feat: provide official CLI container image for non-native and Kubernetes environments

[tommylin-signalpro]

Summary

The openshell CLI currently ships only as native binaries (Linux amd64/arm64, macOS aarch64). Environments where the CLI cannot run natively — such as Kubernetes-based deployments, CI pipelines, or unsupported host platforms — have no official way to run it.

Motivation

The OpenShell gateway already runs inside a Docker container (ghcr.io/nvidia/openshell/cluster), so Docker is always available. An official CLI container image would enable:

1. Kubernetes deployments — the CLI could run as a Pod/Job for managing gateways and sandboxes from within a cluster
2. CI/CD pipelines — predictable, portable CLI execution without platform-specific binary management
3. Unsupported platforms — as a workaround for platforms without native binaries (e.g., macOS x86_64)

What I tried

I built a shell wrapper that runs the Linux x86_64 binary inside an Alpine container with openssh-client. It works, but requires mounting $HOME, temp dirs, Docker socket, and forwarding env vars — all of which are fragile and undocumented:

docker run --rm -i \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v "$HOME:$HOME" \
  -v /tmp:/tmp \
  -e "HOME=$HOME" \
  -e "DOCKER_HOST=unix:///var/run/docker.sock" \
  --network host \
  alpine-with-ssh \
  /openshell "$@"

Key issues encountered:

• Gateway metadata (~/.config/openshell/gateways/) must be persisted across invocations
• ssh client is required for sandbox connect and post-create commands
• DOCKER_HOST must be explicitly set to avoid Docker context mismatches
• Host temp dirs (e.g., macOS /var/folders/) must be mounted for --from Dockerfile builds

Suggestion

Publish an official CLI image (e.g., ghcr.io/nvidia/openshell/cli) containing:

• The openshell binary
• openssh-client
• Documentation for required volume mounts and env vars

This could be a simple Dockerfile.cli added to the repo with CI to build/push on release.

Related

• Discovered while working on NVIDIA/NemoClaw#446
• Vouch Request: #731

[tommylin-signalpro]

Reference: working wrapper script

For context, here's the wrapper we used to successfully run the openshell CLI inside a Docker container on an unsupported platform (Intel Mac + Colima). The full NemoClaw onboarding flow completes through this wrapper — gateway start, sandbox create, inference setup, and sandbox connect all work.

#!/bin/bash
# Wrapper to run OpenShell Linux binary via Docker
#
# Solves:
# - No native binary: runs Linux x86_64 binary in a container
# - Gateway metadata persistence: mounts $HOME (includes ~/.config/openshell/)
# - Env var forwarding: passes API keys and tool-specific vars
# - Host path resolution: mounts $HOME, TMPDIR, /tmp
# - TTY support: detects interactive terminal for sandbox connect (SSH)
# - Docker socket: forces standard socket path to avoid context mismatches

mkdir -p "$HOME/.config/openshell" "$HOME/.openshell"

# Build image with SSH on first run (openshell needs ssh for sandbox connect)
IMAGE_NAME="openshell-wrapper:latest"
if ! docker image inspect "$IMAGE_NAME" &>/dev/null; then
  docker build -q -t "$IMAGE_NAME" - <<'DOCKERFILE'
FROM alpine:latest
RUN apk add --no-cache openssh-client bash
DOCKERFILE
fi

# Environment variable forwarding
ENV_ARGS=()
for var in $(compgen -e); do
  case "$var" in
    COMPATIBLE_API_KEY|NVIDIA_API_KEY|OPENAI_API_KEY|ANTHROPIC_API_KEY|\
    GEMINI_API_KEY|OPENSHELL_*|NEMOCLAW_*|TMPDIR)
      ENV_ARGS+=(-e "$var=${!var}")
      ;;
  esac
done

# Temp directory mounts
TEMP_MOUNT=(-v /tmp:/tmp)
if [[ -n "$TMPDIR" && "$TMPDIR" != /tmp* && -d "$TMPDIR" ]]; then
  TEMP_MOUNT+=(-v "$TMPDIR:$TMPDIR")
elif [[ -d /var/folders ]]; then
  TEMP_MOUNT+=(-v /var/folders:/var/folders)
fi

# TTY detection for interactive commands (sandbox connect)
TTY_FLAG=()
if [ -t 0 ]; then
  TTY_FLAG=(-t)
fi

exec docker run --rm -i "${TTY_FLAG[@]}" \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v "$HOME:$HOME" \
  "${TEMP_MOUNT[@]}" \
  -v "$HOME/.local/bin/openshell-linux:/openshell:ro" \
  -e "HOME=$HOME" \
  -e "DOCKER_HOST=unix:///var/run/docker.sock" \
  --network host \
  "${ENV_ARGS[@]}" \
  "$IMAGE_NAME" \
  /openshell "$@"

Issues we hit that informed this design

Problem	Root cause	Wrapper solution
Gateway metadata lost between invocations	--rm deletes container state	Mount $HOME so ~/.config/openshell/ persists
sandbox create --from Dockerfile fails with InvalidImageName	TMPDIR path not accessible to Docker daemon	Mount TMPDIR + set TMPDIR under $HOME
--credential env vars not reaching openshell	Docker container doesn't inherit host env	Selectively forward via compgen -e
Docker socket not found	Colima stores socket at non-standard path; openshell reads Docker context	Force DOCKER_HOST=unix:///var/run/docker.sock
sandbox connect hangs	No TTY allocated	Detect [ -t 0 ] and pass -t flag
Post-create SSH command fails with No such file or directory	Alpine doesn't have ssh	Custom image with openssh-client

One-time setup required

Before the wrapper works, the gateway metadata must be bootstrapped manually after the first gateway start (because the first start happens before metadata persistence is configured):

# Extract mTLS certs from running gateway
mkdir -p ~/.config/openshell/gateways/nemoclaw/mtls
docker exec openshell-cluster-nemoclaw kubectl -n openshell get secret openshell-client-tls \
  -o jsonpath='{.data.ca\.crt}' | base64 -d > ~/.config/openshell/gateways/nemoclaw/mtls/ca.crt
docker exec openshell-cluster-nemoclaw kubectl -n openshell get secret openshell-client-tls \
  -o jsonpath='{.data.tls\.crt}' | base64 -d > ~/.config/openshell/gateways/nemoclaw/mtls/tls.crt
docker exec openshell-cluster-nemoclaw kubectl -n openshell get secret openshell-client-tls \
  -o jsonpath='{.data.tls\.key}' | base64 -d > ~/.config/openshell/gateways/nemoclaw/mtls/tls.key

# Write gateway metadata
cat > ~/.config/openshell/gateways/nemoclaw/metadata.json << 'EOF'
{
  "name": "nemoclaw",
  "gateway_endpoint": "https://127.0.0.1:8080",
  "is_remote": false,
  "gateway_port": 8080
}
EOF

echo -n "nemoclaw" > ~/.config/openshell/active_gateway

An official CLI image would eliminate all of this — the gateway start command would persist metadata naturally since it runs in the same image lifecycle.

[tommylin-signalpro]

Update: sandbox ssh-config ProxyCommand path issue with Docker wrapper

When running the CLI via a Docker wrapper (as described in the reference script above), openshell sandbox ssh-config outputs:

ProxyCommand /openshell ssh-proxy --gateway-name nemoclaw --name my-sandbox

/openshell is the binary path inside the container, not on the host. Any tool that consumes this SSH config on the host (e.g. the NemoClaw Telegram bridge, or manual ssh -F) will fail with no such file or directory: /openshell.

Workaround added to the wrapper: intercept sandbox ssh-config output and sed the ProxyCommand path to point to the host wrapper script:

if [[ "$1" == "sandbox" && "$2" == "ssh-config" ]]; then
  docker run ... /openshell "$@" | sed "s|ProxyCommand /openshell|ProxyCommand $SELF|g"
  exit "${PIPESTATUS[0]}"
fi

This further motivates an official container image — the CLI should be aware of its own invocation path when generating SSH configs, rather than hardcoding the binary location.