From faf84592b8b9e116088aecd515ef194b6cbc679c Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Fri, 20 Mar 2026 12:48:44 -0700 Subject: [PATCH 1/4] ci(release): restrict auto-tag to weekdays only --- .github/workflows/release-auto-tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-auto-tag.yml b/.github/workflows/release-auto-tag.yml index 97efa81d..569c3338 100644 --- a/.github/workflows/release-auto-tag.yml +++ b/.github/workflows/release-auto-tag.yml @@ -6,7 +6,7 @@ name: Release Auto-Tag on: workflow_dispatch: {} schedule: - - cron: "0 14 * * *" # 7 AM PDT + - cron: "0 14 * * 1-5" # 7 AM PDT, weekdays only permissions: contents: write From 7aa13c5f6eabeb51f328a7d3d8b34aff802f6e98 Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Fri, 20 Mar 2026 12:52:49 -0700 Subject: [PATCH 2/4] docs(readme): add dev/latest release note and mark GPU as experimental --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1800a468..d022443f 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | uv tool install -U openshell ``` +Both methods install the latest stable release by default. To install a specific version, set `OPENSHELL_VERSION` (binary) or pin the version with `uv tool install openshell==`. The `dev` tag tracks the latest commit on `main` and is used for container images (`ghcr.io/nvidia/openshell/cluster:dev`); it is not recommended for general use. + ### Create a sandbox ```bash @@ -117,7 +119,9 @@ Policies are declarative YAML files. Static sections (filesystem, process) are l Agents need credentials — API keys, tokens, service accounts. OpenShell manages these as **providers**: named credential bundles that are injected into sandboxes at creation. The CLI auto-discovers credentials for recognized agents (Claude, Codex, OpenCode) from your shell environment, or you can create providers explicitly with `openshell provider create`. Credentials never leak into the sandbox filesystem; they are injected as environment variables at runtime. -## GPU Support +## GPU Support (Experimental) + +> **Experimental** — GPU passthrough works on supported hosts but is under active development. Expect rough edges and breaking changes. OpenShell can pass host GPUs into sandboxes for local inference, fine-tuning, or any GPU workload. Add `--gpu` when creating a sandbox: From 54aab73f479dae9109a88bdaa35730a9a173512e Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Fri, 20 Mar 2026 12:58:51 -0700 Subject: [PATCH 3/4] docs(readme): link to dev GitHub release --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d022443f..bf5c4919 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | uv tool install -U openshell ``` -Both methods install the latest stable release by default. To install a specific version, set `OPENSHELL_VERSION` (binary) or pin the version with `uv tool install openshell==`. The `dev` tag tracks the latest commit on `main` and is used for container images (`ghcr.io/nvidia/openshell/cluster:dev`); it is not recommended for general use. +Both methods install the latest stable release by default. To install a specific version, set `OPENSHELL_VERSION` (binary) or pin the version with `uv tool install openshell==`. The [`dev` release](https://github.com/NVIDIA/OpenShell/releases/tag/dev) tracks the latest commit on `main` and is used for container images (`ghcr.io/nvidia/openshell/cluster:dev`); it is not recommended for general use. ### Create a sandbox From 65257b4e6f33f9186dc2f05c50fd378d8dfa18df Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Fri, 20 Mar 2026 13:18:04 -0700 Subject: [PATCH 4/4] readme updates --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bf5c4919..88ef9117 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ OpenShell is built agent-first. The project ships with agent skills for everythi ## Quickstart - ### Prerequisites - **Docker** — Docker Desktop (or a Docker daemon) must be running. @@ -33,7 +32,7 @@ curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | uv tool install -U openshell ``` -Both methods install the latest stable release by default. To install a specific version, set `OPENSHELL_VERSION` (binary) or pin the version with `uv tool install openshell==`. The [`dev` release](https://github.com/NVIDIA/OpenShell/releases/tag/dev) tracks the latest commit on `main` and is used for container images (`ghcr.io/nvidia/openshell/cluster:dev`); it is not recommended for general use. +Both methods install the latest stable release by default. To install a specific version, set `OPENSHELL_VERSION` (binary) or pin the version with `uv tool install openshell==`. A [`dev` release](https://github.com/NVIDIA/OpenShell/releases/tag/dev) is also available that tracks the latest commit on `main`. ### Create a sandbox @@ -141,7 +140,7 @@ The CLI auto-bootstraps a GPU-enabled gateway on first use. GPU intent is also i | [OpenCode](https://opencode.ai/) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | Works out of the box. Provider uses `OPENAI_API_KEY` or `OPENROUTER_API_KEY`. | | [Codex](https://developers.openai.com/codex) | [`base`](https://github.com/NVIDIA/OpenShell-Community/tree/main/sandboxes/base) | Works out of the box. Provider uses `OPENAI_API_KEY`. | | [OpenClaw](https://openclaw.ai/) | [Community](https://github.com/NVIDIA/OpenShell-Community) | Launch with `openshell sandbox create --from openclaw`. | -| [Ollama](https://ollama.com/) | [Community](https://github.com/NVIDIA/OpenShell-Community) | Launch with `openshell sandbox create --from ollama`. | +| [Ollama](https://ollama.com/) | [Community](https://github.com/NVIDIA/OpenShell-Community) | Launch with `openshell sandbox create --from ollama`. | ## Key Commands