fix(install): use gh CLI for release downloads instead of HTTP (#285)

Author: drew

.github/workflows/publish.yml

@@ -369,9 +369,6 @@ jobs:
           path: release/
           merge-multiple: true
 
-      - name: Stage install script
-        run: cp install.sh release/install.sh
-
       - name: Generate checksums
         run: |
           set -euo pipefail
@@ -389,49 +386,42 @@ jobs:
       - name: Create / update GitHub Release
         uses: softprops/action-gh-release@v2
         with:
-          name: OpenShell Latest Devel
+          name: OpenShell Development Build
           prerelease: true
           tag_name: devel
           target_commitish: ${{ github.sha }}
           body: |
-            This devel build is automatically built on every commit to main that passes CI.
+            This build is automatically built on every commit to main that passes CI.
 
             > **NOTE**: This is a development build, not a tagged release, and may be unstable.
 
             ### Quick install
 
+            Requires the [GitHub CLI (`gh`)](https://cli.github.com) to be installed and authenticated.
+
             ```bash
-            curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/install.sh | sh
+            sh -c 'ARCH=$(uname -m); OS=$(uname -s); \
+                case "${OS}-${ARCH}" in \
+                  Linux-x86_64)  ASSET="openshell-x86_64-unknown-linux-musl.tar.gz" ;; \
+                  Linux-aarch64) ASSET="openshell-aarch64-unknown-linux-musl.tar.gz" ;; \
+                  Darwin-arm64)  ASSET="openshell-aarch64-apple-darwin.tar.gz" ;; \
+                  *) echo "Unsupported platform: ${OS}-${ARCH}" >&2; exit 1 ;; \
+                esac; \
+                gh release download devel --repo NVIDIA/OpenShell --pattern "${ASSET}" -O - \
+                  | tar xz \
+                  && sudo install -m 755 openshell /usr/local/bin/openshell'
             ```
 
             ### Assets
 
             | File | Platform | Install |
             |------|----------|---------|
-            | `openshell-x86_64-unknown-linux-musl.tar.gz` | Linux x86_64 | `curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/openshell-x86_64-unknown-linux-musl.tar.gz \| tar xz && sudo mv openshell /usr/local/bin/` |
-            | `openshell-aarch64-unknown-linux-musl.tar.gz` | Linux aarch64 / ARM64 | `curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/openshell-aarch64-unknown-linux-musl.tar.gz \| tar xz && sudo mv openshell /usr/local/bin/` |
-            | `openshell-aarch64-apple-darwin.tar.gz` | macOS Apple Silicon | `curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/openshell-aarch64-apple-darwin.tar.gz \| tar xz && sudo mv openshell /usr/local/bin/` |
-            | `install.sh` | All platforms | `curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/install.sh \| sh` |
+            | `openshell-x86_64-unknown-linux-musl.tar.gz` | Linux x86_64 | `gh release download devel --repo NVIDIA/OpenShell --pattern "openshell-x86_64-unknown-linux-musl.tar.gz" -O - \| tar xz && sudo install -m 755 openshell /usr/local/bin/openshell` |
+            | `openshell-aarch64-unknown-linux-musl.tar.gz` | Linux aarch64 / ARM64 | `gh release download devel --repo NVIDIA/OpenShell --pattern "openshell-aarch64-unknown-linux-musl.tar.gz" -O - \| tar xz && sudo install -m 755 openshell /usr/local/bin/openshell` |
+            | `openshell-aarch64-apple-darwin.tar.gz` | macOS Apple Silicon | `gh release download devel --repo NVIDIA/OpenShell --pattern "openshell-aarch64-apple-darwin.tar.gz" -O - \| tar xz && sudo install -m 755 openshell /usr/local/bin/openshell` |
             | `openshell-checksums-sha256.txt` | — | SHA256 checksums for all archives |
-
-            ### Manual install
-
-            ```bash
-            # Linux x86_64
-            curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/openshell-x86_64-unknown-linux-musl.tar.gz | tar xz
-            sudo mv openshell /usr/local/bin/
-
-            # Linux aarch64
-            curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/openshell-aarch64-unknown-linux-musl.tar.gz | tar xz
-            sudo mv openshell /usr/local/bin/
-
-            # macOS (Apple Silicon)
-            curl -fsSL https://github.com/NVIDIA/OpenShell/releases/download/devel/openshell-aarch64-apple-darwin.tar.gz | tar xz
-            sudo mv openshell /usr/local/bin/
-            ```
           files: |
             release/openshell-x86_64-unknown-linux-musl.tar.gz
             release/openshell-aarch64-unknown-linux-musl.tar.gz
             release/openshell-aarch64-apple-darwin.tar.gz
             release/openshell-checksums-sha256.txt
-            release/install.sh

README.md

@@ -15,13 +15,26 @@ Want to run on cloud compute? [Launch on Brev](https://brev.nvidia.com/launchabl
 
 ### Install
 
-**Binary (recommended):**
+**Binary (recommended — requires [GitHub CLI](https://cli.github.com)):**
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh
+sh -c 'ARCH=$(uname -m); OS=$(uname -s); \
+    case "${OS}-${ARCH}" in \
+      Linux-x86_64)  ASSET="openshell-x86_64-unknown-linux-musl.tar.gz" ;; \
+      Linux-aarch64) ASSET="openshell-aarch64-unknown-linux-musl.tar.gz" ;; \
+      Darwin-arm64)  ASSET="openshell-aarch64-apple-darwin.tar.gz" ;; \
+      *) echo "Unsupported platform: ${OS}-${ARCH}" >&2; exit 1 ;; \
+    esac; \
+    gh release download devel --repo NVIDIA/OpenShell --pattern "${ASSET}" -O - \
+      | tar xz \
+      && sudo install -m 755 openshell /usr/local/bin/openshell'
 ```
 
-The install script auto-detects your platform (Linux x86_64, Linux aarch64, macOS Apple Silicon) and places the `openshell` binary in `/usr/local/bin`. See the [releases page](https://github.com/NVIDIA/OpenShell/releases) for manual download options.
+Or use the install script from the repository:
+
+```bash
+./install.sh
+```
 
 **From PyPI (requires [uv](https://docs.astral.sh/uv/)):**
 
@@ -84,20 +97,20 @@ OpenShell applies defense in depth across four policy domains:
 | Layer      | What it protects                                    | When it applies             |
 | ---------- | --------------------------------------------------- | --------------------------- |
 | Filesystem | Prevents reads/writes outside allowed paths.        | Locked at sandbox creation. |
-| Network    | Blocks unauthorized outbound connections.            | Hot-reloadable at runtime.  |
-| Process    | Blocks privilege escalation and dangerous syscalls.  | Locked at sandbox creation. |
-| Inference  | Reroutes model API calls to controlled backends.     | Hot-reloadable at runtime.  |
+| Network    | Blocks unauthorized outbound connections.           | Hot-reloadable at runtime.  |
+| Process    | Blocks privilege escalation and dangerous syscalls. | Locked at sandbox creation. |
+| Inference  | Reroutes model API calls to controlled backends.    | Hot-reloadable at runtime.  |
 
 Policies are declarative YAML files. Static sections (filesystem, process) are locked at creation; dynamic sections (network, inference) can be hot-reloaded on a running sandbox with `openshell policy set`.
 
 ## Supported Agents
 
-| Agent | Source | Notes |
-|---|---|---|
-| [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | Built-in | Works out of the box. Requires `ANTHROPIC_API_KEY`. |
-| [OpenCode](https://opencode.ai/) | Built-in | Works out of the box. Requires `OPENAI_API_KEY` or `OPENROUTER_API_KEY`. |
-| [Codex](https://developers.openai.com/codex) | Built-in | Works out of the box. Requires `OPENAI_API_KEY`. |
-| [OpenClaw](https://openclaw.ai/) | [Community](https://github.com/NVIDIA/OpenShell-Community) | Launch with `openshell sandbox create --from openclaw`. |
+| Agent                                                         | Source                                                     | Notes                                                                    |
+| ------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------ |
+| [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | Built-in                                                   | Works out of the box. Requires `ANTHROPIC_API_KEY`.                      |
+| [OpenCode](https://opencode.ai/)                              | Built-in                                                   | Works out of the box. Requires `OPENAI_API_KEY` or `OPENROUTER_API_KEY`. |
+| [Codex](https://developers.openai.com/codex)                  | Built-in                                                   | Works out of the box. Requires `OPENAI_API_KEY`.                         |
+| [OpenClaw](https://openclaw.ai/)                              | [Community](https://github.com/NVIDIA/OpenShell-Community) | Launch with `openshell sandbox create --from openclaw`.                  |
 
 ## How It Works
 
@@ -109,27 +122,27 @@ OpenShell isolates each sandbox in its own container with policy-enforced egress
 
 Under the hood, the gateway runs as a [K3s](https://k3s.io/) Kubernetes cluster inside Docker — no separate K8s install required.
 
-| Component | Role |
-|---|---|
-| **Gateway** | Control-plane API that coordinates sandbox lifecycle and acts as the auth boundary. |
-| **Sandbox** | Isolated runtime with container supervision and policy-enforced egress routing. |
-| **Policy Engine** | Enforces filesystem, network, and process constraints from application layer down to kernel. |
-| **Privacy Router** | Privacy-aware LLM routing that keeps sensitive context on sandbox compute. |
+| Component          | Role                                                                                         |
+| ------------------ | -------------------------------------------------------------------------------------------- |
+| **Gateway**        | Control-plane API that coordinates sandbox lifecycle and acts as the auth boundary.          |
+| **Sandbox**        | Isolated runtime with container supervision and policy-enforced egress routing.              |
+| **Policy Engine**  | Enforces filesystem, network, and process constraints from application layer down to kernel. |
+| **Privacy Router** | Privacy-aware LLM routing that keeps sensitive context on sandbox compute.                   |
 
 ## Key Commands
 
-| Command | Description |
-|---|---|
-| `openshell sandbox create -- <agent>` | Create a sandbox and launch an agent. |
-| `openshell sandbox connect [name]` | SSH into a running sandbox. |
-| `openshell sandbox list` | List all sandboxes. |
-| `openshell sandbox delete <name>` | Delete a sandbox. |
-| `openshell provider create --type claude --from-existing` | Create a credential provider from env vars. |
-| `openshell policy set <name> --policy file.yaml` | Apply or update a policy on a running sandbox. |
-| `openshell policy get <name>` | Show the active policy. |
-| `openshell inference set --provider <p> --model <m>` | Configure the `inference.local` endpoint. |
-| `openshell logs [name] --tail` | Stream sandbox logs. |
-| `openshell term` | Launch the real-time terminal UI for debugging. |
+| Command                                                   | Description                                     |
+| --------------------------------------------------------- | ----------------------------------------------- |
+| `openshell sandbox create -- <agent>`                     | Create a sandbox and launch an agent.           |
+| `openshell sandbox connect [name]`                        | SSH into a running sandbox.                     |
+| `openshell sandbox list`                                  | List all sandboxes.                             |
+| `openshell sandbox delete <name>`                         | Delete a sandbox.                               |
+| `openshell provider create --type claude --from-existing` | Create a credential provider from env vars.     |
+| `openshell policy set <name> --policy file.yaml`          | Apply or update a policy on a running sandbox.  |
+| `openshell policy get <name>`                             | Show the active policy.                         |
+| `openshell inference set --provider <p> --model <m>`      | Configure the `inference.local` endpoint.       |
+| `openshell logs [name] --tail`                            | Stream sandbox logs.                            |
+| `openshell term`                                          | Launch the real-time terminal UI for debugging. |
 
 See the full [CLI reference](https://github.com/NVIDIA/OpenShell/blob/main/docs/reference/cli.md) for all commands, flags, and environment variables.
 

install.sh

@@ -4,8 +4,11 @@
 #
 # Install the OpenShell CLI binary.
 #
+# Requires the GitHub CLI (gh) to be installed and authenticated, since this
+# repository is internal and public HTTP download links are not available.
+#
 # Usage:
-#   curl -fsSL https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh
+#   ./install.sh
 #
 # Environment variables:
 #   OPENSHELL_VERSION    - Release tag to install (default: "devel")
@@ -57,43 +60,47 @@ get_target() {
   echo "$target"
 }
 
-download() {
-  url="$1" dest="$2"
-  if command -v curl >/dev/null 2>&1; then
-    curl -fsSL -o "$dest" "$url"
-  elif command -v wget >/dev/null 2>&1; then
-    wget -qO "$dest" "$url"
-  else
-    error "curl or wget is required"
-  fi
-}
-
 verify_checksum() {
   archive="$1" checksums="$2" filename="$3"
+  expected="$(grep "$filename" "$checksums" | awk '{print $1}')"
 
-  if command -v sha256sum >/dev/null 2>&1; then
-    echo "$(grep "$filename" "$checksums" | awk '{print $1}')  $archive" | sha256sum -c --quiet 2>/dev/null
-  elif command -v shasum >/dev/null 2>&1; then
-    echo "$(grep "$filename" "$checksums" | awk '{print $1}')  $archive" | shasum -a 256 -c --quiet 2>/dev/null
+  if [ -z "$expected" ]; then
+    info "warning: no checksum found for $filename, skipping verification"
+    return 0
+  fi
+
+  # Prefer shasum (ships with macOS and most Linux); the macOS /sbin/sha256sum
+  # does not support -c / stdin check mode.
+  if command -v shasum >/dev/null 2>&1; then
+    echo "$expected  $archive" | shasum -a 256 -c --quiet 2>/dev/null
+  elif command -v sha256sum >/dev/null 2>&1; then
+    echo "$expected  $archive" | sha256sum -c --quiet 2>/dev/null
   else
     info "warning: sha256sum/shasum not found, skipping checksum verification"
     return 0
   fi
 }
 
 main() {
+  command -v gh >/dev/null 2>&1 || error "the GitHub CLI (gh) is required; install it from https://cli.github.com"
+
   target="$(get_target)"
   filename="openshell-${target}.tar.gz"
-  base_url="https://github.com/${REPO}/releases/download/${VERSION}"
 
   tmpdir="$(mktemp -d)"
   trap 'rm -rf "$tmpdir"' EXIT
 
   info "downloading ${filename} (${VERSION})..."
-  download "${base_url}/${filename}" "${tmpdir}/${filename}"
+  gh release download "${VERSION}" \
+    --repo "${REPO}" \
+    --pattern "${filename}" \
+    --output "${tmpdir}/${filename}"
 
   info "verifying checksum..."
-  download "${base_url}/openshell-checksums-sha256.txt" "${tmpdir}/checksums.txt"
+  gh release download "${VERSION}" \
+    --repo "${REPO}" \
+    --pattern "openshell-checksums-sha256.txt" \
+    --output "${tmpdir}/checksums.txt"
   if ! verify_checksum "${tmpdir}/${filename}" "${tmpdir}/checksums.txt" "$filename"; then
     error "checksum verification failed"
   fi
@@ -103,11 +110,11 @@ main() {
 
   info "installing to ${INSTALL_DIR}/openshell..."
   if [ -w "$INSTALL_DIR" ]; then
-    mv "${tmpdir}/openshell" "${INSTALL_DIR}/openshell"
+    install -m 755 "${tmpdir}/openshell" "${INSTALL_DIR}/openshell"
   else
-    sudo mv "${tmpdir}/openshell" "${INSTALL_DIR}/openshell"
+    info "sudo access is required to install to ${INSTALL_DIR}"
+    sudo install -m 755 "${tmpdir}/openshell" "${INSTALL_DIR}/openshell"
   fi
-  chmod +x "${INSTALL_DIR}/openshell"
 
   info "installed openshell $(${INSTALL_DIR}/openshell --version 2>/dev/null || echo "${VERSION}") to ${INSTALL_DIR}/openshell"
 }