Skip to content

feat(gateway): add system registry support and source indicators#1625

Open
alexclewontin wants to merge 2 commits into
NVIDIA:mainfrom
alexclewontin:system-gateway-dir
Open

feat(gateway): add system registry support and source indicators#1625
alexclewontin wants to merge 2 commits into
NVIDIA:mainfrom
alexclewontin:system-gateway-dir

Conversation

@alexclewontin
Copy link
Copy Markdown
Contributor

@alexclewontin alexclewontin commented May 28, 2026

Summary

Add a system-managed gateway registry under /etc/openshell and surface whether each gateway comes from user or system config in the CLI and TUI.

Related Issue

N/A

Changes

  • add bootstrap path handling for installer-provided gateway metadata and active-gateway fallback under /etc/openshell, with OPENSHELL_SYSTEM_GATEWAY_DIR as an override
  • make per-user gateways shadow system entries, and keep system registrations read-only from the CLI
  • show gateway config source in openshell gateway list, list JSON output, and openshell term
  • add CLI smoke coverage for gateway list table and JSON source rendering
  • update gateway architecture and manage-gateways docs for the new registry and source indicators

Testing

  • mise run pre-commit passes
  • Unit tests added/updated
  • E2E tests added/updated (if applicable)

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented May 28, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@alexclewontin
feat(bootstrap): add system gateway registry for installer defaults
b86c21a 
Adds a read-only installer-seeded gateway registry that the CLI consults after per-user gateway config. The registry uses the same layout as per-user config with `active_gateway` at the root and `gateways/<name>/metadata.json` beneath it. By default the system config root is `/etc/openshell`, while `OPENSHELL_SYSTEM_GATEWAY_DIR` remains available as an override for packages that need a different location. User-managed gateways continue to shadow installer entries on name collision.

Originally-authored-by: Mark Shuttleworth <mark@ubuntu.com>
Signed-off-by: Alex Lewontin <alex.lewontin@canonical.com>
@alexclewontin
feat(cli): show gateway config source in list and term
d1736c7 
Expose whether a gateway registration comes from user or system config in `openshell gateway list`, the TUI gateway pane, and list JSON output. The CLI also refuses to remove system-managed registrations and the smoke tests cover the new list output.

Signed-off-by: Alex Lewontin <alex.lewontin@canonical.com>
@johntmyers
Copy link
Copy Markdown
Collaborator

johntmyers commented Jun 4, 2026

gator-agent

/ok to test d1736c7

@johntmyers johntmyers added gator:blocked Gator is blocked by process or repository gates test:e2e Requires end-to-end coverage labels Jun 4, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 4, 2026

Label test:e2e applied, but pull-request/1625 is at {"messa while the PR head is d1736c7. A maintainer needs to comment /ok to test d1736c73fa7558b48ac1d31f9e1e295342344c09 to refresh the mirror. Once the mirror catches up, re-run Branch E2E Checks from the Actions tab.

@johntmyers
Copy link
Copy Markdown
Collaborator

johntmyers commented Jun 4, 2026

/ok to test d1736c7

@johntmyers
Copy link
Copy Markdown
Collaborator

johntmyers commented Jun 4, 2026

gator-agent

PR Review Status

Validation: project-valid as a concentrated gateway/CLI/TUI packaging-config improvement. The PR has a clear user path for installer-seeded system gateways, user entries shadowing system entries, read-only system registrations, and source indicators in CLI/TUI surfaces.
Head SHA: d1736c73fa7558b48ac1d31f9e1e295342344c09

Review findings:

  • Blocking: crates/openshell-bootstrap/src/metadata.rs in list_gateways_with_source only records a gateway name as shadowed after user metadata parses successfully. A corrupt or unreadable user gateways/<name>/metadata.json can therefore allow the same-named system gateway to appear in gateway list as system, which contradicts the stated user-over-system shadowing contract and differs from load_gateway_metadata, which resolves the user path first. Please mark the user directory name as seen before parsing, or otherwise ensure invalid user entries cannot reveal same-named system entries, and add a regression test for corrupt user metadata shadowing a valid system entry.
  • Process blocker: GitHub REST still reports mergeable_state: dirty; the PR needs to be updated with main or otherwise resolve merge conflicts.

Docs: direct UX changes are documented in docs/sandboxes/manage-gateways.mdx; no docs/index.yml navigation change appears needed because this updates an existing page.

Tests: applied test:e2e; test:e2e-gpu and test:e2e-kubernetes are not required for this change. I verified maintainer authority and posted /ok to test d1736c73fa7558b48ac1d31f9e1e295342344c09 for the current head SHA after the label-helper requested it.

Next state: gator:blocked until merge conflicts and the blocking review finding are resolved.

@johntmyers
Copy link
Copy Markdown
Collaborator

johntmyers commented Jun 4, 2026

gator-agent

CI Update

Branch Checks are now failing on the current head SHA d1736c73fa7558b48ac1d31f9e1e295342344c09:

  • Rust (linux-amd64-cpu8) and Rust (linux-arm64-cpu8) fail in mise run rust:format:check; cargo fmt --all -- --check reports formatting diffs in the changed Rust files.
  • mise Lockfile fails because mise lock rewrites mise.lock for updated Python 3.14.5 standalone artifact URLs/checksums.

This still leaves the PR in gator:blocked along with the existing merge-conflict state and the blocking review finding. E2E is still running, with at least one Kubernetes smoke job already failed; I will keep monitoring the workflow result.

@johntmyers
Copy link
Copy Markdown
Collaborator

johntmyers commented Jun 4, 2026

gator-agent

E2E Update

The required OpenShell / E2E status has now concluded failure for head SHA d1736c73fa7558b48ac1d31f9e1e295342344c09.

Observed failures:

  • kubernetes-e2e / Kubernetes E2E (Rust smoke) fails during tool setup because github:mozilla/sccache@0.14.0 is not in the lockfile, consistent with the stale mise.lock failure in Branch Checks.
  • e2e / E2E (python) has broad sandbox/policy failures with repeated supervisor relay h2 protocol error stream warnings and many tests failing soon after startup.
  • e2e / E2E (rust-docker) and e2e / E2E (rust-podman) passed.

The PR remains in gator:blocked: it still reports merge conflicts, has the blocking list_gateways_with_source review finding, and now has failed required Branch Checks/E2E. The next useful action is still for the branch author to update the PR with main, fix formatting/lockfile drift, and address the review finding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

gator:blocked Gator is blocked by process or repository gates test:e2e Requires end-to-end coverage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexclewontin @johntmyers