Crabbox Remote Proof

Crabbox is the remote execution layer for teleo-infrastructure. It is not the production deploy system.

Goals

Run Python tests on a disposable or warm remote Linux box.
Run the Phase 1B local proof script remotely.
Retain JUnit and machine-readable proof artifacts.
Give agents a bounded job list instead of arbitrary cloud shell access.

Non-Goals

No production deploys.
No production secrets.
No production VPS mutation.
No production decision-engine PR comments from Crabbox jobs.

Required Local Setup

Crabbox CLI 0.22.1 or newer:

crabbox --version

One of:

crabbox login --url "$CRABBOX_COORDINATOR"

or direct Hetzner operator env:

export HCLOUD_TOKEN="..."

Do not commit either value.

Jobs

crabbox job list
crabbox job run --dry-run unit
crabbox job run --dry-run phase1b-local-proof
crabbox job run unit
crabbox job run phase1b-local-proof

phase1b-local-proof writes:

proof/phase1b-local-e2e-proof.json
.crabbox-results/phase1b-pytest.xml
.crabbox-results/phase1b-proof-summary.json

Secret Boundary

Allowed:

CI
PYTHONWARNINGS
PHASE1B_AGENT_ROUTING_ENABLED
broker token in user config
direct HCLOUD_TOKEN or HETZNER_TOKEN in local operator env

Not allowed:

production GitHub admin token
production Forgejo token
production OpenRouter key
production SSH keys
Bitwarden exports
prod pipeline.db

Proof Boundary

Crabbox remote proof proves repo behavior on a remote Linux lease. It does not prove production parity unless the lease recreates the production runtime paths, systemd services, timers, DB path, and deploy script behavior.

1.7 KiB Raw Blame History