harche
diff --git a/‎README.md‎
Lines changed: 6 additions & 0 deletions b/‎README.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/arch.png‎
214 KB b/‎docs/arch.png‎
214 KB
diff --git a/‎docs/grpc-sandbox-architecture.md‎
Lines changed: 2 additions & 29 deletions b/‎docs/grpc-sandbox-architecture.md‎
Lines changed: 2 additions & 29 deletions
diff --git a/‎k8s/agent-sandbox-deployment.yaml‎
Lines changed: 39 additions & 7 deletions b/‎k8s/agent-sandbox-deployment.yaml‎
Lines changed: 39 additions & 7 deletions
diff --git a/‎k8s/mcp-server.yaml‎
Lines changed: 86 additions & 5 deletions b/‎k8s/mcp-server.yaml‎
Lines changed: 86 additions & 5 deletions
diff --git a/‎k8s/openshift-deployment.yaml‎
Lines changed: 40 additions & 7 deletions b/‎k8s/openshift-deployment.yaml‎
Lines changed: 40 additions & 7 deletions
@@ -15,6 +15,12 @@ Demo use-cases (optional):
 
 [![Watch the demo](https://img.youtube.com/vi/W-DyrsGRJeQ/maxresdefault.jpg)](https://www.youtube.com/watch?v=W-DyrsGRJeQ)
 
+## Architecture
+
+![Architecture](docs/arch.png)
+
+Each MCP client session gets its own isolated Sandbox CRD (Kata VM), with per-session gRPC connections, idle timeout cleanup, and max session limits. See [docs/grpc-sandbox-architecture.md](docs/grpc-sandbox-architecture.md) for details.
+
 ---
 
 ## Table of Contents
 
@@ -55,36 +55,9 @@ This document describes the gRPC-based sandbox execution architecture used in Pr
 
 ## Overview
 
-The sandbox system follows a client-server model inspired by Kubernetes' kubelet/containerd architecture:
+The sandbox system follows a client-server model with per-session isolation. Each MCP client session gets its own Sandbox CRD, which provisions a dedicated pod and service:
 
-```
-+---------------------------------------------------------------------+
-|                         MCP Server                                   |
-|  +-------------------+    +--------------------------------------+   |
-|  | searchTools       |    | runSandbox Tool                      |   |
-|  | (API discovery)   |    | (thin gRPC client wrapper)           |   |
-|  +-------------------+    +------------------+-------------------+   |
-|                                              |                       |
-+----------------------------------------------+-----------------------+
-                                               | gRPC over Unix Socket
-                                               | unix:///tmp/prodisco-sandbox.sock
-                                               v
-+---------------------------------------------------------------------+
-|                     Sandbox gRPC Server                              |
-|  +---------------------------------------------------------------+   |
-|  | SandboxService                                                 |   |
-|  | (Execute, ExecuteStream, ExecuteAsync, Cancel, List...)       |   |
-|  +---------------------------------------------------------------+   |
-|                              |                                       |
-|  +----------------+  +-------+--------+  +----------------------+    |
-|  | Executor       |  | Execution      |  | CacheManager         |    |
-|  | (VM + esbuild  |  | Registry       |  | (dedup, persist)     |    |
-|  |  transform)    |  | (state, output)|  |                      |    |
-|  +----------------+  +----------------+  +----------------------+    |
-|                                                                      |
-|  Pre-configured: k8s client, KubeConfig, prometheus-query           |
-+---------------------------------------------------------------------+
-```
+![Architecture](arch.png)
 
 ---
 
 
@@ -73,7 +73,9 @@ subjects:
     name: prodisco-sandbox
     namespace: prodisco
 ---
-# Sandbox resource for sandbox-server (using agent-sandbox CRD)
+# Static Sandbox resource for single-sandbox mode (SANDBOX_MODE=single).
+# In multi-sandbox mode (SANDBOX_MODE=multi), the MCP server creates
+# per-session Sandbox CRDs dynamically — remove this resource in that case.
 apiVersion: agents.x-k8s.io/v1alpha1
 kind: Sandbox
 metadata:
@@ -145,7 +147,8 @@ spec:
         - name: scripts-cache
           emptyDir: {}
 ---
-# Service for sandbox-server (points to pods managed by the Sandbox)
+# Static Service for single-sandbox mode.
+# In multi-sandbox mode, the Sandbox controller creates a Service per CRD automatically.
 apiVersion: v1
 kind: Service
 metadata:
@@ -183,6 +186,34 @@ subjects:
     name: mcp-server
     namespace: prodisco
 ---
+# RBAC for MCP server to manage Sandbox CRDs (multi-sandbox mode)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: mcp-server-sandbox-manager
+rules:
+  - apiGroups: ["agents.x-k8s.io"]
+    resources:
+      - sandboxes
+    verbs: ["get", "list", "create", "delete", "watch"]
+  - apiGroups: ["agents.x-k8s.io"]
+    resources:
+      - sandboxes/status
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: mcp-server-sandbox-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mcp-server-sandbox-manager
+subjects:
+  - kind: ServiceAccount
+    name: mcp-server
+    namespace: prodisco
+---
 # MCP Server as regular Deployment
 apiVersion: apps/v1
 kind: Deployment
@@ -219,11 +250,12 @@ spec:
               value: "3000"
             - name: SCRIPTS_CACHE_DIR
               value: "/tmp/prodisco-scripts"
-            # Connect to sandbox-server via TCP
-            - name: SANDBOX_USE_TCP
-              value: "true"
-            - name: SANDBOX_TCP_HOST
-              value: "sandbox-server.prodisco.svc.cluster.local"
+            # Multi-sandbox mode: each MCP session gets its own Sandbox CRD
+            # Set to "single" to use a shared sandbox (requires static Sandbox CRD above)
+            - name: SANDBOX_MODE
+              value: "multi"
+            - name: SANDBOX_NAMESPACE
+              value: "prodisco"
             - name: SANDBOX_TCP_PORT
               value: "50051"
           resources:
 
@@ -4,12 +4,50 @@ kind: Namespace
 metadata:
   name: prodisco
 ---
+# ConfigMap with ProDisco configuration
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prodisco-config
+  namespace: prodisco
+data:
+  # Endpoint configuration (edit these for your cluster)
+  PROMETHEUS_ENDPOINT: "http://prometheus-server.monitoring.svc.cluster.local:80"
+  LOKI_ENDPOINT: "http://loki.monitoring.svc.cluster.local:3100"
+
+  .prodisco-config.yaml: |
+    libraries:
+      - name: "@kubernetes/client-node"
+        description: "Kubernetes API client"
+      - name: "@prodisco/prometheus-client"
+        description: |
+          Prometheus queries & metric discovery. PROMETHEUS_ENDPOINT env var is pre-configured in the sandbox.
+          Quick start: `const client = new PrometheusClient({ endpoint: process.env.PROMETHEUS_ENDPOINT });`
+          Range query: `client.executeRange('node_cpu_seconds_total', { start: new Date(Date.now() - 3600000), end: new Date(), step: '1m' })`
+          IMPORTANT: TimeRange.start/end must be Date objects or Unix timestamps in SECONDS (not milliseconds). Use `new Date()` or `Math.floor(Date.now()/1000)`.
+          Workflow: (1) create client with endpoint (2) client.execute('metric_name') for instant, client.executeRange() for time series.
+      - name: "@prodisco/loki-client"
+        description: |
+          Loki LogQL querying. LOKI_ENDPOINT env var is pre-configured. Auto-authenticates in Kubernetes using service account token.
+          Quick start: `const client = new LokiClient({ baseUrl: process.env.LOKI_ENDPOINT });`
+          Workflow: (1) create client (2) client.labels() and client.labelValues('namespace') to discover labels (3) client.queryRange('{namespace="default"}') to fetch logs.
+      - name: "simple-statistics"
+        description: "Statistical functions including mean, median, standard deviation, linear regression, and more."
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: mcp-server
   namespace: prodisco
 ---
+# ServiceAccount for dynamically created sandbox pods
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sandbox-server
+  namespace: prodisco
+---
+# Read-only cluster access for MCP server and sandbox pods
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -36,6 +74,37 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: mcp-server
+subjects:
+  - kind: ServiceAccount
+    name: mcp-server
+    namespace: prodisco
+  - kind: ServiceAccount
+    name: sandbox-server
+    namespace: prodisco
+---
+# RBAC for MCP server to manage Sandbox CRDs (multi-sandbox mode)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: mcp-server-sandbox-manager
+rules:
+  - apiGroups: ["agents.x-k8s.io"]
+    resources:
+      - sandboxes
+    verbs: ["get", "list", "create", "delete", "watch"]
+  - apiGroups: ["agents.x-k8s.io"]
+    resources:
+      - sandboxes/status
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: mcp-server-sandbox-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mcp-server-sandbox-manager
 subjects:
   - kind: ServiceAccount
     name: mcp-server
@@ -78,11 +147,17 @@ spec:
               value: "/tmp/prodisco-scripts"
             - name: PRODISCO_ENABLE_APPS
               value: "true"
-            # In-cluster service URLs for monitoring clients
-            - name: PROMETHEUS_ENDPOINT
-              value: "http://prometheus-server.monitoring.svc.cluster.local:80"
-            - name: LOKI_ENDPOINT
-              value: "http://loki.monitoring.svc.cluster.local:3100"
+            # Multi-sandbox mode: each MCP session gets its own Sandbox CRD
+            - name: SANDBOX_MODE
+              value: "multi"
+            - name: SANDBOX_NAMESPACE
+              value: "prodisco"
+            - name: SANDBOX_TCP_PORT
+              value: "50051"
+            - name: SANDBOX_IMAGE
+              value: "prodisco/sandbox-server:test"
+            - name: PRODISCO_CONFIG_PATH
+              value: "/config/.prodisco-config.yaml"
           resources:
             requests:
               memory: "256Mi"
@@ -105,9 +180,15 @@ spec:
           volumeMounts:
             - name: scripts-cache
               mountPath: /tmp/prodisco-scripts
+            - name: prodisco-config
+              mountPath: /config
+              readOnly: true
       volumes:
         - name: scripts-cache
           emptyDir: {}
+        - name: prodisco-config
+          configMap:
+            name: prodisco-config
 ---
 apiVersion: v1
 kind: Service
 
@@ -151,6 +151,34 @@ subjects:
     name: mcp-server
     namespace: prodisco
 ---
+# RBAC for MCP server to manage Sandbox CRDs (multi-sandbox mode)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prodisco-sandbox-manager
+rules:
+  - apiGroups: ["agents.x-k8s.io"]
+    resources:
+      - sandboxes
+    verbs: ["get", "list", "create", "delete", "watch"]
+  - apiGroups: ["agents.x-k8s.io"]
+    resources:
+      - sandboxes/status
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prodisco-sandbox-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prodisco-sandbox-manager
+subjects:
+  - kind: ServiceAccount
+    name: mcp-server
+    namespace: prodisco
+---
 # ClusterRoleBinding for Prometheus/Thanos Querier access (sandbox-server)
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -203,7 +231,10 @@ subjects:
     name: agent-sandbox-controller
     namespace: agent-sandbox-system
 ---
-# Sandbox Server using agent-sandbox CRD for isolation
+# Static Sandbox resource for single-sandbox mode (SANDBOX_MODE=single).
+# In multi-sandbox mode (SANDBOX_MODE=multi), the MCP server creates
+# per-session Sandbox CRDs dynamically — remove this resource and
+# the static sandbox-server Service below in that case.
 apiVersion: agents.x-k8s.io/v1alpha1
 kind: Sandbox
 metadata:
@@ -290,7 +321,8 @@ spec:
           configMap:
             name: prodisco-config
 ---
-# Sandbox Server Service
+# Static Service for single-sandbox mode.
+# In multi-sandbox mode, the Sandbox controller creates a Service per CRD automatically.
 apiVersion: v1
 kind: Service
 metadata:
@@ -349,11 +381,12 @@ spec:
               value: "/tmp/cache"
             - name: HOME
               value: "/tmp"
-            # Connect to sandbox-server via TCP
-            - name: SANDBOX_USE_TCP
-              value: "true"
-            - name: SANDBOX_TCP_HOST
-              value: "sandbox-server.prodisco.svc.cluster.local"
+            # Multi-sandbox mode: each MCP session gets its own Sandbox CRD
+            # Set to "single" to use the shared static sandbox (requires static Sandbox CRD above)
+            - name: SANDBOX_MODE
+              value: "multi"
+            - name: SANDBOX_NAMESPACE
+              value: "prodisco"
             - name: SANDBOX_TCP_PORT
               value: "50051"
             - name: PRODISCO_CONFIG_PATH