Sandbox

Sandbox for CI/CD and AI

Public Domain
Public Domain

  • want to use vhost ssh unix socket forwarding to expose creds via wid rproxy to guess as unix perm file

  • could maybe just tun MITM all trafic and replace certs in guest

  • why not just offer a sandboxed runtime?

    • deno or python or wasm

    • Then package management would be standard

    • Expose clean interfaces between runner and orchestrator

    • Keep it standard lang -> no jenkins groovy

  • atproto (obvi)

  • spiffie wid rproxy

  • tpm host -> tpm guest -> verifier -> SCITT

    • SPIFFIE endpoint expose attestation / verifier siger for scitt or something?

    • "free" decentralized pool

    • attested & reproducable builds tracks

https://bsky.app/profile/filippo.abyssdomain.expert/post/3mkldvg6iec2h

Alright, wishlist for a GitHub replacement.

Obvious:

  • actually read-only CI jobs
  • CI configs safer than interpolated shell in YAML
  • git pushes don’t just shell out under user git (!!)
  • uptime??

Less obvious:

  • git pushes tlog
  • unprivileged agent sub-accounts
  • decent vuln scanner

https://pnsqc.org

Tools & Productivity

For practitioners and tool builders demonstrating how work actually gets done, with concrete workflows and lessons learned. Papers will show conditions before vs after, and will mention what doesn't work.

This track focuses on practical tools, frameworks, and techniques that improve the productivity and effectiveness of quality engineering teams. Submissions should emphasize real-world experience, engineering insights, and lessons learned from building, integrating, or applying tools in modern software development environments.

Submissions should focus on technical insights and practical experience rather than product demonstrations or sales presentations. Tools may be referenced, but talks should provide lessons and techniques that other teams can apply.

Topics May Include

  • Test automation platforms and frameworks
  • Developer productivity and testing workflows
  • Observability, diagnostics, and debugging tools
  • CI/CD testing infrastructure
  • Managing flaky tests and test reliability
  • AI-assisted testing tools and practices
  • Toolchains for modern quality engineering
  • Integrating testing into developer workflows
  • Scaling test automation in large systems

Example Paper Titles

  • Lessons Learned Building AI-Generated Test Suites
  • Managing Flaky Tests in CI at Scale
  • Using Observability Data to Diagnose Test Failures
  • Integrating Quality Signals into Developer Workflows
  • Tooling Strategies for Testing Microservices
  • Improving Test Feedback Loops for Developers
  • Reducing Test Execution Time in Large CI Pipelines
  • Making Test Automation Maintainable Over Time