fix(server): allow sandbox inference bundle fetch

TaylorMutch · TaylorMutch · commit 537baf15fa92 · 2026-05-19T15:25:40.000-07:00
diff --git a/crates/openshell-server/src/auth/sandbox_methods.rs b/crates/openshell-server/src/auth/sandbox_methods.rs
@@ -21,6 +21,7 @@ const ALLOWED_SANDBOX_METHODS: &[&str] = &[
     "/openshell.v1.OpenShell/PushSandboxLogs",
     "/openshell.v1.OpenShell/SubmitPolicyAnalysis",
     "/openshell.v1.OpenShell/GetDraftPolicy",
+    "/openshell.inference.v1.Inference/GetInferenceBundle",
 ];
 
 pub fn is_sandbox_callable(path: &str) -> bool {
@@ -40,6 +41,9 @@ mod tests {
         assert!(is_sandbox_callable(
             "/openshell.v1.OpenShell/GetSandboxConfig"
         ));
+        assert!(is_sandbox_callable(
+            "/openshell.inference.v1.Inference/GetInferenceBundle"
+        ));
     }
 
     #[test]
@@ -56,5 +60,11 @@ mod tests {
         assert!(!is_sandbox_callable(
             "/openshell.v1.OpenShell/ApproveDraftChunk"
         ));
+        assert!(!is_sandbox_callable(
+            "/openshell.inference.v1.Inference/GetClusterInference"
+        ));
+        assert!(!is_sandbox_callable(
+            "/openshell.inference.v1.Inference/SetClusterInference"
+        ));
     }
 }
diff --git a/crates/openshell-server/src/multiplex.rs b/crates/openshell-server/src/multiplex.rs
@@ -1019,13 +1019,36 @@ mod tests {
             ));
         }
 
+        #[tokio::test]
+        async fn sandbox_principal_can_fetch_inference_bundle() {
+            let mock = Arc::new(MockAuthenticator::returning(Ok(Some(sandbox_principal()))));
+            let chain = AuthenticatorChain::new(vec![mock]);
+            let (recorder, seen) = PrincipalRecorder::new();
+            let mut router = AuthGrpcRouter::new(recorder, Some(chain), None);
+
+            let res = router
+                .call(empty_request(
+                    "/openshell.inference.v1.Inference/GetInferenceBundle",
+                ))
+                .await
+                .unwrap();
+
+            assert_eq!(res.status(), 200);
+            assert!(matches!(
+                seen.lock().unwrap().as_ref(),
+                Some(Principal::Sandbox(_))
+            ));
+        }
+
         #[tokio::test]
         async fn sandbox_principal_is_denied_on_user_and_admin_methods() {
             for path in [
                 "/openshell.v1.OpenShell/ListSandboxes",
                 "/openshell.v1.OpenShell/DeleteSandbox",
                 "/openshell.v1.OpenShell/CreateProvider",
                 "/openshell.v1.OpenShell/ApproveDraftChunk",
+                "/openshell.inference.v1.Inference/GetClusterInference",
+                "/openshell.inference.v1.Inference/SetClusterInference",
             ] {
                 let mock = Arc::new(MockAuthenticator::returning(Ok(Some(sandbox_principal()))));
                 let chain = AuthenticatorChain::new(vec![mock]);
