openshell

package

v0.0.0-...-a766d22 Latest Latest Go to latest Published: Jun 18, 2026 License: Apache-2.0 Imports: 30 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kagent-dev/kagent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package openshell implements sandboxbackend.AsyncBackend against an external OpenShell gateway over gRPC.

Use Dial to obtain OpenShellClients (shared connection for openshell.v1.OpenShell and openshell.inference.v1.Inference).

• NewOpenClawBackend — pin the sandbox image to openclaw.NemoclawSandboxBaseImage, translateModelConfig when modelConfigRef is set, run OpenClaw bootstrap after Ready. The same instance is registered for spec.backend=openclaw and nemoclaw (see app wiring).

Unlike agentsxk8s, these backends do not emit Kubernetes workload objects — sandbox lifecycle goes through the gateway over gRPC.

Index ¶

Variables
func ResolveSSHRemoteCommand(plainShell bool, launchOverride, harnessBackend string) (useShell bool, execCmd string)
func UpsertGatewayProvider(ctx context.Context, osCli openshellv1.OpenShellClient, def GatewayProviderDef) error
func UpsertGatewayProviders(ctx context.Context, osCli openshellv1.OpenShellClient, ...) error
func UpsertMessagingProviders(ctx context.Context, oc *OpenShellClients, kube client.Client, ...) ([]string, error)
type AgentHarnessOpenShellClient
type ClawBackend
- func NewOpenClawBackend(kubeClient client.Client, clients *OpenShellClients, cfg Config, ...) *ClawBackend
type Config
type ExecSandboxResult
type GatewayProviderDef
type HermesBackend
- func NewHermesBackend(kubeClient client.Client, clients *OpenShellClients, cfg Config, ...) *HermesBackend
type OpenShellClients
- func Dial(ctx context.Context, cfg Config) (*OpenShellClients, error)
- func (c *OpenShellClients) Close() error

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrEmptyResponse = errors.New("openshell: empty sandbox in response")

ErrEmptyResponse is returned when OpenShell returns success with an empty Sandbox payload.

Functions ¶

func ResolveSSHRemoteCommand ¶

func ResolveSSHRemoteCommand(plainShell bool, launchOverride, harnessBackend string) (useShell bool, execCmd string)

ResolveSSHRemoteCommand decides whether to run an interactive shell or a harness CLI. plainShell: client requested bash only. launchOverride: non-empty client launch_command wins. harnessBackend: wire string from the WebSocket start frame (e.g. "hermes").

func UpsertGatewayProvider ¶

func UpsertGatewayProvider(ctx context.Context, osCli openshellv1.OpenShellClient, def GatewayProviderDef) error

UpsertGatewayProvider creates or updates a single OpenShell gateway provider.

func UpsertGatewayProviders ¶

func UpsertGatewayProviders(ctx context.Context, osCli openshellv1.OpenShellClient, defs []GatewayProviderDef) error

UpsertGatewayProviders upserts each provider definition.

func UpsertMessagingProviders ¶

func UpsertMessagingProviders(
	ctx context.Context,
	oc *OpenShellClients,
	kube client.Client,
	ah *v1alpha2.AgentHarness,
) ([]string, error)

UpsertMessagingProviders registers OpenShell gateway providers for harness channel credentials. Returns provider names to attach on CreateSandbox.spec.providers.

Types ¶

type AgentHarnessOpenShellClient ¶

type AgentHarnessOpenShellClient struct {
	// contains filtered or unexported fields
}

AgentHarnessOpenShellClient performs OpenShell gRPC operations for AgentHarness lifecycle (sandbox create/get/delete/exec). It wraps *OpenShellClients from Dial (client.go) together with Config and optional events: per-RPC timeouts, bearer auth on the context, and helpers that map responses to sandboxbackend types. It does not run backend-specific pre-create work (e.g. translateModelConfig); concrete backends compose findExistingSandbox + their own translation step + createSandbox in their own EnsureAgentHarness implementation.

Named with an AgentHarness prefix to avoid confusion with OpenShellClients (dial bundle) and openshellv1.OpenShellClient (generated gRPC interface).

func (*AgentHarnessOpenShellClient) CallCtx ¶

func (c *AgentHarnessOpenShellClient) CallCtx(ctx context.Context) (context.Context, context.CancelFunc)

CallCtx applies CallTimeout from Config when positive.

func (*AgentHarnessOpenShellClient) CreateAgentHarnessSandbox ¶

func (c *AgentHarnessOpenShellClient) CreateAgentHarnessSandbox(
	ctx context.Context,
	ah *v1alpha2.AgentHarness,
	req *openshellv1.CreateSandboxRequest,
	unsupported []string,
) (sandboxbackend.EnsureResult, error)

CreateAgentHarnessSandbox runs CreateSandbox for an AgentHarness after idempotency has been checked upstream.

func (*AgentHarnessOpenShellClient) DeleteAgentHarnessSandbox ¶

func (c *AgentHarnessOpenShellClient) DeleteAgentHarnessSandbox(ctx context.Context, h sandboxbackend.Handle) (bool, error)

DeleteAgentHarnessSandbox deletes the OpenShell sandbox; NotFound is success.

func (*AgentHarnessOpenShellClient) ExecSandbox ¶

func (c *AgentHarnessOpenShellClient) ExecSandbox(ctx context.Context, sandboxID string, command []string, stdin []byte, env map[string]string, timeoutSec uint32) (int32, string, error)

ExecSandbox runs a command inside the sandbox via OpenShell ExecSandbox streaming RPC.

func (*AgentHarnessOpenShellClient) ExecSandboxID ¶

func (c *AgentHarnessOpenShellClient) ExecSandboxID(ctx context.Context, sandboxHandleName string) (string, error)

ExecSandboxID resolves metadata.id for ExecSandbox RPCs.

func (*AgentHarnessOpenShellClient) ExecSandboxOutput ¶

func (c *AgentHarnessOpenShellClient) ExecSandboxOutput(ctx context.Context, sandboxID string, command []string, stdin []byte, env map[string]string, timeoutSec uint32) (ExecSandboxResult, error)

ExecSandboxOutput runs a command inside the sandbox and captures stdout, stderr, and the exit code.

func (*AgentHarnessOpenShellClient) GetSandboxStatus ¶

func (c *AgentHarnessOpenShellClient) GetSandboxStatus(ctx context.Context, h sandboxbackend.Handle) (metav1.ConditionStatus, string, string)

GetSandboxStatus maps OpenShell sandbox phase to Ready condition pieces for AgentHarness status.

type ClawBackend ¶

type ClawBackend struct {
	// contains filtered or unexported fields
}

ClawBackend implements AsyncBackend and PostReadyBackend for OpenClaw- and NemoClaw-typed AgentHarness resources: sync ModelConfig to the OpenShell control plane before create, fixed sandbox image, and post-ready OpenClaw bootstrap when modelConfigRef is set.

func NewOpenClawBackend ¶

func NewOpenClawBackend(kubeClient client.Client, clients *OpenShellClients, cfg Config, recorder record.EventRecorder) *ClawBackend

NewOpenClawBackend returns the shared OpenClaw/NemoClaw harness backend. Register the same instance under AgentHarnessBackendOpenClaw and AgentHarnessBackendNemoClaw; the controller records status.backendRef.backend from spec.backend so both types stay distinguishable.

func (ClawBackend) DeleteAgentHarness ¶

func (b ClawBackend) DeleteAgentHarness(ctx context.Context, h sandboxbackend.Handle) (bool, error)

DeleteAgentHarness implements AsyncBackend.

func (*ClawBackend) EnsureAgentHarness ¶

func (b *ClawBackend) EnsureAgentHarness(ctx context.Context, ah *v1alpha2.AgentHarness) (sandboxbackend.EnsureResult, error)

EnsureAgentHarness is the OpenClaw/NemoClaw EnsureAgentHarness flow: idempotent gateway lookup, then translateModelConfig (apply ModelConfigRef onto the gateway) before CreateSandbox.

func (ClawBackend) GetStatus ¶

func (b ClawBackend) GetStatus(ctx context.Context, h sandboxbackend.Handle) (metav1.ConditionStatus, string, string)

GetStatus implements AsyncBackend.

func (ClawBackend) Name ¶

func (b ClawBackend) Name() v1alpha2.AgentHarnessBackendType

Name implements AsyncBackend.

func (*ClawBackend) OnAgentHarnessReady ¶

func (b *ClawBackend) OnAgentHarnessReady(ctx context.Context, ah *v1alpha2.AgentHarness, h sandboxbackend.Handle) error

OnAgentHarnessReady writes ~/.openclaw/openclaw.json from ModelConfig and spec.channels, then runs `openclaw gateway start` in the background with injected env (API key + channel secrets). No-ops when modelConfigRef is empty.

type Config ¶

type Config struct {
	// GatewayURL is a gRPC target (e.g. "dns:///gateway.openshell.svc:443"
	// or "localhost:7443"). Required.
	GatewayURL string

	// Token is a static bearer token sent as grpc metadata "authorization:
	// Bearer <token>". Optional.
	Token string

	// TLSCAPEM is a PEM-encoded CA bundle used to verify the gateway
	// certificate. If empty, system roots are used. If both TLSCAPEM is
	// empty and GatewayURL has no TLS scheme, the client dials insecurely
	// (intended for local/in-cluster plaintext only).
	TLSCAPEM []byte

	// Insecure, when true, dials without TLS regardless of other settings.
	// Use only for tests or explicit local development.
	Insecure bool

	// DialTimeout bounds the initial dial. Zero means no timeout.
	DialTimeout time.Duration

	// CallTimeout bounds each RPC. Zero means no per-call timeout.
	CallTimeout time.Duration
}

Config configures the OpenShell gateway gRPC client.

type ExecSandboxResult ¶

type ExecSandboxResult struct {
	ExitCode int32
	Stdout   string
	Stderr   string
}

type GatewayProviderDef ¶

type GatewayProviderDef struct {
	Name        string
	Type        string
	Credentials map[string]string
}

GatewayProviderDef describes an OpenShell gateway provider to create or update.

type HermesBackend ¶

type HermesBackend struct {
	// contains filtered or unexported fields
}

HermesBackend implements AsyncBackend and PostReadyBackend for Hermes AgentHarness resources.

func NewHermesBackend ¶

func NewHermesBackend(kubeClient client.Client, clients *OpenShellClients, cfg Config, recorder record.EventRecorder) *HermesBackend

NewHermesBackend returns the Hermes harness backend.

func (HermesBackend) DeleteAgentHarness ¶

func (b HermesBackend) DeleteAgentHarness(ctx context.Context, h sandboxbackend.Handle) (bool, error)

DeleteAgentHarness implements AsyncBackend.

func (*HermesBackend) EnsureAgentHarness ¶

func (b *HermesBackend) EnsureAgentHarness(ctx context.Context, ah *v1alpha2.AgentHarness) (sandboxbackend.EnsureResult, error)

EnsureAgentHarness syncs ModelConfig then creates the Hermes sandbox.

func (HermesBackend) GetStatus ¶

func (b HermesBackend) GetStatus(ctx context.Context, h sandboxbackend.Handle) (metav1.ConditionStatus, string, string)

GetStatus implements AsyncBackend.

func (HermesBackend) Name ¶

func (b HermesBackend) Name() v1alpha2.AgentHarnessBackendType

Name implements AsyncBackend.

func (*HermesBackend) OnAgentHarnessReady ¶

func (b *HermesBackend) OnAgentHarnessReady(ctx context.Context, ah *v1alpha2.AgentHarness, h sandboxbackend.Handle) error

OnAgentHarnessReady writes ~/.hermes/config.yaml and .env, updates the config hash, and starts the gateway.

type OpenShellClients ¶

type OpenShellClients struct {
	OpenShell openshellv1.OpenShellClient
	Inference inferencev1.InferenceClient
	Conn      *grpc.ClientConn
}

OpenShellClients is the result of Dial: one gRPC connection plus the generated openshell.v1.OpenShell and inference.v1.Inference stubs. It does not interpret AgentHarness or apply per-call policy; use AgentHarnessOpenShellClient for that (see agentharness_openshell_client.go in this package).

func Dial ¶

func Dial(ctx context.Context, cfg Config) (*OpenShellClients, error)

Dial opens a single connection to cfg.GatewayURL and constructs clients for openshell.v1.OpenShell and openshell.inference.v1.Inference. Close OpenShellClients when the connection is no longer needed.

func (*OpenShellClients) Close ¶

func (c *OpenShellClients) Close() error

Close closes the underlying connection.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
channels
hermes

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL