# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0

%global crate openshell

# Cargo/Rust builds with vendored deps do not produce debugsource listings
# in the format redhat-rpm-config expects (especially on EPEL).
%global debug_package %{nil}

Name:           openshell
Version:        0.0.23
Release:        1.20260427164042810456.midstream.refactor.2.gce4f90c%{?dist}
Summary:        Safe, sandboxed runtimes for autonomous AI agents

License:        Apache-2.0
URL:            https://github.com/LobsterTrap/OpenShell
Source0: openshell-0.0.23.tar.gz
Source1: openshell-0.0.23-vendor.tar.xz

ExclusiveArch:  x86_64 aarch64

# Rust build dependencies
# NOTE: MSRV is 1.88 (Rust edition 2024). As of mid-2025, this requires
# Fedora Rawhide or newer. Stable Fedora and EPEL-10 may ship older Rust;
# adjust targets in .packit.yaml accordingly or provide a supplementary
# Rust toolchain via additional_repos in the COPR build config.
BuildRequires:  rust >= 1.88
BuildRequires:  cargo
BuildRequires:  gcc
BuildRequires:  gcc-c++
BuildRequires:  make
BuildRequires:  cmake
BuildRequires:  pkg-config
BuildRequires:  clang-devel
BuildRequires:  z3-devel
BuildRequires:  systemd-rpm-macros

# Python sub-package build dependencies
BuildRequires:  python3-devel

# Runtime: container runtime for gateway lifecycle (start/stop/destroy).
# Podman is preferred; Docker is also supported via --container-runtime flag.
Recommends:     podman

%description
OpenShell provides safe, sandboxed runtimes for autonomous AI agents.
It offers a CLI for managing gateways, sandboxes, and providers with
policy-enforced egress routing, credential proxying, and privacy-aware
LLM inference routing.

# --- Gateway sub-package ---
%package gateway
Summary:        OpenShell gateway server with Podman sandbox driver
Requires:       podman
Requires:       %{name} = %{version}-%{release}

%description gateway
OpenShell gateway server providing the control-plane API for sandbox
lifecycle management. This package configures the gateway to use the
Podman compute driver, pulling sandbox and supervisor images from
ghcr.io/lobstertrap/openshell.

# --- Python SDK sub-package ---
%package -n python3-%{name}
Summary:        OpenShell Python SDK for agent execution and management
# Use Recommends instead of Requires because Fedora 43+ ships older
# versions of grpcio (1.48) and protobuf (3.19) than the SDK needs.
# Users on distros with older packages can install these via pip/uv.
Recommends:     python3-cloudpickle >= 3.0
Recommends:     python3-grpcio >= 1.60
Recommends:     python3-protobuf >= 4.25
Recommends:     %{name}

%description -n python3-%{name}
Python SDK for OpenShell providing programmatic access to sandbox
management, agent execution, and inference routing via gRPC.

%prep
%autosetup -n %{name}-%{version}

# Extract vendored Cargo dependencies
tar xf %{SOURCE1}

# Configure Cargo to use vendored dependencies for offline build
mkdir -p .cargo
cat > .cargo/config.toml << 'EOF'
[source.crates-io]
replace-with = "vendored-sources"

[source.vendored-sources]
directory = "vendor"
EOF

# Patch workspace version from placeholder to actual version
sed -i 's/^version = "0.0.0"/version = "%{version}"/' Cargo.toml
grep -q 'version = "%{version}"' Cargo.toml || (echo "ERROR: Cargo.toml version patch failed" && exit 1)

%build
# Build the CLI and gateway binaries
export CARGO_BUILD_JOBS=%{_smp_build_ncpus}
# Set the default container image tag so compiled-in image refs point at
# real tags in the ghcr.io/lobstertrap/openshell registry.
export OPENSHELL_IMAGE_TAG=latest
cargo build --release --bin openshell --bin openshell-gateway

%install
# --- CLI binary ---
install -Dpm 0755 target/release/%{name} %{buildroot}%{_bindir}/%{name}

# --- Gateway binary ---
install -Dpm 0755 target/release/%{name}-gateway %{buildroot}%{_bindir}/%{name}-gateway

# --- Gateway systemd unit ---
install -d %{buildroot}%{_unitdir}
cat > %{buildroot}%{_unitdir}/%{name}-gateway.service << 'EOF'
[Unit]
Description=OpenShell Gateway
Documentation=https://github.com/LobsterTrap/OpenShell
After=network-online.target podman.socket
Wants=podman.socket

[Service]
Type=exec
EnvironmentFile=/etc/sysconfig/openshell-gateway
ExecStart=/usr/bin/openshell-gateway
StateDirectory=openshell
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

# --- Gateway environment file ---
# Provides defaults for the Podman driver and GHCR image references.
# Admins can override these values by editing this file.
install -d %{buildroot}%{_sysconfdir}/sysconfig
cat > %{buildroot}%{_sysconfdir}/sysconfig/%{name}-gateway << 'EOF'
# OpenShell Gateway configuration
# See: openshell-gateway --help for all available options.

# Compute driver: use Podman for sandbox container lifecycle.
OPENSHELL_DRIVERS=podman

# Database URL for gateway state persistence.
OPENSHELL_DB_URL=sqlite:///var/lib/openshell/gateway.db

# Supervisor image mounted into sandbox containers.
OPENSHELL_SUPERVISOR_IMAGE=ghcr.io/lobstertrap/openshell/supervisor:latest

# Default sandbox base image.
OPENSHELL_SANDBOX_IMAGE=ghcr.io/nvidia/openshell-community/sandboxes/base:latest

# Disable TLS for local single-node operation.
# For production, comment this out and configure --tls-cert, --tls-key,
# and --tls-client-ca.
OPENSHELL_DISABLE_TLS=true
EOF

# --- Gateway state directory ---
install -d %{buildroot}%{_sharedstatedir}/%{name}

# --- Python SDK ---
# Install Python SDK modules (test files are intentionally excluded)
install -d %{buildroot}%{python3_sitelib}/%{name}
install -d %{buildroot}%{python3_sitelib}/%{name}/_proto

install -pm 0644 python/%{name}/__init__.py %{buildroot}%{python3_sitelib}/%{name}/
install -pm 0644 python/%{name}/sandbox.py %{buildroot}%{python3_sitelib}/%{name}/
install -pm 0644 python/%{name}/_proto/__init__.py %{buildroot}%{python3_sitelib}/%{name}/_proto/
install -pm 0644 python/%{name}/_proto/*.py %{buildroot}%{python3_sitelib}/%{name}/_proto/

# Create dist-info so importlib.metadata can resolve the package version
install -d %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info
cat > %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info/METADATA << EOF
Metadata-Version: 2.1
Name: %{name}
Version: 0.0.23
Summary: OpenShell Python SDK for agent execution and management
License: Apache-2.0
Requires-Python: >=3.12
Requires-Dist: cloudpickle>=3.0
Requires-Dist: grpcio>=1.60
Requires-Dist: protobuf>=4.25
EOF

# INSTALLER marker per PEP 376
echo "rpm" > %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info/INSTALLER

# RECORD can be empty for RPM-managed installs
touch %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info/RECORD

%check
# Smoke-test the CLI binary
%{buildroot}%{_bindir}/%{name} --version

# Smoke-test the gateway binary
%{buildroot}%{_bindir}/%{name}-gateway --version

# Smoke-test the Python SDK version metadata via importlib.metadata.
# We query the dist-info directly rather than importing the package because
# the full import pulls in grpcio and other runtime deps not present in the
# build environment.
PYTHONPATH=%{buildroot}%{python3_sitelib} %{python3} -c "from importlib.metadata import version; v = version('openshell'); print(v); assert v == '%{version}', f'expected %{version}, got {v}'"

%post gateway
%systemd_post %{name}-gateway.service

%preun gateway
%systemd_preun %{name}-gateway.service

%postun gateway
%systemd_postun_with_restart %{name}-gateway.service

%files
%license LICENSE
%doc README.md
%{_bindir}/%{name}

%files gateway
%license LICENSE
%{_bindir}/%{name}-gateway
%{_unitdir}/%{name}-gateway.service
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-gateway
%dir %{_sharedstatedir}/%{name}

%files -n python3-%{name}
%license LICENSE
%{python3_sitelib}/%{name}/
%{python3_sitelib}/%{name}-%{version}.dist-info/

%changelog
%autochangelog