Skip to content

【2026犀牛鸟issue】CubeSandbox Webhook 事件通知 #642

Description

@fslongjin

【产品名称/功能模块】
CubeSandbox Webhook 事件通知

【问题描述】
Webhook 是在特定事件发生时,向用户指定 HTTP 端点发送的 HTTP 回调。CubeSandbox 作为面向 AI Agent 的安全沙箱服务,沙箱会高频创建、暂停、恢复与销毁,快照与模板构建也会触发关键状态变更。平台控制面虽已记录部分结构化日志事件(如 sandbox.createdsandbox.deleted),但尚未向用户提供可配置的 Webhook 订阅与异步投递能力。

缺乏 Webhook 时,上层 Agent 编排系统、运维平台或企业 IM 工具只能轮询 API 获取状态,无法做到实时联动。Webhook 可实现:沙箱生命周期实时通知、快照完成触发自动化流程、使用模式监控与分析、对接企业微信等第三方工具、关键变更的审计追踪等场景。

本 issue 为代码贡献任务,需阅读 CubeSandbox 现有代码(重点:CubeAPI 沙箱 Handler 与 logging 模块),在本地虚拟机部署的 CubeSandbox 环境上完成开发与验证。

【期望内容/功能改进】
1)支持配置一个或多个 Webhook 端点(配置文件或环境变量方式,可选提供 REST API 管理);
2)支持按事件类型订阅,至少覆盖 4 类沙箱生命周期事件:sandbox.createdsandbox.deletedsandbox.pausedsandbox.resumed
3)事件触发时向已订阅端点异步发送 JSON 格式的 HTTP POST,请求体至少包含 eventtimestampsandbox_id,并尽量携带 template_id 等上下文字段;
4)投递过程不得阻塞沙箱创建/销毁等主路径,须使用异步队列或后台任务;
5)支持可选的 HMAC-SHA256 签名机制,便于接收方验签;
6)投递失败时应有重试策略(建议指数退避)并记录错误日志;
7)在 examples/ 目录下提供可运行的 Webhook 接收端示例及 README;
8)提供集成说明文档,包含配置方法、Payload 说明、签名验证示例,以及对接企业微信机器人或通用 HTTP 告警的参考做法;
9)补充必要的单元测试或集成测试(可使用 mock HTTP server),提交 Pull Request 合入上游仓库。

【验收标准】
输出需具备如下功能:
1)能通过配置注册 Webhook 端点,并按事件类型订阅;
2)在本地 CubeSandbox 部署环境中,创建/暂停/恢复/销毁沙箱时,示例接收端能收到对应 Webhook 回调,且 Payload 字段正确;
3)Webhook 投递为异步非阻塞,接收端超时或不可达时,沙箱 API 请求仍能正常成功;
4)若启用签名,接收端能按文档完成验签;
5)投递失败时有重试并记录日志;
6)提供可运行的接收端示例与文档,其他同学可依照文档在 30 分钟内跑通验证;
7)单元测试覆盖核心投递逻辑,PR 通过项目代码规范检查。

【认领规则】
本issue为2026犀牛鸟开源人才培养活动专属issue,仅供已报名参与犀牛鸟活动的同学认领
【认领时间】7月1日~7月31日(7月1日前认领视为无效❗)
【认领方式】在本issue评论区回复“已认领本任务”,即视为认领成功
【活动报名】需提前完成犀牛鸟报名问卷,问卷将用于活动登记和奖励发放:https://wj.qq.com/s2/26888567/gh2q
【微信添加Cube社区小助手进入交流群】:CubeSandbox


【Product Name / Feature Module】
CubeSandbox Webhook Event Notifications

【Problem Description】
A Webhook is an HTTP callback sent to a user-specified HTTP endpoint when a specific event occurs. CubeSandbox is a security sandbox service for AI Agents. Sandboxes are created, paused, resumed, and destroyed at high frequency, and snapshot and template builds also trigger critical state changes. Although the platform control plane already records some structured log events (e.g., sandbox.created, sandbox.deleted), it does not yet provide users with configurable Webhook subscriptions and asynchronous delivery.

Without Webhooks, upstream Agent orchestration systems, operations platforms, or enterprise IM tools can only poll APIs for status and cannot achieve real-time integration. Webhooks enable scenarios such as: real-time sandbox lifecycle notifications, triggering automated workflows when snapshots complete, usage pattern monitoring and analysis, integration with third-party tools like WeCom (Enterprise WeChat), and audit tracking of critical changes.

This issue is a code contribution task. You must read the existing CubeSandbox codebase (focus on the CubeAPI sandbox handlers and the logging module) and complete development and verification on a locally deployed CubeSandbox environment.

【Expected Content / Feature Improvements】

  1. Support configuring one or more Webhook endpoints (via configuration file or environment variables; optionally provide REST API management);
  2. Support subscription by event type, covering at least 4 sandbox lifecycle events: sandbox.created, sandbox.deleted, sandbox.paused, sandbox.resumed;
  3. When an event is triggered, asynchronously send an HTTP POST in JSON format to subscribed endpoints; the request body must include at least event, timestamp, and sandbox_id, and should include contextual fields such as template_id where possible;
  4. Delivery must not block the main path of sandbox creation/destruction, etc.; use an asynchronous queue or background tasks;
  5. Support an optional HMAC-SHA256 signing mechanism to allow receivers to verify signatures;
  6. On delivery failure, implement a retry strategy (exponential backoff recommended) and log errors;
  7. Provide a runnable Webhook receiver example and README under the examples/ directory;
  8. Provide integration documentation covering configuration, payload specification, signature verification examples, and reference approaches for integrating with WeCom bots or generic HTTP alerting;
  9. Add necessary unit tests or integration tests (mock HTTP server may be used) and submit a Pull Request to merge into the upstream repository.

【Acceptance Criteria】
The deliverable must provide the following capabilities:

  1. Webhook endpoints can be registered via configuration and subscribed by event type;
  2. In a local CubeSandbox deployment, when sandboxes are created/paused/resumed/destroyed, the example receiver receives the corresponding Webhook callbacks with correct payload fields;
  3. Webhook delivery is asynchronous and non-blocking; when the receiver times out or is unreachable, sandbox API requests still succeed normally;
  4. If signing is enabled, the receiver can verify signatures according to the documentation;
  5. Failed deliveries are retried and logged;
  6. Provide a runnable receiver example and documentation so others can complete end-to-end verification within 30 minutes by following the docs;
  7. Unit tests cover core delivery logic, and the PR passes the project's code quality checks.

【Claim Rules】
This issue is exclusive to the 2026 Tencent Rhino Bird Open Source Talent Training Program and may only be claimed by students who have registered for the Rhino Bird program.
【Claim Period】July 1 – July 31 (claims before July 1 are invalid ❗)
【How to Claim】Reply "已认领本任务" (I have claimed this task) in the comments on this issue to claim successfully
【Program Registration】Complete the Rhino Bird registration questionnaire in advance; it will be used for program enrollment and reward distribution: https://wj.qq.com/s2/26888567/gh2q
【Join the Cube Community Group】Add the CubeSandbox community assistant ( WeChat: CubeSandbox ) to join the discussion group

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions