chore(sync): rebase fork onto upstream/main (2026-05-27)

[vessux]

Summary

Rebase fork delta (11 commits, cred-inject + bind-mounts + stop-start + SandboxPhase::Stopped) onto upstream NVIDIA/OpenShell main (36 commits since last sync 2026-05-20).

Notable upstream commits absorbed:

• a3b16c18 feat(auth): per-sandbox authentication to gateway (feat(auth): per-sandbox authentication to gateway NVIDIA/OpenShell#1404)
• bdaa08fb fix(server): add ConnectSupervisor/RelayStream to SANDBOX_METHODS (fix(server): add ConnectSupervisor and RelayStream to SANDBOX_METHODS NVIDIA/OpenShell#1475)
• 68d42805 fix(docker): use host-gateway callbacks on macOS (fix(docker): use host-gateway callbacks on macOS NVIDIA/OpenShell#1516)
• e7f965a9 refactor(sandbox,driver-vm): start moving to rustix (refactor(sandbox,driver-vm): Start moving to rustix (esp over libc unsafe) NVIDIA/OpenShell#1505)
• 528fb291 fix(sandbox): allow first-label L7 host wildcards (fix(sandbox): allow first-label L7 host wildcards NVIDIA/OpenShell#1304)
• 9857fa19 refactor: deduplicate shared code across ocsf builders + driver crates (refactor: deduplicate shared code across ocsf builders and driver crates NVIDIA/OpenShell#1526)

Proto field collisions

Upstream's a3b16c18 added DriverSandboxSpec.sandbox_token = 11, which collided with fork's DriverSandboxSpec.volumes = 11 (bind-mounts). Resolved by renumbering fork's volumes to field 12 in proto/compute_driver.proto. No openshell.proto changes affected (fork's SandboxSpec.volumes = 11 is still safe — upstream stopped at 10).

Fork's cred-inject 9000+ fields remain unchanged; upstream's new fields stayed in low ranges.

Conflicts resolved

• proto/compute_driver.proto — renumbered fork's volumes to 12
• crates/openshell-driver-docker/src/lib.rs — merged sandbox_token mount + volumes mount in build_binds; kept upstream's Result<Vec<String>, Status> signature
• crates/openshell-driver-docker/src/tests.rs — kept both fixtures (sandbox_token + volumes), kept upstream's build_binds(&sandbox, &config) arg order, updated fork's new test to match
• crates/openshell-driver-podman/src/container.rs — added image_sandbox_user param to build_container_spec_with_token; updated test wrapper
• crates/openshell-driver-podman/src/driver.rs — combined fork's image_sandbox_user resolution with upstream's build_container_spec_with_token call
• crates/openshell-server/src/compute/mod.rs — included both sandbox_token and volumes in driver_sandbox_spec_from_public
• crates/openshell-cli/tests/sandbox_create_lifecycle_integration.rs — added missing &[] volumes arg in a new test added by a3b16c18
• CI workflows .github/workflows/{e2e-label-help,required-ci-gates}.yml — re-deleted (fork's chore commit drops NVIDIA mirror plumbing)
• Test fixture import lists in 5 files — merged both branches' new types

Build + tests

cargo build --release -p openshell-server -p openshell-cli -p openshell-sandbox    # green
cargo clippy --release ... --tests                                                  # green
cargo test --release -p openshell-{driver-podman,driver-docker,driver-vm,server,sandbox,cli,policy}  # ~1937 pass, 0 fail

Test plan

• Fork builds with system z3 on Mac (Z3_SYS_Z3_HEADER + LIBRARY_PATH)
• Unit tests pass across all touched crates
• Clippy clean across critical crates
• CI green (Linux release builds, gateway smoke, live-integration)
• Openlock-side smoke after OPENSHELL_FORK_TAG bump