fix(bootstrap,server): persist sandbox state across gateway stop/start cycles#739
Open
fix(bootstrap,server): persist sandbox state across gateway stop/start cycles#739
Conversation
pimlock
previously approved these changes
Apr 2, 2026
drew
force-pushed
the
738-sandbox-persistence-across-gateway-restart
branch
6 times, most recently
from
871adc9 to
6da0e77
Compare
…t cycles
Two changes to preserve sandbox state across gateway restarts:
1. Deterministic k3s node identity: Set the Docker container hostname to
a deterministic name derived from the gateway name (openshell-{name}).
Pass OPENSHELL_NODE_NAME env var and --node-name flag to k3s via the
cluster entrypoint as belt-and-suspenders. Update clean_stale_nodes()
to prefer the deterministic name with a fallback to the container
hostname for backward compatibility with older cluster images.
This prevents clean_stale_nodes() from deleting PVCs (including the
server's SQLite database) when the container is recreated after an
image upgrade.
2. Default workspace persistence: Inject a 2Gi PVC and init container
into every sandbox pod so the /sandbox directory survives pod
rescheduling. The init container uses the same sandbox image, mounts
the PVC at a temporary path, and copies the image's /sandbox contents
(Python venv, dotfiles, skills) into the PVC on first use — guarded
by a sentinel file so subsequent restarts are instant. The agent
container then mounts the populated PVC at /sandbox. Users who
supply custom volumeClaimTemplates are unaffected — the default
workspace is skipped.
Fixes #738
drew
force-pushed
the
738-sandbox-persistence-across-gateway-restart
branch
from
6da0e77 to
38892c3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sandbox pod data was lost whenever the gateway was stopped and restarted. Two independent bugs caused this: k3s used the container ID as its node name (which changes on container recreation, triggering PVC deletion), and sandbox pods had no persistent storage by default.
Related Issue
Fixes #738
Changes
node_name()toconstants.rsand passOPENSHELL_NODE_NAMEenv var to the gateway container. The entrypoint script uses--node-nameso the k3s node identity survives container recreation.clean_stale_nodes()now compares against the expected node name instead of runninghostnameinside the container.volumeClaimTemplatenamed "workspace" mounted at/sandbox. This ensures user files, installed packages, etc. survive pod rescheduling across gateway restarts.Testing
mise run pre-commitpassesChecklist