Problem Statement
OpenShell needs a supported way for operators and external integrators to customize gateway behavior without forking the gateway or adding organization-specific logic to compute drivers.
Examples include enforcing naming conventions, limiting sandbox creation per user, rejecting custom sandbox policies in managed deployments, constraining driver config payloads, and verifying policy writes against external authorities before accepting them.
Today these controls would need to be hardcoded into gateway handlers or pushed into drivers, which mixes responsibilities and makes deployment-specific policy difficult to maintain.
Proposed Design
We will put together RFC 0006 for Gateway Interceptors.
The RFC should explore operation interceptors for gateway API workflows. Interceptors add business logic around gateway operations while drivers remain responsible for replacing or providing platform functionality. The gateway database should remain the system of record; external systems should reconcile desired state through existing OpenShell APIs rather than participating in live gateway lookup paths.
Problem Statement
OpenShell needs a supported way for operators and external integrators to customize gateway behavior without forking the gateway or adding organization-specific logic to compute drivers.
Examples include enforcing naming conventions, limiting sandbox creation per user, rejecting custom sandbox policies in managed deployments, constraining driver config payloads, and verifying policy writes against external authorities before accepting them.
Today these controls would need to be hardcoded into gateway handlers or pushed into drivers, which mixes responsibilities and makes deployment-specific policy difficult to maintain.
Proposed Design
We will put together RFC 0006 for Gateway Interceptors.
The RFC should explore operation interceptors for gateway API workflows. Interceptors add business logic around gateway operations while drivers remain responsible for replacing or providing platform functionality. The gateway database should remain the system of record; external systems should reconcile desired state through existing OpenShell APIs rather than participating in live gateway lookup paths.