Summary

This PR adds a dedicated Session API to the execd web layer, exposing three endpoints for creating, running code in, and deleting pipe-based bash sessions. These sessions are independent of the existing code execution flow: the existing Bash language context (e.g. POST /code/context with language: bash) continues to use the Jupyter kernel; the new Session API uses the in-process, pipe-based bash implementation only.

Motivation

• Callers need a way to manage stateful bash sessions (create once, run multiple commands with shared env/cwd) without going through Jupyter.
• The existing /code and /code/context APIs are built around language runtimes (Jupyter for Bash/Python/etc.). Keeping the new session lifecycle separate avoids mixing concerns and preserves backward compatibility for Bash-as-a-language.

New API

All routes live under the /session group and use the same auth middleware as other execd APIs (e.g. access token header when configured).

Request / response

• Create session

  • Body (optional): { "cwd": "/optional/working/dir" }
  • Response: { "session_id": "<uuid>" }

• Run in session

  • Body: { "code": "<shell script>", "cwd": "<optional>", "timeout_ms": <optional, non-negative> }
  • Response: SSE stream (e.g. init, stdout, stderr, execution_complete, error), same as /code.

• Delete session

  • No body.
  • Success: 200 with no body.
  • 404 if sessionId is not found.

Runtime (codeRunner) changes

• Controller

  • jupyterClientMap, defaultLanguageSessions, and commandClientMap are now sync.Map for concurrent access; bashSessionClientMap (also sync.Map) was added for pipe-based bash sessions.
  • Bash language execution is unchanged: CreateContext and Execute for language: bash still use the Jupyter backend. No behavior change for existing /code and /code/context callers.

• Session-only entrypoints (used only by the new API)

  • CreateBashSession(req *CreateContextRequest) (string, error) — creates a pipe-based bash session and returns its ID.
  • RunInBashSession(ctx, req *ExecuteCodeRequest) error — runs code in an existing session; req.Context must be the session ID.
  • DeleteBashSession(sessionID string) error — closes the session and removes it from the map.

• Context / cleanup

  • DeleteContext / GetContext / ListContext continue to operate only on Jupyter-backed contexts. Pipe-based sessions are not listed or deleted via these; they are managed solely via the new Session API.

Web layer

• Models (pkg/web/model/session.go): CreateSessionRequest, CreateSessionResponse, RunInSessionRequest (with validation).
• Handlers (in CodeInterpretingController): CreateSession, RunInSession, DeleteSession, each calling the corresponding runtime method above.
• Router (pkg/web/router.go): new /session group with the three routes.

Testing

• Not run (explain why)
• Unit tests
• Integration tests
• e2e / manual verification

Breaking Changes

• None
• Yes (describe impact and migration path)

Checklist

• Linked Issue or clearly described motivation
• Added/updated docs (if needed)
• Added/updated tests (if needed)
• Security impact considered
• Backward compatibility considered