Skip to content

fix(sandbox): rotate openshell.log daily, keep 3 files#430

Closed
Kh4L wants to merge 1 commit intoNVIDIA:mainfrom
Kh4L:fix/sandbox-log-rotation
Closed

fix(sandbox): rotate openshell.log daily, keep 3 files#430
Kh4L wants to merge 1 commit intoNVIDIA:mainfrom
Kh4L:fix/sandbox-log-rotation

Conversation

@Kh4L
Copy link

@Kh4L Kh4L commented Mar 18, 2026

Summary

  • Replaces the unbounded append-only /var/log/openshell.log with a RollingFileAppender that rotates daily and retains at most 3 files
  • No new dependencies — tracing-appender is already a workspace dependency in openshell-sandbox
  • Falls back to stdout-only logging if /var/log is not writable (existing behavior preserved)

Related Issue

Closes #30

Changes

  • crates/openshell-sandbox/src/main.rs: replace std::fs::OpenOptions + non_blocking(file) with RollingFileAppender::builder() configured for daily rotation and a 3-file cap

Testing

  • mise run test passes
  • Sandbox logs appear as /var/log/openshell.YYYY-MM-DD.log inside a running sandbox
  • Old log files beyond the 3-file limit are pruned on rotation

Checklist

  • Follows Conventional Commits format
  • Signed-off-by line included (git commit -s)
  • No new dependencies introduced

@Kh4L
fix(sandbox): rotate openshell.log daily, keep 3 files
bd4c893 
Replace unbounded append-only log with a RollingFileAppender
(daily rotation, max 3 files). tracing-appender is already a
workspace dependency so no new crates are needed.

Closes NVIDIA#30

Signed-off-by: Serge Panev <spanev@nvidia.com>
@github-actions
Copy link

github-actions bot commented Mar 18, 2026

Thank you for your interest in contributing to OpenShell, @Kh4L.

This project uses a vouch system for first-time contributors. Before submitting a pull request, you need to be vouched by a maintainer.

To get vouched:

  1. Open a Vouch Request discussion.
  2. Describe what you want to change and why.
  3. Write in your own words — do not have an AI generate the request.
  4. A maintainer will comment /vouch if approved.
  5. Once vouched, open a new PR (preferred) or reopen this one after a few minutes.

See CONTRIBUTING.md for details.

@github-actions github-actions bot closed this Mar 18, 2026
@github-actions
Copy link

github-actions bot commented Mar 18, 2026
edited
Loading

All contributors have signed the DCO ✍️ ✅
Posted by the DCO Assistant Lite bot.

@Kh4L
Copy link
Author

Kh4L commented Mar 18, 2026

I have read the DCO document and I hereby sign the DCO.

@Kh4L
Copy link
Author

Kh4L commented Mar 18, 2026

recheck

johntmyers added a commit that referenced this pull request Mar 18, 2026
@johntmyers
fix(ci): check author_association before API calls in vouch gate
778b91e 
The vouch-check workflow was closing PRs from NVIDIA org members because
the GITHUB_TOKEN lacks read:org scope, causing orgs.checkMembershipForUser
to return 404 for non-public members. The catch block silently swallowed
these as expected 'not found' responses.

Add an author_association check from the webhook payload as the primary
bypass. GitHub sets this field server-side (MEMBER, OWNER, COLLABORATOR)
regardless of membership visibility, with no extra token permissions
needed. The existing API calls are kept as fallbacks.

Fixes the false positive that closed #430.
@johntmyers johntmyers mentioned this pull request Mar 18, 2026
Merged
4 tasks
johntmyers added a commit that referenced this pull request Mar 18, 2026
@johntmyers
fix(ci): check author_association before API calls in vouch gate (#442)
240d0ee 
The vouch-check workflow was closing PRs from NVIDIA org members because
the GITHUB_TOKEN lacks read:org scope, causing orgs.checkMembershipForUser
to return 404 for non-public members. The catch block silently swallowed
these as expected 'not found' responses.

Add an author_association check from the webhook payload as the primary
bypass. GitHub sets this field server-side (MEMBER, OWNER, COLLABORATOR)
regardless of membership visibility, with no extra token permissions
needed. The existing API calls are kept as fallbacks.

Fixes the false positive that closed #430.

Co-authored-by: John Myers <johntmyers@users.noreply.github.com>
This was referenced Mar 18, 2026
Merged
Merged
drew pushed a commit that referenced this pull request Mar 18, 2026
@johntmyers @drew
fix(ci): check author_association before API calls in vouch gate (#442)
05ed3c9 
The vouch-check workflow was closing PRs from NVIDIA org members because
the GITHUB_TOKEN lacks read:org scope, causing orgs.checkMembershipForUser
to return 404 for non-public members. The catch block silently swallowed
these as expected 'not found' responses.

Add an author_association check from the webhook payload as the primary
bypass. GitHub sets this field server-side (MEMBER, OWNER, COLLABORATOR)
regardless of membership visibility, with no extra token permissions
needed. The existing API calls are kept as fallbacks.

Fixes the false positive that closed #430.

Co-authored-by: John Myers <johntmyers@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(sandbox): implement automatic logfile rollover for /var/log/navigator.log

1 participant

@Kh4L