Add s6-overlay and Talos system manager support for physical_ai_server

[GyuH13]

Description

Summary

This PR adds s6-overlay as the process supervisor inside the physical_ai_server container and integrates the Talos system manager via an s6-agent service. The physical_ai_server ROS2 stack runs as a supervised longrun with a logging pipeline.

Changes

s6-overlay and services

• s6-agent (longrun): Runs the Talos FastAPI agent (talos.agent.s6_agent) on a Unix domain socket at /var/run/agent/s6_agent.sock. Started at container boot via the user bundle.
• physical_ai_server (longrun): ROS2 launch (physical_ai_server_bringup.launch.py) managed by s6 with shared run/finish scripts.
• Logging pipeline:
  • physical_ai_server-log-prepare (oneshot): Creates /var/log/physical_ai_server and sets permissions.
  • physical_ai_server-log (consumer): Consumes the main service’s output for logging.
• Shared scripts: ros2_service_run.sh and ros2_service_finish.sh under docker/s6-services/common/ provide reusable run/finish logic (PGID tracking, graceful SIGTERM with timeout, then SIGKILL).

Docker

• Dockerfile.amd64 / Dockerfile.arm64: Install s6-overlay; copy docker/s6-agent and docker/s6-services into /etc/s6-overlay/s6-rc.d/ (with common removed from s6-rc.d); copy common scripts to /usr/local/lib/s6-services; set execute bits for run/finish/up scripts; create log directory and user bundle entries for s6-agent and physical_ai_server-pipeline.
• docker-compose.yml: physical_ai_server now uses the pre-built image (robotis/physical-ai-server:latest) without a build context or s6-related volume mounts; only required volumes (e.g. /var/run/robotis/agent_sockets/physical_ai_server:/var/run/agent) are kept.

Other

• Package version bumps and CHANGELOG entries for physical_ai_server, physical_ai_bt, physical_ai_interfaces, physical_ai_manager, physical_ai_tools, and rosbag_recorder.
• physical_ai_manager: dependency/version updates in package.json and package-lock.json.
• ros2_service_run.sh: optional RMW_IMPLEMENTATION logging for startup diagnostics.

[gemini-code-assist]

Summary of Changes

Hello @GyuH13, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the operational stability and manageability of the physical_ai_server by implementing s6-overlay for comprehensive process supervision. It introduces a structured approach to service management, including a dedicated agent for the Talos system, robust logging, and graceful shutdown procedures for ROS2 components. These changes aim to improve the reliability and maintainability of the containerized environment.

Highlights

• Process Supervision with s6-overlay: The physical_ai_server container now integrates s6-overlay as its primary process supervisor, ensuring robust management of services.
• Talos System Manager Integration: A new s6-agent service has been added to integrate the Talos system manager, running a FastAPI agent on a Unix domain socket for inter-process communication.
• Supervised ROS2 Stack and Logging: The physical_ai_server ROS2 stack is now managed as a supervised longrun service, complete with a dedicated logging pipeline for its output.
• Reusable ROS2 Service Scripts: Common ros2_service_run.sh and ros2_service_finish.sh scripts have been introduced to provide standardized logic for starting and gracefully shutting down ROS2 services, including process group ID (PGID) tracking and signal handling.
• Dockerfile and Docker Compose Updates: Dockerfiles (Dockerfile.amd64, Dockerfile.arm64) have been updated to install s6-overlay, copy and configure the new s6-agent and s6-services, and set /init as the container entrypoint. The docker-compose.yml now uses pre-built images and mounts the necessary volume for the agent socket.
• Package Version Bumps: Multiple packages including physical_ai_bt, physical_ai_interfaces, physical_ai_manager, physical_ai_server, physical_ai_tools, and rosbag_recorder have had their versions updated to 0.8.1.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docker/docker-compose.yml
  • Removed the explicit command: bash entry for the physical_ai_server service.
  • Added a volume mount for /var/run/robotis/agent_sockets/physical_ai_server to /var/run/agent.
• docker/s6-agent/dependencies
  • Added a new file to define service dependencies (currently empty).
• docker/s6-agent/finish
  • Added a new script to clean up the Unix domain socket /var/run/agent/s6_agent.sock when the s6-agent service stops.
• docker/s6-agent/run
  • Added a new script to start the talos.agent.s6_agent FastAPI service using uvicorn on a Unix domain socket.
• docker/s6-agent/type
  • Added a new file specifying the service type as longrun.
• docker/s6-services/common/ros2_service_finish.sh
  • Added a new reusable script for ROS2 service finish operations, including logging, sending SIGTERM to the process group, waiting for exit, and sending SIGKILL on timeout.
• docker/s6-services/common/ros2_service_run.sh
  • Added a new reusable script for ROS2 service run operations, setting environment variables, logging service info, recording process group ID, sourcing ROS2 setup, and executing the ROS2 command.
• docker/s6-services/physical_ai_server-log-prepare/type
  • Added a new file specifying the service type as oneshot.
• docker/s6-services/physical_ai_server-log-prepare/up
  • Added a new script to create and set permissions for the /var/log/physical_ai_server directory.
• docker/s6-services/physical_ai_server-log/consumer-for
  • Added a new file specifying physical_ai_server as the service whose output this log consumer processes.
• docker/s6-services/physical_ai_server-log/pipeline-name
  • Added a new file specifying the pipeline name as physical_ai_server-pipeline.
• docker/s6-services/physical_ai_server-log/run
  • Added a new script to run logutil-service for logging physical_ai_server output to /var/log/physical_ai_server.
• docker/s6-services/physical_ai_server-log/type
  • Added a new file specifying the service type as longrun.
• docker/s6-services/physical_ai_server/dependencies
  • Added a new file to define service dependencies (currently empty).
• docker/s6-services/physical_ai_server/finish
  • Added a new script that utilizes the common ros2_service_finish.sh for the physical_ai_server service.
• docker/s6-services/physical_ai_server/producer-for
  • Added a new file specifying physical_ai_server-log as the service that consumes this service's output.
• docker/s6-services/physical_ai_server/run
  • Added a new script that utilizes the common ros2_service_run.sh to launch physical_ai_server_bringup.launch.py.
• docker/s6-services/physical_ai_server/type
  • Added a new file specifying the service type as longrun.
• physical_ai_bt/CHANGELOG.rst
  • Updated version to 0.8.1 and added a 'None' entry for the current changes.
• physical_ai_bt/package.xml
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_bt/setup.py
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_interfaces/CHANGELOG.rst
  • Updated version to 0.8.1 and added a 'None' entry for the current changes.
• physical_ai_interfaces/package.xml
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_manager/CHANGELOG.rst
  • Updated version to 0.8.1 and added a 'None' entry for the current changes.
• physical_ai_manager/package-lock.json
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_manager/package.json
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_server/CHANGELOG.rst
  • Updated version to 0.8.1.
  • Added entry: 'Add s6-agent and s6-services for supporting talos system manager'.
• physical_ai_server/Dockerfile.amd64
  • Added ARG S6_OVERLAY_VERSION and commands to install s6-overlay.
  • Added xz-utils and python3-pip to apt-get install.
  • Added GPG key update and package list refresh logic.
  • Added PYTHONPATH export for /usr/local/lib.
  • Installed setuptools==68.1.2 and numpy<2 with --no-cache-dir.
  • Added PYTHONPATH export for lerobot/src to .bashrc.
  • Created /var/run/agent directory and set permissions.
  • Cloned talos repository to /opt/talos.
  • Set PYTHONPATH for /opt/talos.
  • Configured pip to break-system-packages.
  • Installed talos requirements.
  • Copied docker/s6-agent and docker/s6-services to /etc/s6-overlay/s6-rc.d/.
  • Removed common directory from s6-rc.d.
  • Set execute bits for s6-overlay service scripts.
  • Copied common ROS2 service scripts to /usr/local/lib/s6-services and set execute bits.
  • Created /var/log/physical_ai_server directory and set permissions.
  • Added s6-agent and physical_ai_server-pipeline to the s6-overlay user bundle.
  • Set ENTRYPOINT to /init.
• physical_ai_server/Dockerfile.arm64
  • Added ARG S6_OVERLAY_VERSION and commands to install s6-overlay for aarch64.
  • Added xz-utils and python3-pip to apt-get install.
  • Installed setuptools==68.1.2 and numpy<2 with --no-cache-dir.
  • Created /var/run/agent directory and set permissions.
  • Cloned talos repository to /opt/talos.
  • Set PYTHONPATH for /opt/talos.
  • Installed talos requirements.
  • Copied docker/s6-agent and docker/s6-services to /etc/s6-overlay/s6-rc.d/.
  • Removed common directory from s6-rc.d.
  • Set execute bits for s6-overlay service scripts.
  • Copied common ROS2 service scripts to /usr/local/lib/s6-services and set execute bits.
  • Created /var/log/physical_ai_server directory and set permissions.
  • Added s6-agent and physical_ai_server-pipeline to the s6-overlay user bundle.
  • Set ENTRYPOINT to /init.
• physical_ai_server/package.xml
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_server/setup.py
  • Updated package version from 0.8.0 to 0.8.1.
• physical_ai_tools/CHANGELOG.rst
  • Updated version to 0.8.1.
  • Added entry: 'Add s6-agent and s6-services for supporting talos system manager'.
• physical_ai_tools/package.xml
  • Updated package version from 0.8.0 to 0.8.1.
• rosbag_recorder/CHANGELOG.rst
  • Updated version to 0.8.1 and added a 'None' entry for the current changes.
• rosbag_recorder/package.xml
  • Updated package version from 0.8.0 to 0.8.1.

Activity

• The author, GyuH13, has implemented the integration of s6-overlay and Talos system manager support.
• Multiple package versions have been bumped to 0.8.1 across the repository.
• Changelog entries have been updated for affected packages, detailing the s6-overlay and Talos integration for physical_ai_server and physical_ai_tools.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces s6-overlay for process management within the physical_ai_server container, significantly improving service supervision and reliability. A critical security vulnerability has been identified: the use of chmod 777 on the agent's socket directory (/var/run/agent), which is shared with the host, creates a high risk of local privilege escalation. Additionally, the review highlighted a critical issue with service auto-start configuration contradicting comments, a high-severity issue with using a floating git branch impacting build reproducibility, and several medium-severity issues related to insecure file permissions and script correctness. Addressing these points, especially the critical security vulnerability, will solidify the new service management infrastructure.

[Copilot]

Pull request overview

Adds s6-overlay process supervision to the physical_ai_server container, including an s6-agent service for Talos system manager integration and an s6-managed ROS2 longrun with a logging pipeline, plus version/changelog bumps across related packages.

Changes:

• Install and configure s6-overlay in physical_ai_server (amd64/arm64) and add s6-rc service definitions for s6-agent + physical_ai_server + logging pipeline.
• Update docker-compose to run the prebuilt robotis/physical-ai-server:latest image and mount the agent socket directory.
• Bump package versions to 0.8.1 and update CHANGELOGs across multiple ROS2 and UI packages.

Reviewed changes

Copilot reviewed 34 out of 35 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
rosbag_recorder/package.xml	Bump package version to 0.8.1
rosbag_recorder/CHANGELOG.rst	Add 0.8.1 changelog entry
physical_ai_tools/package.xml	Bump package version to 0.8.1
physical_ai_tools/CHANGELOG.rst	Add 0.8.1 changelog entry noting s6 additions
physical_ai_server/setup.py	Bump Python package version to 0.8.1
physical_ai_server/package.xml	Bump package version to 0.8.1
physical_ai_server/Dockerfile.arm64	Install s6-overlay, Talos agent deps, and copy s6-rc service definitions
physical_ai_server/Dockerfile.amd64	Install s6-overlay, Talos agent deps, and copy s6-rc service definitions
physical_ai_server/CHANGELOG.rst	Add 0.8.1 changelog entry noting s6 additions
physical_ai_manager/package.json	Bump UI version to 0.8.1
physical_ai_manager/package-lock.json	Bump lockfile package version entries to 0.8.1
physical_ai_manager/CHANGELOG.rst	Add 0.8.1 changelog entry
physical_ai_interfaces/package.xml	Bump package version to 0.8.1
physical_ai_interfaces/CHANGELOG.rst	Add 0.8.1 changelog entry
physical_ai_bt/setup.py	Bump Python package version to 0.8.1
physical_ai_bt/package.xml	Bump package version to 0.8.1
physical_ai_bt/CHANGELOG.rst	Add 0.8.1 changelog entry
docker/s6-services/physical_ai_server/type	Define physical_ai_server as a longrun service
docker/s6-services/physical_ai_server/run	Start ROS2 launch via shared run script
docker/s6-services/physical_ai_server/producer-for	Wire service output into the log consumer
docker/s6-services/physical_ai_server/finish	Stop service via shared finish script (PGID-based termination)
docker/s6-services/physical_ai_server/dependencies	Service dependency file (currently empty)
docker/s6-services/physical_ai_server-log/type	Define log consumer as a longrun service
docker/s6-services/physical_ai_server-log/run	Run logutil-service to consume/rotate logs
docker/s6-services/physical_ai_server-log/pipeline-name	Name the producer/consumer pipeline
docker/s6-services/physical_ai_server-log/consumer-for	Bind log consumer to physical_ai_server producer
docker/s6-services/physical_ai_server-log-prepare/up	Oneshot log directory preparation script
docker/s6-services/physical_ai_server-log-prepare/type	Define log prepare as a oneshot service
docker/s6-services/common/ros2_service_run.sh	Shared ROS2 service runner (env setup, PGID tracking, exec)
docker/s6-services/common/ros2_service_finish.sh	Shared ROS2 finish script (SIGTERM+timeout+SIGKILL by PGID)
docker/s6-agent/type	Define s6-agent as a longrun service
docker/s6-agent/run	Start Talos FastAPI agent via uvicorn on a Unix domain socket
docker/s6-agent/finish	Cleanup agent UDS file on stop
docker/s6-agent/dependencies	Service dependency file (currently empty)
docker/docker-compose.yml	Use prebuilt server image and mount /var/run/agent socket directory

Files not reviewed (1)

• physical_ai_manager/package-lock.json: Language not supported

Comments suppressed due to low confidence (1)

physical_ai_server/Dockerfile.arm64:14

• In this Dockerfile the venv PATH/PYTHONPATH are only appended to /root/.bashrc (and exported within this single RUN layer). Subsequent RUN pip install ... commands won’t automatically use /opt/venv/bin/pip unless ENV PATH=/opt/venv/bin:$PATH is set (or the venv pip is invoked explicitly), which can lead to installing packages into the system interpreter instead of the venv.

RUN echo 'export PATH=/opt/venv/bin:$PATH' >> /root/.bashrc && \
    echo 'export PYTHONPATH=/opt/venv/lib/python3.12/site-packages:$PYTHONPATH' >> /root/.bashrc && \
    export PATH=/opt/venv/bin:$PATH && \
    export PYTHONPATH=/opt/venv/lib/python3.12/site-packages:$PYTHONPATH;

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[DongyunRobotis]

LGTM

[ola31]

LGTM