feat(server,sandbox): move SSH connect and exec onto supervisor session relay#861
Draft
feat(server,sandbox): move SSH connect and exec onto supervisor session relay#861
Conversation
…on relay
Introduce a persistent supervisor-to-gateway session (ConnectSupervisor
bidirectional gRPC RPC) and migrate /connect/ssh and ExecSandbox onto
relay channels coordinated through it.
Architecture:
- gRPC control plane: carries session lifecycle (hello, heartbeat) and
relay lifecycle (RelayOpen, RelayOpenResult, RelayClose)
- HTTP data plane: for each relay, the supervisor opens a reverse HTTP
CONNECT to /relay/{channel_id} on the gateway; the gateway bridges
the client stream with the supervisor stream
- The supervisor is a dumb byte bridge with no SSH/NSSH1 awareness;
the gateway sends the NSSH1 preface through the relay
Key changes:
- Add ConnectSupervisor RPC and session/relay proto messages
- Add gateway session registry (SupervisorSessionRegistry) with
pending-relay map for channel correlation
- Add /relay/{channel_id} HTTP CONNECT endpoint
- Rewire /connect/ssh: session lookup + RelayOpen instead of direct
TCP dial to sandbox:2222
- Rewire ExecSandbox: relay-based proxy instead of direct sandbox dial
- Add supervisor session client with reconnect and relay bridge
- Remove ResolveSandboxEndpoint from proto, gateway, and K8s driver
Closes OS-86
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
When a sandbox first reports Ready, the supervisor session may not have completed its gRPC handshake yet. Instead of failing immediately with 502 / "supervisor session not connected", the relay open now retries with exponential backoff (100ms → 2s) for up to 15 seconds. This fixes the race between K8s marking the pod Ready and the supervisor establishing its ConnectSupervisor session.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Introduces a persistent supervisor-to-gateway session (
ConnectSupervisor) and migrates/connect/sshandExecSandboxonto relay channels, removing the requirement for direct gateway-to-sandbox network connectivity.RelayOpen/RelayOpenResult/RelayClose)Removes
ResolveSandboxEndpointfrom the proto, gateway, and K8s driver.Closes OS-86. Design: RFC 0002, Plan.
TODO
cleanup_sandboxin compute runtime)architecture/sandbox-connect.md,architecture/gateway.md,architecture/sandbox.md)docs/for the new connectivity modelTest plan
sandbox execworks through relay (verified locally on nemoclaw cluster)sandbox connectworks through relay (verified locally)