AgentHarness CRD: openshell and nemo/openclaw intergation#1809
Merged
Conversation
peterj
requested review from
EItanya,
ilackarms,
iplay88keys,
jmhbh,
supreme-gg-gg and
yuval-k
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds end-to-end OpenShell Sandbox support (including OpenClaw/NemoClaw “agent harness” UX) by introducing a new Sandbox CRD/controller path in Go, exposing Sandboxes through existing agent APIs, and updating the UI to create/list/open SSH terminals for these sandbox-backed rows.
Changes:
- UI: adds “Agent Harness” creation flow, updates agent list/card behavior for sandbox rows, and introduces an
/openshellterminal page using xterm.js + WebSocket. - Backend: adds
kagent.dev/v1alpha2 Sandboxtypes + controller, merges Sandbox rows intoGET /api/agents, addsPOST /api/sandboxes, and adds/api/sandbox/sshWebSocket endpoint. - Helm: adjusts UI API base URL defaults, nginx proxying, RBAC for
sandboxes, and introduces controller OpenShell-related env wiring (currently problematic; see comments).
Reviewed changes
Copilot reviewed 81 out of 83 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| ui/src/types/index.ts | Extends UI types for OpenShell Sandbox rows and agent type union. |
| ui/src/lib/utils.ts | Updates backend URL resolution for same-origin /api + internal URL override. |
| ui/src/lib/openshellSandboxAgents.ts | Adds helpers to detect sandbox rows and build /openshell terminal links. |
| ui/src/lib/openClawSandboxForm.ts | Adds OpenClaw sandbox form model, validation, and Sandbox CR draft builder. |
| ui/src/lib/agentHarness.ts | Adds harness backend identification + type labeling for agent list UI. |
| ui/src/lib/agentFormLayout.ts | Excludes declarative/BYO sections for the new OpenClawSandbox flow. |
| ui/src/lib/tests/utils.test.ts | Expands tests for new backend URL selection behavior. |
| ui/src/components/Header.tsx | Adds “New Agent Harness” nav entry. |
| ui/src/components/AgentsProvider.tsx | Adds OpenClawSandbox-specific validation + form slice handling. |
| ui/src/components/AgentListView.tsx | Updates list sorting/labels/icons and routes sandbox rows to /openshell. |
| ui/src/components/AgentCard.tsx | Updates card UI to route sandbox rows to /openshell and adjust actions. |
| ui/src/components/agent-form/focusFirstFormError.ts | Adds focus mapping for OpenClaw sandbox section errors. |
| ui/src/components/agent-form/agent-form-types.ts | Adds openClawSandbox validation error field. |
| ui/src/app/openshell/page.tsx | Adds /openshell route wrapper using Suspense. |
| ui/src/app/openshell/OpenshellTerminalPage.tsx | Adds xterm-based SSH terminal page using WebSocket to /api/sandbox/ssh. |
| ui/src/app/agents/new/page.tsx | Tweaks agent-create form behavior/sections for revised type semantics. |
| ui/src/app/agents/new-harness/page.tsx | Adds dedicated “New Agent Harness” creation page targeting OpenClawSandbox. |
| ui/src/app/actions/agents.ts | Adds OpenClawSandbox creation via POST /sandboxes using built Sandbox CR draft. |
| ui/package.json | Adds xterm dependencies. |
| ui/package-lock.json | Locks new dependencies and updates related lockfile entries. |
| helm/kagent/values.yaml | Adds UI URL values (publicBackendUrl, backendInternalUrl) and comments for controller env. |
| helm/kagent/tests/ui-nginx-configmap_test.yaml | Adds assertion for controller upstream in nginx config. |
| helm/kagent/tests/ui-deployment_test.yaml | Adds assertions for NEXT_PUBLIC_BACKEND_URL + BACKEND_INTERNAL_URL. |
| helm/kagent/templates/ui-deployment.yaml | Switches UI env wiring to new public/internal URL values. |
| helm/kagent/templates/rbac/writer-role.yaml | Grants writer role access to sandboxes resources. |
| helm/kagent/templates/rbac/getter-role.yaml | Grants getter role access to sandboxes resources and status. |
| helm/kagent/templates/controller-deployment.yaml | Adds OpenShell-related env vars (hard-coded). |
| helm/kagent/templates/_helpers.tpl | Adds helpers for controller service authority and internal API base. |
| helm/kagent/files/nginx.conf | Updates nginx upstream to controller Service DNS + timeouts for WS/long-lived connections. |
| helm/kagent-crds/templates/kagent.dev_sandboxagents.yaml | Adds maxLength to ValueSource fields in CRD schema. |
| helm/kagent-crds/templates/kagent.dev_remotemcpservers.yaml | Adds maxLength to ValueSource fields in CRD schema. |
| helm/kagent-crds/templates/kagent.dev_agents.yaml | Adds maxLength to ValueSource fields in CRD schema. |
| go/Makefile | Adds buf + openshell-proto generation target. |
| go/go.mod | Adds deps for OpenShell integration (grpc/ssh/websocket/proto). |
| go/core/pkg/sandboxbackend/openshell/translate_test.go | Adds tests for OpenShell request translation/policy handling. |
| go/core/pkg/sandboxbackend/openshell/openshell.go | Adds generic openshell AsyncBackend implementation wrapper. |
| go/core/pkg/sandboxbackend/openshell/openclaw.go | Adds OpenClaw/NemoClaw backend with post-ready bootstrap behavior. |
| go/core/pkg/sandboxbackend/openshell/openclaw_json_test.go | Adds tests for OpenClaw bootstrap JSON/env building. |
| go/core/pkg/sandboxbackend/openshell/grpc_backend.go | Adds shared gRPC backend logic for Sandbox lifecycle + gateway provider setup. |
| go/core/pkg/sandboxbackend/openshell/config.go | Adds OpenShell gateway client config struct. |
| go/core/pkg/sandboxbackend/openshell/client.go | Adds OpenShell gRPC dialer + client wrapper. |
| go/core/pkg/sandboxbackend/openshell/client_test.go | Adds dial/ready connectivity test. |
| go/core/pkg/sandboxbackend/async.go | Introduces AsyncBackend interface and handle/result types for Sandbox controller. |
| go/core/pkg/app/app.go | Wires Sandbox controller startup and builds OpenShell backends from flags. |
| go/core/internal/httpserver/server.go | Adds /api/sandboxes and /api/sandbox/ssh routes + auth query middleware for WS. |
| go/core/internal/httpserver/middleware.go | Adds Hijacker support to response wrapper; skips JSON content-type for WS endpoint. |
| go/core/internal/httpserver/middleware_error.go | Adds Hijacker support to error response writer. |
| go/core/internal/httpserver/handlers/test_helpers_test.go | Registers Sandbox types into handler test scheme. |
| go/core/internal/httpserver/handlers/sandbox_ssh_test.go | Adds unit tests for sandbox SSH WS utilities. |
| go/core/internal/httpserver/handlers/agents.go | Merges Sandbox CRs into agent list; adds create sandbox endpoint; extends delete behavior. |
| go/core/internal/httpserver/handlers/agents_test.go | Adds tests for listing/creating/deleting Sandboxes via agent APIs. |
| go/core/internal/controller/sandbox_controller.go | Adds controller to reconcile Sandbox CRs via AsyncBackend (with finalizer/bootstrap). |
| go/api/v1alpha2/zz_generated.deepcopy.go | Adds deepcopy generation for new Sandbox-related API types. |
| go/api/v1alpha2/sandbox_types.go | Introduces Sandbox API types/CRD shape (backend, network, channels, status). |
| go/api/v1alpha2/common_types.go | Adds maxLength validation tags for ValueSource name/key. |
| go/api/openshell/proto/test.proto | Adds OpenShell proto set (test message). |
| go/api/openshell/proto/sandbox.proto | Adds OpenShell sandbox policy proto definitions. |
| go/api/openshell/proto/inference.proto | Adds OpenShell inference service proto definitions. |
| go/api/openshell/proto/datamodel.proto | Adds OpenShell datamodel proto definitions. |
| go/api/openshell/proto/compute_driver.proto | Adds internal compute driver proto definitions. |
| go/api/openshell/proto/buf.yaml | Adds buf module config. |
| go/api/openshell/proto/buf.gen.yaml | Adds buf generation config and Go package mappings. |
| go/api/openshell/gen/openshelltestv1/test.pb.go | Adds generated Go stubs for OpenShell protos. |
| go/api/openshell/gen/inferencev1/inference_grpc.pb.go | Adds generated Go stubs for OpenShell protos. |
| go/api/openshell/gen/datamodelv1/datamodel.pb.go | Adds generated Go stubs for OpenShell protos. |
| go/api/httpapi/types.go | Extends AgentResponse to include openshellSandbox list entry. |
| go/api/config/crd/bases/kagent.dev_sandboxagents.yaml | Adds maxLength to ValueSource fields in generated CRD base. |
| go/api/config/crd/bases/kagent.dev_remotemcpservers.yaml | Adds maxLength to ValueSource fields in generated CRD base. |
| go/api/config/crd/bases/kagent.dev_agents.yaml | Adds maxLength to ValueSource fields in generated CRD base. |
Files not reviewed (1)
- ui/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+80
to
+82
| CheckOrigin: func(*http.Request) bool { | ||
| return true | ||
| }, |
Introduces a generic remote-execution-environment CRD (Sandbox) backed by an AsyncBackend abstraction, with an openshell gRPC implementation. Separate from the existing SandboxAgent path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
…rding, show the agents in UI + chat Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
…cific to each channel + global/generic ones that are needed by openclaw) Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
…s naming Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
peterj
changed the title
|
Warning Testing pausedMonthly snapshot limit reached. Update your plan to get more snapshots and resume testing. |
peterj
commented
May 7, 2026
| - message: exactly one of value or valueFrom must be set | ||
| rule: has(self.valueFrom) != (has(self.value) && self.value | ||
| != '') | ||
| != ”) |
Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.