feat(sandbox+bootstrap-kit): newapi Sovereign install (Bank Dhofar Qwen wired for Sandbox) (#1631)

Sandbox Wave 4 retry. Slot 80 (bp-newapi) already exists in the _template bootstrap-kit but ships the qwenBankDhofar channel hard-coded to `enabled: false` with empty endpoint — so every franchised Sovereign came up without an LLM channel and sandbox agents fell back to mothership newapi, defeating per-Sovereign sandboxing. Wire the qwenBankDhofar channel to the same envsubst flag the Catalyst control plane uses (`${MARKETPLACE_ENABLED:-false}`) and default the endpoint to the canonical first-otech relay (`https://llm-api.omtd.bankdhofar.com`) with override via `${LLM_BANK_DHOFAR_BASE_URL}`. API key is still pulled from the `newapi-channel-qwen-bankdhofar` Secret (cloud-init or ExternalSecret per existing chart contract). No chart bump — chart 1.4.6 (slot 80) already supports gating qwenBankDhofar via .Values.defaultChannels.qwenBankDhofar.enabled and reading endpoint/secret from those values. Only the bootstrap-kit overlay was wired with the wrong defaults. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 10:08:43 +04:00 · 2026-05-18 10:08:43 +04:00 · 51b6188eb1
commit 51b6188eb1
parent 48a4a86548
1 changed files with 20 additions and 4 deletions
--- a/clusters/_template/bootstrap-kit/80-newapi.yaml
+++ b/clusters/_template/bootstrap-kit/80-newapi.yaml
@ -209,11 +209,27 @@ spec:
    # operators that run their own bp-vllm + open-weight model in-
    # cluster; it composes after `qwenBankDhofar` and any operator
    # `.Values.channels`.
+    # Sandbox Wave 4 (2026-05-18, retry of sandbox-wave4-newapi-sovereign-install):
+    # qwenBankDhofar is now gated on `${MARKETPLACE_ENABLED:-false}` — the
+    # same envsubst variable bp-catalyst-platform (slot 13) reads to flip
+    # marketplace.enabled on the Catalyst control plane. This lets a
+    # franchised Sovereign with `MARKETPLACE_ENABLED=true` auto-seed the
+    # default Bank Dhofar Qwen3.6 channel without the operator having to
+    # supply per-Sovereign overlay values. The endpoint defaults to the
+    # canonical first-otech relay; `LLM_BANK_DHOFAR_BASE_URL` overrides
+    # it (e.g. for staging at https://omtd.bankdhofar.com). The upstream
+    # API key MUST be present in the Secret `newapi-channel-qwen-bankdhofar`
+    # under key `API_KEY` — either pre-seeded by cloud-init or pulled from
+    # OpenBao via the operator's ExternalSecret at path
+    # `sovereign/<fqdn>/newapi/channel-qwen-bankdhofar`. Sandbox agents
+    # (sandbox-wave4) depend on this channel being live on every Sovereign
+    # that opted in to marketplace; without it the agents fall back to
+    # mothership newapi, defeating the per-Sovereign sandboxing.
    defaultChannels:
      qwenBankDhofar:
-        enabled: false
+        enabled: ${MARKETPLACE_ENABLED:-false}
        name: qwen3.6-bankdhofar
-        endpoint: ""
+        endpoint: ${LLM_BANK_DHOFAR_BASE_URL:-https://llm-api.omtd.bankdhofar.com}
        models:
          - qwen3.6
          - qwen3-coder
@ -221,8 +237,8 @@ spec:
        existingSecretKey: API_KEY
        attestation:
          kind: commercial-contract
-          accountId: ""
-          contractRef: ""
+          accountId: ${LLM_BANK_DHOFAR_ACCOUNT_ID:-}
+          contractRef: ${LLM_BANK_DHOFAR_CONTRACT_REF:-}
      vllm:
        enabled: false
        name: qwen