feat: add AGX microVM SSH-lease provider#351
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed June 24, 2026, 12:08 PM ET / 16:08 UTC. Summary Reproducibility: not applicable. this is a new provider feature, not a bug report. The relevant validation path is the documented live AGX smoke run, and that proof has not been posted. Review metrics: 3 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Keep the PR open until someone with AGX access posts redacted live-smoke proof and a maintainer explicitly accepts or rejects the SSH-only, local-release provider contract. Do we have a high-confidence way to reproduce the issue? Not applicable: this is a new provider feature, not a bug report. The relevant validation path is the documented live AGX smoke run, and that proof has not been posted. Is this the best way to solve the issue? Unclear until signoff: the SSH-only adapter matches the public AGX shape and is reasonably hardened, but it should not merge without live AGX proof and maintainer acceptance of the local-only lifecycle contract. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 0ec69d642764. Label changesLabel justifications:
Evidence reviewedSecurity concerns:
Acceptance criteria:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
Updated the provider to match AGX's published interface after checking their docs. Research finding: AGX (agx.so) currently publishes no control-plane API, auth contract, or CLI — only the SSH connection shape Change: the first draft invented a
Still pending a maintainer/product decision (the original issue is tagged Verified: |
354d84d to
eae0306
Compare
|
Updated this PR to current Head: Changes made:
Local verification run from the repaired branch: Public CI is green across Go, Apple VZ, Worker, Scripts, Docs, and Release Check. Remaining blocker: I did not merge this because the PR still needs real AGX behavior proof and provider-contract/product signoff. I do not have live AGX access to prove warmup/status/run/stop against the real workspace gateway. @clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Pushed the remaining docs repair for the concrete review finding. Head: Change made:
ssh:
key: ~/.ssh/id_ed25519Local validation passed: Still not merging: real AGX warmup/status/run/stop proof and provider-contract/product signoff remain missing. |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
Public CI is now green on current head Still not merging: real AGX warmup/status/run/stop proof and provider-contract/product signoff remain missing, with |
Add `provider: agx` for direct AGX (https://www.agx.so) Linux microVM leases. AGX exposes fast-booting microVMs over a workspace SSH gateway (ssh <user>+<instance>@workspace.agx.so), so this is an SSH-lease backend: core keeps ownership of slugs, per-repo claims, per-lease keys, rsync sync, command streaming, and list/status rendering, while the adapter owns the AGX control-plane instance lifecycle and key registration. - internal/providers/agx: provider.go (registration + Spec), backend.go (Acquire/Resolve/List/Doctor/ReleaseLease/Touch/Cleanup + flags), client.go (provisional /v1/instances control-plane client), core.go (core helper wrappers), and fake-client tests that run without live credentials. - Register in internal/providers/all and add an AGXConfig surface (env/file/flags) with the API key read only from the environment. - Docs: docs/providers/agx.md, provider-metadata.json, regenerated provider matrix, README provider table, source-map, and a CHANGELOG entry. AGX is early access (ships Summer 2026) and does not publish a stable control-plane contract yet, so the /v1/instances API modeled here is provisional and overridable via --agx-api-url / --agx-workspace. Closes openclaw#341 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Research against AGX's published material (agx.so + Loophole Labs) found no control-plane API, auth contract, or CLI — only the SSH connection shape `ssh <user>+<instance>@workspace.agx.so` and the explicit stance "no SDK required, no custom client — if it can ssh, it can work on AGX." The first draft's invented /v1/instances REST client + API key contradicted that, so this reworks the provider to commit only to the documented interface: - Remove the REST control-plane client and API-key requirement; authenticate with the operator's own SSH key (cfg.SSHKey), as AGX onboarding registers it. - Provision on connect: build the `<user>+<instance>` SSH target and wait for readiness; the slug is the stable instance name. - Back List/Resolve with local lease claims and make release local-only (AGX reclaims idle sandboxes); drop FeatureCleanup since there is no inventory API. - Trim AGXConfig to workspace/user/workRoot (no token/apiUrl/region/image). - Update tests (no fake HTTP client), docs, provider metadata, and the regenerated matrix; document the early-access unknowns and cite Drafter. Closes openclaw#341 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ff6fb8c to
b14dfca
Compare
|
Rebased this PR onto current New head: Conflict resolution kept AWS Lambda MicroVM and AGX in generated provider docs. Provider matrix now reports Local validation on the rebased head: Still not merging: live AGX warmup/status/run/stop proof and auth/security-boundary gates are still required. |
|
Public CI is green on rebased head Green checks: Go, Apple VZ, Worker, Scripts, Docs, and Release Check. Merge state is clean. Still not merging: |
|
Public CI is green on current head Green checks: Go, Apple VZ, Worker, Scripts, Docs, and Release Check. This includes the new AGX live-smoke harness coverage. Still not merging: |
|
@clawsweeper re-review Updated the PR body with the canonical summary, validation evidence, and remaining merge gate for current head. No code changes in this update. Still not merging unless the live proof labels clear and the provider-specific proof/contract gate is satisfied. |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Follow-up repair pushed at What changed:
Validation run locally on current head:
I still cannot provide live AGX gateway proof without an AGX-registered SSH key, so this should not be treated as live-provider validation. The security-boundary/auth-provider labels should stay until reviewer acceptance decides the credentials-free proof is sufficient or someone can run the AGX live smoke. |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Follow-up maintainer repair pushed in abeb2cba43083224966d94bdf1e08ef490f2809a. What changed:
Validation:
Still not merge-ready: I still cannot provide live AGX gateway proof without an AGX-registered SSH key, so |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Updated the PR body to reflect that public CI is green on current head No code changes in this update. Remaining gate is still redacted live AGX gateway proof plus maintainer acceptance of the early-access SSH-only provider contract. |
|
Closing this implementation PR while keeping #341 open for a future stable AGX integration. AGX remains an early-access SSH gateway rather than a provider lifecycle API. This branch can synthesize a gateway target, but it cannot inventory, create, verify ownership of, or delete a remote instance; Thanks for the focused provider work and the later validation hardening. This lane can reopen when AGX publishes a stable onboarding/control-plane contract—or a documented gateway lifecycle with authoritative remote status and cleanup—and we can prove it end to end against a real workspace. |
Closes #341
Summary
Adds an early-access AGX Linux SSH-lease provider using AGX's documented SSH gateway shape.
provider: agxas a direct, Linux-only SSH-lease backend.<user>+<instance>@<workspace>SSH targets from the Crabbox slug and configured AGX workspace gateway.ssh,status,list, and local release.Maintainer repairs on top of the contributor branch hardened the security boundary:
agx.usermust be a plain SSH login name, rejecting option-shaped values, whitespace/control characters, and gateway separators.agx.workspacemust be a bare hostname, rejecting URLs, ports, userinfo, paths, whitespace/control characters, and option-shaped values.Current Verification
Local validation on current head
abeb2cba3e8ae2509eb48c98dc338da191ec46d4:Earlier validation on the repaired branch also passed:
Public CI is green on current head:
https://github.com/openclaw/crabbox/actions/runs/28109944795
Remaining Merge Gate
Do not merge while
status: needs proof,merge-risk: auth-provider, ormerge-risk: security-boundaryremain.This still needs redacted live AGX proof against the real workspace gateway:
Required proof should show
doctor,warmup,status --wait, SSH command rendering, one synced command, history/log capture,stop, and expected local-release/AGX-idle-reclaim behavior. Maintainers also need to accept the early-access SSH-only provider contract before merge.