WEB-4805: EDR (SentinelOne) rehearsal harness

[vigneshsubbiah16]

WEB-4805: EDR (SentinelOne) rehearsal harness

Push-button, dry-run-by-default harness to rehearse Unbound's
signed+notarized macOS runtime against Salesloft's EDR (SentinelOne) on a
throwaway EC2 Mac fixture before the customer ever sees it, pick the
surviving artifact by evidence, and re-image so the rehearsal never pollutes
the Stream V fixtures.

Ticket: https://linear.app/unboundsec/issue/WEB-4805

What it does

• Provisions a fresh EC2 Mac dedicated host + instance per chip
  (mac2.metal arm64, mac1.metal intel), us-west-2, default profile.
• Installs the SentinelOne agent (site token via env).
• Drives both artifacts (PyInstaller default + Nuitka -nuitka) through the
  full lifecycle: pkg install -> onboard.sh -> all 5 hook events (PreToolUse,
  PostToolUse, UserPromptSubmit, Stop, SessionStart) -> discovery daemon run ->
  --clear.
• Captures S1 detections/threats + Storyline + our install/hook/discovery logs,
  tagged {artifact, allowlist-state, run-id}.
• Runs the full matrix with and without the ZMA55FTA8W allowlist
  (signer/cert "Suppress Alerts" + /opt/unbound/* path exclusion).
• Tears down (terminate instance + release dedicated host = the re-image).

File tree (tooling/edr-rehearsal/)

RUNBOOK.md            operator-facing end-to-end procedure
matrix.md             2 artifacts x 2 allowlist states x 5 stages, results column
README.md             dir overview
lib.sh                shared config + AWS-profile guard + dry-run/confirm gate
provision-fixture.sh  allocate dedicated host + instance per chip
install-s1.sh         install the SentinelOne agent (S1_SITE_TOKEN env)
run-rehearsal.sh      drive one artifact through the full lifecycle
capture-telemetry.sh  collect S1 detections + Storyline + our logs
teardown.sh           terminate instance + release host
results/.gitkeep      per-cell evidence dirs (gitignored)

Safety / constraints

• Nothing was executed against AWS, SentinelOne, or any live machine. No
  fixture exists; this is authoring only.
• Every live-action script defaults to dry-run/print-only and requires an
  explicit --execute; AWS-touching scripts also print the 24h dedicated-host
  cost warning and require typing yes (or --yes).
• The benchling AWS profile is hard-refused in lib.sh.
• Fail-open is preserved — nothing here can block dev work on a real
  machine; the runtime fails open by design and the harness only ever targets a
  throwaway fixture.
• Secrets (S1 site/API tokens, onboarding keys) come from env, never argv.
• All shell scripts pass shellcheck (clean) and use set -euo pipefail,
  matching the packaging/scripts/ conventions.

Pending (does not block authoring)

The S1 tenant + site token are pending the WEB-4805 sourcing decision (tracked
against WEB-4784); the harness is fully parameterized, so dropping the token +
agent pkg in later requires no script edits.

Draft: do not merge. Opened for review while the EDR vendor answer + signed
artifacts land.

🤖 Generated with Claude Code