Skip to content

docs(rfc): sandbox-local route for host-tool discovery and invocation#1724

Open
shiju-nv wants to merge 1 commit into
NVIDIA:mainfrom
shiju-nv:rfc/0005-host-tools
Open

docs(rfc): sandbox-local route for host-tool discovery and invocation#1724
shiju-nv wants to merge 1 commit into
NVIDIA:mainfrom
shiju-nv:rfc/0005-host-tools

Conversation

@shiju-nv
Copy link
Copy Markdown

@shiju-nv shiju-nv commented Jun 3, 2026

Summary

This PR adds RFC 0005, which proposes tools.local as a sandbox-local origin for host-tool discovery and invocation in OpenShell. The design lets sandboxed agents call POST http://tools.local/mcp while keeping backend routes, host credentials, and host-local state outside the sandbox.

Related Issue

#1723

Changes

  • Adds RFC 0005 for broker-backed host tools over tools.local.
  • Defines the /mcp relay from sandbox proxy to gateway to host-tools broker.
  • Reserves root POST http://tools.local/ for future OpenShell JSON-RPC methods and keeps it closed in v1.
  • Defines broker profile configuration, loopback constraints, bearer-token requirements, and gateway-to-broker HTTP behavior.
  • Documents authentication boundaries, credential handling, audit behavior, error mapping, risks, alternatives, and implementation steps.

Testing

RFC-only documentation change.

  • mise run pre-commit passes, not run
  • Unit tests added/updated, not applicable
  • E2E tests added/updated, not applicable

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@shiju-nv
docs(rfc): add RFC 0005 for tools.local host tools
e832c8d 
Add RFC 0005 proposing tools.local as a sandbox-local origin for
OpenShell host-tool discovery and invocation in OpenShell.

Define the /mcp gateway-to-broker relay, broker profile configuration,
authentication boundaries, error mapping, audit behavior, risks, alternatives,
and implementation plan.

Signed-off-by: Shiju <shiju@nvidia.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 3, 2026

Thank you for your submission! We ask that you sign our Developer Certificate of Origin before we can accept your contribution. You can sign the DCO by adding a comment below using this text:

I have read the DCO document and I hereby sign the DCO.

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the DCO Assistant Lite bot.

@shiju-nv shiju-nv changed the title docs(rfc): add RFC 0005 for tools.local host tools docs(rfc): sandbox-local route for host-tool discovery and invocation Jun 3, 2026
@shiju-nv
Copy link
Copy Markdown
Author

shiju-nv commented Jun 3, 2026

I have read the DCO document and I hereby sign the DCO.

johntmyers
johntmyers reviewed Jun 3, 2026
View reviewed changes
Comment thread rfc/0005-host-tools/README.md
[openshell.gateway.host_tools.brokers.local]
kind = "json_rpc_http"
base_url = "http://127.0.0.1:7901"
rpc_path = "/"
Copy link
Copy Markdown
Collaborator

@johntmyers johntmyers Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be mcp?

johntmyers
johntmyers reviewed Jun 3, 2026
View reviewed changes
Comment thread rfc/0005-host-tools/README.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johntmyers johntmyers johntmyers left review comments

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shiju-nv @johntmyers