Skip to content

fix(driver-k8s): add label selector to sandbox watch stream and list (#2211)#4

Open
rhuss wants to merge 7 commits into
mainfrom
6112-fix-k8s-watch-crash
Open

fix(driver-k8s): add label selector to sandbox watch stream and list (#2211)#4
rhuss wants to merge 7 commits into
mainfrom
6112-fix-k8s-watch-crash

Conversation

@rhuss

@rhuss rhuss commented Jul 11, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add openshell.ai/managed-by=openshell label selector to the K8s driver's watch_sandboxes() and list_sandboxes() so only gateway-managed Sandbox objects are received from the API server
  • Defensively skip unrecognized Sandbox objects with a debug log instead of propagating errors to the channel (defense-in-depth)
  • Add 6 unit tests covering sandbox_id_from_object and sandbox_from_object extraction paths

Related Issue

Fixes NVIDIA/OpenShell#2211

Changes

Single file change: crates/openshell-driver-kubernetes/src/driver.rs

Label selector (primary fix):

  • watch_sandboxes(): watcher::Config::default()watcher::Config::default().labels("openshell.ai/managed-by=openshell")
  • list_sandboxes(): ListParams::default()ListParams::default().labels("openshell.ai/managed-by=openshell")

Defensive skip (defense-in-depth):

  • Applied, Deleted, and Restarted watch event branches now use if let Ok(...) to process known objects and debug! log + skip unknown objects, instead of sending errors to the channel

Tests:

  • test_sandbox_id_from_object_with_label - extraction via label
  • test_sandbox_id_from_object_with_name_prefix - extraction via name fallback
  • test_sandbox_id_from_object_unknown - rejection of warm pool objects
  • test_sandbox_id_from_object_managed_by_but_no_sandbox_id - edge case: managed-by present but no sandbox-id
  • test_sandbox_from_object_success - full Sandbox construction
  • test_sandbox_from_object_unknown - rejection of unrecognized objects

Testing

  • cargo clippy -p openshell-driver-kubernetes --all-targets -- -D warnings: Clean
  • cargo test -p openshell-driver-kubernetes: 99 passed (93 existing + 6 new)
  • Spec compliance: 7/7 functional requirements verified
  • Deep review: 0 findings across correctness, architecture, security, production, and test dimensions

Checklist

  • Conventional commit format
  • DCO sign-off
  • All existing tests pass
  • New tests added for changed behavior
  • No secrets or credentials committed

Open in Devin Review

Summary by CodeRabbit

  • New Features

    • Added Kubernetes supervisor sidecar topology support, including new Helm configuration for proxyUid and processBinaryAwareNetworkPolicy, plus sidecar-focused CI/E2E overlays.
    • Enhanced openshell provider refresh configure with --secret-material-env for supplying secret material via environment variables.
  • Bug Fixes

    • Improved Kubernetes sandbox stability: watch/list operations now focus on OpenShell-managed sandboxes and safely skip unexpected/invalid sandbox events to avoid reconnect churn.
  • Tests

    • Added/expanded coverage for labeled sandbox handling, invalid object scenarios, and secret-material environment parsing.
  • Documentation

    • Updated telemetry documentation and expanded Kubernetes/Helm guidance for sidecar and installation behavior.

rhuss added 4 commits July 9, 2026 08:57
Parent brainstorm (01) defines the layered measurement approach for
evaluating Agent Sandbox warm pooling on OpenShift. Child documents
cover cluster setup (02), measurements (03), and results synthesis (04).

Assisted-By: 🤖 Claude Code
Assisted-By: 🤖 Claude Code
Signed-off-by: Roland Huß <rhuss@redhat.com>
Assisted-By: 🤖 Claude Code
Signed-off-by: Roland Huß <rhuss@redhat.com>
…VIDIA#2211)

The Kubernetes driver's watch_sandboxes() crashed with a file descriptor
leak when non-gateway Sandbox resources (e.g. from SandboxWarmPool)
existed in the namespace. The unfiltered watch received events for all
Sandbox objects, failed to extract IDs from warm pool objects, and
propagated errors that triggered a 2-second reconnect loop leaking
HTTP/2 connections until FD exhaustion.

Two fixes:
- Add openshell.ai/managed-by=openshell label selector to the watcher
  config and list params so only gateway-managed objects are received.
- Defensively skip unrecognized objects with a debug log instead of
  sending errors to the channel.

Signed-off-by: Roland Huß <roland@jolokia.org>
Assisted-By: 🤖 Claude Code
Signed-off-by: Roland Huß <rhuss@redhat.com>
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The PR introduces Kubernetes supervisor sidecar topology with authenticated control-channel coordination, sidecar network enforcement, topology-aware process sandboxing, image/configuration changes, provider secret handling, TUI status reporting, warm-pool planning documents, and operational documentation.

Changes

Kubernetes sidecar runtime

Layer / File(s) Summary
Kubernetes sidecar configuration and rendering
crates/openshell-driver-kubernetes/..., deploy/helm/openshell/...
Adds sidecar configuration, proxy identity validation, topology-specific pod rendering, PVC mount validation, supervisor image defaults, and Helm configuration/tests.
Sandbox sidecar control channel
crates/openshell-sandbox/src/...
Adds authenticated Unix-socket bootstrap and update streaming for policy, provider environment, and entrypoint lifecycle events.
Network enforcement and process modes
crates/openshell-supervisor-network/..., crates/openshell-supervisor-process/...
Adds endpoint-only policy evaluation, sidecar nftables/iptables bypass rules, process enforcement modes, current-user Landlock preparation, authenticated SSH sockets, and process identity handling.
CLI, provider refresh, and TUI status handling
crates/openshell-cli/..., crates/openshell-tui/...
Adds environment-backed provider secret material, request validation/tests, port-forward warnings, and visible TUI status messages for errors and warnings.
Planning and operational documentation
brainstorm/*, docs/*, .agents/*, README.md, telemetry/README.md
Documents warm-pool experiments, sidecar topology behavior, OpenShift setup, troubleshooting, issue triage, telemetry, and provider refresh usage.

Estimated code review effort: 5 (Critical) | ~120 minutes

Sequence Diagram(s)

sequenceDiagram
  participant KubernetesDriver
  participant NetworkSidecar
  participant ProcessSupervisor
  participant SandboxProcess
  KubernetesDriver->>NetworkSidecar: render sidecar pod and network-init configuration
  NetworkSidecar->>ProcessSupervisor: authenticate control connection
  ProcessSupervisor->>SandboxProcess: provide bootstrap policy and environment
  NetworkSidecar->>ProcessSupervisor: publish policy and environment updates
  ProcessSupervisor->>SandboxProcess: stream runtime updates
  SandboxProcess->>ProcessSupervisor: report entrypoint lifecycle
Loading
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The PR includes many unrelated docs, Helm, sandbox, workflow, and CLI changes beyond #2211’s Kubernetes driver fix. Split the Kubernetes driver fix into its own PR and move unrelated docs, Helm, sandbox, and workflow edits to separate changesets.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main Kubernetes driver change: adding a label selector to watch and list sandbox resources.
Linked Issues check ✅ Passed The driver update matches #2211 by filtering watch/list streams and skipping unexpected Sandbox objects in all watch branches.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 6112-fix-k8s-watch-crash
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch 6112-fix-k8s-watch-crash

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

coderabbitai[bot]

This comment was marked as resolved.

The debug vs warn question for the defensive skip is resolved by the
implementation which uses debug! level logging.

Signed-off-by: Roland Huß <roland@jolokia.org>
Assisted-By: 🤖 Claude Code
Signed-off-by: Roland Huß <rhuss@redhat.com>

This comment was marked as resolved.

Applied fixes from bot review comments:
- Comment #3563290363: log error context in Applied branch skip
- Comment #3563290364: log error context in Deleted branch skip
- Comment #3563290365: log error context in Restarted branch skip

Refactored from if-let-else to let-else pattern for flatter code
structure and clearer early-return semantics.

Signed-off-by: Roland Huß <roland@jolokia.org>
Assisted-By: 🤖 Claude Code
Signed-off-by: Roland Huß <rhuss@redhat.com>
@rhuss

rhuss commented Jul 11, 2026

Copy link
Copy Markdown
Owner Author

@copilot resolve the merge conflicts in this pull request

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 new potential issue.

View 3 additional findings in Devin Review.

Open in Devin Review

Comment thread brainstorm/00-overview.md
- Is KEP-753 (native sidecars) available on the target OpenShift version? (from #01, #02)
- How does pool exhaustion behave (cold fallback vs. Pending)? (from #03)
- Should findings be posted to upstream agent-sandbox repo? (from #04)
<<<<<<< HEAD

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Unresolved git merge conflict marker left in a committed brainstorm document

A git merge conflict marker (<<<<<<< HEAD at brainstorm/00-overview.md:32) was committed into the file, so the document contains raw conflict syntax instead of resolved content.

Impact: The brainstorm overview document is malformed and renders the conflict marker literally for anyone reading it.

Merge conflict marker details

Line 32 of brainstorm/00-overview.md contains <<<<<<< HEAD. The corresponding ======= and >>>>>>> markers that normally delimit the two sides of a conflict are absent, suggesting the file was partially resolved but the opening marker was not removed. The lines after it (33-37) appear to be the intended content from one side of the merge.

Suggested change
<<<<<<< HEAD
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
crates/openshell-tui/src/lib.rs (1)

2414-2434: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

refresh_draft_chunks silently swallows fetch errors/timeouts, unlike its sibling refresh functions.

Every other refresh_* function touched in this PR (refresh_providers, refresh_global_settings, refresh_sandboxes, refresh_sandbox_policy) now sets app.status_text on Ok(Err(_))/timeout. This function drops those branches entirely (the prior debug logging was removed with no replacement), so a user won't see any indication that the periodic draft-chunk refresh (called every tick on the Sandbox screen) is failing.

🩹 Proposed fix to surface the failure
-    if let Ok(Ok(resp)) =
-        tokio::time::timeout(Duration::from_secs(5), app.client.get_draft_policy(req)).await
-    {
-        let inner = resp.into_inner();
-        app.draft_chunks = inner.chunks;
-        app.draft_version = inner.draft_version;
-        if app.draft_selected >= app.draft_chunks.len() && !app.draft_chunks.is_empty() {
-            app.draft_selected = app.draft_chunks.len() - 1;
-        }
-    }
+    match tokio::time::timeout(Duration::from_secs(5), app.client.get_draft_policy(req)).await {
+        Ok(Ok(resp)) => {
+            let inner = resp.into_inner();
+            app.draft_chunks = inner.chunks;
+            app.draft_version = inner.draft_version;
+            if app.draft_selected >= app.draft_chunks.len() && !app.draft_chunks.is_empty() {
+                app.draft_selected = app.draft_chunks.len() - 1;
+            }
+        }
+        Ok(Err(e)) => {
+            app.status_text = format!("failed to fetch draft chunks: {}", e.message());
+        }
+        Err(_) => {
+            app.status_text = "draft chunks request timed out".to_string();
+        }
+    }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-tui/src/lib.rs` around lines 2414 - 2434, Update
refresh_draft_chunks to handle both RPC errors and timeout errors instead of
silently ignoring them. Preserve the existing successful-response updates, and
set app.status_text with an appropriate failure message in each unsuccessful
branch, matching the behavior of the sibling refresh functions.
🧹 Nitpick comments (5)
crates/openshell-supervisor-network/src/proxy.rs (1)

1580-1614: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win

Cache network_binary_identity_required() instead of reading the env var per connection.

evaluate_opa_tcp (Linux and non-Linux) now calls crate::opa::network_binary_identity_required(), which does std::env::var(...), on every proxied TCP connection's decision path. Since this value is effectively static configuration for the process lifetime, consider caching it once (e.g. OnceLock<bool>/LazyLock<bool>) instead of re-reading the environment on every connection.

♻️ Sketch
-if !crate::opa::network_binary_identity_required() {
+static NETWORK_BINARY_IDENTITY_REQUIRED: std::sync::OnceLock<bool> = std::sync::OnceLock::new();
+if !*NETWORK_BINARY_IDENTITY_REQUIRED
+    .get_or_init(crate::opa::network_binary_identity_required)
+{

Also applies to: 1730-1743

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-supervisor-network/src/proxy.rs` around lines 1580 - 1614,
Cache the result of crate::opa::network_binary_identity_required() for the
process lifetime using the existing OPA configuration area and a OnceLock<bool>
or LazyLock<bool>. Update both Linux and non-Linux evaluate_opa_tcp decision
paths to reuse the cached value instead of reading the environment per
connection, while preserving the current endpoint-only behavior when the value
is false.
crates/openshell-supervisor-network/src/opa.rs (1)

80-100: 🚀 Performance & Scalability | 🔵 Trivial

Heads up: every OpaEngine construction (including every reload/reload_from_proto_with_pid) now emits an info log + OCSF event.

clone_engine_for_tunnel avoids this (it clones the built engine directly), so per-tunnel L7 evaluation isn't affected. But if the sandbox's policy poll loop reloads on a fixed interval regardless of whether the policy actually changed, this adds a steady stream of "Configured OPA runtime binary identity mode" log lines/OCSF events. Worth confirming the poll loop only reloads on detected change, or that the interval is coarse enough that this isn't operationally noisy.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-supervisor-network/src/opa.rs` around lines 80 - 100, Verify
the sandbox policy poll loop only invokes OpaEngine construction through reload
or reload_from_proto_with_pid when the policy has actually changed; avoid
periodic unconditional reloads that repeatedly trigger
emit_binary_identity_mode. Preserve clone_engine_for_tunnel behavior, and if
unconditional polling is required, suppress or appropriately coalesce the
configuration log and OCSF event for unchanged policy state.
crates/openshell-supervisor-process/src/netns/mod.rs (2)

556-616: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Conntrack accept rule is unconditionally required in the iptables-legacy fallback, unlike its nft counterpart.

In generate_sidecar_bypass_commands the analogous ct state established,related accept rule is marked required: false because it needs nf_conntrack. Here, the equivalent -m conntrack --ctstate ESTABLISHED,RELATED rule is bundled into the required, sequential command list — if the conntrack extension is unavailable, the fallback of last resort aborts entirely instead of degrading gracefully like the primary nft path does.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-supervisor-process/src/netns/mod.rs` around lines 556 - 616,
Update install_sidecar_iptables_legacy_family_rules so the conntrack
ESTABLISHED,RELATED accept rule is optional, matching
generate_sidecar_bypass_commands. Execute it separately and continue when the
conntrack extension is unavailable, while preserving failure handling for the
remaining required iptables rules.

690-720: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

run_nft_commands_current_namespace and run_nft_commands_netns are near-duplicate implementations.

Both iterate NftCommands, log, execute, and apply the same required/non-required error handling; they differ only in prefixing with nsenter --net=. Extracting a shared helper (parameterized by an optional command prefix) would remove the duplication risk of the required/non-required logic silently drifting between the two copies.

Also applies to: 763-809

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-supervisor-process/src/netns/mod.rs` around lines 690 - 720,
Extract the shared iteration, logging, execution, and required/non-required
error handling from run_nft_commands_current_namespace and
run_nft_commands_netns into one helper parameterized by an optional command
prefix. Have each existing function supply its namespace-specific command
invocation while preserving the current nsenter --net= behavior and error
semantics.
crates/openshell-supervisor-process/src/netns/nft_ruleset.rs (1)

36-367: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Significant duplication between generate_bypass_commands and generate_sidecar_bypass_commands.

Both functions repeat the same four reject-rule blocks (ipv4/ipv6 × tcp/udp) and the same two log-rule blocks almost verbatim, differing only in the table name and accept-rule preamble. Extracting small helpers (e.g. reject_rule(table, nfproto, l4proto, icmp_type), log_rule(table, proto_match, prefix)) would cut this file roughly in half and reduce the risk of the two rulesets silently diverging on a future edit.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-supervisor-process/src/netns/nft_ruleset.rs` around lines 36
- 367, Refactor the duplicated rule construction in generate_bypass_commands and
generate_sidecar_bypass_commands into shared helpers for protocol logging and
IPv4/IPv6 TCP/UDP rejection, parameterized by table and the relevant protocol or
ICMP type. Replace both functions’ repeated blocks with these helpers while
preserving command ordering, nft_cmd failure flags, and each function’s existing
accept-rule preamble.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@brainstorm/00-overview.md`:
- Around line 32-33: Remove the leftover `<<<<<<< HEAD` merge-conflict marker
from the overview entry, while retaining the resolved `debug!` decision text.

In `@crates/openshell-supervisor-network/data/sandbox-policy.rego`:
- Around line 22-24: Update the binary_identity_required rule to explicitly
compare the resolved object.get value to true, preserving the default-true
behavior when require_binary_identity is absent and allowing an explicit false
value to disable enforcement.

In `@telemetry/README.md`:
- Line 37: Update the provider name in the “Providers (last 2 weeks)” list from
“github” to the official capitalization “GitHub”; leave the other provider names
unchanged.

---

Outside diff comments:
In `@crates/openshell-tui/src/lib.rs`:
- Around line 2414-2434: Update refresh_draft_chunks to handle both RPC errors
and timeout errors instead of silently ignoring them. Preserve the existing
successful-response updates, and set app.status_text with an appropriate failure
message in each unsuccessful branch, matching the behavior of the sibling
refresh functions.

---

Nitpick comments:
In `@crates/openshell-supervisor-network/src/opa.rs`:
- Around line 80-100: Verify the sandbox policy poll loop only invokes OpaEngine
construction through reload or reload_from_proto_with_pid when the policy has
actually changed; avoid periodic unconditional reloads that repeatedly trigger
emit_binary_identity_mode. Preserve clone_engine_for_tunnel behavior, and if
unconditional polling is required, suppress or appropriately coalesce the
configuration log and OCSF event for unchanged policy state.

In `@crates/openshell-supervisor-network/src/proxy.rs`:
- Around line 1580-1614: Cache the result of
crate::opa::network_binary_identity_required() for the process lifetime using
the existing OPA configuration area and a OnceLock<bool> or LazyLock<bool>.
Update both Linux and non-Linux evaluate_opa_tcp decision paths to reuse the
cached value instead of reading the environment per connection, while preserving
the current endpoint-only behavior when the value is false.

In `@crates/openshell-supervisor-process/src/netns/mod.rs`:
- Around line 556-616: Update install_sidecar_iptables_legacy_family_rules so
the conntrack ESTABLISHED,RELATED accept rule is optional, matching
generate_sidecar_bypass_commands. Execute it separately and continue when the
conntrack extension is unavailable, while preserving failure handling for the
remaining required iptables rules.
- Around line 690-720: Extract the shared iteration, logging, execution, and
required/non-required error handling from run_nft_commands_current_namespace and
run_nft_commands_netns into one helper parameterized by an optional command
prefix. Have each existing function supply its namespace-specific command
invocation while preserving the current nsenter --net= behavior and error
semantics.

In `@crates/openshell-supervisor-process/src/netns/nft_ruleset.rs`:
- Around line 36-367: Refactor the duplicated rule construction in
generate_bypass_commands and generate_sidecar_bypass_commands into shared
helpers for protocol logging and IPv4/IPv6 TCP/UDP rejection, parameterized by
table and the relevant protocol or ICMP type. Replace both functions’ repeated
blocks with these helpers while preserving command ordering, nft_cmd failure
flags, and each function’s existing accept-rule preamble.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9d0fb1df-03fb-4c6e-96ab-295002c80f37

📥 Commits

Reviewing files that changed from the base of the PR and between 92fb8a7 and f9f538d.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (78)
  • .agents/skills/create-github-issue/SKILL.md
  • .agents/skills/debug-openshell-cluster/SKILL.md
  • .agents/skills/helm-dev-environment/SKILL.md
  • .agents/skills/triage-issue/SKILL.md
  • .github/ISSUE_TEMPLATE/bug_report.yml
  • .github/workflows/branch-e2e.yml
  • .github/workflows/sync-docs.yml
  • .packit.yaml
  • README.md
  • architecture/build.md
  • architecture/compute-runtimes.md
  • brainstorm/00-overview.md
  • crates/openshell-cli/src/main.rs
  • crates/openshell-cli/src/run.rs
  • crates/openshell-cli/tests/provider_commands_integration.rs
  • crates/openshell-core/src/config.rs
  • crates/openshell-core/src/driver_mounts.rs
  • crates/openshell-core/src/grpc_client.rs
  • crates/openshell-core/src/provider_credentials.rs
  • crates/openshell-core/src/sandbox_env.rs
  • crates/openshell-driver-docker/src/lib.rs
  • crates/openshell-driver-docker/src/tests.rs
  • crates/openshell-driver-kubernetes/README.md
  • crates/openshell-driver-kubernetes/src/config.rs
  • crates/openshell-driver-kubernetes/src/driver.rs
  • crates/openshell-driver-kubernetes/src/lib.rs
  • crates/openshell-driver-kubernetes/src/main.rs
  • crates/openshell-driver-podman/README.md
  • crates/openshell-driver-podman/src/config.rs
  • crates/openshell-driver-podman/src/container.rs
  • crates/openshell-driver-podman/src/main.rs
  • crates/openshell-ocsf/src/format/shorthand.rs
  • crates/openshell-sandbox/Cargo.toml
  • crates/openshell-sandbox/src/lib.rs
  • crates/openshell-sandbox/src/main.rs
  • crates/openshell-sandbox/src/sidecar_control.rs
  • crates/openshell-supervisor-network/data/sandbox-policy.rego
  • crates/openshell-supervisor-network/src/identity.rs
  • crates/openshell-supervisor-network/src/l7/relay.rs
  • crates/openshell-supervisor-network/src/opa.rs
  • crates/openshell-supervisor-network/src/proxy.rs
  • crates/openshell-supervisor-network/src/run.rs
  • crates/openshell-supervisor-process/src/lib.rs
  • crates/openshell-supervisor-process/src/netns/mod.rs
  • crates/openshell-supervisor-process/src/netns/nft_ruleset.rs
  • crates/openshell-supervisor-process/src/process.rs
  • crates/openshell-supervisor-process/src/run.rs
  • crates/openshell-supervisor-process/src/sandbox/linux/landlock.rs
  • crates/openshell-supervisor-process/src/sandbox/linux/mod.rs
  • crates/openshell-supervisor-process/src/ssh.rs
  • crates/openshell-supervisor-process/src/supervisor_session.rs
  • crates/openshell-supervisor-process/src/unix_socket.rs
  • crates/openshell-tui/Cargo.toml
  • crates/openshell-tui/src/event.rs
  • crates/openshell-tui/src/lib.rs
  • deploy/docker/Dockerfile.supervisor
  • deploy/helm/openshell/README.md
  • deploy/helm/openshell/README.md.gotmpl
  • deploy/helm/openshell/ci/values-sidecar-kata.yaml
  • deploy/helm/openshell/ci/values-sidecar.yaml
  • deploy/helm/openshell/skaffold.yaml
  • deploy/helm/openshell/templates/_helpers.tpl
  • deploy/helm/openshell/templates/gateway-config.yaml
  • deploy/helm/openshell/tests/gateway_config_test.yaml
  • deploy/helm/openshell/values.yaml
  • docs/kubernetes/access-control.mdx
  • docs/kubernetes/ingress.mdx
  • docs/kubernetes/managing-certificates.mdx
  • docs/kubernetes/openshift.mdx
  • docs/kubernetes/setup.mdx
  • docs/kubernetes/topology.mdx
  • docs/reference/gateway-config.mdx
  • docs/reference/sandbox-compute-drivers.mdx
  • docs/sandboxes/manage-providers.mdx
  • e2e/with-kube-gateway.sh
  • tasks/helm.toml
  • tasks/test.toml
  • telemetry/README.md
💤 Files with no reviewable changes (1)
  • crates/openshell-tui/Cargo.toml
✅ Files skipped from review due to trivial changes (14)
  • crates/openshell-supervisor-process/src/lib.rs
  • docs/kubernetes/ingress.mdx
  • deploy/helm/openshell/ci/values-sidecar.yaml
  • .github/ISSUE_TEMPLATE/bug_report.yml
  • deploy/helm/openshell/README.md.gotmpl
  • crates/openshell-tui/src/event.rs
  • .github/workflows/sync-docs.yml
  • docs/kubernetes/access-control.mdx
  • docs/kubernetes/managing-certificates.mdx
  • README.md
  • crates/openshell-driver-podman/README.md
  • docs/kubernetes/setup.mdx
  • .packit.yaml
  • docs/reference/sandbox-compute-drivers.mdx

Comment thread brainstorm/00-overview.md
Comment on lines +32 to +33
<<<<<<< HEAD
- ~~Should the defensive skip use `debug!` or `warn!` level? (from #05)~~ Resolved: `debug!` used in implementation

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Remove the unresolved merge-conflict marker.

Line 32 leaves <<<<<<< HEAD in the committed document, so the conflict is not fully resolved. Delete the marker and retain the resolved debug! entry on Line 33.

🧰 Tools
🪛 LanguageTool

[style] ~33-~33: Using many exclamation marks might seem excessive (in this case: 3 exclamation marks for a text that’s 1386 characters long)
Context: ...r warn! level? (from #05)~~ Resolved: debug! used in implementation ## Parked Idea...

(EN_EXCESSIVE_EXCLAMATION)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@brainstorm/00-overview.md` around lines 32 - 33, Remove the leftover `<<<<<<<
HEAD` merge-conflict marker from the overview entry, while retaining the
resolved `debug!` decision text.

Comment on lines +22 to +24
binary_identity_required if {
object.get(object.get(data, "runtime", {}), "require_binary_identity", true)
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Compare the resolved value to true explicitly.

The rule body uses a bare object.get(...) term, which Regal flags (Non-boolean return value unassigned). A non-boolean value here would satisfy the rule in surprising ways. Make the boolean intent explicit so only a genuine true/absent value enforces binary identity and false relaxes it.

Proposed fix
 binary_identity_required if {
-	object.get(object.get(data, "runtime", {}), "require_binary_identity", true)
+	object.get(object.get(data, "runtime", {}), "require_binary_identity", true) == true
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
binary_identity_required if {
object.get(object.get(data, "runtime", {}), "require_binary_identity", true)
}
binary_identity_required if {
object.get(object.get(data, "runtime", {}), "require_binary_identity", true) == true
}
🧰 Tools
🪛 Regal (0.41.1)

[error] 23-23: Non-boolean return value unassigned

(bugs)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/openshell-supervisor-network/data/sandbox-policy.rego` around lines 22
- 24, Update the binary_identity_required rule to explicitly compare the
resolved object.get value to true, preserving the default-true behavior when
require_binary_identity is absent and allowing an explicit false value to
disable enforcement.

Source: Linters/SAST tools

Comment thread telemetry/README.md

**Where sandboxes are created (last 2 weeks).** The United States leads by a wide margin, followed by Israel, Australia, Hong Kong, India, Singapore, South Korea, Germany, Japan, and China.

**Providers (last 2 weeks).** `custom` profiles lead (~30k), then `openai` (~21k), with nvidia, claude, anthropic, github, gitlab, opencode, codex, and copilot trailing.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Use the official capitalization: GitHub.

🧰 Tools
🪛 LanguageTool

[uncategorized] ~37-~37: The official name of this software platform is spelled with a capital “H”.
Context: ...(~21k), with nvidia, claude, anthropic, github, gitlab, opencode, codex, and copilot t...

(GITHUB)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@telemetry/README.md` at line 37, Update the provider name in the “Providers
(last 2 weeks)” list from “github” to the official capitalization “GitHub”;
leave the other provider names unchanged.

Source: Linters/SAST tools

rhuss added a commit that referenced this pull request Jul 15, 2026
- Remove dead boolCount function that would fail golangci-lint (#1)
- Emit EventAdded for the first watch event instead of EventModified,
  matching k8s watch semantics (#7)
- Add mutex locking to all mock server methods that access the shared
  sandboxes map, fixing latent race conditions (#12)
- Skip HealthCheck integration test that calls an unimplemented stub (#13)
- Scope doc.go examples: mark sections for sub-clients not yet available
  in this PR with "available in a future release" (#4)
- Document Config.Timeout/RetryPolicy/Logger and WatchOptions fields
  as reserved for future use (#2, #6)

Signed-off-by: Roland Huß <rhuss@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix: K8s driver watch stream crashes with FD leak when non-gateway Sandbox resources exist

3 participants