Skip to content

fix(gateway): honor tty flag for interactive exec#2315

Open
emonq wants to merge 2 commits into
NVIDIA:mainfrom
emonq:2228-fix-tty-interactiveexec/emonq
Open

fix(gateway): honor tty flag for interactive exec#2315
emonq wants to merge 2 commits into
NVIDIA:mainfrom
emonq:2228-fix-tty-interactiveexec/emonq

Conversation

@emonq

@emonq emonq commented Jul 16, 2026

Copy link
Copy Markdown

Summary

Honor the requested TTY mode throughout the interactive SSH relay. When TTY is disabled, the gateway skips PTY allocation and ignores resize events, preserving pipe-based execution semantics.

Related Issue

Fixes #2228

Changes

  • Pass ExecSandboxRequest.tty through the interactive exec relay.
  • Request an SSH PTY only when tty=true.
  • Forward terminal resize events only for PTY-backed sessions.
  • Add E2E regression coverage verifying all three standard file descriptors are non-TTY with tty=false and TTY-backed with tty=true.

Testing

  • mise run pre-commit all passed.

  • cargo test -p openshell-server interactive_exec --lib — 10 passed.

  • e2e/python/test_sandbox_api.py::test_sandbox_interactive_exec_honors_tty against a Docker-backed gateway — 1 passed.

  • cargo fmt --all -- --check — passed.

  • Ruff format and lint checks — passed.

  • mise run pre-commit passes

  • Unit tests added/updated — existing focused unit tests passed; behavior is covered by E2E.

  • E2E tests added/updated (if applicable)

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

Pass the requested TTY mode through the interactive SSH relay.
Skip PTY allocation and resize forwarding when TTY is disabled,
and add regression coverage for both modes.

Signed-off-by: emonq <emonq@outlook.com>
@emonq
emonq requested review from a team, derekwaynecarr, maxamillion and mrunalp as code owners July 16, 2026 14:24
@copy-pr-bot

copy-pr-bot Bot commented Jul 16, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown

All contributors have signed the DCO ✍️ ✅
Posted by the DCO Assistant Lite bot.

@emonq

emonq commented Jul 16, 2026

Copy link
Copy Markdown
Author

I have read the DCO document and I hereby sign the DCO.

@emonq

emonq commented Jul 16, 2026

Copy link
Copy Markdown
Author

recheck

@johntmyers johntmyers self-assigned this Jul 17, 2026
@johntmyers johntmyers added the gator:in-review Gator is reviewing or awaiting PR review feedback label Jul 17, 2026
@johntmyers

Copy link
Copy Markdown
Collaborator

gator-agent

PR Review Status

Validation: This is a focused gateway bug fix for confirmed issue #2228. It honors the existing ExecSandboxRequest.tty contract without changing sandbox policy, authentication, or privilege boundaries.
Head SHA: bdfe2bc075a393cc3d56520db0836c73d97d803b

Review findings:

  • The production change correctly passes the TTY flag through the interactive relay, allocates a PTY only when requested, and ignores resize events for pipe-backed sessions.
  • Please strengthen test_sandbox_interactive_exec_honors_tty before pipeline handoff. The test currently combines stdout and stderr and never sends a streamed stdin frame, so it would pass even if stderr were returned as stdout or interactive stdin forwarding regressed. Send a stdin sentinel after the start frame, emit distinct stdout/stderr sentinels, collect the streams separately, and assert the stdin round-trip plus stream separation for tty=false while retaining the NNN/TTT checks.

Docs: No Fern update is needed; this restores behavior already documented by the protobuf contract and the existing --tty/--no-tty documentation.

Next state: gator:in-review

…test streamed stdin and stdout/stderr

Signed-off-by: emonq <emonq@outlook.com>
@johntmyers

Copy link
Copy Markdown
Collaborator

gator-agent

Re-check After Author Update

Thanks @emonq. I reviewed the new commit that strengthens the E2E coverage requested on the previous head.

Validation: This remains a focused gateway bug fix for confirmed issue #2228. It restores the existing ExecSandboxRequest.tty contract without changing sandbox policy, authentication, privileges, or trust boundaries.
Head SHA: a34b6a52e8ccc1f99e135f7677b57ce9ab0aa45d

What I checked:

  • tty is propagated through the interactive relay, SSH PTY allocation is conditional, and resize events are ignored for pipe-backed sessions.
  • The updated E2E test now sends streamed stdin, verifies its round-trip, keeps stdout and stderr separate, and retains both non-TTY and TTY assertions.

Review findings:

  • No blocking findings remain.
  • Non-blocking coverage note: a future test could send resize frames in both modes and verify the PTY dimensions for tty=true; this does not block the fix because PTY allocation and pipe semantics are directly covered.

Docs: No Fern update is needed because this restores behavior already specified by the protobuf contract and existing --tty/--no-tty documentation.

Next state: gator:watch-pipeline

@johntmyers johntmyers added gator:watch-pipeline Gator is monitoring PR CI/CD status test:e2e Requires end-to-end coverage and removed gator:in-review Gator is reviewing or awaiting PR review feedback labels Jul 18, 2026
@github-actions

Copy link
Copy Markdown

Label test:e2e applied, but pull-request/2315 is at {"messa while the PR head is a34b6a5. A maintainer needs to comment /ok to test a34b6a52e8ccc1f99e135f7677b57ce9ab0aa45d to refresh the mirror. Once the mirror catches up, re-run Branch E2E Checks from the Actions tab.

@johntmyers

Copy link
Copy Markdown
Collaborator

/ok to test a34b6a5

@johntmyers johntmyers added gator:approval-needed Gator completed review; maintainer approval needed and removed gator:watch-pipeline Gator is monitoring PR CI/CD status labels Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gator:approval-needed Gator completed review; maintainer approval needed test:e2e Requires end-to-end coverage

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: ExecSandboxInteractive ignores tty=false and always allocates a PTY

2 participants