feat: support manual cleanup sandboxes

[hittyt]

Summary

• Add manual cleanup sandbox lifecycle support by treating omitted or null timeout as non-expiring sandbox creation.
• Update Docker lifecycle handling, timeout limit validation, SDKs, tests, and docs to support nullable expiresAt and explicit cleanup semantics.
• Document the controlled rollout path: upgrade SDKs first, then upgrade the server, then start creating manual-cleanup sandboxes.

Testing

• Not run (explain why)
• Unit tests
• Integration tests
• e2e / manual verification

Breaking Changes

• None
• Yes (describe impact and migration path)

Impact:

• Lifecycle API responses may now return expiresAt = null for manual-cleanup sandboxes.
• Older SDKs that assume expiresAt is always a timestamp may fail when they create, get, or list manual-cleanup sandboxes.

Migration path:

• Upgrade SDKs/clients first.
• Upgrade the server second.
• Only then start creating sandboxes with timeout omitted or null.
• Do not introduce manual-cleanup sandboxes into shared environments while older lifecycle API readers are still active.

Checklist

• Linked Issue or clearly described motivation Proposal: Support non-expiring sandboxes / manual cleanup mode across Docker and Kubernetes #442
• Added/updated docs (if needed)
• Added/updated tests (if needed)
• Security impact considered
• Backward compatibility considered

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d45c49734f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[hittyt]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7e35ecba27

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[hittyt]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cfeef4cca0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reject non-finite timeout values before request encoding

opts.timeoutSeconds is passed through Math.floor without validating that it is a finite number. In JavaScript, Math.floor(NaN)/Math.floor(Infinity) stays non-finite, and JSON serialization turns those values into null; after this change, timeout: null is treated as manual-cleanup mode. That means a caller with a bad timeout parse can silently create non-expiring sandboxes instead of receiving an input error, which is a resource-leak risk.

Useful? React with 👍 / 👎.