Skip to content

OpenShell v0.0.37

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 May 22:42
· 11 commits to main since this release
v0.0.37
b8e8743
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.0.37 is a breaking release that moves OpenShell onto the new entity/object model and RFC-0001 compute-driver architecture. Gateway persistence now uses a shared entity schema with Kubernetes-style metadata and labels, and policy revisions plus draft policy recommendations now live in that object model instead of dedicated policy tables. This also changes public protobuf shapes for core resources like sandboxes, providers, and SSH sessions, so existing clients and gateway databases may need regeneration, migration, or recreation.

This release introduces the experimental Helm chart for Kubernetes and OpenShift deployments, including chart packaging, PKI bootstrap, Gateway API support, and Kubernetes setup docs. On the runtime side, RFC-0001 is now substantially implemented with pluggable compute drivers for Docker, Podman, Kubernetes, and experimental MicroVM-backed sandboxes, plus related packaging, installer, and CI support.

Also new in this release: initial provider profiles and sandbox-provider attach lifecycle, OIDC/RBAC gateway auth, GraphQL L7 policy inspection, Kubernetes user namespace support, and expanded Debian/RPM/Homebrew packaging.

Quick install

curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.37 sh

Upgrading from v0.0.36 or earlier

v0.0.37 is not compatible with existing gateway state from earlier releases. openshell start|stop|destroy commands have been removed. Before upgrading, back up anything you need from existing sandboxes, including files, generated artifacts, and any local configuration that was only stored inside the sandbox.

Then clean up the old runtime before installing v0.0.37:

openshell sandbox delete --all

openshell gateway destroy

openshell gateway destroy must be run before upgrading, while you still have the v0.0.36 or earlier CLI installed. In v0.0.37, gateway lifecycle is no longer managed by the openshell gateway start|stop|destroy commands.

After cleanup, reinstall OpenShell using the current installation instructions:

https://docs.nvidia.com/openshell/latest/about/installation

After reinstalling, recreate your sandboxes and re-register or reconfigure any providers, policies, and gateway settings you still need.

What's Changed

  • fix(driver-vm): preflight supervisor cross-compile toolchain in start.sh by @pimlock in #931
  • fix(ci): E2E gate must verify work actually ran, not just top-level success by @pimlock in #926
  • fix(ci): bump ci-image tooling versions to clear vendored CVEs by @johntmyers in #929
  • fix(ci): bump helm to 4.1.4 for plugin CVE fixes by @johntmyers in #928
  • fix(skills): remove --assignee @me from gh pr/issue create commands by @sjenning in #937
  • chore(mise): replace deprecated ubi: prefix by github: prefix by @benoitf in #923
  • fix(ci): rename mise --no-prepare to --no-deps by @pimlock in #942
  • feat(server): add Prometheus metrics infrastructure and gRPC/HTTP request metrics by @sjenning in #920
  • fix(ci): post E2E Gate check to the PR when workflow_run fires by @pimlock in #938
  • chore(helm): remove unused ClusterRole and ClusterRoleBinding by @TaylorMutch in #943
  • feat(ci): add shadow-shared-cpu-spike workflow for OS-49 Phase 2 by @jtoelke2 in #934
  • chore(ci): add ARC baseline collector for OS-49 runner migration by @jtoelke2 in #927
  • fix(ci): expose GHA sccache env in shadow-shared-cpu-spike by @jtoelke2 in #950
  • feat(ci): add driver input to setup-buildx action by @jtoelke2 in #941
  • fix(cli): preserve source directory on sandbox upload by @mjamiv in #952
  • fix(sandbox): route console logs to stderr by @johntmyers in #949
  • fix(e2e): add /dev/urandom to provider test sandbox policy by @derekwaynecarr in #948
  • test(e2e): fix rust upload path assertions by @drew in #960
  • test(e2e): fix gitignore upload assertion path by @johntmyers in #962
  • fix(ci): partition GHA sccache cache per arch in shadow spike by @jtoelke2 in #961
  • Openshell driver podman by @maxamillion in #904
  • feat(ci): add Markdown and Mermaid linting by @pimlock in #933
  • feat(docker): add BINARY_SOURCE selector for prebuilt Rust binaries by @jtoelke2 in #945
  • test(e2e): fix filtered upload path assertion by @drew in #963
  • feat(ci): add shadow-docker-build workflow for OS-49 Phase 3 by @jtoelke2 in #964
  • fix(ci): use nv-gha-runners buildkit mirror to avoid Docker Hub rate limit by @jtoelke2 in #966
  • fix(docs): scope fenced code language linting by @pimlock in #965
  • fix(ci): make buildkitd-config opt-in for setup-buildx by @jtoelke2 in #970
  • fix(ci): ignore local artifacts in license checks by @johntmyers in #974
  • fix(scripts): handle docker cleanup when no containers are running by @derekwaynecarr in #977
  • feat(server): add object meta convention to top-level objects by @derekwaynecarr in #919
  • fix(ci): patch CI container vulnerability toolchain by @johntmyers in #959
  • docs(rfc): add core architecture RFC by @drew in #836
  • fix(e2e): use high UID range to avoid host user conflicts by @derekwaynecarr in #978
  • ci(e2e): add label dispatcher and contributor CI docs by @pimlock in #975
  • ci(e2e): replace label dispatcher with comment-only helper by @pimlock in #990
  • fix(deps): add missing cargo-zigbuild dependency for macOS cross-compilation by @benoitf in #986
  • docs: weekly documentation refresh by @miyoungc in #993
  • fix(sandbox): deny ambiguous socket ownership by @johntmyers in #958
  • chore(ci): relax agent diagnostic gate by @johntmyers in #1001
  • chore(mise): add lockfile with multi-platform support and version pin by @pimlock in #946
  • fix(podman): use podman machine socket path on macOS by @benoitf in #999
  • feat(server): add bundled docker compute driver by @drew in #888
  • fix(ci): grant actions:read and contents:read to E2E label helper by @pimlock in #995
  • chore(tools): sync mise version to v2026.4.25 by @TaylorMutch in #1013
  • feat(ci): add shadow-rust-native-build workflow for OS-49 Phase 4 (PR 4a) by @jtoelke2 in #973
  • refactor(server): unify policy persistence in objects table by @johntmyers in #972
  • fix(cli): preserve directory basename for filtered uploads by @johntmyers in #1028
  • fix(net): catch IPv4-mapped blocked ranges in is_always_blocked_net by @mesutoezdil in #1032
  • feat(openshell-vm): add tty support for exec by @benoitf in #939
  • Adding qemu vm driver support with GPU pass-through by @vince-brisebois in #992
  • ci(rust): enforce -D warnings on clippy by @drew in #1008
  • fix(sandbox): log L7 parse denials by @johntmyers in #1072
  • fix(sandbox): preserve encoded slash policy from proto by @pimlock in #1073
  • ci(docker): use prebuilt Rust binaries by default by @jtoelke2 in #1027
  • ci(rust): keep sccache stats non-blocking by @jtoelke2 in #1074
  • docs(examples): add multi-agent notepad demo by @zredlined in #991
  • ci: add OS-49 phase 5 shadow workflows by @jtoelke2 in #1075
  • feat(auth): add OIDC/Keycloak authentication with RBAC and scope-based permissions by @mrunalp in #935
  • chore(ci): update checkout action to v6 by @drew in #1086
  • fix(docker): set apparmor=unconfined on sandbox containers by @elezar in #1078
  • feat(docker): enable CDI GPU sandboxes by @elezar in #1036
  • feat(server): add auto-detection of compute driver at startup by @sjenning in #1088
  • test(e2e): skip docker gpu test in rust suite by @pimlock in #1103
  • chore: sync Cargo.lock by @TaylorMutch in #1084
  • ci: drop duplicate shadow e2e workflow by @jtoelke2 in #1104
  • chore(ci): label mon maintainer issues for triage by @johntmyers in #1102
  • feat(release): add Debian package publishing by @drew in #1069
  • feat(driver-docker): use host networking for sandboxes by @drew in #1080
  • fix(install): refresh dev gateway registration by @drew in #1110
  • chore(ci): label maintainer issues by repo permission by @johntmyers in #1116
  • chore(ci): label non-maintainer issues for triage by @johntmyers in #1120
  • chore(openshell-core): discover proto files in build script by @ddurst-nvidia in #1122
  • fix(sandbox): accept ENOENT in drop_privileges identity lookup tests by @ddurst-nvidia in #1123
  • fix(sandbox): invalidate stale l7 tunnels after reload by @johntmyers in #1118
  • refactor(sandbox): remove dead relay_response_to_client wrapper by @mesutoezdil in #1125
  • fix(helm): grant node read access for GPU capacity checks by @jtoelke2 in #1106
  • docs: fix broken link and capitalise GitHub correctly by @mesutoezdil in #1135
  • docs: fix tutorial links pointing to wrong path by @mesutoezdil in #1137
  • fix(docker): harden supervisor startup and gateway routing by @drew in #1128
  • feat(vm): derive guest rootfs from sandbox images by @drew in #957
  • fix(e2e): stabilize wildcard host DNS test by @drew in #1144
  • fix(bootstrap): add no-progress timeout to image build by @laitingsheng in #1109
  • feat(policy): add GraphQL L7 inspection by @johntmyers in #1083
  • ci: cut over non-release workflows to shared runners by @jtoelke2 in #1131
  • feat(driver-kubernetes): sideload supervisor binary via init container by @TaylorMutch in #1154
  • fix(examples): repair multi-agent notepad uploads by @zredlined in #1152
  • feat(server): add request-ID middleware for request correlation by @sauagarwa in #1082
  • feat(providers): add profile-backed policy composition by @johntmyers in #1037
  • fix(ci): include provider profiles in macos docker builds by @johntmyers in #1163
  • ci(os-49): remove obsolete shadow PR workflows by @jtoelke2 in #1161
  • docs: update gateway deployment architecture by @drew in #1108
  • chore: add new core maintainers to OpenShell by @drew in #1167
  • ci(os-49): release runner cutover by @jtoelke2 in #1164
  • fix(examples): harden multi-agent notepad 409 retry and improve docs by @zredlined in #1166
  • ci(os-49): fix release jobs on shared runners by @jtoelke2 in #1172
  • Two podman driver fixes by @cgwalters in #1077
  • test(e2e): run suites against docker gateway by @drew in #1153
  • feat(helm): add kubernetes local-dev environment by @TaylorMutch in #1158
  • feat(cli): add openshell gateway list subcommand by @maxdubrinsky in #1179
  • chore: Simplify codeowners rules by @TaylorMutch in #1178
  • feat(rpm): add RPM packaging with Packit/COPR and GHA release publishing by @maxamillion in #1126
  • fix(ci): sync mise lock header with CI by @drew in #1187
  • fix(ci): harden packit rpm source prep by @drew in #1182
  • ci(vm): cleanup vm build infra by @drew in #1186
  • docs: add missing provider types to supported providers table by @mesutoezdil in #1180
  • chore(ci): enable Dependabot for GitHub Actions with 48h cooldown by @fcanogab in #1188
  • ci(vm): remove remaining EKS release assumptions by @jtoelke2 in #1195
  • fix(ci): allowlist dependabot for DCO by @johntmyers in #1202
  • fix(kube): add RBAC rule for sandbox finalizer updates by @sjenning in #1203
  • fix(docker): copy providers/ into rust-builder stage by @TaylorMutch in #1211
  • fix(bootstrap): stabilize release canary gateway startup by @jtoelke2 in #1210
  • test(e2e): add podman rust suite by @drew in #1185
  • fix(release): stabilize dev build packaging by @drew in #1213
  • fix(sandbox): add copy-self subcommand for scratch-image init container by @TaylorMutch in #1208
  • docs: fix OpenCode capitalization in provider types table by @mesutoezdil in #1205
  • feat(cli): add --gateway-insecure flag to skip TLS certificate verification by @sjenning in #1212
  • ci(helm): add OCI chart release workflow by @TaylorMutch in #1196
  • chore(deps): bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in #1201
  • chore(deps): bump docker/login-action from 3 to 4 by @dependabot[bot] in #1200
  • docs: fix tutorials card link on index page by @mesutoezdil in #1204
  • docs: replace generic Index link text with actual page titles by @mesutoezdil in #1216
  • chore(deps): bump actions/github-script from 7 to 9 by @dependabot[bot] in #1198
  • chore(deps): bump mozilla-actions/sccache-action from 0.0.9 to 0.0.10 by @dependabot[bot] in #1199
  • chore(deps): bump Swatinem/rust-cache from 2.8.2 to 2.9.1 by @dependabot[bot] in #1197
  • feat(installer): support macOS dev installs by @drew in #1183
  • fix(cli): warn when env gateway overrides selection by @johntmyers in #1219
  • fix(scripts): eliminate xargs subshell dependency in docker-cleanup.sh by @derekwaynecarr in #1207
  • fix(installer): install release formula from Homebrew tap by @drew in #1222
  • docs(architecture): reset subsystem docs by @drew in #1184
  • fix(ci): pin tag release reusable workflows by @drew in #1235
  • fix(packaging): let gateway auto-detect package driver by @drew in #1236
  • docs: consolidate documentation structure by @drew in #1231
  • feat(helm): set nameOverride to openshell by @sjenning in #1237
  • feat(providers): add custom profile registry by @johntmyers in #1170
  • feat(rpm): use :dev image tag for non-release Packit builds by @maxamillion in #1218
  • refactor(cli): remove gateway lifecycle management by @drew in #1221
  • ci(helm): add helm lint workflow and reorganize chart values under ci/ by @TaylorMutch in #1223
  • refactor(vm): remove legacy openshell-vm crate by @drew in #1239
  • docs(helm): add install instructions for OpenShift by @sjenning in #1240
  • docs(kubernetes): add initial reference docs by @TaylorMutch in #1243
  • docs(helm): fix overlay values paths after ci/ reorganization by @mesutoezdil in #1247
  • docs: fix broken policy-engine anchor in policies page by @mesutoezdil in #1246
  • docs(podman): restore driver architecture details by @drew in #1244
  • docs(helm): add agent sandbox prerequisite to Helm README by @sjenning in #1249
  • docs(helm): replace hard tabs with spaces in README OpenShift block by @TaylorMutch in #1254
  • fix(installer): repair dev install package and service setup by @drew in #1252
  • fix(docker): use supervisor image path directly by @drew in #1259
  • fix(vm): harden compute driver socket by @drew in #1248
  • ci(release): run package release canaries by @drew in #1256
  • feat(install): add rpm dev installer support by @drew in #1262
  • feat(sandbox): add Kubernetes user namespace isolation by @mrunalp in #983
  • feat(server): add generate-certs subcommand; replace alpine PKI hook by @TaylorMutch in #1257
  • fix(docs): constrain landing terminal height by @drew in #1269
  • ci(os-132): remove stale remote buildx mode by @jtoelke2 in #1267
  • feat(providers): support sandbox provider attach lifecycle by @johntmyers in #1242
  • ci(os-132): remove obsolete shadow workflows by @jtoelke2 in #1273
  • fix(packaging): enable mTLS for local packages by @drew in #1271
  • fix(installer): stop forcing Homebrew VM driver by @drew in #1277
  • fix(helm): derive grpcEndpoint from chart context by @TaylorMutch in #1241
  • fix(e2e): isolate kubernetes user namespace test by @drew in #1276

New Contributors

Full Changelog: v0.0.36...v0.0.37

Contributors

drew, me, and 22 other contributors
Assets 26
Loading