feat: async sandbox lifecycle with Redis Stream events

Replace synchronous RPC-based CP-host communication for sandbox lifecycle operations (Create, Pause, Resume, Destroy) with an async pattern. CP handlers now return 202 Accepted immediately, fire agent RPCs in background goroutines, and publish state events to a Redis Stream. A background consumer processes events as a fallback writer. Agent-side auto-pause events are pushed to the CP via HTTP callback (POST /v1/hosts/sandbox-events), keeping Redis internal to the CP. All DB status transitions use conditional updates (UpdateSandboxStatusIf, UpdateSandboxRunningIf) to prevent race conditions between concurrent operations and background goroutines. The HostMonitor reconciler is kept at 60s as a safety net, extended to handle transient statuses (starting, pausing, resuming, stopping). Frontend updated to handle 202 responses with empty bodies and render transient statuses with blue indicators.
2026-05-15 12:25:16 +06:00
parent c08884fa2c
commit 6faad45a28
18 changed files with 944 additions and 128 deletions
--- a/pkg/cpserver/run.go
+++ b/pkg/cpserver/run.go
@ -187,8 +187,13 @@ func Run(opts ...Option) {
 	// Start channel event dispatcher.
 	channelDispatcher.Start(ctx)

-	// Start host monitor (passive + active reconciliation every 30s).
-	monitor := api.NewHostMonitor(queries, hostPool, al, 15*time.Second)
+	// Start sandbox event consumer (processes lifecycle events from Redis stream).
+	sandboxEventConsumer := api.NewSandboxEventConsumer(rdb, queries, al)
+	sandboxEventConsumer.Start(ctx)
+
+	// Start host monitor (passive + active reconciliation every 60s).
+	// Reduced from 15s since async events handle the normal case.
+	monitor := api.NewHostMonitor(queries, hostPool, al, 60*time.Second)
 	monitor.Start(ctx)

 	// Hard-delete accounts that have been soft-deleted for more than 15 days (runs every 24h).