Skip to content

【2026犀牛鸟issue】CubeSandbox WebUI 容器实例终端登录(Web Terminal) #643

Description

@fslongjin

【产品名称/功能模块】
CubeSandbox WebUI 容器实例终端登录(Web Terminal)(PR合入类)

【问题描述】
CubeSandbox 的沙箱/容器实例运行在隔离环境中,开发者与运维人员经常需要"登录"进某个运行中的实例,进行调试、排查问题、手动安装依赖或执行临时命令。当前平台已提供命令执行能力,但 WebUI 上缺少一个交互式终端入口——用户无法在控制台直接打开一个 shell 进入指定实例,只能自行借助 CLI 或 SDK 拼接调用,使用体验割裂、上手成本高。

本 issue 希望在 CubeSandbox WebUI 上为运行中的沙箱/容器实例提供交互式终端登录能力,让用户在浏览器里即可获得一个完整的 shell 会话。

本 issue 为代码贡献任务,需阅读 CubeSandbox 现有代码(重点:沙箱命令执行相关能力、WebUI 前端工程、平台既有的 WebSocket 通道与鉴权机制),在本地虚拟机部署的 CubeSandbox 环境上完成开发与验证。

【期望内容/功能改进】
1)在 WebUI 的沙箱/容器实例列表或详情页,对运行中的实例提供"打开终端"入口,点击后弹出交互式终端面板;
2)终端基于成熟的 Web 终端组件实现,支持完整的交互式 shell 体验:输入输出、ANSI 颜色与光标控制、窗口尺寸自适应(resize)、复制粘贴、滚动回溯等;
3)后端提供基于 WebSocket 的交互式终端通道,将浏览器终端与实例的标准输入/输出/错误流双向打通,支持 TTY 模式与终端尺寸同步;应复用底层已有的容器执行/附着能力,不另起一套执行机制;
4)支持会话管理:终端会话的建立、保持、空闲超时与主动断开;异常断线时给出明确提示并支持重连;同一实例允许多开终端会话;
5)鉴权与访问控制:终端登录须经平台鉴权,仅授权用户可登录对应实例;校验目标实例存在且处于可登录状态(运行中),否则禁用入口并提示;记录终端会话的访问审计日志(操作人、时间、目标实例);
6)支持多容器选择:一个沙箱包含多个容器时,可选择登录到指定容器;实例未运行或不可登录时给出清晰提示;
7)安全:终端通道沿用平台 HTTPS/WSS 加密传输;终端内可执行操作不超出实例既有权限边界,避免成为绕过出口/安全策略的通道;
8)用户体验与国际化:终端面板支持全屏、字号等基本设置(可选);界面文案纳入 WebUI 既有多语言体系;
9)文档与示例:补充 WebUI 终端登录的使用说明、权限要求与已知限制;提供必要的截图或说明;
10)测试:补充后端通道的单元/集成测试(会话建立、鉴权、断开、尺寸同步)与前端终端组件的基本测试,提交 Pull Request 合入上游仓库。

【验收标准】
输出需具备如下功能:
1)WebUI 实例列表/详情页对运行中的沙箱/容器实例可见"打开终端"入口,点击后弹出交互式终端;
2)终端可成功登录目标实例,执行如 lstopping 等命令,输入输出正常,ANSI 颜色与光标显示正确,且支持窗口 resize;
3)多个用户或多个实例可同时使用终端互不干扰,切换实例登录正确;
4)未授权用户无法登录;实例未运行时入口禁用并有提示;
5)终端会话支持主动断开与空闲超时,异常断线有明确提示;
6)终端登录行为有访问审计日志记录;
7)在本地 CubeSandbox 部署环境中,其他同学可依照文档在 30 分钟内从 WebUI 登录一个运行中的容器实例并执行命令;
8)单元/集成测试覆盖核心逻辑,PR 通过项目代码规范检查。

【认领规则】
本issue为2026犀牛鸟开源人才培养活动专属issue,仅供已报名参与犀牛鸟活动的同学认领
【认领时间】7月1日~7月31日(7月1日前认领视为无效❗)
【认领方式】在本issue评论区回复“已认领本任务”,即视为认领成功
【活动报名】需提前完成犀牛鸟报名问卷,问卷将用于活动登记和奖励发放:https://wj.qq.com/s2/26888567/gh2q
【微信添加Cube社区小助手进入交流群】:CubeSandbox


【Product Name / Feature Module】
CubeSandbox WebUI Container Instance Terminal Login (Web Terminal) (PR Merge Task)

【Problem Description】
CubeSandbox sandboxes/container instances run in isolated environments. Developers and operators often need to "log in" to a running instance for debugging, troubleshooting, manually installing dependencies, or running ad hoc commands. The platform already provides command execution capabilities, but the WebUI lacks an interactive terminal entry point—users cannot open a shell directly in the console to access a specific instance and must instead stitch together CLI or SDK calls on their own, resulting in a fragmented experience and a steep learning curve.

This issue aims to provide interactive terminal login for running sandboxes/container instances in the CubeSandbox WebUI, giving users a full shell session directly in the browser.

This issue is a code contribution task. You must read the existing CubeSandbox codebase (focus on sandbox command execution capabilities, the WebUI frontend project, and the platform's existing WebSocket channels and authentication mechanisms) and complete development and verification on a locally deployed CubeSandbox environment.

【Expected Content / Feature Improvements】

  1. On the WebUI sandbox/container instance list or detail page, provide an "Open Terminal" entry for running instances; clicking it opens an interactive terminal panel;
  2. Implement the terminal using a mature web terminal component, supporting a full interactive shell experience: input/output, ANSI colors and cursor control, window resize adaptation, copy/paste, scrollback, etc.;
  3. The backend provides a WebSocket-based interactive terminal channel that bidirectionally connects the browser terminal to the instance's standard input/output/error streams, supporting TTY mode and terminal size synchronization; reuse the existing underlying container exec/attach capabilities rather than building a separate execution mechanism;
  4. Support session management: terminal session establishment, keep-alive, idle timeout, and active disconnect; provide clear prompts on abnormal disconnect and support reconnection; allow multiple terminal sessions per instance;
  5. Authentication and access control: terminal login must go through platform authentication; only authorized users may log in to the corresponding instance; verify that the target instance exists and is in a loggable state (running), otherwise disable the entry and show a prompt; record access audit logs for terminal sessions (operator, time, target instance);
  6. Support multi-container selection: when a sandbox contains multiple containers, allow logging in to a specific container; provide clear prompts when the instance is not running or not loggable;
  7. Security: the terminal channel uses the platform's existing HTTPS/WSS encrypted transport; operations executable within the terminal must not exceed the instance's existing permission boundaries, avoiding becoming a channel to bypass egress/security policies;
  8. User experience and internationalization: the terminal panel supports basic settings such as fullscreen and font size (optional); UI text should be integrated into the WebUI's existing i18n system;
  9. Documentation and examples: add usage instructions for WebUI terminal login, permission requirements, and known limitations; provide necessary screenshots or descriptions;
  10. Testing: add unit/integration tests for the backend channel (session establishment, authentication, disconnect, size sync) and basic tests for the frontend terminal component; submit a Pull Request to merge into the upstream repository.

【Acceptance Criteria】
The deliverable must provide the following capabilities:

  1. The WebUI instance list/detail page shows an "Open Terminal" entry for running sandboxes/container instances; clicking it opens an interactive terminal;
  2. The terminal successfully logs in to the target instance; commands such as ls, top, and ping execute with normal input/output, correct ANSI colors and cursor display, and support window resize;
  3. Multiple users or multiple instances can use terminals concurrently without interference; switching instances logs in correctly;
  4. Unauthorized users cannot log in; when an instance is not running, the entry is disabled with a prompt;
  5. Terminal sessions support active disconnect and idle timeout; abnormal disconnects show clear prompts;
  6. Terminal login actions are recorded in access audit logs;
  7. In a local CubeSandbox deployment, others can follow the documentation to log in to a running container instance from the WebUI and execute commands within 30 minutes;
  8. Unit/integration tests cover core logic, and the PR passes the project's code quality checks.

【Claim Rules】
This issue is exclusive to the 2026 Tencent Rhino Bird Open Source Talent Training Program and may only be claimed by students who have registered for the Rhino Bird program.
【Claim Period】July 1 – July 31 (claims before July 1 are invalid ❗)
【How to Claim】Reply "已认领本任务" (I have claimed this task) in the comments on this issue to claim successfully
【Program Registration】Complete the Rhino Bird registration questionnaire in advance; it will be used for program enrollment and reward distribution: https://wj.qq.com/s2/26888567/gh2q
【Join the Cube Community Group on WeChat】Add the Cube community assistant on WeChat (WeChat ID: CubeSandbox) to join the discussion group

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions