Skip to content

fix(tui): route warning logs to status bar instead of stderr#1

Closed
r3v5 wants to merge 24 commits into
mainfrom
fix-tui-warning-log
Closed

fix(tui): route warning logs to status bar instead of stderr#1
r3v5 wants to merge 24 commits into
mainfrom
fix-tui-warning-log

Conversation

@r3v5

@r3v5 r3v5 commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Summary

  • Replace all 25 tracing::warn!/info!/debug!() calls in openshell-tui with app.status_text assignments to prevent stderr writes from corrupting ratatui's alternate-screen layout
  • Add ForwardWarnings event variant to decouple port-forward warning delivery from sandbox name in CreateResult, preventing downstream gRPC lookup failures in handle_exec_command
  • Remove tracing dependency from the TUI crate as a compile-time guard against reintroduction (14 other crates retain it)

Related Issue

Closes NVIDIA#2120

Changes

crates/openshell-tui/src/lib.rs

  • 18 direct-access tracing::*!() calls → app.status_text assignments
  • 7 spawned-task calls in start_port_forwards()Vec<String> accumulation returned to caller
  • 2 tracing::debug!() calls in refresh_draft_chunks() silently dropped (not user-actionable)
  • start_port_forwards() return type changed from () to Vec<String>
  • Forward warnings sent via Event::ForwardWarnings, not embedded in sandbox name

crates/openshell-tui/src/event.rs

  • Added ForwardWarnings(Vec<String>) variant to Event enum

crates/openshell-tui/Cargo.toml

  • Removed tracing = { workspace = true }

Testing

  • cargo build -p openshell-tui — compiles clean
  • cargo clippy -p openshell-tui — no warnings
  • grep -rn 'tracing::' crates/openshell-tui/src/ — zero results
  • mise run pre-commit — passes (excluding unrelated prompt.md)
  • Manual: openshell term → error sandbox → clean layout, no stderr corruption
  • Manual: gateway stopped mid-session → errors display in title bar, TUI intact
  • Reproduced exact scenario from issue [term] Warning Log Messed Up the TUI NVIDIA/OpenShell#2120 (error-phase sandbox detail view)

dependabot Bot and others added 24 commits June 29, 2026 13:56
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6.0.3...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/attest](https://github.com/actions/attest) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](actions/attest@59d8942...a1948c3)

---
updated-dependencies:
- dependency-name: actions/attest
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
)

Reduce the Linux capability bounding set in the common privilege-drop path before executing sandbox workloads or connect shells and use capctl

Signed-off-by: Adrien Langou <alangou@nvidia.com>
…#1974)

* refactor(server): remove unused compute runtime constructor parameter

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* refactor(server): normalize compute driver type imports

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* refactor(server): key driver config tables by name

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* refactor(server): normalize compute driver config acquisition

Signed-off-by: Evan Lezar <elezar@nvidia.com>

---------

Signed-off-by: Evan Lezar <elezar@nvidia.com>
* test(e2e): add workload manifest build flow

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* test(e2e): add gpu workload validation tests

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* ci(e2e): build gpu workloads before gpu e2e

Signed-off-by: Evan Lezar <elezar@nvidia.com>

---------

Signed-off-by: Evan Lezar <elezar@nvidia.com>
* fix(providers): reserve credential placeholder revisions

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* fix(providers): share placeholder namespace parser

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* test(providers): cover non-revision env key

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

---------

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Co-authored-by: John Myers <johntmyers@users.noreply.github.com>
…templates (NVIDIA#2062)

The certgen hook and cert-manager Certificate template hardcoded
openshell.openshell.svc.cluster.local in server certificate SANs,
breaking deployments in any namespace other than openshell. Use
.Release.Namespace in the templates so the SANs match the actual
service FQDN regardless of the target namespace.

Closes NVIDIA#2060

Signed-off-by: Akram <akram.benaissi@gmail.com>
Signed-off-by: Evan Lezar <elezar@nvidia.com>
* feat(kubernetes): add combined topology config surface

Signed-off-by: Taylor Mutch <taylormutch@gmail.com>

* docs(kubernetes): clarify topology defaults

Signed-off-by: Taylor Mutch <taylormutch@gmail.com>

---------

Signed-off-by: Taylor Mutch <taylormutch@gmail.com>
Signed-off-by: Evan Lezar <elezar@nvidia.com>
…2088)

The field was added during the Kubernetes driver extraction refactor
(NVIDIA#817) as a pass-through mechanism, but was never wired up to a CLI
flag, Python SDK helper, or any documentation. The only reachable
user path was raw gRPC construction.

The Kubernetes driver now always injects the default workspace PVC,
removing the branching logic that checked for a user-supplied VCT.
Field number 9 is reserved in the proto to prevent reuse.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
The chart's optional Gateway API ingress only rendered a plaintext HTTP
listener, so the gateway could not be exposed over TLS. Add an HTTPS
listener option that terminates TLS at the Envoy Gateway and forwards
plaintext gRPC to the gateway pod.

- gateway.yaml renders an HTTPS listener with `tls.mode: Terminate` and
  `certificateRefs` when `grpcRoute.gateway.listener.protocol=HTTPS`,
  keeping the default HTTP listener unchanged. Guards fail the render when
  `certificateRefs` is empty or `server.disableTls` is not true (the chart
  does not render a BackendTLSPolicy for re-encryption).
- values.yaml adds `grpcRoute.gateway.listener.tls.certificateRefs`.
- ci/values-gateway-tls.yaml exercises the HTTPS branch in lint/render.
- docs/kubernetes/ingress.mdx documents HTTPS setup and clarifies that
  Envoy Gateway only terminates TLS (no OIDC SecurityPolicy); client
  identity uses OIDC bearer tokens, with the client-credentials grant for
  headless agents.
- debug-openshell-cluster skill gains HTTPS-ingress troubleshooting rows.
- Regenerated the chart README values table.

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
* chore(gator): add gator gate skill

* chore(gator): add sandbox launcher scaffold

* chore(gator): add codex image and docs checks

* chore(gator): fold approved provider policy rules

* chore(gator): add deterministic reviewer runner

* chore(gator): clarify ok-to-test comments

* chore(gator): structure launcher harnesses

* chore(gator): require e2e for dependabot

* chore(gator): add codex refresh profile

* chore(gator): wip manifest agent launcher

* feat(agents): supervise watch cycles in sandbox

* fix(agents): preserve gateway refresh state

* fix(gator): continue human response threads

* fix(agents): keep watch supervisor retrying

* fix(agents): use refreshed Codex credential aliases

* fix(gator): avoid misleading gh auth checks

* docs(agents): remove architecture build update

* fix(gator): use REST-backed GitHub writes

* fix(agents): bake immutable agent payloads

* fix(agents): upload writable agent workspace

* fix(agents): surface gator watch progress

* fix(agents): prevent codex stdin hang

* fix(agents): align codex subagent input

* fix(agents): heartbeat during active cycles

* fix(agents): clean up heartbeat sleep

* fix(agents): disable gh telemetry in codex harness

* fix(agents): reconcile closed gator PRs

* fix(agents): query closed gator PR labels separately

* fix(agents): tolerate rotated credential placeholders

* fix(agents): enforce gator same-sha comment guard

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* docs(agents): scope gator trusted commentary

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* fix(gator): treat reviewer failures as transient

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* feat(agents): refine gator supervised workflow

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* fix(agents): stream codex prompts via stdin

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* docs(agents): clarify trusted gator responses

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

* refactor(agents): scope gator PR to scripts

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>

---------

Signed-off-by: John Myers <johntmyers@users.noreply.github.com>
Signed-off-by: Evan Lezar <elezar@nvidia.com>
Co-authored-by: John Myers <johntmyers@users.noreply.github.com>
Co-authored-by: Evan Lezar <elezar@nvidia.com>
…A#2092)

* feat(docker,podman): add SELinux label support for bind mounts

The Docker Engine structured Mount API does not support SELinux
relabelling (:z / :Z). Move user-supplied bind mounts from the
structured `mounts` field to the legacy string-format `binds` field,
which does support these options.

Add a shared `SelinuxLabel` enum (shared/private) to openshell-core so
both Docker and Podman drivers accept an optional `selinux_label` field
on bind mount configs. For Docker, labels are appended to the bind
string; for Podman, they are pushed to the mount options vec.

Signed-off-by: Florian Bergmann <fbergman@redhat.com>

* fix(docker): reject missing bind source paths on legacy binds

Moving user bind mounts from the structured Mount API to the legacy
Binds field changed Docker's behavior for missing source directories:
the legacy path silently creates them as empty root-owned dirs instead
of erroring. Add an explicit Path::exists() check to preserve the
fail-fast behavior operators expect.

Signed-off-by: Florian Bergmann <fbergman@redhat.com>

---------

Signed-off-by: Florian Bergmann <fbergman@redhat.com>
* test(e2e): run rootless podman on ubuntu host

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* test(e2e): probe rootless capability behavior

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* test(e2e): make capability probe observational

Signed-off-by: Evan Lezar <elezar@nvidia.com>

---------

Signed-off-by: Evan Lezar <elezar@nvidia.com>
…A#1973)

* feat(policy): accept numeric UIDs in sandbox process identity validation

Allow run_as_user and run_as_group to be either the literal 'sandbox'
or a numeric UID/GID within [1000, 2_000_000_000]. This removes the
hard dependency on a baked-in 'sandbox' user in container images,
enabling compute drivers to inject resolved UIDs at sandbox creation.

Phase 1 of NVIDIA#1959.

Signed-off-by: Seth Jennings <sjenning@redhat.com>

* feat(supervisor): accept numeric UIDs for process identity dropping

Allow run_as_user and run_as_group to be numeric UIDs/GIDs, removing
the hard dependency on a baked-in 'sandbox' user in container images.

Changes:
- validate_sandbox_user(): accepts numeric UIDs without passwd lookup
  (logs OCSF event); keeps passwd check for "sandbox" name; rejects
  non-numeric non-sandbox strings that fail passwd lookup
- prepare_filesystem(): passes numeric UIDs/GIDs directly to chown()
  instead of requiring a passwd entry
- drop_privileges(): resolves numeric UIDs/GIDs directly via UID::from_raw
  / Gid::from_raw; skips initgroups when target uid matches current euid;
  uses guard conditions before setgid/setuid calls
- session_user_and_home(): falls back to ("{uid}", "/sandbox") for
  numeric UIDs, avoiding a passwd lookup that will fail

Re-exports MIN_SANDBOX_UID and MAX_SANDBOX_UID from openshell-policy
so callers have consistent range constants.

Phase 2 of NVIDIA#1959.

Signed-off-by: Seth Jennings <sjenning@redhat.com>

* feat(driver-kubernetes): resolve sandbox UID/GID from config or OpenShift SCC annotations

Phase 3 of the numeric-UID plan: allow operators to specify explicit
sandbox_uid/sandbox_gid in Kubernetes driver config, auto-detect from
OpenShift SCC namespace annotations, and propagate resolved values to
supervisor container env vars and PVC init container securityContext.

Changes:
- Add sandbox_uid/sandbox_gid fields to KubernetesComputeConfig
- Add SANDBOX_UID/SANDBOX_GID env var constants to openshell-core
- Implement resolve_sandbox_identity() to fetch namespace annotations
  and auto-detect OpenShift SCC UID ranges (sa.scc.uid-range)
- Pass resolved UID/GID through SandboxPodParams to pod spec builder
- Inject SANDBOX_UID/SANDBOX_GID env vars into supervisor container
- Update PVC init container securityContext with resolved UID/GID
  instead of hard-coded root
- Add comprehensive unit tests for resolution logic and annotation
  parsing (resolve_sandbox_uid, resolve_sandbox_gid, OpenShift SCC
  annotation parsing)

Signed-off-by: Seth Jennings <sjenning@redhat.com>

* feat(driver-vm): add configurable sandbox UID/GID and update docs/examples

Phase 4 of the numeric-UID plan: replace hardcoded SANDBOX_UID (10001)
in VM rootfs preparation with configurable sandbox_uid/sandbox_gid fields.

Changes:
- Add sandbox_uid/sandbox_gid to VmDriverConfig with serde derives
- Pass resolved UID/GID through prepare_sandbox_rootfs_from_image_root
  to ensure_sandbox_guest_user which writes /etc/passwd/group/gshadow
- Update BYOC Dockerfile: remove groupadd/useradd, document runtime UID
  injection and the ability to skip baked-in sandbox user
- Update gateway-config.mdx: document sandbox_uid/sandbox_gid for both
  Kubernetes (with OpenShift SCC autodetection) and VM drivers
- Update sandbox-compute-drivers.mdx: add Sandbox User Identity section
  explaining numeric UID support across all compute drivers
- Update rootfs tests to use non-default UIDs, verify config passthrough

Signed-off-by: Seth Jennings <sjenning@redhat.com>

* code review changes

* fix(supervisor): harden tests for restricted CI container environments

Guard tests against CI-specific constraints: root without CAP_SETPCAP,
UIDs with no /etc/passwd entry, and restricted /proc access.

Signed-off-by: Seth Jennings <sjennings@nvidia.com>
Signed-off-by: Seth Jennings <sjenning@redhat.com>

---------

Signed-off-by: Seth Jennings <sjenning@redhat.com>
Signed-off-by: Seth Jennings <sjennings@nvidia.com>
* docs(rfc): add driver config passthrough proposal

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* docs(rfc): link driver config proposal PR

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* docs(rfc): clarify driver config scope

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* docs(rfc): clarify driver-local config schemas

Signed-off-by: Evan Lezar <elezar@nvidia.com>

* docs(rfc): clarify driver config extension path

* docs(rfc): update driver config baseline

* docs(drivers): document bind-mount selinux_label and whitespace rules

---------

Signed-off-by: Evan Lezar <elezar@nvidia.com>
tracing::warn/info/debug calls in the TUI crate write to stderr via
the global tracing subscriber. In ratatui's alternate-screen/raw-mode,
stderr writes corrupt the terminal layout. Error-state sandboxes
amplify this as background gRPC polls fail every 2s tick.

Replace all 25 tracing calls with app.status_text assignments for
direct-access sites, and Vec<String> accumulation for the spawned
start_port_forwards task. Add ForwardWarnings event variant to
decouple forward warning delivery from the sandbox name in
CreateResult, preventing downstream gRPC lookup failures.

Closes NVIDIA#2120

Signed-off-by: Ian Miller <milleryan2003@gmail.com>
New event type for non-fatal port-forward warnings during sandbox
creation. Keeps warning delivery separate from the sandbox name
in CreateResult to avoid corrupting downstream gRPC lookups.

Signed-off-by: Ian Miller <milleryan2003@gmail.com>
Compile-time guard against reintroducing stderr-writing tracing
calls in the TUI crate. 14 other crates retain the dependency.

Signed-off-by: Ian Miller <milleryan2003@gmail.com>
@r3v5 r3v5 changed the title fix(tui): route warning logs to status bar instead of stderr (#2120) fix(tui): route warning logs to status bar instead of stderr Jul 7, 2026
@r3v5 r3v5 closed this Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[term] Warning Log Messed Up the TUI