feat: remove default 8h max TTL for AgentRuntime sandboxes

[HarshitPal25]

What this PR does

Fixes #303

Problem

AgentRuntime.spec.maxSessionDuration had a kubebuilder default of 8h, which caused the workload-manager to always set Sandbox.Spec.Lifecycle.ShutdownTime to now + 8h. This meant every AgentRuntime sandbox was hard-deleted after 8 hours, even if it was still actively serving a long-running agent (e.g. hosting OpenClaw or any persistent agent service).

Solution

Make maxSessionDuration truly opt-in for AgentRuntime:

• agent_type.go: Removed +kubebuilder:default="8h" from AgentRuntimeSpec.MaxSessionDuration; added +optional and a clear comment that omitting it means no hard cap.
• workload_builder.go: buildSandboxObject no longer falls back to DefaultSandboxTTL when ttl == 0. ShutdownTime is only set when MaxSessionDuration is explicitly configured by the user.
• sandbox_helper.go: buildSandboxPlaceHolder and buildSandboxInfo no longer fall back to DefaultSandboxTTL when ShutdownTime is absent. ExpiresAt is left as zero time (meaning no hard expiry).
• store_redis.go: Skips adding to the expiry sorted-set when ExpiresAt is zero, so the GC loop never forcibly expires these sandboxes.
• store_valkey.go: Same — zero ExpiresAt bypasses the expiry index, only tracking the session in the activity index for idle-timeout cleanup.
• Tests: Updated to reflect the new behaviour: no ShutdownTime → zero ExpiresAt → sandbox runs indefinitely, cleaned up only by sessionTimeout idle logic.

CodeInterpreter is unchanged — it retains the 8h default at the buildSandboxByCodeInterpreter call-site.

Behaviour after this change

Resource	maxSessionDuration set?	Hard delete?
AgentRuntime	No (default)	Never (idle timeout only)
AgentRuntime	Yes (e.g. 24h)	After 24h
CodeInterpreter	No (default)	After 8h (unchanged)
CodeInterpreter	Yes	After configured duration

[gemini-code-assist]

Code Review

This pull request updates the sandbox session duration logic to make MaxSessionDuration optional, allowing sandboxes to run indefinitely without a hard expiry when omitted. The Redis and Valkey store implementations are updated to skip the expiry index when ExpiresAt is zero, and helper functions are modified to prevent falling back to DefaultSandboxTTL. The reviewer points out that removing the fallback to DefaultSandboxTTL inside buildSandboxObject could lead to CodeInterpreter instances running indefinitely if created without an explicit duration (e.g., in unit tests). They suggest explicitly handling this fallback in buildSandboxByCodeInterpreter to maintain the 8-hour default guarantee.

[gemini-code-assist]

By removing the fallback to DefaultSandboxTTL when params.ttl == 0 inside buildSandboxObject, any CodeInterpreter created without an explicit MaxSessionDuration (for example, in unit tests or direct client-go calls where kubebuilder defaults are not applied) will now run indefinitely without a hard expiry.

To maintain the 8h default guarantee for CodeInterpreter across all environments, the fallback to DefaultSandboxTTL should be explicitly handled in buildSandboxByCodeInterpreter (both in the warm pool path and the standard path).

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 54.16667% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.43%. Comparing base (524e55e) to head (dc24233).
⚠️ Report is 103 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/store/store_valkey.go	0.00%	8 Missing and 1 partial ⚠️
pkg/workloadmanager/workload_builder.go	77.77%	1 Missing and 1 partial ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #360      +/-   ##
==========================================
+ Coverage   47.57%   55.43%   +7.86%     
==========================================
  Files          30       34       +4     
  Lines        2819     3195     +376     
==========================================
+ Hits         1341     1771     +430     
+ Misses       1338     1244      -94     
- Partials      140      180      +40     

Flag	Coverage Δ
unittests	55.43% <54.16%> (+7.86%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Removes the implicit 8-hour hard TTL for AgentRuntime sandboxes so long-running agent services aren’t forcibly deleted, making spec.maxSessionDuration truly opt-in and propagating “no hard expiry” through sandbox info + store GC indexing.

Changes:

• Make AgentRuntime.spec.maxSessionDuration optional (omit => no hard cap).
• Only set Sandbox.Spec.Lifecycle.ShutdownTime when a positive TTL is explicitly provided.
• Allow ExpiresAt to be zero (no expiry) and skip indexing such sessions into the expiry sorted-set in Redis/Valkey.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
pkg/apis/runtime/v1alpha1/agent_type.go	Makes AgentRuntime max session duration optional in the API type.
pkg/workloadmanager/workload_builder.go	Stops defaulting TTL to 8h; only sets ShutdownTime when TTL > 0.
pkg/workloadmanager/sandbox_helper.go	Leaves ExpiresAt as zero when ShutdownTime is absent.
pkg/workloadmanager/sandbox_helper_test.go	Updates placeholder behavior expectations for zero ExpiresAt.
pkg/store/store_redis.go	Allows zero ExpiresAt and skips adding to expiry index when unset.
pkg/store/store_valkey.go	Same as Redis: zero ExpiresAt bypasses expiry indexing.

Comments suppressed due to low confidence (1)

pkg/workloadmanager/workload_builder.go:206

• New behavior (ttl == 0 => no ShutdownTime / no hard expiry) is introduced here but isn’t covered by tests in pkg/workloadmanager/workload_builder_test.go (current tests always pass a positive ttl). Please add a unit test asserting that when ttl is zero, sandbox.Spec.Lifecycle.ShutdownTime remains nil so the sandbox is not hard-expired.

	// Only set ShutdownTime when MaxSessionDuration is explicitly configured.
	// When omitted (ttl == 0), the sandbox runs indefinitely and is only
	// cleaned up by idle timeout (SessionTimeout).
	if params.ttl > 0 {
		shutdownTime := metav1.NewTime(time.Now().Add(params.ttl))
		sandbox.Spec.Lifecycle.ShutdownTime = &shutdownTime
	}

[acsoto]

This needs the generated CRD artifact update as well. Right now the installed AgentRuntime CRD still has default: 8h and still lists maxSessionDuration as required, so the API server will keep defaulting omitted values to 8h and this change will not actually fix #303 in a deployed cluster.

[acsoto]

This makes ttl == 0 mean no hard expiry for every caller of buildSandboxObject. That is correct for AgentRuntime, but CodeInterpreter is supposed to keep the 8h max-session default from the issue discussion and PR description. Can we set DefaultSandboxTTL explicitly in the CodeInterpreter paths when Spec.MaxSessionDuration is nil, including the warm-pool placeholder path?

[FAUST-BENCHOU]

+1 It's better to align with CodeInterpreter.

[hzxuzhonghu]

@HarshitPal25 ptal

[acsoto]

Can we add store tests for the zero ExpiresAt branch? The important behavior is that the session is still stored and tracked in the last-activity index, but is not added to the expiry index.

[HarshitPal25]

yes ofc we can i was fixing the failure test cases till now i would add store test for the zero expireat now

[volcano-sh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kevin-wangzefeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull request overview

Copilot reviewed 7 out of 11 changed files in this pull request and generated 2 comments.

[FAUST-BENCHOU]

recommand to rebase first

[FAUST-BENCHOU]

revert all this kind of fmt and rebase to the newest upstream first.We have solved all fmt problem in f17fa17 i think

[FAUST-BENCHOU]

why not remove all DefaultSandboxTTL in ut test like in workload_builder_test.go L44 since we are not using it anymore

[FAUST-BENCHOU]

also upd example/agent-runtime/agent-runtime.yaml

[FAUST-BENCHOU]

+1 It's better to align with CodeInterpreter.

[volcano-sh-bot]

Keywords which can automatically close issues and at(@) or hashtag(#) mentions are not allowed in commit messages.

The list of commits with invalid commit messages:

• 360fd5a feat: remove default 8h max TTL for AgentRuntime sandboxes

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[FAUST-BENCHOU]

never used?

[hzxuzhonghu]

I am seeing this is a little different from redis, is that because valkey sdk does not align with redis?

[hzxuzhonghu]

Another point from me, we can later expose sandbox lifecycle managerment api through sdk. Otherwise for agentruntime, user may not be able to delete the sandbox