koder_exec_kit: pluggable execution backends for agent tools

accepted

koderexeckit — pluggable execution backends RFC

Status

*ccepted*— 20260523. Owner ratified option 3 (new SDK module engines/sdk/koder_exec_kit) over options 1 (CLI-local) and 2 (gateway-hosted). Implementation begins under engines/sdk/koder_exec_kit#001 (scaffold + local backend), which in turn unblocks AICORE106 (gateway adopts the SDK) and AICORE134.2b (MountRoot semantics anchored on the Backend contract).

Summary

Define a Go SDK module engines/sdk/koder_exec_kit that exposes a single Backend interface for executing untrusted (or simply isolated) commands and code on behalf of an agent. Ship MVP backends — local, docker, ssh — and a Register(name, factory) plugin point for the postMVP backends Hermes-agent inspired the ticket with (Modal, Daytona, Vercel Sandbox, Singularity, …).

Three or more components on the current roadmap consume execution under different trust models:

  1. *oder AI CLI*(services/ai/ai/cli/) — already runs execute_command locally; only consumer today.
  2. *oder AI Gateway*(services/ai/ai/gateway/) — would gain a POST /v1/exec proxy for headless agents and parallelexecution scheduling (AICORE119 spoke AIGW-051).
  3. *ervices/agents

Source: ../home/koder/dev/koder/meta/docs/stack/rfcs/koder-exec-kit-RFC-001-execution-backends.kmd