feat(policy): extend provider attachment proposals

crates/openshell-core/src/settings.rs

@@ -60,8 +60,9 @@ pub const PROVIDERS_V2_ENABLED_KEY: &str = "providers_v2_enabled";
 pub const AGENT_POLICY_PROPOSALS_ENABLED_KEY: &str = "agent_policy_proposals_enabled";
 
 pub const REGISTERED_SETTINGS: &[RegisteredSetting] = &[
-    // Gateway-level opt-in for provider profile policy composition. Defaults
-    // to false when unset.
+    // Gateway-level control for provider profile policy composition. Defaults
+    // to true when unset; set false to attach provider credentials without
+    // adding the provider profile's network policy layer.
     RegisteredSetting {
         key: PROVIDERS_V2_ENABLED_KEY,
         kind: SettingValueKind::Bool,

crates/openshell-providers/src/profiles.rs

@@ -880,7 +880,19 @@ mod tests {
             ProviderProfileCategory::SourceControl as i32
         );
         assert_eq!(proto.endpoints.len(), 2);
-        assert_eq!(proto.binaries.len(), 4);
+        assert_eq!(proto.binaries.len(), 8);
+        assert!(
+            proto
+                .binaries
+                .iter()
+                .any(|binary| binary.path == "/usr/bin/curl")
+        );
+        assert!(
+            proto
+                .binaries
+                .iter()
+                .any(|binary| binary.path == "/usr/local/bin/node")
+        );
     }
 
     #[test]

crates/openshell-sandbox/Cargo.toml

@@ -18,6 +18,7 @@ path = "src/main.rs"
 openshell-core = { path = "../openshell-core" }
 openshell-ocsf = { path = "../openshell-ocsf" }
 openshell-policy = { path = "../openshell-policy" }
+openshell-providers = { path = "../openshell-providers" }
 openshell-router = { path = "../openshell-router" }
 
 # Async runtime

crates/openshell-sandbox/src/grpc_client.rs

@@ -10,10 +10,11 @@ use std::time::Duration;
 use miette::{IntoDiagnostic, Result, WrapErr};
 use openshell_core::proto::{
     DenialSummary, GetDraftPolicyRequest, GetInferenceBundleRequest, GetInferenceBundleResponse,
-    GetSandboxConfigRequest, GetSandboxProviderEnvironmentRequest, PolicyChunk, PolicySource,
-    PolicyStatus, ReportPolicyStatusRequest, SandboxPolicy as ProtoSandboxPolicy,
-    SubmitPolicyAnalysisRequest, SubmitPolicyAnalysisResponse, UpdateConfigRequest,
-    inference_client::InferenceClient, open_shell_client::OpenShellClient,
+    GetSandboxConfigRequest, GetSandboxProviderEnvironmentRequest, ListSandboxProvidersRequest,
+    PolicyChunk, PolicySource, PolicyStatus, ReportPolicyStatusRequest,
+    SandboxPolicy as ProtoSandboxPolicy, SubmitPolicyAnalysisRequest, SubmitPolicyAnalysisResponse,
+    UpdateConfigRequest, datamodel::v1::Provider, inference_client::InferenceClient,
+    open_shell_client::OpenShellClient,
 };
 use tonic::service::interceptor::InterceptedService;
 use tonic::transport::{Certificate, Channel, ClientTlsConfig, Endpoint, Identity};
@@ -379,6 +380,20 @@ impl CachedOpenShellClient {
         Ok(response.into_inner().chunks)
     }
 
+    /// List providers attached to this sandbox. Used by policy.local so
+    /// in-sandbox agents can observe attachment state without seeing secrets.
+    pub async fn list_sandbox_providers(&self, sandbox_name: &str) -> Result<Vec<Provider>> {
+        let response = self
+            .client
+            .clone()
+            .list_sandbox_providers(ListSandboxProvidersRequest {
+                sandbox_name: sandbox_name.to_string(),
+            })
+            .await
+            .into_diagnostic()?;
+        Ok(response.into_inner().providers)
+    }
+
     /// Report policy load status back to the server.
     pub async fn report_policy_status(
         &self,

crates/openshell-sandbox/src/l7/rest.rs

@@ -2332,7 +2332,13 @@ mod tests {
             body["next_steps"][0]["path"],
             "/etc/openshell/skills/policy_advisor.md"
         );
-        assert_eq!(body["next_steps"][3]["body_type"], "PolicyMergeOperation");
+        let submit_step = body["next_steps"]
+            .as_array()
+            .expect("next_steps should be an array")
+            .iter()
+            .find(|step| step["action"] == "submit_proposal")
+            .expect("next_steps should include submit_proposal");
+        assert_eq!(submit_step["body_type"], "PolicyMergeOperation");
         assert!(
             !body.to_string().contains("secret-token"),
             "deny body must not leak query params or credential values"

crates/openshell-sandbox/src/mechanistic_mapper.rs

@@ -212,6 +212,7 @@ pub async fn generate_proposals(summaries: &[DenialSummary]) -> Vec<PolicyChunk>
         let stage = denials
             .first()
             .map_or_else(|| "connect".to_string(), |d| d.denial_stage.clone());
+        let human_summary = rule_name.clone();
 
         proposals.push(PolicyChunk {
             id: String::new(), // Assigned by the gateway on persist
@@ -232,6 +233,11 @@ pub async fn generate_proposals(summaries: &[DenialSummary]) -> Vec<PolicyChunk>
             binary: binary.clone(),
             validation_result: String::new(),
             rejection_reason: String::new(),
+            human_summary,
+            intent_summary: String::new(),
+            request_type: "network_policy".to_string(),
+            provider_name: String::new(),
+            provider_type: String::new(),
         });
     }