Skip to content

Feat Containerized Sandbox Code Execution #433

Open
hassan11196 wants to merge 17 commits intomainfrom
feat-containerized-sandbox
Open

Feat Containerized Sandbox Code Execution #433
hassan11196 wants to merge 17 commits intomainfrom
feat-containerized-sandbox

Conversation

@hassan11196
Copy link
Copy Markdown
Collaborator

@hassan11196 hassan11196 commented Feb 6, 2026

Sandbox Code Execution Approval System

Overview

Implements a comprehensive approval mechanism for sandbox code execution, allowing administrators to configure approval requirements at deployment level and users to toggle approval mode per session.

Features

1. Deployment-Level Configuration

  • Configure default approval mode (auto or manual) in deployment YAML
  • Sandbox timeout, allowed images, and enabled status configuration
  • Settings stored in src/utils/sandbox/config.py
sandbox:
  enabled: true
  approval_mode: manual  # or 'auto'
  timeout: 30
  default_image: "python:3.11-slim"

2. Session-Level Approval Toggle

  • Users can override deployment defaults per chat session
  • Settings icon in chat UI provides approval mode toggle
  • Preference stored in Flask session and persists across queries

3. Real-Time Approval Flow

  • Threading Architecture: Agent stream runs in background thread while main thread handles SSE event delivery
  • Event Queue: Approval requests pass through queue.Queue for thread-safe communication
  • Non-Blocking: Chat UI remains responsive while waiting for approval
  • Debug Logging: Comprehensive logging throughout approval flow for troubleshooting

4. Enhanced UI

  • Approval Modal: Displays code preview with syntax highlighting
  • Full Code View: Executed code shown in chat trace with:
    • Language and image badges
    • Line count indicator
    • Syntax-highlighted code block
    • Copy-to-clipboard button
  • Visual Feedback: Pending status indicator with pulsing animation
  • Session Toggle: Settings panel for enabling/disabling manual approval

5. API Endpoints

  • GET/POST /api/sandbox/approval-mode - Get/set session approval preference
  • GET /api/sandbox/approval/<id> - Get approval request details
  • POST /api/sandbox/approval/<id>/approve - Approve execution
  • POST /api/sandbox/approval/<id>/reject - Reject execution
  • GET /api/sandbox/approvals/pending - List pending approvals
  • GET /api/sandbox/config - Get deployment sandbox configuration

All endpoints protected with require_auth decorator for SSO/RBAC integration.

Implementation Details

Backend Changes

  • src/archi/pipelines/agents/tools/sandbox.py: Approval callback integration, mode resolution (deployment → session → auto)
  • src/utils/sandbox/approval.py: Approval request storage, resolution tracking, pending request queries
  • src/utils/sandbox/config.py: Configuration management with ApprovalMode enum
  • src/interfaces/chat_app/app.py:
    • Threading architecture for non-blocking stream + approval events
    • Session management for approval mode preference
    • API endpoints for approval workflow
    • Fixed session structure usage (session['user'] instead of session['uid'])

Frontend Changes

  • src/interfaces/chat_app/static/chat.js:
    • handleSandboxApproval() for approval/rejection with credentials: 'include'
    • renderApprovalRequest() enhanced with full code display
    • Session approval mode toggle in settings
    • Event handling for approval_request SSE events
  • src/interfaces/chat_app/static/chat.css:
    • Approval modal styling with code block formatting
    • Badge styling for language/image/lines indicators
    • Pulsing animation for pending status

Security Considerations

  • All approval endpoints require authentication via require_auth decorator
  • Session-based approval tracking prevents cross-user approval hijacking
  • Username/email captured for audit trail on all approvals/rejections
  • Cookies sent with credentials: 'include' for proper session handling

Testing

Enable manual approval mode and verify:

  1. Approval modal appears when sandbox tool executes
  2. Approving allows code execution to proceed
  3. Rejecting cancels execution
  4. Code displays correctly in chat trace
  5. Session toggle persists across queries
  6. Debug logs show callback invocation and event flow

Technical Architecture

User Query → Agent Pipeline → Sandbox Tool
                                    ↓
                            Check Approval Mode
                                    ↓
                         ┌─────────┴──────────┐
                         ↓                     ↓
                    Auto Mode            Manual Mode
                         ↓                     ↓
                    Execute              Callback
                                              ↓
                                         Event Queue
                                              ↓
                                         SSE Stream
                                              ↓
                                         UI Modal
                                              ↓
                                    User Approves/Rejects
                                              ↓
                                      API Endpoint
                                              ↓
                                    Resolve Approval
                                              ↓
                                    Continue/Cancel

Future Enhancements

  • Per-user approval mode defaults stored in database
  • Approval request expiration/timeout
  • Approval history viewer in UI
  • Webhook notifications for approval requests
  • Multi-level approval workflows (require N approvers)

@hassan11196
feat(rbac): Implement Role-Based Access Control (RBAC) system
5b3a079 
- Added RBAC module with permission registry, role-to-permission mappings, and route protection decorators.
- Introduced JWT token parsing for role extraction and audit logging for security events.
- Created user profile widget in the chat application interface to display user information and roles.
- Implemented permission checking utilities for use in templates and application logic.
- Established centralized RBAC registry for managing roles and permissions, including validation and caching.
- Added decorators for route protection based on user authentication and permissions.
- Developed audit logging for permission checks and role assignments to enhance security monitoring.
@hassan11196
Merge remote-tracking branch 'upstream/main' into role-based-sso-auth
ce9a6dc
@hassan11196
Merge remote-tracking branch 'upstream/main' into role-based-sso-auth
0c55e53
@hassan11196
feat(http-get): Add HTTP GET tool for fetching live data from URLs wi…
b691c06 
…th RBAC support
@hassan11196
fix: Update login template to redirect to landing page instead of log…
192d22b 
…in page
@hassan11196
feat(rbac): Enhance role context handling and description retrieval f…
fb0ebb9 
…or SSO integration
@hassan11196
fix: Update login template reference in Flask app for consistency
28f20ca
@hassan11196
refactor: Remove debug_token_info endpoint and associated logic from …
77c775e 
…Flask app
@hassan11196
feat(rbac): Improve RBAC validation and error handling in registry
97de0ee 
fix: Update user role retrieval to handle missing session data
style: Hide user profile widget in chat UI
@hassan11196
Merge remote-tracking branch 'upstream/main' into role-based-sso-auth
e43a07d
@hassan11196
feat: add sandbox execution tool for isolated code execution in Docker
033b5ab 
- Introduced `create_sandbox_tool` and `create_sandbox_tool_with_files` functions for executing code in a secure sandboxed environment.
- Implemented `SandboxExecutor` class to manage Docker container lifecycle for code execution.
- Added configuration schema for sandbox settings, including resource limits and allowed images.
- Updated `requirements-base.txt` to include the `docker` package for container management.
- Modified existing agent and template manager to support sandbox configuration.
- Enhanced YAML templates to conditionally mount Docker socket for sandbox execution.
@hassan11196
feat: implement sandbox execution tool with artifact persistence and …
f80aa88 
…enhanced rendering
@hassan11196
feat: add sandbox artifact handling and serving endpoints
0ed6a88
@hassan11196
feat: Implement sandbox approval mechanism for code execution
703a534 
- Added CSS styles for sandbox approval modal and indicators.
- Enhanced JavaScript to manage sandbox approval toggle and render approval requests.
- Introduced HTML structure for sandbox approval settings in the user interface.
- Developed a new approval module to handle approval requests, statuses, and callbacks.
- Integrated approval mode configuration into the sandbox settings.
- Updated existing functions to support approval request handling and user notifications.
@lucalavezzo lucalavezzo mentioned this pull request Feb 18, 2026
Open
@pmlugato pmlugato added the enhancement New feature or request label Feb 23, 2026
@harz05 harz05 mentioned this pull request Mar 5, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hassan11196 @pmlugato