feat(runner): OpenShell sandbox integration with POD_IP injection and OpenShift RBAC

.mcp.json

@@ -2,11 +2,17 @@
   "mcpServers": {
     "context7": {
       "command": "npx",
-      "args": ["-y", "@upstash/context7-mcp@latest"]
+      "args": [
+        "-y",
+        "@upstash/context7-mcp@latest"
+      ]
     },
     "deepwiki": {
       "command": "npx",
-      "args": ["-y", "deepwiki-mcp@latest"]
+      "args": [
+        "-y",
+        "deepwiki-mcp@latest"
+      ]
     }
   }
-}
+}

BOOKMARKS.md

@@ -30,6 +30,7 @@ Desired state of the system, organized by capability domain.
 | [Runner](specs/agents/runner.spec.md) | agents | Runner subprocess lifecycle, bridges, gRPC/HTTP endpoints |
 | [MCP Server](specs/integrations/mcp-server.spec.md) | integrations | MCP tool definitions, sidecar and public endpoint modes |
 | [Security](specs/security/security.spec.md) | security | Identity boundaries, credential authorization, per-session isolation, design decisions |
+| [OpenShell Sandbox](specs/security/openshell-sandbox.spec.md) | security | Agent subprocess sandbox: network namespace, Landlock, seccomp, TLS proxy, OPA policy |
 
 Feature specs remain in numbered directories under `specs/` (e.g., `specs/001-*/spec.md`).
 

components/ambient-cli/cmd/acpctl/ambient/tui/views/messages.go

@@ -531,17 +531,19 @@ func NewMessageStream(sessionID, agentName, phase string) MessageStream {
 	si.Width = 40
 
 	return MessageStream{
-		sessionID:    sessionID,
-		agentName:    agentName,
-		phase:        phase,
-		messages:     make([]MessageEntry, 0, 256),
-		maxMessages:  defaultMaxMessages,
-		autoScroll:   true,
-		composeInput: ci,
-		searchInput:  si,
-		splitMode:    true,
-		activityPane: NewActivityPane(),
-		focusTop:     true,
+		sessionID:     sessionID,
+		agentName:     agentName,
+		phase:         phase,
+		messages:      make([]MessageEntry, 0, 256),
+		maxMessages:   defaultMaxMessages,
+		autoScroll:    true,
+		wrapMode:      true,
+		timestampMode: 1,
+		composeInput:  ci,
+		searchInput:   si,
+		splitMode:     true,
+		activityPane:  NewActivityPane(),
+		focusTop:      true,
 	}
 }
 
@@ -1007,18 +1009,24 @@ func (ms *MessageStream) View() string {
 	}
 
 	activeIndicator := msgActiveIndicator
-	renderToggle := func(label, value string, on bool) string {
+	renderToggle := func(label, hotkey, value string, on bool) string {
 		s := dimIndicator
 		if on {
 			s = activeIndicator
 		}
-		return dimIndicator.Render(label+":") + s.Render(value)
+		idx := strings.Index(strings.ToLower(label), hotkey)
+		if idx < 0 {
+			return dimIndicator.Render(label+":") + s.Render(value)
+		}
+		before := label[:idx]
+		after := label[idx+len(hotkey):]
+		return dimIndicator.Render(before+"<") + s.Render(hotkey) + dimIndicator.Render(">"+after+":") + s.Render(value)
 	}
 	indicators := fmt.Sprintf("%s     %s     %s     %s     Phase:%s     %s",
-		renderToggle("Autoscroll", autoScrollLabel, ms.autoScroll),
-		renderToggle("Raw", rawLabel, ms.rawMode),
-		renderToggle("Pretty", prettyLabel, ms.wrapMode),
-		renderToggle("Time", tsLabel, ms.timestampMode > 0),
+		renderToggle("Autoscroll", "s", autoScrollLabel, ms.autoScroll),
+		renderToggle("Raw", "r", rawLabel, ms.rawMode),
+		renderToggle("Pretty", "p", prettyLabel, ms.wrapMode),
+		renderToggle("Time", "t", tsLabel, ms.timestampMode > 0),
 		phaseStyle.Render(ms.phase),
 		dimIndicator.Render(scrollPct),
 	)

components/ambient-control-plane/cmd/ambient-control-plane/main.go

@@ -158,6 +158,8 @@ func runKubeMode(ctx context.Context, cfg *config.ControlPlaneConfig) error {
 		ImagePullSecret:       cfg.ImagePullSecret,
 		PlatformMode:          cfg.PlatformMode,
 		MPPConfigNamespace:    cfg.MPPConfigNamespace,
+		OpenShellEnabled:      cfg.OpenShellEnabled,
+		OpenShellPolicyName:   cfg.OpenShellPolicyName,
 	}
 
 	conn, err := grpc.NewClient(cfg.GRPCServerAddr, grpc.WithTransportCredentials(grpcCredentials(cfg.GRPCUseTLS)))

components/ambient-control-plane/internal/config/config.go

@@ -47,6 +47,8 @@ type ControlPlaneConfig struct {
 	HTTPSProxy            string
 	NoProxy               string
 	ImagePullSecret       string
+	OpenShellEnabled      bool
+	OpenShellPolicyName   string
 }
 
 func Load() (*ControlPlaneConfig, error) {
@@ -91,6 +93,8 @@ func Load() (*ControlPlaneConfig, error) {
 		HTTPSProxy:            os.Getenv("HTTPS_PROXY"),
 		NoProxy:               os.Getenv("NO_PROXY"),
 		ImagePullSecret:       os.Getenv("IMAGE_PULL_SECRET"),
+		OpenShellEnabled:      os.Getenv("OPENSHELL_ENABLED") == "true",
+		OpenShellPolicyName:   envOrDefault("OPENSHELL_POLICY_CONFIGMAP", "openshell-policy"),
 	}
 
 	if cfg.MCPAPIServerURL == "" {

components/ambient-control-plane/internal/kubeclient/kubeclient.go

@@ -64,6 +64,12 @@ var NetworkPolicyGVR = schema.GroupVersionResource{
 	Resource: "networkpolicies",
 }
 
+var ConfigMapGVR = schema.GroupVersionResource{
+	Group:    "",
+	Version:  "v1",
+	Resource: "configmaps",
+}
+
 type KubeClient struct {
 	dynamic dynamic.Interface
 	logger  zerolog.Logger
@@ -267,6 +273,10 @@ func (kc *KubeClient) CreateRole(ctx context.Context, obj *unstructured.Unstruct
 	return kc.dynamic.Resource(RoleGVR).Namespace(obj.GetNamespace()).Create(ctx, obj, metav1.CreateOptions{})
 }
 
+func (kc *KubeClient) UpdateRole(ctx context.Context, obj *unstructured.Unstructured) (*unstructured.Unstructured, error) {
+	return kc.dynamic.Resource(RoleGVR).Namespace(obj.GetNamespace()).Update(ctx, obj, metav1.UpdateOptions{})
+}
+
 func (kc *KubeClient) DeleteRolesByLabel(ctx context.Context, namespace, labelSelector string) error {
 	return kc.deleteCollectionWithFallback(ctx, RoleGVR, namespace, labelSelector)
 }
@@ -327,6 +337,14 @@ func (kc *KubeClient) ListTenantNamespaces(ctx context.Context, namespace, label
 	return kc.dynamic.Resource(gvr).Namespace(namespace).List(ctx, opts)
 }
 
+func (kc *KubeClient) GetConfigMap(ctx context.Context, namespace, name string) (*unstructured.Unstructured, error) {
+	return kc.dynamic.Resource(ConfigMapGVR).Namespace(namespace).Get(ctx, name, metav1.GetOptions{})
+}
+
+func (kc *KubeClient) CreateConfigMap(ctx context.Context, obj *unstructured.Unstructured) (*unstructured.Unstructured, error) {
+	return kc.dynamic.Resource(ConfigMapGVR).Namespace(obj.GetNamespace()).Create(ctx, obj, metav1.CreateOptions{})
+}
+
 func (kc *KubeClient) GetResource(ctx context.Context, gvr schema.GroupVersionResource, namespace, name string) (*unstructured.Unstructured, error) {
 	return kc.dynamic.Resource(gvr).Namespace(namespace).Get(ctx, name, metav1.GetOptions{})
 }