feat: device-api-server with NVML provider, client SDK, and gRPC services

Implement a Kubernetes-style device API server with the following components:

Core server (cmd/device-api-server):
- gRPC-based controlplane API server using apiserver-runtime patterns
- GPU service with full CRUD + Watch + UpdateStatus via storage.Interface
- Server lifecycle management with graceful shutdown
- Health and metrics endpoints with gRPC reflection

Storage (pkg/storage):
- In-memory storage.Interface implementation with watch support
- Configurable watch channel buffer sizes and event drop metrics
- Factory pattern for storage backend selection

NVML provider (cmd/nvml-provider):
- Sidecar that enumerates GPUs via NVML and registers them with the API
- XID error event monitoring with health condition updates
- Reconciliation loop with configurable intervals
- Environment-based driver root configuration (NVIDIA_DRIVER_ROOT)

Client SDK (pkg/client-go):
- Typed gRPC client with Get/List/Watch/Create/Update/UpdateStatus/Delete
- Fake client for testing with k8s.io/client-go/testing integration
- Informers and listers following Kubernetes client-go conventions
- Clientset pattern for versioned API access

Code generator (code-generator):
- Fork of k8s.io/code-generator/cmd/client-gen for gRPC backends
- Generates typed clients, fake clients, and expansion interfaces
- Full UpdateStatus template with proper gRPC implementation
- Integrated into hack/update-codegen.sh pipeline

Proto API (api/proto/device/v1alpha1):
- GPU resource with spec (UUID) and status (conditions, recommendedAction)
- Standard CRUD + Watch + UpdateStatus RPCs
- K8s-style request/response patterns with options

Security hardening:
- gRPC message size and stream limits
- Server error detail scrubbing for client responses
- Unix socket path validation and restrictive permissions
- Localhost-only enforcement for insecure credentials

Deployment (deployments/helm):
- Helm chart with configurable storage, gRPC, health, and metrics
- Static manifests with versioned image references
- Dockerfile with pinned base images

Testing:
- Unit tests for storage, services, providers, and utilities
- Integration tests for client-go with full gRPC stack
- Shared testutil with bufconn gRPC test helpers
- Fake client examples for consumer testing patterns

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Author: ArangoGutierrez

.gitattributes

@@ -0,0 +1,22 @@
+# ==============================================================================
+# GIT ATTRIBUTES
+# ==============================================================================
+# Use 'linguist-generated=true' to hide generated code from GitHub PR diffs.
+# ==============================================================================
+
+# Hide Kubernetes generated helpers (DeepCopy, Defaults, Conversions, OpenAPI, etc)
+zz_generated.*.go linguist-generated=true
+
+# Hide generated Protobuf Go bindings
+*.pb.go linguist-generated=true
+
+# Hide generated client library
+pkg/client-go/** linguist-generated=true
+
+# Hide generated gRPC services
+pkg/services/** linguist-generated=true
+
+# Hide copied, unmodified upstream code
+code-generator/cmd/client-gen/types/** linguist-generated=true
+code-generator/cmd/client-gen/generators/scheme/** linguist-generated=true
+code-generator/cmd/client-gen/generators/util/** linguist-generated=true

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -41,10 +41,10 @@ body:
     attributes:
       label: Component
       options:
-        - Health Monitor
-        - Core Service
-        - Fault Management
-        - Deployment/Config
+        - Proto Definitions
+        - Generated Code
+        - Build/Tooling
+        - Documentation
         - Other
     validations:
       required: true
@@ -65,13 +65,13 @@ body:
     attributes:
       label: Environment
       placeholder: |
-        - NVSentinel version:
-        - Kubernetes version:
-        - Deployment method:
+        - Go version:
+        - protoc version:
+        - OS:
       value: |
-        - NVSentinel version:
-        - Kubernetes version:
-        - Deployment method:
+        - Go version:
+        - protoc version:
+        - OS:
     validations:
       required: true
 
@@ -83,4 +83,4 @@ body:
       placeholder: |
         ```
         # Logs here
-        ```
+        ```

.github/ISSUE_TEMPLATE/config.yml

@@ -15,11 +15,8 @@
 blank_issues_enabled: false
 contact_links:
   - name: 🔒 Security Issue
-    url: https://github.com/NVIDIA/NVSentinel/security/advisories/new
-    about: Report a security vulnerability (private disclosure)
-  - name: 💬 Discussions
-    url: https://github.com/NVIDIA/NVSentinel/discussions
-    about: Ask questions, share ideas, and discuss with the community
+    url: https://www.nvidia.com/object/submit-security-vulnerability.html
+    about: Report a security vulnerability (private disclosure via NVIDIA PSIRT)
   - name: 📖 Documentation
-    url: https://github.com/NVIDIA/NVSentinel/blob/main/README.md
-    about: Read the documentation and guides
+    url: https://github.com/NVIDIA/device-api/blob/main/README.md
+    about: Read the documentation

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -56,12 +56,11 @@ body:
     attributes:
       label: Component
       options:
-        - Health Monitor
-        - Core Service
-        - Fault Management
-        - Deployment/Config
-        - API/Interface
-        - New Component
-        - Multiple Components
+        - Proto Definitions
+        - New Resource Type
+        - API Enhancement
+        - Build/Tooling
+        - Documentation
+        - Other
     validations:
-      required: true
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,26 +4,14 @@
 
 ## Type of Change
 - [ ] 🐛 Bug fix
-- [ ] ✨ New feature
+- [ ] ✨ New feature (new message, field, or service method)
 - [ ] 💥 Breaking change
 - [ ] 📚 Documentation
-- [ ] 🔧 Refactoring
-- [ ] 🔨 Build/CI
-
-## Component(s) Affected
-- [ ] Core Services
-- [ ] Documentation/CI
-- [ ] Fault Management
-- [ ] Health Monitors
-- [ ] Janitor
-- [ ] Other: ____________
-
-## Testing
-- [ ] Tests pass locally
-- [ ] Manual testing completed
-- [ ] No breaking changes (or documented)
+- [ ] 🔧 Build/Tooling
 
 ## Checklist
+- [ ] Proto files compile successfully (`make protos-generate`)
+- [ ] Generated code is up to date and committed
 - [ ] Self-review completed
 - [ ] Documentation updated (if needed)
-- [ ] Ready for review
+- [ ] Signed-off commits (DCO)