Draft
Conversation
Implements phases 1-5 of the pluggable sandbox design:
- Phase 1: Add workspace field to Agent CRD, thread through config.json
to agent pod via translator, add Python WorkspaceConfig type
- Phase 2: SandboxProvider interface, SandboxManager with goroutine-safe
session-to-sandbox lifecycle mapping, stub provider for testing
- Phase 3: POST/GET /api/sessions/{id}/sandbox HTTP endpoints, sandbox
cleanup on session delete, wiring through ServerConfig and app startup
- Phase 4: Python ADK sandbox provisioning on session start, stores MCP
URL in session state, dynamically adds KAgentMcpToolset to runner
- Phase 5: kagent-sandbox-mcp container image with exec, read_file,
write_file, list_dir MCP tools over StreamableHTTP
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
Aligns with the database.Client API change from main that added context.Context as the first parameter to all database methods. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
…x-mcp logging Replace the in-memory SandboxManager with AgentSandboxProvider that uses kubernetes-sigs/agent-sandbox SandboxClaim CRDs. GetOrCreate now blocks using wait.PollUntilContextCancel until the sandbox is ready, a terminal failure is detected, or the context expires. NotFound errors during polling are treated as transient (cache sync delay). Also adds structured logging to sandbox-mcp tool handlers, switches the sandbox-mcp Dockerfile to python:3.13-slim (exec tool needs a shell), and includes Helm RBAC templates for kagent-controller to access sandbox CRDs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
…ox-mcp improvements Add per-session sandbox provisioning for workspace-enabled agents, remove buildx caching from Makefile for reliable dirty-tree builds, and improve sandbox-mcp with skills support and streamlined Dockerfile. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
Move from docs/design/ to docs/architecture/ and update to reflect the actual implementation rather than the original design proposal. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
Fix gofmt alignment in registry_test.go and use apierrors alias for k8s.io/apimachinery/pkg/api/errors per project linter config. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds per-session sandbox/workspace provisioning for agents using the kubernetes-sigs/agent-sandbox project. When an agent has
workspace.enabled: true, the system automatically provisions an isolated sandbox pod (filesystem + shell) for each conversation session, giving the agent secureexecand file tools.Key changes
workspacefield onAgentSpec.Declarativewithenabled(bool) and optionaltemplateRef(string) to reference a customSandboxTemplatego/core/internal/controller/sandbox/): PluggableSandboxProviderinterface withAgentSandboxProviderimplementation that creates/managesSandboxClaimresources and polls until the sandbox is ready, returning the MCP endpoint URLsandbox_template_plugin.go): Auto-generates aSandboxTemplateCR for workspace-enabled agents during reconciliation, embedding the sandbox-mcp sidecar container with configurable image registry/repository/taghandlers/sandbox.go):POST /api/sessions/{id}/sandboxendpoint that resolves the agent's workspace config, determines the template name, and calls the provider to provision/return a sandbox_agent_executor.py):_ensure_sandbox_toolset()provisions the sandbox on first request for a session, stores the MCP URL in session state, and dynamically appends sandbox tools to the runnergo/adk/pkg/sandbox/): Sandbox provisioner, registry, and toolset packages for Go-based agentsgo/sandbox-mcp/): Streamlined Go MCP server providingexec,write_file,read_file,list_dirtools plus a skills system, with simplified DockerfileagentSandbox.enabledvalue (defaultfalse), configmap env vars for sandbox image config, RBAC forSandboxClaim/SandboxTemplateresources--cache-from/--cache-to) for reliable dirty-tree buildsHow it works
workspace.enabled: trueon an Agent CRSandboxTemplatewith the sandbox-mcp sidecarPOST /api/sessions/{id}/sandboxSandboxClaim→ agent-sandbox provisions an isolated podexec,write_file,read_file,list_dir) to the agent's toolsetTest plan
make -C go testpasses (all unit tests green)agentSandbox.enabled=true, created agent withworkspace.enabled: true, invoked via CLI — agent successfully usedwrite_fileandexectools in provisioned sandbox🤖 Generated with Claude Code
Comment left by Claude on behalf of @EItanya