Skip to content

feat(providers): add custom profile registry#1170

Open
johntmyers wants to merge 2 commits intomainfrom
feat/1081-provider-profile-registry/johntmyers
Open

feat(providers): add custom profile registry#1170
johntmyers wants to merge 2 commits intomainfrom
feat/1081-provider-profile-registry/johntmyers

Conversation

@johntmyers
Copy link
Copy Markdown
Collaborator

@johntmyers johntmyers commented May 5, 2026
edited
Loading

Summary

Adds a custom provider profile registry on top of the built-in YAML profile catalog so profiles can be exported, linted, imported, listed, retrieved, and deleted incrementally.

Closes #1081

UX Changes

  • openshell provider list-profiles now supports -o table|yaml|json; table remains the default for browsing.
  • New openshell provider profile export <id> -o yaml|json; YAML is the default authoring/export format.
  • New openshell provider profile import -f <file> for single-profile import.
  • New openshell provider profile import --from <directory> for non-recursive bulk import of *.yaml, *.yml, and *.json profile files.
  • New openshell provider profile lint -f <file> and openshell provider profile lint --from <directory> to validate profile files without registering them.
  • New openshell provider profile delete <id> for deleting registered custom profiles.
  • Built-in profiles remain read-only: imports cannot overwrite them, and delete returns a clear error.
  • Deleting a custom profile fails while any sandbox attaches a provider whose Provider.type matches that profile id.
  • Import/lint reports an aggregated diagnostic summary instead of failing one issue at a time.
  • Existing provider runtime credential injection is unchanged by this PR.

Changes

  • Added provider profile import/lint/delete gRPC APIs and StoredProviderProfile object metadata support.
  • Stores custom profiles in the existing objects table with object_type = "provider_profile"; no new tables or migrations.
  • Merges built-in and custom profiles in list/get, while rejecting built-in overwrite/delete.
  • Blocks custom profile deletion when any sandbox attaches a provider whose Provider.type matches the profile id.
  • Adds CLI UX for openshell provider list-profiles -o table|yaml|json and openshell provider profile export|import|lint|delete.
  • Adds YAML/JSON profile DTO round-tripping plus aggregated semantic validation diagnostics.
  • Extends provider v2 JIT policy composition to resolve custom profile layers from the registry.
  • Updates internal provider architecture notes; published docs/* updates remain out of scope for this issue.

Testing

  • RUSTC_WRAPPER= cargo check -p openshell-cli -p openshell-server -p openshell-providers
  • RUSTC_WRAPPER= cargo test -p openshell-providers profile
  • RUSTC_WRAPPER= cargo test -p openshell-server grpc::provider::tests::
  • RUSTC_WRAPPER= cargo test -p openshell-server provider_policy_layers_include_custom_provider_profiles
  • RUSTC_WRAPPER= cargo test -p openshell-cli provider_
  • mise run pre-commit

Checklist

  • Tests added/updated
  • Internal architecture docs updated
  • Published docs intentionally deferred
  • No new provider-profile storage table added

@johntmyers johntmyers mentioned this pull request May 5, 2026
Open
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: support custom provider profile import and export

1 participant

@johntmyers