sandbox: dynamic directory mount & snapshot in go + adds detach

[thomasjpfan]

This PR cherry picks files from the following PRs to just implement the dynamic directory mounts for Go:

• Implement sandbox exec through command router - Go #242
• sandbox: dynamic directory mount & snapshot - Go #243

This includes the task command router. I think this is a smaller change and does not impact any public API around sb.exec. Once we have this in, then #242 is easier to review.

[cursor]

PR Summary

Medium Risk
Introduces a new gRPC client path (task command router) with JWT refresh/retry logic and changes the Sandbox.Terminate API, so regressions could affect sandbox lifecycle and new mount/snapshot behavior.

Overview
Adds sandbox connection lifecycle management to Go: Sandbox.Detach() closes command-router resources and makes the Sandbox object unusable thereafter (SandboxDetached), while Sandbox.Terminate now takes a detach flag (plus params) to optionally detach after terminating.

Introduces experimental dynamic directory mount & snapshot for Sandboxes via a new TaskCommandRouterClient (JWT-based auth with refresh + transient retry), exposed as Sandbox.ExperimentalMountImage and Sandbox.ExperimentalSnapshotDirectory, and updates examples/tests/docs accordingly (including new mount/snapshot example and updated termination calls).

^{Written by Cursor Bugbot for commit 4c46034. This will update automatically on new commits. Configure here.}

[ehdr]

I think this whole thing should no longer be needing after @saltzm fixed something server side, so might work if you just remove it and use the default?

[thomasjpfan]

Updated PR with:

• Remove the ALPN workaround and verify that taking to the TCR still works
• Adds Detach back to both typescript and go

[thomasjpfan]

I updated PR:

• Disable almost every operation after Detach and added test for this behavior* (Details below)
• Removed the JS changes, the PR is already getting too big. I'll open a smaller PR to add Detach to JS.

While implementing this, I made some decisions that are debatable:

• Terminate is still allowed after Detach. It feels a little weird to not be able to terminate the sandbox after detach.
  • I'm open to changing this.
• Terminate does not mark the sandbox as detached, so you can still call sb.Wait after calling Terminate. Terminate will still close the task command routers.
  • An alternative is to allow Terminate , Wait and Poll for a detached sandbox and have Terminate mark the sandbox as detached.

[saltzm]

Everything looks good mod the comment about task_command_router_insecure which isn't being used anymore in the python client

[saltzm]

I think I might find this error message confusing if I do like sb.Exec() and get this back - I'll be like "why is it telling me not to call Detach, I'm calling Exec".

I'd expect something more like "Unable to perform operation on a detached sandbox" or "Operations on sandbox after Detach are not allowed" or some such thing

[cursor]

Cursor Bugbot has reviewed your changes and found 4 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Deferred terminate fails after manual detach in examples

Medium Severity

Deferred Terminate calls fail because the target sandbox is already detached. This occurs when a sandbox is explicitly detached or terminated with detach=true before the deferred call executes, leading to a fatal log.

Additional Locations (1)

• modal-go/examples/sandbox-volume-ephemeral/main.go#L45-L50

 

[cursor]

Duplicated retryable gRPC status codes map

Low Severity

commandRouterRetryableCodes is identical to retryableGrpcStatusCodes defined in client.go (lines 285-291). Both maps contain the exact same five gRPC status codes: DeadlineExceeded, Unavailable, Canceled, Internal, and Unknown. The existing retryableGrpcStatusCodes variable could be reused instead of defining a duplicate.

 

[cursor]

Exported interface only used internally

Low Severity

RetryableClient is exported (capitalized) but its methods authContext and refreshJwt are unexported (lowercase). This makes the interface unusable outside the package since external code cannot implement unexported methods. The interface is only used by the unexported callWithAuthRetry function, so it should be unexported as retryableClient.

 

[cursor]

Unused parameter and empty params struct

Low Severity

SandboxTerminateParams is an empty struct and the params parameter in Terminate() is never referenced in the function body. The parameter exists but serves no purpose in the current implementation.