feat(interceptors): initial gateway interceptor implementation and reference example#2005
Conversation
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
|
🌿 Preview your docs: https://nvidia-preview-pr-2005.docs.buildwithfern.com/openshell |
e06ec57 to
6193eb3
Compare
PR Review StatusValidation: This is project-valid, maintainer-authored work implementing #1919 and the actively reviewed gateway-interceptors RFC in #1927, with #1842 explicitly folded into the interceptor design. Head SHA: Thanks @drew. I also checked your response on the crate-layout discussion: the current flat, component-prefixed Review findings:
Docs: Relevant Fern docs and gateway architecture docs are updated, but the append-catalog statement above must be corrected. No navigation change appears necessary for the existing pages. Tests: The implementation is gateway/policy/provider infrastructure and will require Next state: |
PR Review StatusValidation: This is project-valid maintainer-authored work implementing #1919 and the active gateway-interceptors RFC in #1927, with #1842 folded into the interceptor/governance design. Head SHA: Thanks @drew. I rechecked the July 10 updates against the earlier gator findings. The provider-profile source composition work resolves the append/authoritative docs mismatch and narrows the old interceptor profile-source self-selection concern, but blocking review feedback remains. Review findings:
Docs: The provider-profile source docs now match implementation, including the authoritative-by-omission behavior. No Fern navigation change appears necessary for the existing pages. Tests: Once review findings are resolved, this gateway/policy/provider infrastructure change should run with Next state: |
|
Thanks @johntmyers. I worked through every finding from the review. The current head is
Validation completed:
Please re-review the current head when ready. |
BlockedGator is blocked because PR #2005 currently has merge conflicts with Thanks @drew, I saw your July 13 update saying the prior gator findings were addressed at Next action: @drew, rebase or merge Head SHA: |
36567b8 to
ddec080
Compare
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
|
Label |
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
PR Review StatusValidation: This remains project-valid maintainer-authored work implementing #1919 and the active gateway-interceptors RFC in #1927, with #1842 folded into the interceptor/governance design. Head SHA: Review findings:
Prior gator findings: still resolved. I rechecked the latest head after the one-line policy test annotation update, and the independent reviewer confirmed the key prior areas remain addressed: atomic policy/provenance writes, post-commit response preservation, secret-field omission from interceptor payloads, and request-scoped provider-profile snapshots. Docs: Direct gateway config and provider-profile UX/API changes are covered in Tests: Focused coverage appears present for the previously flagged critical paths. Next state: |
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
PR Review StatusValidation: This remains project-valid maintainer-authored work implementing #1919 and the active gateway-interceptors RFC in #1927, with #1842 folded into the interceptor/governance design. Head SHA: Review findings:
Prior gator findings: still resolved. I rechecked the latest head after the route allowlist update; the independent reviewer confirmed the governance-relevant mutation paths remain interceptable, non-allowlisted configured bindings fail startup instead of silently skipping, and the previous governance, provenance, post-commit, secret-isolation, provider-profile snapshot, and canonical hashing concerns remain addressed. Docs: The direct gateway interceptor docs were updated in Tests: Focused coverage appears present for the previously flagged critical paths. Next state: |
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
PR Review StatusValidation: This remains project-valid maintainer-authored work implementing #1919 and the active gateway-interceptors RFC in #1927, with #1842 folded into the interceptor/governance design. Head SHA: Thanks @pimlock and @drew. I rechecked the current-head discussion about Review findings:
Non-blocking reviewer notes:
Prior gator findings: still resolved. The independent reviewer confirmed the key prior areas remain addressed: secret-field omission from interceptor payloads, atomic policy/provenance writes for full policy and merge updates, request-scoped provider-profile snapshots, and the updated annotation/provenance wording. Docs: Direct gateway config and provider-profile UX/API changes are covered in Tests: Next state: |
Monitoring CompleteMonitoring is complete because this PR has merged. Final status: PR #2005 merged on 2026-07-15 at 03:58:36Z. The last active gator state was I removed the active |
Summary
Implements #1927.
Related Issue
Closes #1919, #1842
Changes
INFOmessages and reservePASS/FAILfor functional checks.Testing
CC=clang CXX=clang++ mise run pre-commitpassesOPENSHELL_GOVERNANCE_KEEP_LOGS=1 examples/governance-interceptor/smoke.shpassesChecklist