-
Notifications
You must be signed in to change notification settings - Fork 887
OpenShell Beta
This milestone tracks the progression of OpenShell from Alpha to Beta and stabilization of core APIs. OpenShell Beta denotes the ability to deploy OpenShell with the following capabilities and tenants:
-
Providers: the current Providers v2 will become the default provider system on OpenShell
-
Extensibility: bring your own business logic and third party services that plug directly into OpenShell through our APIs. Govern policies and providers, parse and enforce custom network and application policies. Develop and deploy your own sandbox compute drivers, configure your own credential storage for agentic workloads.
-
Multi-tenancy: offer primitives for grouping sandboxes together and specific OpenShell role types
-
Scale and High Availability: Deploy OpenShell on Kubernetes with High Availability. Offer a few topology options depending on isolation requirements.
-
Observability: Collect sandbox logs into centralized locations for storage and analysis.
-
Policy Advising and Automation: Sandboxed workloads and agents may request policy changes with optional auto-approvals based on approved policy upper bounds and enterprise governance.
List view
0 of 26 selected 0 issues of 26 selected
- Status: Open.#1977 In NVIDIA/OpenShell;
- Status: Open (in progress).
feat: inject sandbox UID via compute driver instead of requiring it in container images
area:clusterRelated to running OpenShell on k3s/dockerRelated to running OpenShell on k3s/dockerarea:policyPolicy engine and policy lifecycle workPolicy engine and policy lifecycle workarea:sandboxSandbox runtime and isolation workSandbox runtime and isolation workstate:review-readyReady for human reviewReady for human reviewStatus: Open.#1959 In NVIDIA/OpenShell;refactor(supervisor): remove legacy supervisor control RPCs after session migration
area:gatewayGateway server and control-plane workGateway server and control-plane workarea:supervisorProxy and routing-path workProxy and routing-path worktopic:compatibilityCompatibility-related workCompatibility-related workStatus: Open.#1955 In NVIDIA/OpenShell;- Status: Open.#1952 In NVIDIA/OpenShell;
- Status: Open.#1951 In NVIDIA/OpenShell;
- Status: Open.#1932 In NVIDIA/OpenShell;
- Status: Open (in progress).
- Status: Open.#1919 In NVIDIA/OpenShell;
refactor(server): normalize compute driver config acquisition
gator:approval-neededGator completed review; maintainer approval neededGator completed review; maintainer approval neededtest:e2eRequires end-to-end coverageRequires end-to-end coverageStatus: Open (in progress).- Status: Open (in progress).
- Status: Draft (not ready).
feat(l7): add JSON-RPC policy enforcement
gator:blockedGator is blocked by process or repository gatesGator is blocked by process or repository gatestest:e2eRequires end-to-end coverageRequires end-to-end coverageStatus: Open (in progress).feat(policy): spike policy envelope and narrowness prover
area:policyPolicy engine and policy lifecycle workPolicy engine and policy lifecycle workStatus: Draft (not ready).rfc-0009: supervisor middleware
area:supervisorProxy and routing-path workProxy and routing-path worktopic:l7Application-layer policy and inspection workApplication-layer policy and inspection workStatus: Open (in progress).feat(k8s, helm): Enable running OpenShell Gateway with multiple replicas
state:in-progressWork is currently in progressWork is currently in progressStatus: Open.#1021 In NVIDIA/OpenShell;- Status: Open.#1044 In NVIDIA/OpenShell;
feat: external compute driver extension point
area:cliCLI-related workCLI-related workarea:gatewayGateway server and control-plane workGateway server and control-plane workStatus: Open.#1907 In NVIDIA/OpenShell;- Status: Open.#1931 In NVIDIA/OpenShell;
feat(providers): make Providers v2 the only provider system
area:cliCLI-related workCLI-related workarea:docsDocumentation and examplesDocumentation and examplesarea:gatewayGateway server and control-plane workGateway server and control-plane workarea:policyPolicy engine and policy lifecycle workPolicy engine and policy lifecycle workarea:tuiTerminal UI workTerminal UI workstate:review-readyReady for human reviewReady for human reviewtopic:compatibilityCompatibility-related workCompatibility-related workStatus: Open.#1988 In NVIDIA/OpenShell;feat(credentials): add provider credential storage drivers
test:e2eRequires end-to-end coverageRequires end-to-end coverageStatus: Open (in progress).Conditional compilation of compute drivers
area:gatewayGateway server and control-plane workGateway server and control-plane workStatus: Open.#1943 In NVIDIA/OpenShell;feat(observability): investigate portable sandbox log collection
area:clusterRelated to running OpenShell on k3s/dockerRelated to running OpenShell on k3s/dockerarea:gatewayGateway server and control-plane workGateway server and control-plane workarea:sandboxSandbox runtime and isolation workSandbox runtime and isolation workstate:agent-readyApproved for agent implementationApproved for agent implementationstate:in-progressWork is currently in progressWork is currently in progressstate:review-readyReady for human reviewReady for human reviewtopic:observabilityLogging, metrics, and observability workLogging, metrics, and observability workStatus: Open.#1922 In NVIDIA/OpenShell;- Status: Open.#1999 In NVIDIA/OpenShell;
Multi-tenant deployments
area:clusterRelated to running OpenShell on k3s/dockerRelated to running OpenShell on k3s/dockerarea:gatewayGateway server and control-plane workGateway server and control-plane workStatus: Open.#1722 In NVIDIA/OpenShell;