[WIP] validation for PR #387 with review fixes

[ranxi2001]

This is a temporary validation PR for upstream PR #387.

Please do not review or merge this PR. It exists only to run the upstream bot / CI on the final expected patch set:

1. fix: adapt code interpreter warm pool to agent-sandbox v0.4.6 #387 original agent-sandbox v0.4.6 adaptation commit.
2. Follow-up fixes for Copilot review comments and the current golangci-lint / coverage CI failures.

If this validation PR passes CI, I will port the same fix commit back into #387 with a clean history and close this PR.

Included follow-up fixes:

• Align lint and test-coverage workflow Go versions with go.mod target Go 1.26.2.
• Add an explicit nil readiness watcher guard for direct sandbox creation.
• Reduce handleSandboxCreate complexity by extracting sandbox create error handling.
• Update warm-pool e2e ownership matching to use Sandbox UID for Sandbox -> Pod ownerRefs.
• Fix test fake store error propagation and deep-copy EntryPoints.

Local validation before opening this PR:

• go test ./pkg/workloadmanager -count=1
• make lint
• git diff --check

Additional validation already run on the follow-up fix branch:

• go test ./test/e2e -run TestNonExistent -count=1
• go test -race -v -coverprofile=coverage.out -coverpkg=./pkg/... ./pkg/...
• go test -race ./pkg/workloadmanager -count=1
• go test ./pkg/... -count=1

Known local limitation:

• go test ./... -count=1 fails only in test/e2e when local Router / WorkloadManager are not running and no kubeconfig is configured. The non-e2e package set passes.

AI assistance: Used Codex to inspect CI logs, implement the fix, and run local validation. I reviewed the changes and test output.

/kind bug

[volcano-sh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kevin-wangzefeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Code Review

This pull request upgrades Go to version 1.26.2, updates Kubernetes dependencies to v0.35.4, and adapts the codebase to support the new SandboxClaim and SandboxWarmPool models from agent-sandbox. Key changes include updating Dockerfiles, CRD manifests, and the CodeInterpreter controller, as well as refactoring sandbox creation handlers to wait for adopted sandboxes. The review feedback highlights a critical case-sensitivity typo in the fake clientset's watchlist-disabling method, a potential nil pointer dereference panic when reading from the sandbox readiness channel, a recommendation to return early on context cancellation during sandbox claim checks, and a suggestion to make the JSON parsing in the codegen script more robust.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The method name is misspelled as IsWatchListSemanticsUnSupported (with a capital S). In standard Go and Kubernetes client-go, the optional interface watchListUnsupportedInterface expects the method name to be IsWatchListSemanticsUnsupported (with a lowercase s). Because Go interface matching is strictly case-sensitive, the reflector will fail to detect this method, and watchlist semantics will not be disabled as intended. This will cause unit tests using the fake client to fail or panic when watchlist is attempted.

Suggested change

	// IsWatchListSemanticsSupported informs the reflector that this client
	// doesn't support WatchList semantics.
	//
	// This is a synthetic method whose sole purpose is to satisfy the optional
	// interface check performed by the reflector.
	// Returning true signals that WatchList can NOT be used.
	// No additional logic is implemented here.
	func (c *Clientset) IsWatchListSemanticsUnSupported() bool {
	return true
	}
	// IsWatchListSemanticsUnsupported informs the reflector that this client
	// doesn't support WatchList semantics.
	//
	// This is a synthetic method whose sole purpose is to satisfy the optional
	// interface check performed by the reflector.
	// Returning true signals that WatchList can NOT be used.
	// No additional logic is implemented here.
	func (c *Clientset) IsWatchListSemanticsUnsupported() bool {
	return true
	}

[gemini-code-assist]

When reading from resultChan, if the channel is closed, result will receive its zero value, and result.Sandbox will be nil. Attempting to access createdSandbox.Namespace or createdSandbox.Name on the next line will cause a nil pointer dereference panic. We should check the ok boolean from the channel read to ensure the channel wasn't closed, and also verify that createdSandbox is not nil before dereferencing it.

Suggested change

	case result := <-resultChan:
	createdSandbox := result.Sandbox
	klog.V(2).Infof("sandbox %s/%s reported ready, verifying entrypoints", createdSandbox.Namespace, createdSandbox.Name)
	return createdSandbox, nil
	case result, ok := <-resultChan:
	if !ok {
	return nil, fmt.Errorf("sandbox ready channel closed unexpectedly")
	}
	createdSandbox := result.Sandbox
	if createdSandbox == nil {
	return nil, fmt.Errorf("received nil sandbox from ready channel")
	}
	klog.V(2).Infof("sandbox %s/%s reported ready, verifying entrypoints", createdSandbox.Namespace, createdSandbox.Name)
	return createdSandbox, nil

[gemini-code-assist]

If getSandboxClaim fails due to context cancellation, we should return immediately instead of continuing the loop and relying on the select block. This prevents unnecessary processing and potential extra API calls when the context is already canceled.

	for {
		claim, err := getSandboxClaim(ctx, dynamicClient, sandboxClaim.Namespace, sandboxClaim.Name)
		if err != nil {
			if isContextError(err) {
				return nil, err
			}
			klog.V(2).Infof("waiting for sandbox claim %s/%s status: %v", sandboxClaim.Namespace, sandboxClaim.Name, err)
		}

[gemini-code-assist]

The sed pattern expects a trailing comma: ,". If "Dir" happens to be the last field in the JSON output of go mod download -json (or if the formatting changes), there might not be a trailing comma, causing the parsing to fail. A more robust and portable pattern that doesn't depend on the trailing comma or spaces is sed -n 's/^[[:space:]]*"Dir": "\([^"]*\)".*/\1/p'.

Suggested change

	CODEGEN_PKG=$(printf '%s\n' "${CODEGEN_JSON}" | sed -n 's/^[[:space:]]*"Dir": "\(.*\)",$/\1/p')
	CODEGEN_PKG=$(printf '%s\n' "${CODEGEN_JSON}" | sed -n 's/^[[:space:]]*"Dir": "\([^"]*\)".*/\1/p')

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 66.37168% with 38 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.72%. Comparing base (524e55e) to head (6f94052).
⚠️ Report is 125 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/workloadmanager/handlers.go	64.70%	27 Missing and 3 partials ⚠️
pkg/workloadmanager/k8s_client.go	50.00%	4 Missing and 4 partials ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #390       +/-   ##
===========================================
+ Coverage   47.57%   58.72%   +11.15%     
===========================================
  Files          30       34        +4     
  Lines        2819     3254      +435     
===========================================
+ Hits         1341     1911      +570     
+ Misses       1338     1146      -192     
- Partials      140      197       +57     

Flag	Coverage Δ
unittests	58.72% <66.37%> (+11.15%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Temporary validation PR to exercise CI for the upstream agent-sandbox v0.4.6 adaptation (#387) plus follow-up fixes (lint/coverage alignment, sandbox readiness handling, warm-pool e2e ownership matching, and test/store fixes) in AgentCube’s Workload Manager + generated artifacts.

Changes:

• Align build/CI/tooling to Go 1.26.2 and updated Kubernetes/client-go stack (v0.35.4) required by sigs.k8s.io/agent-sandbox v0.4.6.
• Improve sandbox creation flow: add direct-sandbox readiness watcher guard, refactor error handling, and correctly handle adopted Sandbox (claim → sandbox) for probing while storing the claim identity.
• Update warm-pool e2e helpers to support both legacy direct Pod ownership and new SandboxWarmPool -> Sandbox -> Pod ownership via Sandbox UID.

Reviewed changes

Copilot reviewed 15 out of 20 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
test/e2e/e2e_test.go	Warm-pool pod discovery updated to handle sandbox-owned pods (UID-based) in newer agent-sandbox controller shapes.
pkg/workloadmanager/sandbox_helper.go	Include CreatedAt in store placeholder to avoid zero timestamps during creation.
pkg/workloadmanager/k8s_client.go	Add dynamic-client getters for Sandbox and SandboxClaim used by claim adoption polling.
pkg/workloadmanager/handlers.go	Refactor sandbox create error handling; add direct-ready watcher guard; poll claim→adopted sandbox readiness; switch to public SandboxPodNameAnnotation.
pkg/workloadmanager/handlers_test.go	Extend tests to validate claim storage vs adopted sandbox probing and nil-ready-watcher guard behavior.
pkg/workloadmanager/codeinterpreter_controller.go	Force NetworkPolicyManagement: Unmanaged on SandboxTemplate and ensure existing templates are updated accordingly.
pkg/workloadmanager/codeinterpreter_controller_test.go	Add coverage ensuring network policy management is set/updated to Unmanaged.
manifests/charts/base/crds/runtime.agentcube.volcano.sh_agentruntimes.yaml	Regenerated CRD schema changes from dependency/Kubernetes generator updates.
hack/update-codegen.sh	Update code-generator version and use go mod download -json to locate it without go get -d.
go.mod	Bump Go version and key deps (agent-sandbox, k8s.io/, controller-runtime, golang.org/x/).
go.sum	Dependency checksum updates consistent with module bumps and regeneration.
docker/Dockerfile.router	Builder image updated to Go 1.26.2.
docker/Dockerfile.picod	Builder image updated to Go 1.26.2; tighten apt install (no recommends) and clean apt lists.
docker/Dockerfile	Builder image updated to Go 1.26.2.
client-go/informers/externalversions/runtime/v1alpha1/codeinterpreter.go	Regenerated informer to use WatchList semantics wrapper.
client-go/informers/externalversions/runtime/v1alpha1/agentruntime.go	Regenerated informer to use WatchList semantics wrapper.
client-go/informers/externalversions/factory.go	Minor generated comment tweak (context cancel example) and doc formatting.
client-go/clientset/versioned/fake/clientset_generated.go	Generated fake clientset updated; adds WatchList semantics capability hook (with a doc-comment mismatch noted).
.github/workflows/test-coverage.yml	CI coverage job Go version aligned to 1.26.2.
.github/workflows/lint.yml	CI lint job Go version aligned to 1.26.2.

Files not reviewed (4)

• client-go/clientset/versioned/fake/clientset_generated.go: Generated file
• client-go/informers/externalversions/factory.go: Generated file
• client-go/informers/externalversions/runtime/v1alpha1/agentruntime.go: Generated file
• client-go/informers/externalversions/runtime/v1alpha1/codeinterpreter.go: Generated file

[RainbowMango]

/retitle [WIP] validation for PR #387 with review fixes