feat(helm): add optional PostgreSQL backing store with Secret-based credentials

Add postgres.enabled toggle supporting three modes: SQLite (default),
bundled Bitnami PostgreSQL (internal), and external PostgreSQL. Database
credentials are stored in a Kubernetes Secret and injected via the
OPENSHELL_DB_URL env var to avoid exposing passwords in CLI args, pod
specs, or process listings. Passwords are URL-encoded via urlquery, and
required guards prevent misconfiguration (missing password or host).

Author: sauagarwa

.agents/skills/deploy-openshell-cluster/SKILL.md

@@ -0,0 +1,215 @@
+---
+name: deploy-openshell-cluster
+description: Deploy OpenShell gateway with Helm on Kubernetes or OpenShift, auto-detect cluster type, apply OpenShift-only SCC/security overrides when needed, and configure SQLite or PostgreSQL persistence. Use when the user asks to deploy OpenShell to a cluster, reinstall the Helm release, or enable postgres.enabled with internal or external mode.
+---
+
+# Deploy OpenShell Cluster
+
+Use `deploy/helm/openshell/README.md` as the source of truth, then apply this workflow.
+
+Default behavior:
+
+- SQLite by default (`postgres.enabled=false`)
+- Optional PostgreSQL (`postgres.enabled=true`) via:
+  - `postgres.mode=internal` (deploy bundled Postgres dependency)
+  - `postgres.mode=external` (use external database settings)
+
+## Inputs
+
+```bash
+NAMESPACE="${NAMESPACE:-openshell}"
+RELEASE_NAME="${RELEASE_NAME:-openshell}"
+CHART_REF="${CHART_REF:-oci://ghcr.io/nvidia/openshell/helm-chart}"
+CHART_VERSION="${CHART_VERSION:-}"
+GATEWAY_TAG="${GATEWAY_TAG:-}"                 # e.g. dev or fa84e437...
+POSTGRES_ENABLED="${POSTGRES_ENABLED:-false}"   # true|false
+POSTGRES_MODE="${POSTGRES_MODE:-internal}"      # internal|external
+POSTGRES_DB="${POSTGRES_DB:-openshell}"
+POSTGRES_USER="${POSTGRES_USER:-openshell}"
+POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-}"       # required when postgres is enabled
+POSTGRES_HOST="${POSTGRES_HOST:-}"               # required for external mode
+POSTGRES_PORT="${POSTGRES_PORT:-5432}"
+```
+
+## Step 1: Verify cluster login
+
+Before any deployment action, confirm the user is authenticated to a cluster.
+
+```bash
+if ! kubectl auth can-i get pods >/dev/null 2>&1; then
+  echo "Not authenticated to a Kubernetes/OpenShift cluster."
+  echo "Please log in first (for OpenShift: oc login <api-server>), then retry."
+  exit 1
+fi
+```
+
+If the check fails, stop and ask the user to log in before continuing.
+
+## Step 2: Choose namespace (with upgrade prompt)
+
+Namespace selection rules:
+
+1. If user explicitly provides a namespace, use it.
+2. If user does not provide a namespace, default to `openshell`.
+3. If `openshell` already has a running gateway and user did not explicitly ask for upgrade, ask:
+   - upgrade existing deployment in `openshell`, or
+   - deploy fresh into a new namespace.
+
+Detect existing gateway in `openshell`:
+
+```bash
+EXISTING_IN_OPENSHIFT=false
+if helm status openshell -n openshell >/dev/null 2>&1; then
+  EXISTING_IN_OPENSHIFT=true
+elif kubectl get statefulset openshell -n openshell >/dev/null 2>&1; then
+  EXISTING_IN_OPENSHIFT=true
+fi
+```
+
+When `EXISTING_IN_OPENSHIFT=true` and namespace was not explicitly specified, stop and ask the user for a choice before proceeding.
+
+## Step 3: Select gateway/chart version
+
+If user explicitly provides `GATEWAY_TAG`, use it.
+
+If user explicitly provides `CHART_VERSION`, use it as-is.
+
+If neither `GATEWAY_TAG` nor `CHART_VERSION` is provided:
+
+1. Fetch recent gateway tags from [GHCR package page](https://github.com/nvidia/OpenShell/pkgs/container/openshell%2Fgateway) (or equivalent API/CLI output).
+2. Ask the user which tag to deploy.
+3. Convert chosen gateway tag to Helm chart dev format:
+   - gateway tag `dev` -> `CHART_VERSION=0.0.0-dev`
+   - gateway tag `<tag>` (commit-like or custom) -> `CHART_VERSION=0.0.0-<tag>`
+
+Example prompt to user:
+
+- "I found recent gateway tags: `dev`, `fa84e437...`, `3460e5fd...`. Which one should I deploy?"
+
+If user does not choose, default to:
+
+```bash
+GATEWAY_TAG="dev"
+CHART_VERSION="0.0.0-dev"
+```
+
+If `GATEWAY_TAG` is provided and `CHART_VERSION` is empty:
+
+```bash
+CHART_VERSION="0.0.0-${GATEWAY_TAG}"
+```
+
+If `CHART_VERSION` is provided and `GATEWAY_TAG` is empty, derive `GATEWAY_TAG` when possible:
+
+```bash
+case "${CHART_VERSION}" in
+  0.0.0-*) GATEWAY_TAG="${CHART_VERSION#0.0.0-}" ;;
+  *) GATEWAY_TAG="dev" ;;  # fallback
+esac
+```
+
+## Step 4: Detect cluster type
+
+```bash
+CLUSTER_TYPE="kubernetes"
+if kubectl get clusterversion version >/dev/null 2>&1; then
+  CLUSTER_TYPE="openshift"
+fi
+echo "Detected cluster type: ${CLUSTER_TYPE}"
+```
+
+## Step 5: Install shared prerequisites
+
+```bash
+kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/latest/download/manifest.yaml
+kubectl get namespace "${NAMESPACE}" >/dev/null 2>&1 || kubectl create namespace "${NAMESPACE}"
+```
+
+## Step 6: Apply OpenShift-only prerequisites
+
+Run only when `CLUSTER_TYPE=openshift`.
+
+```bash
+if [ "${CLUSTER_TYPE}" = "openshift" ]; then
+  oc adm policy add-scc-to-user privileged -z openshell-sandbox -n "${NAMESPACE}"
+
+  # The PKI init job is disabled on OpenShift (SCC constraints), but the
+  # gateway still needs JWT signing keys for per-sandbox authentication.
+  # Generate them manually if the Secret does not already exist.
+  JWT_SECRET="${RELEASE_NAME}-jwt-keys"
+  if ! kubectl get secret "${JWT_SECRET}" -n "${NAMESPACE}" >/dev/null 2>&1; then
+    TMPDIR=$(mktemp -d)
+    openssl genpkey -algorithm Ed25519 -out "${TMPDIR}/signing.pem"
+    openssl pkey -in "${TMPDIR}/signing.pem" -pubout -out "${TMPDIR}/public.pem"
+    openssl rand -hex 16 > "${TMPDIR}/kid"
+    kubectl create secret generic "${JWT_SECRET}" -n "${NAMESPACE}" \
+      --from-file=signing.pem="${TMPDIR}/signing.pem" \
+      --from-file=public.pem="${TMPDIR}/public.pem" \
+      --from-file=kid="${TMPDIR}/kid"
+    rm -rf "${TMPDIR}"
+    echo "Created JWT signing secret ${JWT_SECRET}"
+  else
+    echo "JWT signing secret ${JWT_SECRET} already exists"
+  fi
+fi
+```
+
+## Step 7: Deploy Helm release
+
+```bash
+HELM_ARGS=(
+  upgrade --install "${RELEASE_NAME}" "${CHART_REF}"
+  --version "${CHART_VERSION}"
+  --namespace "${NAMESPACE}"
+  --set "image.tag=${GATEWAY_TAG}"
+  --set "supervisor.image.tag=${GATEWAY_TAG}"
+  --set "postgres.enabled=${POSTGRES_ENABLED}"
+  --wait
+)
+
+if [ "${POSTGRES_ENABLED}" = "true" ]; then
+  HELM_ARGS+=(--set "postgres.mode=${POSTGRES_MODE}")
+  if [ "${POSTGRES_MODE}" = "external" ]; then
+    HELM_ARGS+=(
+      --set "postgres.external.host=${POSTGRES_HOST}"
+      --set "postgres.external.port=${POSTGRES_PORT}"
+      --set "postgres.external.username=${POSTGRES_USER}"
+      --set "postgres.external.password=${POSTGRES_PASSWORD}"
+      --set "postgres.external.database=${POSTGRES_DB}"
+    )
+  else
+    HELM_ARGS+=(
+      --set "postgres.auth.username=${POSTGRES_USER}"
+      --set "postgres.auth.password=${POSTGRES_PASSWORD}"
+      --set "postgres.auth.database=${POSTGRES_DB}"
+    )
+  fi
+fi
+
+if [ "${CLUSTER_TYPE}" = "openshift" ]; then
+  HELM_ARGS+=(
+    --set pkiInitJob.enabled=false
+    --set server.disableTls=true
+    --set podSecurityContext.fsGroup=null
+    --set securityContext.runAsUser=null
+  )
+fi
+
+helm "${HELM_ARGS[@]}"
+```
+
+This keeps Kubernetes installs aligned with the README default `helm install` path and applies OpenShift-specific overrides only on OpenShift.
+
+## Step 8: Verify deployment
+
+```bash
+kubectl get pods -n "${NAMESPACE}"
+kubectl rollout status statefulset/"${RELEASE_NAME}" -n "${NAMESPACE}"
+helm get values "${RELEASE_NAME}" -n "${NAMESPACE}"
+```
+
+Check persistence mode:
+
+- SQLite default: `postgres.enabled=false`
+- Internal Postgres: `postgres.enabled=true`, `postgres.mode=internal`
+- External Postgres: `postgres.enabled=true`, `postgres.mode=external`

.gitignore

@@ -187,6 +187,9 @@ rootfs/
 # Docker build artifacts (image tarballs, packaged helm charts)
 deploy/docker/.build/
 
+# Helm subchart tarballs (regenerated by `helm dependency build`)
+deploy/helm/openshell/charts/
+
 # SBOM generated output (JSON, CSV) — release artifacts, not committed
 deploy/sbom/output/
 

CONTRIBUTING.md

@@ -78,6 +78,7 @@ Skills live in `.agents/skills/`. Your agent's harness can discover and load the
 | Reviewing       | `test-release-canary`     | Dispatch and iterate on the Release Canary workflow that smoke-tests published artifacts            |
 | Triage          | `triage-issue`            | Assess, classify, and route community-filed issues                                                  |
 | Platform        | `generate-sandbox-policy` | Generate YAML sandbox policies from requirements or API docs                                        |
+| Platform        | `deploy-openshell-cluster`| Deploy OpenShell gateway on Kubernetes or OpenShift with optional PostgreSQL settings               |
 | Platform        | `tui-development`         | Development guide for the ratatui-based terminal UI                                                 |
 | Documentation   | `update-docs`             | Scan recent commits and draft doc updates for user-facing changes                                   |
 | Maintenance     | `sync-agent-infra`        | Detect and fix drift across agent-first infrastructure files                                        |

deploy/helm/openshell/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 18.6.7
+digest: sha256:e4df764483edb0695ac56dd4e27eb3a225a9c0b0ef52a8b60e3e0b51e36153ab
+generated: "2026-05-26T16:28:10.636508-04:00"

deploy/helm/openshell/Chart.yaml

@@ -11,3 +11,9 @@ type: application
 # empty), so a released chart automatically pulls the matching gateway and supervisor images.
 version: 0.0.0
 appVersion: "0.0.0"
+dependencies:
+  - name: postgresql
+    version: 18.6.7
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: postgres.enabled
+    alias: postgres

deploy/helm/openshell/README.md

@@ -58,6 +58,47 @@ See [`values.yaml`](values.yaml) for source defaults. Selected overlays:
 - [`ci/values-cert-manager.yaml`](ci/values-cert-manager.yaml) - cert-manager integration
 - [`ci/values-keycloak.yaml`](ci/values-keycloak.yaml) - Keycloak OIDC integration
 
+### Database backend
+
+By default, OpenShell uses SQLite:
+
+```yaml
+server:
+  dbUrl: "sqlite:/var/openshell/openshell.db"
+postgres:
+  enabled: false
+```
+
+Enable bundled PostgreSQL:
+
+```bash
+helm install openshell oci://ghcr.io/nvidia/openshell/helm-chart --version <version> \
+  --set postgres.enabled=true \
+  --set postgres.auth.password=my-secret-password
+```
+
+Use external PostgreSQL:
+
+```bash
+helm install openshell oci://ghcr.io/nvidia/openshell/helm-chart --version <version> \
+  --set postgres.enabled=true \
+  --set postgres.mode=external \
+  --set postgres.external.host=my-postgres.example.com \
+  --set postgres.external.port=5432 \
+  --set postgres.external.database=openshell \
+  --set postgres.external.username=openshell \
+  --set postgres.external.password=my-password
+```
+
+Or provide a full connection URL directly:
+
+```bash
+helm install openshell oci://ghcr.io/nvidia/openshell/helm-chart --version <version> \
+  --set postgres.enabled=true \
+  --set postgres.mode=external \
+  --set postgres.external.url="postgres://user:pass@host:5432/db?sslmode=require"
+```
+
 ## PKI bootstrap
 
 By default, a pre-install/pre-upgrade hook Job runs `openshell-gateway generate-certs`

deploy/helm/openshell/templates/_helpers.tpl

@@ -102,6 +102,32 @@ Namespace where sandbox pods are created. An explicit
 {{- .Values.server.sandboxNamespace | default .Release.Namespace -}}
 {{- end }}
 
+{{/*
+Gateway database URL.
+- postgres.enabled=false: use .Values.server.dbUrl (default sqlite)
+- postgres.enabled=true + mode=internal: derive URL from bundled postgres service
+- postgres.enabled=true + mode=external: use external.url or compose external fields
+*/}}
+{{- define "openshell.dbUrl" -}}
+{{- if .Values.postgres.enabled -}}
+{{- if eq (default "internal" .Values.postgres.mode) "external" -}}
+{{- if .Values.postgres.external.url -}}
+{{- .Values.postgres.external.url -}}
+{{- else -}}
+{{- $host := required "postgres.external.host is required when postgres.mode=external and no postgres.external.url is provided" .Values.postgres.external.host -}}
+{{- $pw := required "postgres.external.password is required when postgres.mode=external and no postgres.external.url is provided" .Values.postgres.external.password -}}
+{{- printf "postgres://%s:%s@%s:%d/%s" (.Values.postgres.external.username | urlquery) ($pw | urlquery) $host (int (default 5432 .Values.postgres.external.port)) .Values.postgres.external.database -}}
+{{- end -}}
+{{- else -}}
+{{- $pw := required "postgres.auth.password must be set when postgres.enabled=true" .Values.postgres.auth.password -}}
+{{- $host := .Values.postgres.host | default (printf "%s-postgres.%s.svc.cluster.local" .Release.Name .Release.Namespace) -}}
+{{- printf "postgres://%s:%s@%s:%d/%s" (.Values.postgres.auth.username | urlquery) ($pw | urlquery) $host (int .Values.postgres.port) .Values.postgres.auth.database -}}
+{{- end -}}
+{{- else -}}
+{{- .Values.server.dbUrl -}}
+{{- end -}}
+{{- end }}
+
 {{/*
 gRPC endpoint sandbox pods use to call back into the gateway. An explicit
 .Values.server.grpcEndpoint is used verbatim. Otherwise it is derived from

deploy/helm/openshell/templates/db-secret.yaml

@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.postgres.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "openshell.fullname" . }}-db
+  labels:
+    {{- include "openshell.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  db-url: {{ include "openshell.dbUrl" . | quote }}
+{{- end }}

deploy/helm/openshell/templates/gateway-config.yaml

@@ -8,7 +8,8 @@ at startup. CLI flags and OPENSHELL_* env vars on the StatefulSet container
 still override anything in this file.
 
 One value is intentionally NOT rendered here:
-  - server.dbUrl              → passed via --db-url in the StatefulSet args
+  - server.dbUrl              → passed via OPENSHELL_DB_URL env var (from Secret)
+                                 when postgres.enabled=true, or --db-url arg for SQLite
 */}}
 apiVersion: v1
 kind: ConfigMap

deploy/helm/openshell/templates/statefulset.yaml

@@ -21,6 +21,9 @@ spec:
         # without this annotation a `helm upgrade` that only mutates the
         # ConfigMap would leave pods running with stale config.
         checksum/gateway-config: {{ include (print $.Template.BasePath "/gateway-config.yaml") . | sha256sum }}
+        {{- if .Values.postgres.enabled }}
+        checksum/db-secret: {{ include (print $.Template.BasePath "/db-secret.yaml") . | sha256sum }}
+        {{- end }}
         {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -54,9 +57,18 @@ spec:
           args:
             - --config
             - /etc/openshell/gateway.toml
+            {{- if not .Values.postgres.enabled }}
             - --db-url
             - {{ .Values.server.dbUrl | quote }}
+            {{- end }}
           env:
+            {{- if .Values.postgres.enabled }}
+            - name: OPENSHELL_DB_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "openshell.fullname" . }}-db
+                  key: db-url
+            {{- end }}
             # All gateway settings live in the ConfigMap-backed TOML file
             # mounted at /etc/openshell/gateway.toml. The only env var below
             # is a process-level setting consumed by libraries outside
@@ -137,7 +149,7 @@ spec:
         - name: sandbox-jwt
           secret:
             secretName: {{ .Values.server.sandboxJwt.signingSecretName | default (printf "%s-jwt-keys" (include "openshell.fullname" .)) }}
-            defaultMode: 0400
+            defaultMode: 0444
         {{- if not .Values.server.disableTls }}
         - name: tls-cert
           secret: