feat(server): implement OSEP-0011 signed endpoint for secure route access (#787)

* feat(server): implement OSEP-0011 signed endpoint for secure route access

Add route signing utilities (base36 expiry, SHA256-based signature), config
models for secure access keys, and API/service layer changes to issue
time-limited signed route tokens on GetEndpoint.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore: remove routeToken field from Endpoint schema

The routeToken field is not needed since the signed route is already
embedded in the endpoint URL. Remove the corresponding field from the
schema, the build_signed_route_token utility, and all related tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat(sdk): add GetSignedEndpoint to all five SDKs

Implement get_signed_endpoint across Go, JS, Python, Kotlin, and C#
SDKs. Each SDK exposes a new method (GetSignedEndpoint / get_signed_endpoint /
getSignedEndpoint) that calls the existing endpoint API with the expires
query parameter for OSEP-0011 signed route tokens.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat(helm): shared signing key config for server and ingress

Add server.gateway.secureAccess to values.yaml. When keys are provided,
the Helm chart renders [ingress.secure_access] into the server's TOML
config and passes --secure-access-keys to the ingress gateway container,
ensuring both sides use the same OSEP-0011 signing keys.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat(e2e): add GetSignedEndpoint test and signing key config for ingress

Add K8s E2E test for OSEP-0011 signed endpoints: verify route token is
returned, make a /ping call through the gateway with the signed endpoint,
and confirm expired timestamps are rejected. Wire signing keys into Helm
values so server and ingress share the same key for E2E runs.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(kotlin): fix spotless formatting on getSignedEndpoint

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(js): convert expires to string in getSignedEndpoint query param

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(python): convert expires to str in get_signed_sandbox_endpoint calls

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(csharp): add GetSignedSandboxEndpointAsync to test stub

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(e2e): prepend protocol to signed endpoint URL for /ping call

The API returns endpoint without scheme; the SDK internally prepends
{protocol}://. Match that in the E2E test.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore(e2e): log all headers from signed endpoint response

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(csharp): remove made-up X-Route-Token header from test stub

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs: mark OSEP-0011 as implemented

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(server): omit SecureAccessToken header from signed endpoint response
feat(tests): verify signed endpoint omits and unsigned includes the header

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(server): reject expires values exceeding uint64 max before signing

Without this check, values > uint64 max reach encode_expires_b36()
and raise ValueError, which the generic exception handler converts
into a 500. Validate explicitly and return 400 INVALID_PARAMETER.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(server): enforce unique secure_access key_ids in config validation

Duplicate key_id entries cause a runtime mismatch: server signs with the
first match while ingress stores keys in a map (last duplicate wins),
making all signed endpoints fail verification.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(server): rename leftover reference to key_ids -> seen after refactor

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Author: Pangjiping

kubernetes/charts/opensandbox-server/templates/_helpers.tpl

@@ -117,6 +117,16 @@ mode = {{ .Values.server.gateway.enabled | ternary "gateway" "direct" | quote }}
 gateway.address = {{ .Values.server.gateway.host | quote }}
 gateway.route.mode = {{ .Values.server.gateway.gatewayRouteMode | quote }}
 {{- end }}
+{{- if and .Values.server.gateway.enabled .Values.server.gateway.secureAccess.keys }}
+
+[ingress.secure_access]
+active_key = {{ .Values.server.gateway.secureAccess.activeKey | quote }}
+{{- range .Values.server.gateway.secureAccess.keys }}
+[[ingress.secure_access.keys]]
+key_id = {{ .key_id | quote }}
+key = {{ .key | quote }}
+{{- end }}
+{{- end }}
 
 {{- end }}
 

kubernetes/charts/opensandbox-server/templates/ingress-gateway.yaml

@@ -76,6 +76,9 @@ spec:
             - "--provider-type={{ .Values.server.gateway.providerType }}"
             - "--mode={{ .Values.server.gateway.gatewayRouteMode }}"
             - "--log-level={{ .Values.server.gateway.logLevel }}"
+{{- if .Values.server.gateway.secureAccess.keys }}
+            - "--secure-access-keys={{- range $i, $k := .Values.server.gateway.secureAccess.keys }}{{ if $i }},{{ end }}{{ $k.key_id }}={{ $k.key }}{{- end }}"
+{{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.server.gateway.port }}

kubernetes/charts/opensandbox-server/values.yaml

@@ -54,6 +54,14 @@ server:
       requests:
         cpu: "1"
         memory: 4Gi
+    # OSEP-0011 signing keys shared between server and ingress.
+    # When keys are provided, the server signs route tokens with the active key
+    # and the ingress gateway verifies them.
+    secureAccess:
+      activeKey: ""
+      # List of signing keys. Each entry: { key_id: "a", key: "<base64-secret>" }.
+      # key_id must be exactly one character in [0-9a-z].
+      keys: []
 
 # -- Server config (TOML). Mounted at /etc/opensandbox/config.toml.
 configToml: |

oseps/0011-secure-access-endpoint.md

@@ -3,8 +3,8 @@ title: Secure Access on GetEndpoint and Signed Endpoint
 authors:
   - "@Pangjiping"
 creation-date: 2026-04-19
-last-updated: 2026-04-21
-status: implementing
+last-updated: 2026-04-25
+status: implemented
 ---
 
 # OSEP-0011: Secure Access on GetEndpoint and Signed Endpoint

oseps/README.md

@@ -16,3 +16,4 @@ This is the complete list of OpenSandbox Enhancement Proposals:
 |     [OSEP-0008](0008-pause-resume-rootfs-snapshot.md)      |    Pause and Resume via Rootfs Snapshot    | implementing  |  2026-03-13  |
 | [OSEP-0009](0009-auto-renew-sandbox-on-ingress-access.md)  |    Auto-Renew Sandbox on Ingress Access    |  implemented  |  2026-03-23  |
 | [OSEP-0010](0010-opentelemetry-instrumentation.md)             |      OpenTelemetry Metrics and Logs (execd, egress, and ingress)           | implementing  |  2026-04-12  |
+| [OSEP-0011](0011-secure-access-endpoint.md)                    |      Secure Access on GetEndpoint and Signed Endpoint                     |  implemented  |  2026-04-25  |

scripts/common/kubernetes-e2e.sh

@@ -131,6 +131,9 @@ EOF
 }
 
 k8s_e2e_write_server_helm_values() {
+  local signing_key
+  signing_key=$(openssl rand -base64 32 | tr -d '\n')
+
   {
     cat <<EOF
 server:
@@ -165,6 +168,11 @@ EOF
       requests:
         cpu: "250m"
         memory: 512Mi
+    secureAccess:
+      activeKey: "a"
+      keys:
+        - key_id: "a"
+          key: "${signing_key}"
 EOF
     fi
     cat <<EOF

sdks/sandbox/csharp/src/OpenSandbox/Adapters/SandboxesAdapter.cs

@@ -143,6 +143,32 @@ public async Task<Endpoint> GetSandboxEndpointAsync(
             queryParams,
             cancellationToken: cancellationToken).ConfigureAwait(false);
 
+        return ParseEndpointResponse(response);
+    }
+
+    public async Task<Endpoint> GetSignedSandboxEndpointAsync(
+        string sandboxId,
+        int port,
+        long expires,
+        bool useServerProxy = false,
+        CancellationToken cancellationToken = default)
+    {
+        var queryParams = new Dictionary<string, string?>
+        {
+            ["use_server_proxy"] = useServerProxy ? "true" : "false",
+            ["expires"] = expires.ToString()
+        };
+
+        var response = await _client.GetAsync<JsonElement>(
+            $"/sandboxes/{Uri.EscapeDataString(sandboxId)}/endpoints/{port}",
+            queryParams,
+            cancellationToken: cancellationToken).ConfigureAwait(false);
+
+        return ParseEndpointResponse(response);
+    }
+
+    private static Endpoint ParseEndpointResponse(JsonElement response)
+    {
         return new Endpoint
         {
             EndpointAddress = response.GetProperty("endpoint").GetString() ?? throw new SandboxApiException("Missing endpoint in response"),

sdks/sandbox/csharp/src/OpenSandbox/Sandbox.cs

@@ -562,6 +562,19 @@ public Task<Endpoint> GetEndpointAsync(int port, CancellationToken cancellationT
         return _sandboxes.GetSandboxEndpointAsync(Id, port, ConnectionConfig.UseServerProxy, cancellationToken);
     }
 
+    /// <summary>
+    /// Gets a signed endpoint for a port with an OSEP-0011 route token.
+    /// </summary>
+    /// <param name="port">The port number.</param>
+    /// <param name="expires">Unix epoch seconds for the signed route token expiry.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>The endpoint information.</returns>
+    /// <exception cref="SandboxApiException">Thrown when the sandbox API returns an error.</exception>
+    public Task<Endpoint> GetSignedEndpointAsync(int port, long expires, CancellationToken cancellationToken = default)
+    {
+        return _sandboxes.GetSignedSandboxEndpointAsync(Id, port, expires, ConnectionConfig.UseServerProxy, cancellationToken);
+    }
+
     /// <summary>
     /// Gets the endpoint URL for a port.
     /// </summary>

sdks/sandbox/csharp/src/OpenSandbox/Services/ISandboxes.cs

@@ -119,4 +119,22 @@ Task<Endpoint> GetSandboxEndpointAsync(
         int port,
         bool useServerProxy = false,
         CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Gets a signed endpoint for a sandbox port with an OSEP-0011 route token.
+    /// </summary>
+    /// <param name="sandboxId">The sandbox ID.</param>
+    /// <param name="port">The port number.</param>
+    /// <param name="expires">Unix epoch seconds for the signed route token expiry.</param>
+    /// <param name="useServerProxy">Whether to return a server-proxied URL.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>The endpoint information.</returns>
+    /// <exception cref="InvalidArgumentException">Thrown when arguments are invalid.</exception>
+    /// <exception cref="SandboxException">Thrown when the sandbox service request fails.</exception>
+    Task<Endpoint> GetSignedSandboxEndpointAsync(
+        string sandboxId,
+        int port,
+        long expires,
+        bool useServerProxy = false,
+        CancellationToken cancellationToken = default);
 }

sdks/sandbox/csharp/tests/OpenSandbox.Tests/SandboxEgressLifecycleTests.cs

@@ -236,6 +236,19 @@ public Task<Endpoint> GetSandboxEndpointAsync(string sandboxId, int port, bool u
                 }
             });
         }
+
+        public Task<Endpoint> GetSignedSandboxEndpointAsync(string sandboxId, int port, long expires, bool useServerProxy = false, CancellationToken cancellationToken = default)
+        {
+            EndpointCalls.Add(port);
+            return Task.FromResult(new Endpoint
+            {
+                EndpointAddress = $"127.0.0.1:{port}",
+                Headers = new Dictionary<string, string>
+                {
+                    ["X-Port"] = port.ToString()
+                }
+            });
+        }
     }
 
     private sealed class StubEgress : IEgress