Skip to content

feat: multi-sandbox support — per-session isolated Sandbox CRDs#53

Merged
harche merged 1 commit intomainfrom
multi-sandbox-support
Feb 20, 2026
Merged

feat: multi-sandbox support — per-session isolated Sandbox CRDs#53
harche merged 1 commit intomainfrom
multi-sandbox-support

Conversation

@harche
Copy link
Copy Markdown
Owner

@harche harche commented Feb 20, 2026

Summary

  • Each MCP HTTP session now gets its own Sandbox CRD (agents.x-k8s.io/v1alpha1), with a dedicated pod, service, and gRPC connection — full session isolation instead of sharing a single sandbox
  • SandboxManager class handles lifecycle: create on session init, cleanup on DELETE / SSE drop / idle timeout / server shutdown
  • Per-session McpServer instances fix cross-session response interference when multiple clients connect concurrently
  • Idle timeout reaper (default 10 min) catches clients that exit without sending DELETE
  • Max concurrent sessions cap (default 10) prevents resource exhaustion
  • Startup orphan cleanup deletes stale CRDs from prior crashes
  • Removed legacy src/kube/ code (unused wrapper)
  • 21 new tests for SandboxManager, idle reaper, session routing, and concurrent execution
  • Architecture diagram added to README and docs
  • All K8s/OpenShift manifests updated with sandbox management RBAC and SANDBOX_MODE=multi

New env vars: SANDBOX_MODE, SANDBOX_NAMESPACE, SANDBOX_IMAGE, SANDBOX_IDLE_TIMEOUT_MS, SANDBOX_MAX_SESSIONS

Test plan

  • npm run build passes
  • All 1125 tests pass (21 new + 1104 existing)
  • Deployed to kind cluster, verified per-session sandbox creation (~2s)
  • Verified concurrent sessions with independent code execution
  • Verified DELETE cleanup, idle timeout reaper, max sessions rejection
  • Verified startup orphan cleanup
  • Tested with Claude Code CLI — sandbox created on connect, reaped after exit

🤖 Generated with Claude Code

@harche @claude
feat: multi-sandbox support — per-session isolated Sandbox CRDs
ef2c10a 
Each MCP HTTP session now gets its own Sandbox CRD (agents.x-k8s.io),
with a dedicated pod, service, and gRPC connection. This provides
full session isolation instead of sharing a single sandbox across
all clients.

Key changes:
- SandboxManager class maps sessions to Sandbox CRDs via K8s API
- Per-session McpServer instances to avoid cross-session interference
- Session-aware client resolver threaded through runSandbox tool
- Idle timeout reaper cleans up abandoned sessions (default 10 min)
- Max concurrent sessions cap (default 10)
- Startup orphan cleanup for stale CRDs from prior crashes
- Explicit DELETE, SSE stream drop, and idle timeout all trigger cleanup
- RBAC for Sandbox CRD management in all K8s/OpenShift manifests
- ConfigMap-based library config in k8s/mcp-server.yaml
- Removed legacy src/kube/ (unused wrapper code)
- 21 new tests covering SandboxManager, idle reaper, session routing
- Architecture diagram added to README and docs

New env vars: SANDBOX_MODE, SANDBOX_NAMESPACE, SANDBOX_IMAGE,
SANDBOX_IDLE_TIMEOUT_MS, SANDBOX_MAX_SESSIONS

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@harche harche merged commit 2fcdeee into main Feb 20, 2026
13 of 14 checks passed
@harche harche deleted the multi-sandbox-support branch February 20, 2026 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@harche