You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`name`| Operator-facing registration name used in diagnostics. Policies do not reference this value. |
52
-
|`endpoint`| Service address reachable from both the gateway and sandbox supervisors. |
53
-
|`allow_insecure`| Required acknowledgement for the currently supported plaintext endpoint. |
51
+
|`grpc_endpoint`| Service address reachable from both the gateway and sandbox supervisors. Supports plaintext `http://` and TLS `https://` with platform trust roots. |
54
52
|`max_body_bytes`| Operator limit applied to every binding exposed by the service. |
55
53
56
54
The gateway connects to every registered service and verifies its capabilities before accepting traffic. Gateway startup fails when a service is unavailable, reports an invalid capability, or exposes a binding ID already owned by another service. Operator-run services cannot claim the reserved `openshell/` namespace.
@@ -135,7 +133,7 @@ See [Logging](/observability/logging) for log access and [OCSF JSON Export](/obs
135
133
- The supported operation and phase are `HttpRequest/pre_credentials`.
136
134
- Selection uses destination host include and exclude patterns.
137
135
- Required middleware cannot cover `tls: skip` endpoints because OpenShell cannot inspect that traffic.
138
-
- Operator-run services currently use explicitly enabled plaintext `http://` endpoints.
139
-
- TLS, service authentication, health checks, and runtime registration are not available.
136
+
- Operator-run services support plaintext `http://` and TLS `https://` endpoints. HTTPS certificates must chain to a CA in the platform trust store.
137
+
- Custom trust roots, client authentication, health checks, and runtime registration are not available.
140
138
141
139
For a runnable operator workflow, see the [content guard example](https://github.com/NVIDIA/OpenShell/tree/main/examples/supervisor-middleware-content-guard).
@@ -166,7 +164,7 @@ The gateway connects to every registered service and validates `Describe` before
166
164
167
165
`max_body_bytes` is the operator limit for every binding exposed by the service. It must be greater than zero and no larger than each binding's advertised limit. OpenShell rejects an oversized value instead of silently clamping it.
168
166
169
-
The service endpoint must use plaintext `http://`, and `allow_insecure = true` is required as an explicit acknowledgement that inspected request content is sent without transport encryption or peer authentication. TLS, authentication, health checks, and runtime registration are not supported. The endpoint must be reachable from both the gateway and sandbox supervisors; use `host.openshell.internal` or another shared address when both runtimes resolve it.
167
+
The service `grpc_endpoint` currently supports plaintext `http://` and TLS `https://` using the platform trust store. Custom trust roots, client authentication, health checks, and runtime registration are not currently supported. The endpoint must be reachable from both the gateway and sandbox supervisors; use `host.openshell.internal` or another shared address that can be resolved in both places.
170
168
171
169
See [Supervisor Middleware](/extensibility/supervisor-middleware) for selection, failure, body-limit, and operational guidance.
0 commit comments