Add support for specific snapshot restoration and interactive mode

[shrutiyam-glitch]

This PR implements the next phase of the Pod Snapshot SDK integration for the PodSnapshotSandboxClient. It introduces two primary ways to control sandbox restoration: restoring from a specific snapshot_uid and an interactive_mode that allows users to select a snapshot from a filtered list of local metadata.

Key changes:

• Snapshot Restoration Controls
  -- Specific Snapshot UID: Added snapshot_uid to the PodSnapshotSandboxClient constructor. If provided, the client verifies the snapshot's "Ready" state and configures the SandboxClaim to restore from it.
  -- Interactive Mode: Added interactive_mode. When enabled, the client prompts the user to select from a list of available snapshots that match the labels of the current SandboxTemplate and client configuration.
• Label Discovery and Merging
  -- Template Label Fetching: The client retrieves default labels directly from the SandboxTemplate (via the sandboxtemplates custom object) to ensure snapshot filtering is consistent with the server-side configuration.
  Label Merging: User-provided labels are merged with template labels to create a comprehensive set for snapshot matching.
• Manifest and Annotation Updates
  -- Restoration Annotation: Implemented _configure_snapshot_restore which adds the podsnapshot.gke.io/ps-name annotation to the client's internal annotations.
  -- SandboxClaim Manifest: Updated _create_claim in the base SandboxClient to correctly apply these annotations and labels to the SandboxClaim metadata.

Testing Done:

Integration Test: Added test_podsnapshot_extension.py which verifies the full E2E flow:

$ python3 test_podsnapshot_extension.py --labels app=agent-sandbox-workload --template-name python-counter-template --namespace sandbox-test
--- Starting Sandbox Client Test (Namespace: sandbox-test, Port: 8888) ---

***** Phase 1: Starting Counter *****

======= Testing Pod Snapshot Extension =======
Creating first pod snapshot 'test-snapshot-10' after 10 seconds...
Trigger Name: test-snapshot-10-5511a866
Snapshot UID: 73b25f98-e78a-4977-9fc7-3ef28d931269
Success: True
Error Code: 0
Error Reason: 

Creating second pod snapshot 'test-snapshot-20' after 10 seconds...
Trigger Name: test-snapshot-20-63308630
Snapshot UID: d678bf1b-7169-4712-9ae8-9b7f8cf49d4f
Success: True
Error Code: 0
Error Reason: 
Recent snapshot UID: d678bf1b-7169-4712-9ae8-9b7f8cf49d4f

***** List all existing ready snapshots with the policy name. *****
Snapshot ID: d678bf1b-7169-4712-9ae8-9b7f8cf49d4f, Source Pod: sandbox-claim-62bc9531, Creation Time: 2026-02-20T06:47:16Z, Policy Name: example-psp-workload
Snapshot ID: 73b25f98-e78a-4977-9fc7-3ef28d931269, Source Pod: sandbox-claim-62bc9531, Creation Time: 2026-02-20T06:47:03Z, Policy Name: example-psp-workload

***** Phase 2: Restoring from most recent snapshot & Verifying *****

Waiting 5 seconds for restored pod to resume printing...
Pod was restored from the most recent snapshot.

**** Deleting Specific snapshot *****
Deleted Snapshots: 1

***** List all existing ready snapshots with the policy name. *****
Snapshot ID: d678bf1b-7169-4712-9ae8-9b7f8cf49d4f, Source Pod: sandbox-claim-62bc9531, Creation Time: 2026-02-20T06:47:16Z, Policy Name: example-psp-workload

***** Phase 3: Restoring from previous snapshot in an interactive mode *****
Current labels (merged with template): {'app': 'agent-sandbox-workload'}

Available Snapshots (Template: python-counter-template):
0. Exit
1. 2026-02-20T06:47:16Z | Snapshot: d678bf1b-7169-4712-9ae8-9b7f8cf49d4f | Labels: app=agent-sandbox-workload

Select a snapshot to restore (0-1): 1
Restoring from snapshot 'd678bf1b-7169-4712-9ae8-9b7f8cf49d4f'...

Waiting 5 seconds for restored pod to resume printing...

Assuming the user selects the recent snapshot from the list...
Pod was restored from the recent snapshot.

**** Deleting All snapshots *****
Deleted Snapshots: 1
--- Pod Snapshot Test Passed! ---

--- Sandbox Client Test Finished ---

[netlify]

✅ Deploy Preview for agent-sandbox canceled.

Name	Link
🔨 Latest commit	9b13338
🔍 Latest deploy log	https://app.netlify.com/projects/agent-sandbox/deploys/699803eb06ea0200080a9f4c

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: shrutiyam-glitch
Once this PR has been reviewed and has the lgtm label, please assign janetkuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• clients/python/agentic-sandbox-client/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @shrutiyam-glitch. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.