Description
Track the extensibility capability proposed by RFC 0005: a supervisor egress middleware hook that lets OpenShell call trusted external middleware before outbound sandbox requests leave the sandbox boundary.
At a high level, this gives OpenShell a policy-selected extension point where middleware can inspect request content, transform or redact it, deny it, and attach metadata or audit annotations while OpenShell remains the enforcement boundary.
Context
What This Unlocks
- Lets OpenShell support value-add controls such as Privacy Guard without baking every guard directly into the core supervisor.
- Gives operators a place to plug in domain-specific request governance for outbound sandbox traffic.
- Creates a foundation for future middleware integrations around L7 inspection, redaction, request annotation, and audit evidence.
- Keeps the core product focused on sandbox enforcement while allowing optional external services to extend behavior.
Definition of Done
Description
Track the extensibility capability proposed by RFC 0005: a supervisor egress middleware hook that lets OpenShell call trusted external middleware before outbound sandbox requests leave the sandbox boundary.
At a high level, this gives OpenShell a policy-selected extension point where middleware can inspect request content, transform or redact it, deny it, and attach metadata or audit annotations while OpenShell remains the enforcement boundary.
Context
What This Unlocks
Definition of Done