feat: SandboxAgent CRD and sandbox runtime integration

Add SandboxAgent kind with reconciliation via SandboxTemplate/SandboxClaim,
translator runInSandbox flag, HTTP/UI support.

Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>

Author: peterj

go/api/config/crd/bases/kagent.dev_sandboxagents.yaml

@@ -94,6 +94,8 @@ type AgentResponse struct {
 	Tools           []*v1alpha2.Tool       `json:"tools"`
 	DeploymentReady bool                   `json:"deploymentReady"`
 	Accepted        bool                   `json:"accepted"`
+	// RunInSandbox is true when the workload is reconciled as a SandboxAgent (SandboxTemplate/SandboxClaim), not a Deployment.
+	RunInSandbox bool `json:"runInSandbox,omitempty"`
 }
 
 // Session types

go/api/httpapi/types.go

@@ -78,6 +78,32 @@ type AgentSpec struct {
 	AllowedNamespaces *AllowedNamespaces `json:"allowedNamespaces,omitempty"`
 }
 
+// SandboxAgentSpec defines the desired state of a SandboxAgent. Workload fields match Agent.spec
+// (Declarative or BYO). The kind selects sandbox reconciliation (SandboxTemplate + SandboxClaim) instead of a Deployment.
+//
+// +kubebuilder:validation:XValidation:message="type must be specified",rule="has(self.type)"
+// +kubebuilder:validation:XValidation:message="type must be either Declarative or BYO",rule="self.type == 'Declarative' || self.type == 'BYO'"
+// +kubebuilder:validation:XValidation:message="declarative or byo must match type",rule="(self.type == 'Declarative' && has(self.declarative)) || (self.type == 'BYO' && has(self.byo))"
+type SandboxAgentSpec struct {
+	// +kubebuilder:validation:Enum=Declarative;BYO
+	// +kubebuilder:default=Declarative
+	Type AgentType `json:"type"`
+
+	// +optional
+	BYO *BYOAgentSpec `json:"byo,omitempty"`
+	// +optional
+	Declarative *DeclarativeAgentSpec `json:"declarative,omitempty"`
+
+	// +optional
+	Description string `json:"description,omitempty"`
+
+	// +optional
+	Skills *SkillForAgent `json:"skills,omitempty"`
+
+	// +optional
+	AllowedNamespaces *AllowedNamespaces `json:"allowedNamespaces,omitempty"`
+}
+
 // +kubebuilder:validation:AtLeastOneOf=refs,gitRefs
 type SkillForAgent struct {
 	// Fetch images insecurely from registries (allowing HTTP and skipping TLS verification).

go/api/v1alpha2/agent_types.go

@@ -0,0 +1,47 @@
+/*
+Copyright 2025.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status",description="Whether the sandbox workload is ready."
+// +kubebuilder:printcolumn:name="Accepted",type="string",JSONPath=".status.conditions[?(@.type=='Accepted')].status",description="Whether configuration was accepted."
+// SandboxAgent declares an agent that runs in an isolated sandbox (agent-sandbox SandboxTemplate+SandboxClaim).
+type SandboxAgent struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   SandboxAgentSpec `json:"spec,omitempty"`
+	Status AgentStatus      `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// SandboxAgentList contains a list of SandboxAgent.
+type SandboxAgentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SandboxAgent `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&SandboxAgent{}, &SandboxAgentList{})
+}

go/api/v1alpha2/sandboxagent_types.go

@@ -19,6 +19,7 @@ package main
 import (
 	"github.com/kagent-dev/kagent/go/core/internal/httpserver/auth"
 	"github.com/kagent-dev/kagent/go/core/pkg/app"
+	"github.com/kagent-dev/kagent/go/core/pkg/sandboxbackend/agentsxk8s"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -31,9 +32,10 @@ func main() {
 	authenticator := &auth.UnsecureAuthenticator{}
 	app.Start(func(bootstrap app.BootstrapConfig) (*app.ExtensionConfig, error) {
 		return &app.ExtensionConfig{
-			Authenticator: authenticator,
-			Authorizer:    authorizer,
-			AgentPlugins:  nil,
+			Authenticator:  authenticator,
+			Authorizer:     authorizer,
+			AgentPlugins:   nil,
+			SandboxBackend: agentsxk8s.New(),
 		}, nil
 	}, nil)
 }

go/api/v1alpha2/zz_generated.deepcopy.go

@@ -112,6 +112,53 @@ func (a *A2ARegistrar) Start(ctx context.Context) error {
 		return fmt.Errorf("failed to add informer event handler: %w", err)
 	}
 
+	sandboxInformer, err := a.cache.GetInformer(ctx, &v1alpha2.SandboxAgent{})
+	if err != nil {
+		return fmt.Errorf("failed to get sandboxagent cache informer: %w", err)
+	}
+
+	if _, err := sandboxInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj any) {
+			if sa, ok := obj.(*v1alpha2.SandboxAgent); ok {
+				agentView := agent_translator.AgentViewFromSandboxAgent(sa)
+				if err := a.upsertAgentHandler(ctx, agentView, log); err != nil {
+					log.Error(err, "failed to upsert A2A handler", "sandboxagent", common.GetObjectRef(sa))
+				}
+			}
+		},
+		UpdateFunc: func(oldObj, newObj any) {
+			oldSA, ok1 := oldObj.(*v1alpha2.SandboxAgent)
+			newSA, ok2 := newObj.(*v1alpha2.SandboxAgent)
+			if !ok1 || !ok2 {
+				return
+			}
+			if oldSA.Generation != newSA.Generation || !reflect.DeepEqual(oldSA.Spec, newSA.Spec) {
+				agentView := agent_translator.AgentViewFromSandboxAgent(newSA)
+				if err := a.upsertAgentHandler(ctx, agentView, log); err != nil {
+					log.Error(err, "failed to upsert A2A handler", "sandboxagent", common.GetObjectRef(newSA))
+				}
+			}
+		},
+		DeleteFunc: func(obj any) {
+			sa, ok := obj.(*v1alpha2.SandboxAgent)
+			if !ok {
+				if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok {
+					if s2, ok := tombstone.Obj.(*v1alpha2.SandboxAgent); ok {
+						sa = s2
+					}
+				}
+			}
+			if sa == nil {
+				return
+			}
+			ref := common.GetObjectRef(sa)
+			a.handlerMux.RemoveAgentHandler(ref)
+			log.V(1).Info("removed A2A handler", "sandboxagent", ref)
+		},
+	}); err != nil {
+		return fmt.Errorf("failed to add sandboxagent informer event handler: %w", err)
+	}
+
 	if ok := a.cache.WaitForCacheSync(ctx); !ok {
 		return fmt.Errorf("cache sync failed")
 	}

go/core/cmd/controller/main.go

@@ -57,6 +57,15 @@ type AgentController struct {
 // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=agents.x-k8s.io,resources=sandboxes,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=agents.x-k8s.io,resources=sandboxes/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=agents.x-k8s.io,resources=sandboxes/finalizers,verbs=update
+// +kubebuilder:rbac:groups=extensions.agents.x-k8s.io,resources=sandboxtemplates,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=extensions.agents.x-k8s.io,resources=sandboxtemplates/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=extensions.agents.x-k8s.io,resources=sandboxtemplates/finalizers,verbs=update
+// +kubebuilder:rbac:groups=extensions.agents.x-k8s.io,resources=sandboxclaims,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=extensions.agents.x-k8s.io,resources=sandboxclaims/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=extensions.agents.x-k8s.io,resources=sandboxclaims/finalizers,verbs=update
 
 func (r *AgentController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	_ = log.FromContext(ctx)

go/core/internal/a2a/a2a_registrar.go

@@ -31,6 +31,10 @@ func (f *fakeReconciler) ReconcileKagentAgent(ctx context.Context, req ctrl.Requ
 	return nil
 }
 
+func (f *fakeReconciler) ReconcileKagentSandboxAgent(ctx context.Context, req ctrl.Request) error {
+	return nil
+}
+
 func (f *fakeReconciler) ReconcileKagentModelConfig(ctx context.Context, req ctrl.Request) error {
 	return nil
 }

go/core/internal/controller/agent_controller.go

@@ -102,13 +102,15 @@ func TestReconcileKagentMCPServer_ErrorPropagation(t *testing.T) {
 				types.NamespacedName{Namespace: "test", Name: "default-model"},
 				nil,
 				"",
+				nil,
 			)
 			reconciler := NewKagentReconciler(
 				translator,
 				kubeClient,
 				dbClient,
 				types.NamespacedName{Namespace: "test", Name: "default-model"},
 				[]string{}, // No namespace restrictions for tests
+				nil,
 			)
 
 			// Call ReconcileKagentMCPServer