Add credential vault SDKs and e2e coverage

[jwx0925]

Summary

• Add Credential Vault support to the Go, JavaScript, Kotlin/JVM, and C# sandbox SDK surfaces.
• Add SDK unit tests for Credential Vault models, adapters, and sandbox creation paths.
• Fold Credential Vault E2E coverage into the existing multi-language E2E jobs instead of keeping a separate Python-only job.
• Add Go, JavaScript, and JVM/Kotlin E2E cases matching the Python Credential Vault coverage, including all auth-type injection and runtime binding mutation.

Validation

• bash -n scripts/credential-vault-e2e-target.sh scripts/python-e2e.sh scripts/go-e2e.sh scripts/javascript-e2e.sh scripts/java-e2e.sh
• Parsed .github/workflows/real-e2e.yml with yaml.safe_load
• uv run ruff check tests/test_credential_vault_e2e.py
• uv run pytest tests/test_credential_vault_e2e.py -q
• GOCACHE=/private/tmp/opensandbox-go-build-cache go test ./... -run TestCredentialVault -count=1 -v
• corepack pnpm exec tsc --noEmit --target ES2022 --module NodeNext --moduleResolution NodeNext --allowImportingTsExtensions --strict tests/test_credential_vault_e2e.test.ts
• corepack pnpm exec eslint tests/test_credential_vault_e2e.test.ts
• corepack pnpm exec vitest run tests/test_credential_vault_e2e.test.ts
• Kotlin SDK and code-interpreter published to mavenLocal with JDK 17
• ./gradlew test --tests com.alibaba.opensandbox.e2e.CredentialVaultE2ETest -PskipCodeInterpreterE2E=true --rerun-tasks
• Shared-server live Credential Vault E2E passed for Python, Go, JavaScript, and JVM/Kotlin against one Kubernetes-backed OpenSandbox server
• BatchSandbox Vault examples passed for both private Git clone and GitLab API curl using Vault-injected credentials
• git diff --check

C# SDK unit tests were not run locally because dotnet is not installed in this environment.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ab0b6735ee

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d5310a037d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 441b40f2c7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Block proxied vault writes in Go

When ConnectionConfig.UseServerProxy is true, resolveEgress points this client at /sandboxes/{id}/proxy/18080, and the lifecycle proxy always forwards to the sidecar over plain http:// while the sidecar returns 426 for Credential Vault POST/PATCH/DELETE unless the inbound transport is TLS or loopback. In remote/Kubernetes proxy deployments, CreateCredentialVault/PatchCredentialVault/DeleteCredentialVault therefore fail even though reads and normal egress policy calls work; add the same fail-fast/direct-transport handling used by the JS adapter before issuing these write requests.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Block proxied vault writes in Kotlin

When connectionConfig.useServerProxy is enabled, this adapter's egressEndpoint is the lifecycle server proxy path, and the server proxy builds the backend target with plain http://; the egress sidecar rejects Credential Vault writes over that path unless the peer is TLS or loopback. In remote/Kubernetes proxy deployments, create/patch/delete vault operations return 426 while reads still work, so the Kotlin SDK should fail fast for proxied write transports or use a direct/allowed egress endpoint.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Block proxied vault writes in C#

When ConnectionConfig.UseServerProxy is true, EgressBaseUrl points at the lifecycle server proxy, which forwards requests to the egress sidecar as plain HTTP; the sidecar's write gate rejects Credential Vault POST/PATCH/DELETE unless the request is TLS or loopback. This makes CreateAsync, PatchAsync, and DeleteAsync fail with 426 in remote/Kubernetes proxy deployments even though reads and policy operations work, so the C# SDK should fail fast for proxied writes or route them over an allowed transport.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Keep Kotlin Egress policy-only compatible

Making the existing public Egress interface extend every CredentialVault method is a source/binary break for downstream policy-only fakes or custom implementations: code compiled against the previous three-method interface no longer implements Egress, even when Credential Vault is unused. Keep the vault contract separate or provide default/compatibility methods so existing consumers that only need getPolicy, patchRules, and deleteRules do not have to implement the new vault surface.

Useful? React with 👍 / 👎.