sync: upstream catch-up (133 commits, base 2026-05-26) + re-home fork delta after supervisor split#10
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Upstream-sync rebase: fork delta re-parented onto
upstream/main(4848c409→f23c2c8e, 133 commits absorbed). Per the fork-sync flow this PR is a review artifact, not a merge — it will showCONFLICTINGbecause the rebased branch cannot fast-forward intomain. Land via the force-push below.17 fork-delta commits replayed + 1 adaptation commit. The stale
style: cargo fmtcommit was dropped (re-formatted in the adaptation pass).Verification (macOS)
cargo build/clippy/test --workspace --features openshell-prover/bundled-z3— green, clippy zero warnings, all tests pass (722/723 + ignored gateway/podman integration tests).cred_inject=9000, echo=9001, trust_check=9002, volumes=9003, SANDBOX_PHASE_STOPPED=9004); zero upstream collisions in the 8000/9000 range.Conflict surfaces resolved
sandboxintoprocessandnetworksubcrates. NVIDIA/OpenShell#1650 openshell-sandbox → supervisor process/network split (biggest): cred-inject + L7 egress + trust stack re-homed intoopenshell-supervisor-network(git ORT auto-followed most renames).trust.rs(fork-new) relocated to the network crate;secrets.rstracked toopenshell-core;trust_cachewiring moved intonetwork/run.rs.L7EvalContextfield-set merged (upstreamactivity_tx/dynamic_credentials/token_grant_resolver+ forkcred_inject/echo/trust_cache/trust_check).gpubool model; dropped fork's now-removedgpu_devicerefs (vm-driver validation reduced to the--volumerejection; template checks already exist upstream asvalidate_vm_template_request).Sandbox::phase()accessor used where the field moved into status.--volume× upstream container refactor: threadedimage_sandbox_userthrough the nowResult-returningbuild_container_spec_with_token_and_gpu_default.#[rpc_auth(bearer, sandbox:write, user)]; obsolete inline authz consts dropped (moved tomethod_authz).e2e-label-help.yml(modify/delete).Not landing via this PR
Force-push to
mainis the human step (default-branch protection):Post-merge: tag
vX.Y.0→ release workflow builds binaries → bumpOPENSHELL_FORK_TAGin openlocksrc/sandbox/fork-binaries.ts; smoke-test a fresh gateway on Mac/podman.