router: match longest entrypoint path prefix

[avinxshKD]

/kind bug

What this PR does / why we need it:

Fixes router entrypoint selection when multiple pathPrefix values overlap.

The router was picking the first prefix match, so a runtime with / before /api could route /api/foo to the / entrypoint. It also treated /api2 as matching /api.

This changes the selection to use the longest valid prefix match and keeps path boundaries sane.

Which issue(s) this PR fixes:
Fixes #388

Special notes for your reviewer:

Added focused tests for overlapping prefixes and /api2 boundary behavior.

Does this PR introduce a user-facing change?:

Router now selects the longest valid sandbox entrypoint path prefix when routing invocation requests.

[volcano-sh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yaozengzeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pkg/router/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[volcano-sh-bot]

Welcome @avinxshKD! It looks like this is your first PR to volcano-sh/agentcube 🎉

[gemini-code-assist]

Code Review

This pull request refactors the upstream URL determination logic to match the longest path prefix among sandbox entrypoints and introduces a helper function for path boundary matching, along with unit tests. The review feedback suggests improving the robustness of the path matching logic by normalizing leading and trailing slashes, and adding a defensive nil check for the sandbox parameter to prevent potential nil pointer dereferences.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

To prevent potential nil pointer dereferences, it is recommended to add a defensive nil check for the sandbox parameter at the beginning of determineUpstreamURL.

func determineUpstreamURL(sandbox *types.SandboxInfo, path string) (*url.URL, error) {
	if sandbox == nil {
		return nil, fmt.Errorf("sandbox info is nil")
	}
	var matched types.SandboxEntryPoint
	found := false

[avinxshKD]

Leaving this out for now. determineUpstreamURL is only called after session lookup returns a sandbox, so a nil guard here feels unrelated to the path matching fix.

[avinxshKD]

Hey @LiZhenCheng9527 @hzxuzhonghu checked this while looking at the router path selection logic.

Current code picks the first HasPrefix match, so /can steal /api/foo depending on spec order. Also /api2 matches /api.
Longest valid prefix match should fix this cleanly.

Pls take a look when free.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.12%. Comparing base (524e55e) to head (9b99ab4).
⚠️ Report is 125 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #389       +/-   ##
===========================================
+ Coverage   47.57%   58.12%   +10.55%     
===========================================
  Files          30       34        +4     
  Lines        2819     3193      +374     
===========================================
+ Hits         1341     1856      +515     
+ Misses       1338     1153      -185     
- Partials      140      184       +44     

Flag	Coverage Δ
unittests	58.12% <100.00%> (+10.55%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.