feat: implement Phase 2A VMLab profile discovery and TOML schema validation

[SSobol77]

feat: implement Phase 2A VMLab profile discovery and TOML schema validation

Purpose

Implement VMLab profile discovery and typed TOML schema validation.

Mandatory First Step

Before editing files:

1. Inspect the actual repository structure.
2. Verify real package roots, CLI entrypoints, and test conventions.
3. Do not assume imports from non-existent modules.
4. Adjust file paths to the real repository layout if required.
5. Document any path deviation in the PR description.

Development Log Invariant

All generated development logs, dry-run reports, smoke outputs, test evidence, and agent-generated debug artifacts must be written only under:

logs/

Forbidden generated-artifact locations:

.ecli/
.ecli/vmlab/
src/
tests/
tmp/
.tmp/
.cache/
$HOME/
/tmp/
project root outside logs/

Target Files

Expected target files, adjusted only if real repository layout requires:

src/ecli/extensions/vmlab/__init__.py
src/ecli/extensions/vmlab/models.py
src/ecli/extensions/vmlab/profiles.py
src/ecli/extensions/vmlab/log_paths.py
tests/extensions/vmlab/test_profiles.py
tests/extensions/vmlab/test_log_location_invariant.py

Scope

Discover profiles from:

./.ecli/vmlab/profiles/*.toml
$XDG_CONFIG_HOME/ecli/vmlab/profiles/*.toml
/etc/ecli/vmlab/profiles/*.toml

Rules:

• project-local wins.
• no merge semantics in v1.
• conflicts are reported.
• schema version is validated.
• path-like fields are validated.
• shell expansions are rejected.
• forbidden paths are rejected.
• development logs are allowed only under logs/.

Non-Goals

• no QEMU execution
• no QMP
• no serial attach
• no sudo
• no runtime mutation

Dependencies

Blocked by completion of v0.2.0 — Services Foundation.

Acceptance Criteria

• profile discovery works
• conflicts are reported
• schema validation works
• unsafe paths are rejected
• symlink escape detection is tested
• log invariant tests pass
• no filesystem mutation during validation

References

• docs/extensions/vmlab-profile-schema.md §3
• docs/extensions/vmlab-profile-schema.md §7
• docs/extensions/vmlab-security-model.md §3.2

Labels

• type:implementation
• area:vmlab
• phase:2A
• status:blocked
• priority:high

Milestone

v0.3.0 — VMLab Skeleton

[coderabbitai]

⚠️ Possible Duplicate Issue(s)

• feat: implement Phase 2A VMLab profile discovery and TOML schema validation #36

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!