feat(server): support accessing sandbox endpoints via server proxy

[fengxsong]

Summary

what's changed.

• Add server-side proxy routes to allow clients to access internal sandbox endpoints via server transit
• Add use_server_proxy option in SDK connection configuration; automatically rewrite endpoint URLs when enabled
• Add httpx[socks] dependency to support proxy functionality, and configure uv index source

why

When the server is deployed in Kubernetes and exposed via a gateway, while local clients cannot connect directly to the sandboxes created by the controller, we can have the server forward proxy requests to the execd process of the sandbox pods.

Testing

• Not run (explain why)
• Unit tests
• Integration tests
• e2e / manual verification

Breaking Changes

• None
• Yes (describe impact and migration path)

Checklist

• Linked Issue or clearly described motivation
• Added/updated docs (if needed)
• Added/updated tests (if needed)
• Security impact considered
• Backward compatibility considered

[Pangjiping]

Great addition! However, I'm not clear on one thing: are you using Kubernetes resource objects to create sandbox, or are you using Docker service with DinD (Docker in Docker)?

Your current implementation might not be compatible with the WebSocket protocol. Regarding Kubernetes ingress-gateway, you might want to check out #164 as well.

[fengxsong]

@Pangjiping We plan to build an in-house AI infra platform based on the OpenSandbox project, with all sandboxes running on Virtual Kubelet deployed on ACK. For R&D who don’t have Kind or Docker installed locally, it can be a bit cumbersome to develop AI agents that are integrated with sandboxes. I’ve researched the kubernetes-sigs/agent-sandbox repo before, which adopts a similar implementation approach, kind of. There are several components in this repository that I haven’t had time to go through yet...

[Pangjiping]

LGTM. It provides a direct solution for systems that cannot leverage ingress-gateway for service discovery. However, there are a couple of things to consider:

1. Does the server support proxying the WebSocket protocol? If not, please add a TODO in the code.
2. Could you include some working code examples or test results in the PR comments?

Additionally, please ask @ninan-nn to review the python SDK changes.

[fengxsong]

how to test

1. run server component in a kubernetes cluster, then expose it with a ingress resource
2. run the demo code, https://github.com/alibaba/OpenSandbox/tree/main/examples/agent-sandbox

because the client can not reach the private IP address of the sandbox pod, then the demo code will fail with error message like timeout....

3. modify the ConnectionConfig construct function

    ....
    config = ConnectionConfig(
        domain=domain,
        api_key=api_key,
        request_timeout=timedelta(seconds=60),
        use_server_proxy=True,
    )

[hittyt]

This PR includes unrelated formatting changes mixed with functional changes. Could you revert the formatting-only changes to keep the diff focused? This makes review easier and keeps git history clean.

Check if your IDE is auto-formatting on save - you may want to disable it or align with the project's style config.

[fengxsong]

@hittyt has been done. PTAL

[Pangjiping]

please rebase main

[Pangjiping]

LGTM. Please @ninan-nn review sdk changes.

[ninan-nn]

Plz add sync implementation as well for python sdk : >

[fengxsong]

@ninan-nn do you mean the JS/Kotlin SDKs? I'm not quite familiar with these two programming languages. Maybe we can add a todo list?

[Pangjiping]

This will be released with server/v0.1.1

[ninan-nn]

@ninan-nn do you mean the JS/Kotlin SDKs? I'm not quite familiar with these two programming languages. Maybe we can add a todo list?

@fengxsong Sorry for the confusion. I was referring to the Python sync client, not other language SDKs.

Please check the sync implementation under
OpenSandbox/sdks/sandbox/python/src/opensandbox/sync/
and make sure this feature is also applied there. 👀

[ninan-nn]

LGTM

[ninan-nn]

This feature will be available in the next SDK release.

[Pangjiping]

LGTM