Feat: add code_executor_manager (#7814)

### What problem does this PR solve?

Add code_executor_manager. #4977.

### Type of change

- [x] New Feature (non-breaking change which adds functionality)

sandbox/scripts/restart.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+#  Copyright 2025 The InfiniFlow Authors. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+
+set -e
+
+bash "$(dirname "$0")/stop.sh"
+bash "$(dirname "$0")/start.sh"

sandbox/scripts/start.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+#  Copyright 2025 The InfiniFlow Authors. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+
+set -e
+
+BASE_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$BASE_DIR"
+
+if [ -f .env ]; then
+  source .env
+  SANDBOX_EXECUTOR_MANAGER_PORT="${SANDBOX_EXECUTOR_MANAGER_PORT:-9385}"        # Default to 9385 if not set in .env
+  SANDBOX_EXECUTOR_MANAGER_POOL_SIZE="${SANDBOX_EXECUTOR_MANAGER_POOL_SIZE:-5}" # Default to 5 if not set in .env
+  SANDBOX_BASE_PYTHON_IMAGE=${SANDBOX_BASE_PYTHON_IMAGE-"sandbox-base-python:latest"}
+  SANDBOX_BASE_NODEJS_IMAGE=${SANDBOX_BASE_NODEJS_IMAGE-"sandbox-base-nodejs:latest"}
+else
+  echo "⚠️ .env not found, using default ports and pool size"
+  SANDBOX_EXECUTOR_MANAGER_PORT=9385
+  SANDBOX_EXECUTOR_MANAGER_POOL_SIZE=5
+  SANDBOX_BASE_PYTHON_IMAGE=sandbox-base-python:latest
+  SANDBOX_BASE_NODEJS_IMAGE=sandbox-base-nodejs:latest
+fi
+
+echo "📦 STEP 1: Build sandbox-base image ..."
+if [ -f .env ]; then
+  source .env &&
+    echo "🐍 Building base sandbox image for Python ($SANDBOX_BASE_PYTHON_IMAGE)..." &&
+    docker build -t "$SANDBOX_BASE_PYTHON_IMAGE" ./sandbox_base_image/python &&
+    echo "⬢ Building base sandbox image for Nodejs ($SANDBOX_BASE_NODEJS_IMAGE)..." &&
+    docker build -t "$SANDBOX_BASE_NODEJS_IMAGE" ./sandbox_base_image/nodejs
+else
+  echo "⚠️ .env file not found, skipping build."
+fi
+
+echo "🧹 STEP 2: Clean up old sandbox containers (sandbox_nodejs_0~$((SANDBOX_EXECUTOR_MANAGER_POOL_SIZE - 1)) and sandbox_python_0~$((SANDBOX_EXECUTOR_MANAGER_POOL_SIZE - 1))) ..."
+for i in $(seq 0 $((SANDBOX_EXECUTOR_MANAGER_POOL_SIZE - 1))); do
+  echo "🧹 Deleting sandbox_python_$i..."
+  docker rm -f "sandbox_python_$i" >/dev/null 2>&1 || true
+
+  echo "🧹 Deleting sandbox_nodejs_$i..."
+  docker rm -f "sandbox_nodejs_$i" >/dev/null 2>&1 || true
+done
+
+echo "🔧 STEP 3: Build executor services ..."
+docker compose build
+
+echo "🚀 STEP 4: Start services ..."
+docker compose up -d
+
+echo "⏳ STEP 5a: Check if ports are open (basic connectivity) ..."
+bash ./scripts/wait-for-it.sh "localhost" "$SANDBOX_EXECUTOR_MANAGER_PORT" -t 30
+
+echo "⏳ STEP 5b: Check if the interfaces are healthy (/healthz) ..."
+bash ./scripts/wait-for-it-http.sh "http://localhost:$SANDBOX_EXECUTOR_MANAGER_PORT/healthz" 30
+
+echo "✅ STEP 6: Run security tests ..."
+python3 ./tests/sandbox_security_tests_full.py
+
+echo "🎉 Service is ready: http://localhost:$SANDBOX_EXECUTOR_MANAGER_PORT/docs"

sandbox/scripts/stop.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+#  Copyright 2025 The InfiniFlow Authors. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+
+set -e
+
+BASE_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$BASE_DIR"
+
+echo "🛑 Stopping all services..."
+docker compose down
+
+echo "🧹 Deleting sandbox containers..."
+if [ -f .env ]; then
+  source .env
+  for i in $(seq 0 $((SANDBOX_EXECUTOR_MANAGER_POOL_SIZE - 1))); do
+    echo "🧹 Deleting sandbox_python_$i..."
+    docker rm -f "sandbox_python_$i" >/dev/null 2>&1 || true
+
+    echo "🧹 Deleting sandbox_nodejs_$i..."
+    docker rm -f "sandbox_nodejs_$i" >/dev/null 2>&1 || true
+  done
+else
+  echo "⚠️ .env not found, skipping container cleanup"
+fi
+
+echo "✅ Stopping and cleanup complete"

sandbox/scripts/wait-for-it-http.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+#  Copyright 2025 The InfiniFlow Authors. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+
+url=$1
+timeout=${2:-15}
+quiet=${3:-0}
+
+for i in $(seq "$timeout"); do
+  if curl -fs "$url" >/dev/null; then
+    [[ "$quiet" -ne 1 ]] && echo "✔ $url is healthy after $i seconds"
+    exit 0
+  fi
+  sleep 1
+done
+
+echo "✖ Timeout after $timeout seconds waiting for $url"
+exit 1

sandbox/scripts/wait-for-it.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+#  Copyright 2025 The InfiniFlow Authors. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+
+host=$1
+port=$2
+shift 2
+
+timeout=15
+quiet=0
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+  -t | --timeout)
+    timeout="$2"
+    shift 2
+    ;;
+  -q | --quiet)
+    quiet=1
+    shift
+    ;;
+  *)
+    break
+    ;;
+  esac
+done
+
+for i in $(seq "$timeout"); do
+  if nc -z "$host" "$port" >/dev/null 2>&1; then
+    [[ "$quiet" -ne 1 ]] && echo "✔ $host:$port is available after $i seconds"
+    exit 0
+  fi
+  sleep 1
+done
+
+echo "✖ Timeout after $timeout seconds waiting for $host:$port"
+exit 1