Merge remote-tracking branch 'upstream/main' into refactor/split-sandbox

Resolutions:
- openshell-core: union new pub mods (denial, driver_mounts,
  provider_credentials, proto_struct); keep tonic features
  ["channel", "tls-native-roots"] and add tonic-prost + tokio.
- openshell-sandbox: keep slim orchestrator (deps moved to leaves);
  promote provider env tuple to four components to carry
  dynamic_credentials; rely on supervisor-process for skill install,
  TLS state, netns creation, and supervisor hardening.
- openshell-supervisor-process: union both test sets in process.rs;
  keep existing imports in ssh.rs and add is_supervisor_only_env_var;
  bump tonic to tls-native-roots; add the new mount-namespace prep
  call (prepare_supervisor_identity_mount_namespace_from_env) before
  apply_supervisor_startup_hardening in run.rs.
- openshell-supervisor-network: take main's token_grant_injection.rs;
  relocate token_grant.rs and spiffe_endpoint.rs from
  openshell-sandbox into this crate, declare the modules, add
  reqwest and spiffe deps, and switch to openshell_ocsf::ctx::ctx().
- openshell-core: rewrite the four self-references
  openshell_core::proto:: -> crate::proto:: in grpc_client.rs and
  provider_credentials.rs.

Signed-off-by: Radoslav Hubenov <rrhubenov@gmail.com>

Author: rrhubenov

.agents/skills/debug-openshell-cluster/SKILL.md

@@ -54,7 +54,7 @@ Use gateway metadata, deployment values, or the user's setup notes to identify t
 |---|---|
 | Docker | Gateway process logs, Docker daemon health, sandbox containers, image pulls. |
 | Podman | Podman socket, rootless networking, sandbox containers, image pulls. |
-| Kubernetes | Helm release, StatefulSet, service, secrets, sandbox pods, events. |
+| Kubernetes | Helm release, gateway workload, service, secrets, sandbox pods, events. |
 | VM | VM driver logs, rootfs availability, host virtualization support. |
 
 ### Step 3: Check Docker-Backed Gateways
@@ -131,12 +131,17 @@ Common findings:
 ```bash
 helm -n openshell status openshell
 helm -n openshell get values openshell
-kubectl -n openshell get statefulset,pod,svc,pvc
-kubectl -n openshell logs statefulset/openshell --tail=200
+kubectl -n openshell get deployment,statefulset,pod,svc,pvc
+kubectl -n openshell logs deployment/openshell -c openshell-gateway --tail=200
+kubectl -n openshell logs statefulset/openshell -c openshell-gateway --tail=200
+kubectl -n openshell rollout status deployment/openshell
 kubectl -n openshell rollout status statefulset/openshell
 ```
 
-Look for failed installs, unexpected values, missing namespace, wrong image tag, TLS settings that do not match the registered endpoint, and scheduling failures.
+Use the log and rollout commands for the workload kind that exists in the
+release. Look for failed installs, unexpected values, missing namespace, wrong
+image tag, TLS settings that do not match the registered endpoint, and
+scheduling failures.
 
 For HA or PostgreSQL-backed installs, also check the external database Secret
 referenced by `server.externalDbSecret` and the PostgreSQL workload if the test
@@ -169,15 +174,34 @@ Secrets but does not create the sandbox JWT signing Secret.
 
 If the gateway exits with `failed to read sandbox JWT signing key from
 /etc/openshell-jwt/signing.pem`, verify that `openshell-jwt-keys` contains
-`signing.pem`, `public.pem`, and `kid`, and that the StatefulSet mounts the
+`signing.pem`, `public.pem`, and `kid`, and that the gateway workload mounts the
 `sandbox-jwt` secret at `/etc/openshell-jwt`. The sandbox JWT mount is required
 even when local Helm values disable TLS.
 
+If `server.providerTokenGrants.spiffe.enabled=true`, the gateway should still
+render `[openshell.gateway.gateway_jwt]` and mount the `sandbox-jwt` Secret.
+SPIRE is used only by sandbox pods for dynamic provider token grants. Verify
+that SPIRE is installed, the CSI driver is available, and the Kubernetes driver
+config includes `provider_spiffe_workload_api_socket_path`:
+
+```bash
+helm -n openshell get values openshell | grep -E 'providerTokenGrants|workloadApiSocketPath'
+kubectl get pods -A | grep -E 'spire|spiffe'
+kubectl -n openshell get configmap openshell-config -o yaml | grep provider_spiffe_workload_api_socket_path
+```
+
+Sandbox pods using provider token grants should have an
+`openshell.io/sandbox-id` annotation, an `openshell.ai/managed-by=openshell`
+label, supervisor env vars `OPENSHELL_K8S_SA_TOKEN_FILE` and
+`OPENSHELL_PROVIDER_SPIFFE_WORKLOAD_API_SOCKET`, plus both the projected
+`openshell-sa-token` volume and the `spiffe-workload-api` CSI volume.
+
 Check the image references currently used by the gateway deployment:
 
 ```bash
+kubectl -n openshell get deployment openshell -o jsonpath="{.spec.template.spec.containers[*].image}{\"\n\"}{.spec.template.spec.containers[*].env[?(@.name==\"OPENSHELL_SUPERVISOR_IMAGE\")].value}{\"\n\"}"
 kubectl -n openshell get statefulset openshell -o jsonpath="{.spec.template.spec.containers[*].image}{\"\n\"}{.spec.template.spec.containers[*].env[?(@.name==\"OPENSHELL_SUPERVISOR_IMAGE\")].value}{\"\n\"}"
-helm -n openshell get values openshell | grep -E 'repository|tag|supervisorImage'
+helm -n openshell get values openshell | grep -E 'repository|tag|supervisorImage|workload'
 ```
 
 The gateway image built from `deploy/docker/Dockerfile.gateway` and the scratch supervisor image built from `deploy/docker/Dockerfile.supervisor` should use the same build tag in branch and E2E deploys. A stale supervisor image can make sandbox behavior lag behind gateway policy or proto changes.
@@ -220,7 +244,8 @@ If the gateway is healthy but sandbox creation fails:
 ```bash
 kubectl -n openshell get pods
 kubectl -n openshell get events --sort-by=.lastTimestamp | tail -n 50
-kubectl -n openshell logs statefulset/openshell --tail=200
+kubectl -n openshell logs deployment/openshell -c openshell-gateway --tail=200
+kubectl -n openshell logs statefulset/openshell -c openshell-gateway --tail=200
 ```
 
 Check the configured sandbox namespace:
@@ -268,7 +293,7 @@ openshell logs <sandbox-name>
 | Docker or Podman sandbox never registers | Wrong callback endpoint or supervisor startup failure | Gateway logs and sandbox container logs |
 | Docker GPU e2e fails before GPU sandbox comparison | NVIDIA CDI specs are missing or Docker has not discovered them | `docker info --format '{{json .DiscoveredDevices}}'`, `/etc/cdi`, `/var/run/cdi`, `nvidia-cdi-refresh.service` |
 | Kubernetes gateway pod pending | PVC unbound, taint, selector, or insufficient resources | `kubectl -n openshell describe pod <pod>` |
-| Kubernetes gateway pod crash loops | Missing secret, bad DB URL, bad TLS config | `kubectl -n openshell logs statefulset/openshell` |
+| Kubernetes gateway pod crash loops | Missing secret, bad DB URL, bad TLS config | `kubectl -n openshell logs deployment/openshell -c openshell-gateway` or `kubectl -n openshell logs statefulset/openshell -c openshell-gateway` |
 | CLI TLS error | Local mTLS bundle does not match server cert/CA | Check `~/.config/openshell/gateways/<name>/mtls/` |
 | Image pull failure | Gateway or sandbox image cannot be pulled | Runtime events and image pull credentials |
 | `K8s namespace not ready` with `envoy-gateway-openshell.yaml: the server could not find the requested resource` | Optional Gateway API manifest was applied without Envoy Gateway CRDs, or k3s Helm controller startup exceeded the namespace wait | Apply `deploy/kube/manifests/envoy-gateway-openshell.yaml` manually only after Envoy Gateway is installed and `grpcRoute` is enabled |

.agents/skills/helm-dev-environment/SKILL.md

@@ -178,6 +178,23 @@ To remove Keycloak:
 mise run keycloak:k8s:teardown
 ```
 
+### SPIRE / SPIFFE Provider Token Grants
+
+Skaffold can install SPIRE with the SPIFFE hardened Helm charts. To activate
+SPIFFE JWT-SVIDs for dynamic provider token grants:
+
+1. Uncomment the `spire-crds` and `spire` releases in `deploy/helm/openshell/skaffold.yaml`
+2. Uncomment `#- ci/values-spire.yaml` in the OpenShell release values files
+3. Redeploy: `mise run helm:skaffold:run`
+
+`ci/values-spire-stack.yaml` configures the local SPIRE trust domain as
+`openshell.local` and adds a `ClusterSPIFFEID` that maps sandbox pod
+annotations to `spiffe://openshell.local/openshell/sandbox/<sandbox-id>`.
+OpenShell mounts the SPIFFE CSI Workload API socket at
+`/spiffe-workload-api/spire-agent.sock` into sandbox pods for provider token
+grants. Supervisor-to-gateway authentication remains on the Kubernetes
+ServiceAccount bootstrap and gateway-minted sandbox JWT path.
+
 ---
 
 ## Cluster Lifecycle (suspend/resume)
@@ -206,6 +223,8 @@ mise run helm:k3s:status
 | `deploy/helm/openshell/ci/values-gateway.yaml` | Envoy Gateway GRPCRoute + Gateway overlay |
 | `deploy/helm/openshell/ci/values-high-availability.yaml` | HA test overlay (`replicaCount: 2` with external PostgreSQL Secret) |
 | `deploy/helm/openshell/ci/values-keycloak.yaml` | Keycloak OIDC overlay |
+| `deploy/helm/openshell/ci/values-spire.yaml` | SPIFFE/SPIRE provider token grant overlay |
+| `deploy/helm/openshell/ci/values-spire-stack.yaml` | SPIRE hardened chart values for local dev |
 | `deploy/helm/openshell/ci/values-tls-disabled.yaml` | Lint-only: TLS + auth disabled (reverse-proxy edge termination) |
 | `deploy/kube/manifests/envoy-gateway-openshell.yaml` | GatewayClass for Envoy Gateway (`mise run helm:gateway:apply`) |
 | `tasks/scripts/helm-k3s-local.sh` | k3d cluster create/delete/start/stop/status |

.agents/skills/openshell-cli/SKILL.md

@@ -495,8 +495,9 @@ openshell gateway remove local                         # Remove local registrati
 ```bash
 # Inspect a Kubernetes Helm release and gateway pod
 helm -n openshell status openshell
-kubectl -n openshell get pods,svc
-kubectl -n openshell logs statefulset/openshell --tail=100
+kubectl -n openshell get deployment,statefulset,pods,svc
+kubectl -n openshell logs deployment/openshell -c openshell-gateway --tail=100
+kubectl -n openshell logs statefulset/openshell -c openshell-gateway --tail=100
 ```
 
 For Docker, Podman, and VM-backed gateways, inspect the gateway process or container logs and the selected runtime directly.

.github/workflows/snap-package.yml

@@ -77,19 +77,19 @@ jobs:
           sudo snap install snapcraft --classic
 
       - name: Download prebuilt CLI binary
-        uses: actions/download-artifact@3e5f45b2cfb9172054b40e67214ff5f5447ce83dd # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: cli-linux-${{ matrix.arch }}
           path: prebuilt/cli
 
       - name: Download prebuilt gateway binary
-        uses: actions/download-artifact@3e5f45b2cfb9172054b40e67214ff5f5447ce83dd # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: gateway-binary-linux-${{ matrix.arch }}
           path: prebuilt/gateway
 
       - name: Download prebuilt sandbox binary
-        uses: actions/download-artifact@3e5f45b2cfb9172054b40e67214ff5f5447ce83dd # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: supervisor-binary-linux-${{ matrix.arch }}
           path: prebuilt/sandbox
@@ -119,7 +119,7 @@ jobs:
           cp prebuilt/gateway/openshell-gateway snap/prebuilt/openshell-gateway
           cp prebuilt/sandbox/openshell-sandbox snap/prebuilt/openshell-sandbox
 
-          cp deploy/snap/bin/openshell-gateway-wrapper snap/prebuilt/
+          cp tasks/scripts/snap-gateway-wrapper.sh snap/prebuilt/openshell-gateway-wrapper
           cp LICENSE snap/prebuilt/
           cp README.md snap/prebuilt/
 

AGENTS.md

@@ -160,7 +160,7 @@ ocsf_emit!(event);
 - Always use [Conventional Commits](https://www.conventionalcommits.org/) format for commit messages
 - Format: `<type>(<scope>): <description>` (scope is optional)
 - Common types: `feat`, `fix`, `docs`, `chore`, `refactor`, `test`, `ci`, `perf`
-- Sign each commit for DCO compliance (`git commit -s`, or include a `Signed-off-by: Name <email>` trailer)
+- Sign off on each commit for DCO compliance. Use the `--signoff` option to `git commit` to add the `Signed-off-by` footer to ensure the user's configured email address is used.
 - Never mention Claude or any AI agent in commits (no author attribution, no Co-Authored-By, no references in commit messages)
 
 ## Pre-commit