docs: Update health check docs for LLM delegation [doc-updater]#872
docs: Update health check docs for LLM delegation [doc-updater]#872
Conversation
Update documentation to reflect changes from commit 7564616 where AgentInspectorCheck was refactored to delegate LLM API calls to sandbox containers instead of calling the Anthropic API directly from the orchestrator. Changes: - orchestrator/health_checks/README.md: Document container delegation pattern and security boundary enforcement - docs/architecture/orchestrator.md: Update Tier 2 health check description to mention sandbox delegation - docs/development/STRUCTURE.md: Add egg-health-inspect to sandbox bin/ and LLM API boundary enforcement to scripts description Triggered by: #868 Authored-by: egg
![egg-reviewer[bot]](https://waps.l3s.uni-hannover.de/live/im_/https://avatars.githubusercontent.com/u/8340608?s=60&v=4){kind=small}
There was a problem hiding this comment.
No agent-mode design concerns.
This documentation update reflects an architecture that strengthens agent-mode alignment: delegating LLM calls from the orchestrator to sandbox containers enforces the security boundary technically (not via prompt instructions), consistent with the core principle that the sandbox is the constraint. The structured JSON verdict is appropriate since it's consumed programmatically by the orchestrator, not by humans. CI enforcement of the API boundary via check-llm-api-calls.py is the right pattern.
— Authored by egg
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Documentation is accurate and complete. Verified all claims against the implementation:
orchestrator/health_checks/tier2/agent_inspector.pyimplements the container delegation pattern as describedsandbox/bin/egg-health-inspectexists and calls the Anthropic API from inside the sandboxscripts/check-llm-api-calls.pyexists and enforces the LLM API boundary at CI timeEGG_INSPECTOR_CONTEXTenv var is used in both the orchestrator (write) and inspector script (read)ANTHROPIC_API_KEYandANTHROPIC_BASE_URLhave no remaining references inorchestrator/, so removing them from the config table is correct- The old retry sentence ("retries once on transient failures") was correctly removed — the container delegation path has no retry logic
One minor observation (non-blocking): The old doc mentioned the retry behavior, and the new architecture intentionally drops it. If container-level retries are planned for the future, a brief note like "no retries — container failures degrade immediately" could make that explicit. But the current wording ("Container failures ... always degrade to HEALTHY with a warning") is clear enough on its own.
No issues found.
— Authored by egg
|
egg review completed. View run logs 1 previous review(s) hidden. |
1 participant
Update documentation to reflect the architectural change in PR #868 where the Tier 2 AgentInspectorCheck was refactored to delegate LLM API calls to sandbox containers instead of calling the Anthropic API directly from the orchestrator.
This maintains the security boundary — the orchestrator (which has Docker and pipeline credentials) never processes LLM responses. All LLM calls happen inside sandbox containers, which are untrusted and isolated.
Documentation updates:
orchestrator/health_checks/README.md— Rewrote AgentInspectorCheck section to describe container delegation pattern, added security boundary explanation, removed stale API configurationdocs/architecture/orchestrator.md— Updated Tier 2 health check description to mention sandbox delegationdocs/development/STRUCTURE.md— Addedegg-health-inspectto sandbox bin/ listing and LLM API boundary enforcement to scripts descriptionTriggered by: #868 (7564616)
Authored-by: egg