Problem Statement
OpenShell needs a supported way for operators and external integrators to customize gateway behavior without forking the gateway or adding organization-specific logic to compute drivers.
Examples include enforcing naming conventions, limiting sandbox creation per user, rejecting custom sandbox policies in managed deployments, constraining driver config payloads, and resolving providers or policy defaults from external systems.
Today these controls would need to be hardcoded into gateway handlers or pushed into drivers, which mixes responsibilities and makes deployment-specific policy difficult to maintain.
Proposed Design
We will put together an RFC for gateway hook extension points.
The RFC should explore operation hooks for gateway API workflows and resolution hooks for gateway-owned lookups such as providers, provider profiles, policies, and defaults.
Problem Statement
OpenShell needs a supported way for operators and external integrators to customize gateway behavior without forking the gateway or adding organization-specific logic to compute drivers.
Examples include enforcing naming conventions, limiting sandbox creation per user, rejecting custom sandbox policies in managed deployments, constraining driver config payloads, and resolving providers or policy defaults from external systems.
Today these controls would need to be hardcoded into gateway handlers or pushed into drivers, which mixes responsibilities and makes deployment-specific policy difficult to maintain.
Proposed Design
We will put together an RFC for gateway hook extension points.
The RFC should explore operation hooks for gateway API workflows and resolution hooks for gateway-owned lookups such as providers, provider profiles, policies, and defaults.