Add Reach sandbox — AI-native remote server management#58
Open
agent-0x wants to merge 1 commit intoNVIDIA:mainfrom
Open
Add Reach sandbox — AI-native remote server management#58agent-0x wants to merge 1 commit intoNVIDIA:mainfrom
agent-0x wants to merge 1 commit intoNVIDIA:mainfrom
Conversation
Reach replaces SSH with HTTPS+Token for AI agents. This sandbox provides the reach CLI and MCP server inside OpenShell, enabling AI agents to manage remote servers without SSH. Includes: - Dockerfile installing reach v0.2.0 from GitHub Releases - Network policy for reach-agent (TLS on port 7100), GitHub API, and Claude Code integration - README with quick start and MCP tool reference Signed-off-by: agent-0x <agent-0x@users.noreply.github.com> Signed-off-by: zchdu <zhongchunhdu@gmail.com>
factory-octavian
pushed a commit
to factory-octavian/OpenShell-Community
that referenced
this pull request
Apr 1, 2026
Add Apache 2.0 licensing, SPDX copyright headers on all source files, DCO enforcement, third-party notices, and CI enforcement. - LICENSE: Apache License 2.0 full text - DCO: Developer Certificate of Origin 1.1 - SPDX headers on all 176 source files (.rs, .py, .proto, .rego, .sh, .toml, .yaml, Dockerfiles) - scripts/update_license_headers.py: header management with --check mode - scripts/generate_third_party_notices.py: dependency license aggregation - THIRD-PARTY-NOTICES: generated listing of all Rust and Python deps - build/license.toml: mise tasks for license:check and license:update - CI: license-headers job in checks.yml, DCO check workflow - CONTRIBUTING.md: DCO sign-off requirement and license header docs - Cargo.toml: license changed to Apache-2.0, repository URL updated - pyproject.toml: license field added Closes NVIDIA#58
alessandro-festa
added a commit
to alessandro-festa/OpenShell-Community
that referenced
this pull request
Apr 27, 2026
…ource (NVIDIA#58) The previous \`curl ... rpm.nodesource.com/setup_22.x | bash\` is a RHEL/Fedora-targeted installer; it doesn't recognise SUSE BCI 16 and the subsequent \`zypper install nodejs22\` then fails to find the package because no third-party repo was added. BCI 16's native \`SLE_BCI\` repository ships \`nodejs22\` and \`npm22\` directly — no third-party repo needed. Two adjacent fixes: * Drop the nodesource curl; install \`nodejs22\` + \`npm22\` from BCI natively. Drop \`nano\` (not packaged in BCI 16; \`vim\` is sufficient). * Pre-create \`/usr/share/keyrings\` before downloading the GitHub CLI signing key. The directory is a Debian-ism that BCI 16 doesn't ship by default, which made the curl write fail with exit 23. Verified: \`docker build sandboxes/suse/\` completes; resulting image runs \`node v22.22.0\` and \`npm 10.9.4\`. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sandboxes/reach/sandbox providing the Reach CLI for AI-native remote server managementWhat is Reach?
Reach is a lightweight agent that runs on remote servers (single Go binary, ~9MB). AI agents connect via HTTPS + Bearer Token through a built-in MCP server — no SSH keys, no shell parsing, just structured JSON.
Key differentiators from SSH:
reach_dryrun) before executionreach bootstrap)Files
sandboxes/reach/Dockerfilesandboxes/reach/policy.yamlsandboxes/reach/README.mdNetwork Policy
reach-agent*:7100(TLS passthrough)reach-githubapi.github.com,github.comclaude-codeapi.anthropic.com+ relatedTest Plan
docker build -t openshell-reach sandboxes/reach/builds successfullyreach --helpworks inside container