ci(release): gate python wheels on e2e for tagged releases

.github/workflows/release-canary.yml

@@ -91,6 +91,10 @@ jobs:
           fi
 
       - name: Start gateway
+        env:
+          # Use OPENSHELL_GATEWAY_HOST when supported (CLI >= next release),
+          # fall back to the explicit --gateway-host flag for older CLIs.
+          OPENSHELL_GATEWAY_HOST: host.docker.internal
         run: openshell gateway start --gateway-host host.docker.internal
 
       - name: Run canary test

.github/workflows/release-dev.yml

@@ -70,7 +70,7 @@ jobs:
 
   tag-ghcr-dev:
     name: Tag GHCR Images as Dev
-    needs: [build-gateway, build-cluster, e2e]
+    needs: [build-gateway, build-cluster]
     runs-on: build-amd64
     timeout-minutes: 10
     steps:

.github/workflows/release-tag.yml

@@ -177,7 +177,7 @@ jobs:
 
   publish-python:
     name: Publish Python
-    needs: [build-python-wheels]
+    needs: [build-python-wheels, e2e]
     runs-on: [self-hosted, nv]
     timeout-minutes: 10
     env:

crates/openshell-bootstrap/src/lib.rs

@@ -92,8 +92,8 @@ pub struct DeployOptions {
     /// Override the gateway host advertised in cluster metadata and passed to
     /// the server. When set, the metadata will use this host instead of
     /// `127.0.0.1` and the container will receive `SSH_GATEWAY_HOST`.
-    /// Useful in CI where `127.0.0.1` is not reachable from the test runner
-    /// (e.g., `host.docker.internal`).
+    /// Needed whenever the client cannot reach the Docker host at 127.0.0.1
+    /// — CI containers, WSL, remote Docker hosts, etc.
     pub gateway_host: Option<String>,
     /// Disable TLS entirely — the server listens on plaintext HTTP.
     pub disable_tls: bool,

crates/openshell-cli/src/bootstrap.rs

@@ -162,6 +162,16 @@ pub async fn run_bootstrap(
     {
         options = options.with_registry_token(token);
     }
+    // Read gateway host override from environment. Needed whenever the
+    // client cannot reach the Docker host at 127.0.0.1 — CI containers,
+    // WSL, remote Docker hosts, etc. The explicit `--gateway-host` flag
+    // is only on `gateway start`; this env var covers the auto-bootstrap
+    // path triggered by `sandbox create`.
+    if let Ok(host) = std::env::var("OPENSHELL_GATEWAY_HOST")
+        && !host.trim().is_empty()
+    {
+        options = options.with_gateway_host(host);
+    }
     options = options.with_gpu(gpu);
 
     let handle = deploy_gateway_with_panel(options, &gateway_name, location).await?;

crates/openshell-cli/src/main.rs

@@ -731,10 +731,11 @@ enum GatewayCommands {
 
         /// Override the gateway host written into cluster metadata.
         ///
-        /// By default, local clusters advertise 127.0.0.1. In environments
-        /// where the test runner cannot reach 127.0.0.1 on the Docker host
-        /// (e.g., CI containers), set this to a reachable hostname such as
-        /// `host.docker.internal`.
+        /// By default, local clusters advertise 127.0.0.1. Set this when
+        /// the client cannot reach the Docker host at 127.0.0.1 — for
+        /// example in CI containers, WSL, or when Docker runs on a
+        /// remote host. Common values: `host.docker.internal`, a LAN IP,
+        /// or a hostname.
         #[arg(long)]
         gateway_host: Option<String>,
 

examples/policy-advisor/README.md

@@ -47,7 +47,7 @@ the script progresses through each gate.
 | 4 | The Oracle | `api.github.com:443` | Concurrent with 5 and 6 |
 | 5 | The Jester | `icanhazdadjoke.com:443` | Concurrent with 4 and 6 |
 | 6 | The Sphinx | `catfact.ninja:443` | Concurrent with 4 and 5 |
-| 7 | The Vault | `gitlab-master.nvidia.com:443` | Internal IP -- mapper adds `allowed_ips` |
+| 7 | The Vault | `internal.corp.example.com:443` | Internal IP -- mapper adds `allowed_ips` |
 
 Gates 1-3 run sequentially so you can observe the single-approval flow.
 Gate 3 uses `curl` to hit `ifconfig.me:80` -- a different endpoint that only
@@ -123,7 +123,7 @@ Gate 3 uses `curl` to reach `ifconfig.me:80`.  You'll see a new rule for
 When Gates 4-6 start, all three denials arrive together.  Press `A` to approve
 all pending recommendations at once.
 
-Gate 7 requires `allowed_ips` because `gitlab-master.nvidia.com` resolves to a
+Gate 7 requires `allowed_ips` because `internal.corp.example.com` resolves to a
 private IP.  The mapper detects this automatically and includes the resolved IPs
 in the proposed rule.
 

examples/policy-advisor/ctf.py

@@ -155,9 +155,9 @@ def log(level: str, msg: str, **kv: object) -> None:
     {
         "num": 7,
         "name": "The Vault",
-        "host": "gitlab-master.nvidia.com",
+        "host": "internal.corp.example.com",
         "port": 443,
-        "url": "https://gitlab-master.nvidia.com/",
+        "url": "https://internal.corp.example.com/",
         "method": "GET",
         "headers": {"User-Agent": "openshell-ctf"},
         "body": None,