Execute type/param addition in GkeCodeExecutor

[SHRUTI6991]

Description:

Link to an existing issue (if applicable):

#3263

This PR is an initial draft for the changes made in GkeCodeExecutor to add a new param called executor_type which takes either job / sandbox. Currently GkeCodeExecutor can only execute python code, so the changes made also focusses on executing ONLY python code via sandbox client.

Testing Plan

Unit Tests:

Addition of new Unit tests to verify forking of code between sandbox vs job.

• [yes] I have added or updated unit tests for my change.
• [yes] All unit tests pass locally.

Please include a summary of passed pytest results.

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
======================== 9 passed, 2 warnings in 2.72s =========================
Finished running tests!

Manual End-to-End (E2E) Tests:

Integration test by running a simple AI Agent: https://google.github.io/adk-docs/tools/google-cloud/gke-code-executor/ to write and execute Python code. The sandbox was connected via local tunnel for testing.

2026-01-10 00:46:28,105 - INFO - sandbox_client.py:159 - Creating SandboxClaim 'sandbox-claim-4d0f82e0' in namespace 'agent-sandbox-system' using template 'python-sandbox-template'...
2026-01-10 00:46:28,340 - INFO - sandbox_client.py:180 - Watching for Sandbox to become ready...
2026-01-10 00:46:39,284 - INFO - sandbox_client.py:208 - Sandbox sandbox-claim-4d0f82e0 is ready.
2026-01-10 00:46:39,285 - INFO - sandbox_client.py:243 - Starting Dev Mode tunnel: localhost:49605 -> svc/sandbox-router-svc:8080...
2026-01-10 00:46:39,288 - INFO - sandbox_client.py:259 - Waiting for port-forwarding to be ready...
2026-01-10 00:46:40,289 - INFO - sandbox_client.py:271 - Dev Mode ready. Tunneled to Router at http://127.0.0.1:49605
2026-01-10 00:46:40,790 - INFO - gke_code_executor.py:156 - Executing code in sandbox:

def fibonacci(n):
  """
  This function calculates the nth Fibonacci number.

  Args:
    n: The index of the Fibonacci number to calculate (starting from 0).

  Returns:
    The nth Fibonacci number.
  """
  if n <= 0:
    return 0
  elif n == 1:
    return 1
  else:
    a = 0
    b = 1
    for _ in range(2, n + 1):
      c = a + b
      a = b
      b = c
    return b

# Get the first fibonacci number (index 0)
first_fibonacci = fibonacci(0) 

# Print the first fibonacci number
print(first_fibonacci)

2026-01-10 00:46:40,958 - INFO - sandbox_client.py:464 - File 'script.py' uploaded successfully.
2026-01-10 00:46:41,031 - INFO - sandbox_client.py:356 - Stopping port-forwarding...
2026-01-10 00:46:41,034 - INFO - sandbox_client.py:368 - Deleting SandboxClaim: sandbox-claim-4d0f82e0

Output:

Checklist

• [ yes] I have read the CONTRIBUTING.md document.
• [yes] I have performed a self-review of my own code.
• [yes] I have commented my code, particularly in hard-to-understand areas.
• [yes] I have added tests that prove my fix is effective or that my feature works.
• [yes] New and existing unit tests pass locally with my changes.
• [yes] I have manually tested my changes end-to-end.
• [yes] Any dependent changes have been merged and published in downstream modules.

Additional context

Add any other context or screenshots about the feature request here.

[gemini-code-assist]

Summary of Changes

Hello @SHRUTI6991, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the GkeCodeExecutor by introducing a new executor_type configuration, enabling a choice between traditional Kubernetes Job-based execution and a new, more isolated sandbox environment. This change provides greater flexibility and security for running code, initially focusing on Python code within the sandbox, and lays the groundwork for future expansion of execution methods.

Highlights

• Flexible Execution: Introduced an executor_type parameter in GkeCodeExecutor allowing users to choose between "job" (Kubernetes Job) and "sandbox" for code execution.
• Sandbox Integration: Integrated the agentic_sandbox client to enable secure, sandboxed execution of Python code, addressing the current limitation of GkeCodeExecutor.
• Code Refactoring: The core execute_code method was refactored into _execute_in_sandbox and _execute_as_job to cleanly separate execution logic based on the chosen executor_type.
• Expanded Test Coverage: New unit tests were added to specifically verify the correct routing of code execution based on the executor_type parameter, ensuring both sandbox and job paths are correctly handled.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new execution path in GkeCodeExecutor to use agentic-sandbox, controlled by a new executor_type parameter. The changes are logical and the addition of unit tests for the new branching logic is great. My feedback focuses on improving robustness, configurability, and code quality. Key suggestions include pinning the new git dependency for build stability, making the sandbox template name configurable, ensuring consistent logger usage, fixing a potential type error, and making the executor type selection logic more robust.

[gemini-code-assist]

The agentic_sandbox dependency is sourced directly from the main branch of a git repository. This can lead to non-reproducible builds and unexpected breakages when the main branch is updated. It's highly recommended to pin this dependency to a specific commit hash to ensure stability.

Additionally, the indentation for this line is inconsistent with the surrounding lines. It should be 2 spaces to match the other dependencies.

Suggested change

	"agentic_sandbox @ git+https://github.com/kubernetes-sigs/agent-sandbox.git@main#subdirectory=clients/python/agentic-sandbox-client", # For Agent Sandboxed Code Execution
	"agentic_sandbox @ git+https://github.com/kubernetes-sigs/agent-sandbox.git@<SPECIFIC_COMMIT_HASH>#subdirectory=clients/python/agentic-sandbox-client", # For Agent Sandboxed Code Execution

[gemini-code-assist]

The stderr attribute of CodeExecutionResult is typed as str, but this expression can result in None if result.stderr is falsy (like an empty string or None). This could cause type errors in code that consumes this result. To ensure stderr is always a string, you can use result.stderr or "".

Suggested change

	stderr=result.stderr if result.stderr else None
	stderr=result.stderr or ""

[gemini-code-assist]

The template_name for the SandboxClient is hardcoded as "python-sandbox-template". To improve flexibility and configurability, consider making this a class attribute of GkeCodeExecutor, similar to how image is handled for the job-based executor.

You could add this to the class attributes:

sandbox_template_name: str = "python-sandbox-template"

And then use self.sandbox_template_name here.

[gemini-code-assist]

This file defines a module-level logger instance. For consistency and to ensure logs are correctly associated with this module, please use logger.debug instead of the global logging.debug.

Suggested change

	logging.debug("Executing code in sandbox:\n```\n%s\n```", code)
	logger.debug("Executing code in sandbox:\n```\n%s\n```", code)

[gemini-code-assist]

This block has a couple of areas for improvement:

1. Robustness: The logic defaults to the 'job' executor for any executor_type that is not 'sandbox'. This could hide configuration errors if an invalid type is provided. It would be more robust to explicitly check for 'job' and raise a ValueError for any unsupported types.
2. Style: There are extraneous indented blank lines (222, 224), which affects code style.

The suggested change addresses both points.

Suggested change

	"""Overrides the base method to route execution based on executor_type."""
	code = code_execution_input.code
	if self.executor_type == "sandbox":
	return self._execute_in_sandbox(code)
	else:
	# Fallback to existing GKE Job logic
	return self._execute_as_job(code, invocation_context)
	"""Overrides the base method to route execution based on executor_type."""
	code = code_execution_input.code
	if self.executor_type == "sandbox":
	return self._execute_in_sandbox(code)
	elif self.executor_type == "job":
	# Fallback to existing GKE Job logic
	return self._execute_as_job(code, invocation_context)
	else:
	raise ValueError(f"Unsupported executor_type: '{self.executor_type}'")