feat: Add Templated iPXE operating system support

[kfelternv]

Summary

Fresh port of the Templated iPXE Operating System feature onto current main as a clean stack (supersedes the muddled #2616). Adds an iPXE template-based OS variant (alongside Image and raw iPXE) with a per-OS scope (Local / Global / Limited) that decides which side is the source of truth, and keeps OS definitions in sync with on-site NICo Core.

Architecture

• Outbound push (Global/Limited OS): the REST handler validates, then pushes to Core through the generic Core gRPC proxy from feat: Add generic Core gRPC proxy and BMC credential endpoints #2477 — common.ExecuteCoreGRPC per associated site, invoking the unary forge.Forge methods CreateOperatingSystem / UpdateOperatingSystem / DeleteOperatingSystem, with per-site OperatingSystemSiteAssociation status (Synced/Error) and an aggregate OS status. Image OS keeps its existing OsImage workflow path unchanged. No bespoke per-resource site-workflow or site-agent push is added.
• Inbound (Local-scope OS + iPXE templates, which carbide-rest is not the source of truth for): site-agent collectors publish inventory that cloud inventory workflows reconcile into the DB.

What's implemented

• DB — operating_system scope + iPXE template columns, ipxe_template + ipxe_template_site_association tables, operating_system_site_association.controller_state, additive migration with a real down migration, proto conversions.
• Proto — OperatingSystemInventory + IpxeTemplateInventory in inventory.proto (regenerated; only inventory.pb.go changed).
• Cloud workflow — inbound reconcile (UpdateOperatingSystemsInDB) + OS/iPXE-template inventory workflows.
• API — iPXE-template read/list endpoints; operating-system handler with the proxy push branch (image path preserved) + scope/type handling + artifact authToken redaction in responses; route registration; instance/instancebatch wiring for the Templated iPXE OS type.
• Inbound collectors — site-agent + site-workflow inventory discovery for OS and iPXE templates.
• OpenAPI + SDK — spec.yaml updated (new OS fields, IpxeTemplate/param/artifact schemas, 2 endpoints) and the Go SDK regenerated for the new endpoints/fields.

Verification

• go build ./... (whole module) — PASS
• Tests PASS: db/pkg/db/model, workflow (activity + workflow), api + api/pkg/api/model + api/pkg/api/handler, site-workflow (activity + workflow), and site-agent (make test-site-agent, mock core/flow). gofmt/go vet clean; sdk/standard builds.

Notes for review

• Kept current main's TenantAdmin/tenant-ownership model for the OS handler (did not port the old branch's provider/tenant ownership overhaul); Global scope resolves to the tenant's Registered sites.
• Inbound inventory was folded into the existing operatingsystem site-agent manager rather than a separate iPXE-template manager — functionally equivalent, lower-risk.
• OS push artifact authTokens are nested inside ipxe_template_artifacts[]; the proxy redacts only top-level fields, so they reach Core as-is (and are redacted in API responses). Nested-secret redaction would require a proxy extension.
• The Go SDK regen surfaced that main's committed SDK is slightly stale vs a clean make generate-sdk; this PR includes only the feature-relevant SDK files and preserves the hand-maintained client.go io.Reader decode branch rather than dropping it.

Optional follow-ups

• Add a dedicated handler test for the iPXE/Templated-iPXE proxy-push branch (currently covered by the build, the proxy-helper logic, the existing handler suite, and new model-level tests for request building / validation / authToken redaction).
• On site delete, clean up OS definitions scoped to that site (drop the association, or delete the OS if scoped only there).

Type of Change

• Feature (feat:)

Services Affected

• DB · [x] Workflow · [x] API · [x] Site Agent

Breaking Changes

None expected — additive.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b166ab54-9da0-457e-add0-73a490e9bc3d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}