Skip to content

feat(sdk): extract openshell-sdk crate#1862

Open
maxdubrinsky wants to merge 2 commits into
mainfrom
md/openshell-sdk-crate
Open

feat(sdk): extract openshell-sdk crate#1862
maxdubrinsky wants to merge 2 commits into
mainfrom
md/openshell-sdk-crate

Conversation

@maxdubrinsky

@maxdubrinsky maxdubrinsky commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

Extracts a new openshell-sdk Rust crate from the gRPC client plumbing that lived in openshell-cli, and refactors the CLI and TUI to consume it. This is RFC 0005, Phase 1 — the shared client core — with no TypeScript; the napi binding (@openshell/sdk), examples, and CI follow in a separate PR.

The SDK owns gRPC channel construction, TLS material handling, request interceptors, OIDC token refresh (single-flight), and the Cloudflare Access tunnel. openshell-cli/src/{tls.rs,oidc_auth.rs} shrink to thin wrappers over the SDK, and openshell-core/src/auth.rs moves into it. CLI and TUI user-facing behavior is unchanged.

Related Issue

Changes

  • New crates/openshell-sdk/: typed gRPC client (OpenShellClient), TLS resolver, OidcRefresher with single-flight semantics, edge-tunnel dialer, a raw escape hatch, error taxonomy, and curated types. Crate README.md included.
  • openshell-cli: consumes the SDK; tls.rs / oidc_auth.rs become thin wrappers.
  • openshell-tui: consumes the SDK.
  • openshell-core: auth.rs moves into the SDK.
  • AGENTS.md: architecture-table row for the new crate.

Testing

  • mise run pre-commit passes (clippy -D warnings, fmt, full test suite, markdown lint, license headers)
  • Unit tests added/updated — 3 unit + 10 mock-gateway integration tests in openshell-sdk
  • E2E tests added/updated (if applicable) — N/A; client-side refactor, CLI/TUI behavior unchanged. Per the RFC's Phase 1 exit criteria, the existing CLI/TUI test suite is the regression surface.

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable) — new crate README.md + AGENTS.md architecture table

@maxdubrinsky maxdubrinsky requested review from a team, derekwaynecarr and mrunalp as code owners June 10, 2026 21:28
@maxdubrinsky maxdubrinsky force-pushed the md/openshell-sdk-crate branch from aef5832 to d1668e2 Compare June 12, 2026 18:05
@maxdubrinsky maxdubrinsky force-pushed the md/openshell-sdk-crate branch from d1668e2 to d8362c4 Compare June 26, 2026 15:44
@copy-pr-bot

copy-pr-bot Bot commented Jun 26, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@maxdubrinsky
feat(sdk): extract openshell-sdk crate
5d5cfe9 
Per RFC 0005, lift the gRPC client, TLS, OIDC, edge-tunnel, and refresh
plumbing out of openshell-cli into a new openshell-sdk crate. CLI and
TUI now consume the SDK; openshell-cli/src/{tls.rs,oidc_auth.rs} shrink
to thin wrappers over the SDK's transport and OIDC modules.

- New crate openshell-sdk exposes a typed gRPC client, TLS resolver,
  OidcRefresher with single-flight semantics, edge-tunnel dialer, and a
  Sandbox-API surface that mirrors the existing CLI behavior.
- crates/openshell-core/src/auth.rs moves into the SDK as auth.rs.
- crates/openshell-cli/src/edge_tunnel.rs moves into the SDK as
  edge_tunnel.rs.

Tests: 3 unit + 10 mock-gateway integration tests in openshell-sdk.
Signed-off-by: Max Dubrinsky <mdubrinsky@nvidia.com>
@maxdubrinsky maxdubrinsky force-pushed the md/openshell-sdk-crate branch from d8362c4 to 5d5cfe9 Compare June 26, 2026 16:42
@drew drew added the test:e2e Requires end-to-end coverage label Jun 26, 2026
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

Label test:e2e applied, but pull-request/1862 is at d1668e2 while the PR head is 5d5cfe9. A maintainer needs to comment /ok to test 5d5cfe9a0dd5aa2dfd006cc5c43788245a3a6065 to refresh the mirror. Once the mirror catches up, re-run Branch E2E Checks from the Actions tab.

@drew

drew commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

/ok to test 5d5cfe9

@maxdubrinsky
chore(sdk): fix rustfmt and clippy lints
a60554a 
Apply rustfmt to client_mock.rs and replace then(|| ...) with then_some
in client.rs to satisfy clippy -D warnings.

Signed-off-by: Max Dubrinsky <mdubrinsky@nvidia.com>
drew
drew reviewed Jun 26, 2026
View reviewed changes
Comment thread crates/openshell-sdk/src/refresh.rs
}
}

/// A freshly minted access token + its absolute expiry.

@drew drew Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would check that we can't reuse something pre-existing. I think we already have logic for this that we can reuse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drew drew drew left review comments
@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner
@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner
@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

test:e2e Requires end-to-end coverage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maxdubrinsky @drew