feat(supervisor-middleware): add network egress middleware#2027
feat(supervisor-middleware): add network egress middleware#2027pimlock wants to merge 54 commits into
Conversation
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
595191e to
97b750f
Compare
358906a to
1fbcdbc
Compare
|
🌿 Preview your docs: https://nvidia-preview-pr-2027.docs.buildwithfern.com/openshell |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
2 similar comments
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
/ok to test c4b0dcf |
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
…are outages An unreachable operator-registered middleware service previously aborted sandbox startup via a hard error in load_policy, contradicting the per-request on_error contract and the resilient live-reload path. Retry the initial connect and, on failure, degrade to the built-in registry so matched requests are governed by each config's on_error (deny for fail_closed, allow for fail_open) instead of blocking the whole sandbox. The policy poll loop now reconciles the registry on every poll while an install is pending, so a recovered service is adopted without waiting for a config change; a failed reconcile also no longer blocks unrelated policy updates. Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
…limit A chain entry whose binding did not resolve reported a zero body limit, which dragged the whole chain's buffer cap to zero and spuriously failed body-bearing requests over capacity even when a resolved middleware could have processed them. Exclude unresolved entries from the limit via a new DescribedChainEntry::is_resolved(); when no entry resolves, skip buffering and apply each entry's on_error directly. Also fix two parallel-test flakes found while validating the change: - Build middleware OCSF events into a Vec and assert on it directly instead of capturing through the global tracing pipeline, whose callsite-interest cache is process-global and raced under parallel runs. - Accumulate the websocket deny response until the reason marker arrives rather than assuming a single read returns the full body. Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
c4b0dcf to
2b7cf4e
Compare
Re-check After Author UpdateThanks @pimlock. I re-evaluated head What I checked: the complete current diff and the new typed mutation errors, request/response envelope budgets, finding and metadata caps, hop-by-hop filtering, OCSF emission bounds, tests, and Fern/proto documentation. The four findings from the prior public review are materially resolved: external mutation failures now use platform-owned codes, individual service responses are bounded, complete protobuf envelopes are budgeted, and the primary header/logging contracts now match the implementation. Review findings:
Docs: Fern navigation and the primary middleware page are present and substantially corrected; the gateway reference mismatch above remains. Checks: required Branch Checks and Next state: |
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
|
Thanks. I worked through the final review batch. The current head is
Validation completed:
Please re-review the current head when ready. |
Re-check After Author UpdateThanks @pimlock. I re-evaluated head What I checked: the complete current diff and the new policy/chain cardinality limits, aggregate chunked-wire cap, Review findings:
Docs: Fern docs and navigation are present; the Checks: required Branch Checks and Next state: |
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
|
Addressed the review findings in commit
I also filed #2284 to consolidate the duplicated buffered HTTP framing and normalization logic behind a shared core with async and slice-based adapters.
|
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
|
Thanks for the follow-up review. I worked through this batch of findings. The current head is
Validation completed:
Please re-review the current head when ready. |
Re-check After Author UpdateThanks @pimlock. I re-evaluated head What I checked: the complete current diff and the affected CONNECT, forward-proxy, REST, policy-composition, gateway configuration, test, and Fern documentation paths. The timeout, regex scope, trailer rejection, cardinality, finding-limit, and documentation fixes you described are present. I also confirmed your repository-admin scope direction and did not repeat unauthenticated middleware transport as a finding. Review findings:
Docs: Fern docs and navigation are present and cover the middleware contract; the Helm configuration surface above is still missing. Checks: Branch Checks, DCO, and Helm are green. Next state: |
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
|
Thanks for the re-check. I addressed the four runtime and policy findings in
Validation completed:
Please re-review the current head |
Re-check After Author UpdateThanks @pimlock. I re-evaluated head What I checked: the complete current diff and the CONNECT/REST relay, direct forward-proxy, buffered middleware, provider-composition, audit, test, and Fern documentation paths. The four runtime and policy findings from the prior review are materially resolved. I also respected your earlier note that the pre-existing pipelined-request boundary issue is tracked in #2251 and did not count it as a finding here, and I treated Helm rendering as the focused follow-up in #2286. Review findings:
Docs: Fern documentation and Checks: Branch Checks and Helm Lint are green; required Next state: |
Re-check After Author UpdateThanks @pimlock. Per maintainer request, I ran a fresh same-SHA gpt-5.5 code-only review of head What I checked: the current forward-proxy, CONNECT/REST relay, buffered middleware, provider-composition, audit, test, and Fern documentation paths. The prior Connection-nominated header stripping, unsupported transfer-coding rejection, provider-composed policy validation, middleware config validation, and Review findings:
Docs: Fern documentation and Checks: Branch Checks, DCO, Helm Lint, and required Next state: |
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
|
Thanks for the re-check. I addressed all three findings in
Validation completed:
Please re-review the current head |
BlockedGator is blocked by merge conflicts against Head SHA: GitHub currently reports this PR as not mergeable ( Next action: @pimlock needs to rebase or merge |
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
Re-check After Author UpdateThanks @pimlock. I re-evaluated head What I checked: the current PR diff against Review findings:
Docs: Fern docs and Checks: Branch Checks and required Next state: |
Summary
Implements the first usable RFC 0009 supervisor middleware slice: proto-backed, host-selected HTTP egress middleware for
HttpRequest/pre_credentials, with both in-process built-ins and statically registered operator-run gRPC services.The implementation covers RFC 0009 Phase 1 and adds basic external-service support from Phase 2. It establishes the contract, policy plumbing, ordered chain execution, built-in secret redaction, static gateway registration, relay integration, validation before policy persistence, body limits, audit events, and user-facing configuration and operations documentation.
Tip
See example middleware implementation: #2169
See high-level overview with interactive walk-through: https://gistpreview.github.io/?1f07f93cab1dab587d114fa6eec59c11/pr-2027-middleware-overview.html#request-lab
Related Issue
Closes #2010
Part of #1733
Design/RFC: #1738
Changes
openshell/secretsredactor and statically registered operator-run gRPC services.network_middlewarespolicy configuration and validation, independent of the network policy rule that admits a request.Testing
mise run pre-commitpassesChecklist