fmt.Errorf("instance class %q requires resolved field %q", c.ID, field)
+			}
 		default:
 			return fmt.Errorf("instance class %q references unsupported resolved field %q", c.ID, field)
 		}