@agentstep/agent-sdk 0.4.13 → 0.4.14

package/dist/{chunk-XLMHG3KR.js → chunk-R7PAZ5OA.js}

@@ -16,7 +16,7 @@ import {
 } from "./chunk-72BKGVBE.js";
 import {
   loadSessionSecrets
-} from "./chunk-X3U7IVTN.js";
+} from "./chunk-7OAMTB47.js";
 import {
   buildErrorPayload,
   classifyError,
@@ -24,29 +24,29 @@ import {
 } from "./chunk-H6TQGV4L.js";
 import {
   isProxied
-} from "./chunk-7BGILLYC.js";
+} from "./chunk-NIOWKTIF.js";
 import {
   acquireForFirstTurn,
   installSkills,
   provisionResources
-} from "./chunk-4BYPJFC5.js";
+} from "./chunk-UF25F3MH.js";
 import {
   BLOCKED_ENV_KEYS
-} from "./chunk-3WJMUX5B.js";
+} from "./chunk-DO4WVWW7.js";
 import {
   appendEvent,
   appendEventsBatch
-} from "./chunk-MXRGQRFX.js";
+} from "./chunk-EOFJ2MWJ.js";
 import {
   listEvents,
   markUserEventProcessed
-} from "./chunk-AHHH4PYB.js";
+} from "./chunk-O45IQUWS.js";
 import {
   getBySession
-} from "./chunk-AKRE4OEL.js";
+} from "./chunk-EFOIR7R3.js";
 import {
   resolveContainerProvider
-} from "./chunk-5A6E4F5D.js";
+} from "./chunk-N2RHTKW7.js";
 import {
   bumpSessionStats,
   getOutcomeCriteria,
@@ -57,16 +57,16 @@ import {
   setOutcomeCriteria,
   updateSessionMutable,
   updateSessionStatus
-} from "./chunk-MBLMAWSE.js";
+} from "./chunk-I5ZA45YL.js";
 import {
   getEnvironment
-} from "./chunk-XTZ5RQDF.js";
+} from "./chunk-NUO56TF7.js";
 import {
   getAgent
-} from "./chunk-BAH4JSTO.js";
+} from "./chunk-JEI7I3EH.js";
 import {
   resolveBackend
-} from "./chunk-OGONPLTA.js";
+} from "./chunk-SHKBQQ7W.js";
 import {
   PERMISSION_BRIDGE_PENDING_PATH,
   PERMISSION_BRIDGE_REQUEST_PATH,
@@ -77,7 +77,7 @@ import {
 } from "./chunk-XBHDQK4Z.js";
 import {
   getConfig
-} from "./chunk-Q5KHBU7P.js";
+} from "./chunk-YEUALILD.js";
 import {
   init_clock,
   nowMs
@@ -181,14 +181,17 @@ async function runTurn(sessionId, inputs, _depth = 0, parentTrace) {
   if (row && row.title == null) {
     const firstText = inputs.find((i) => i.kind === "text");
     if (firstText?.text) {
-      updateSessionMutable(sessionId, { title: firstText.text.slice(0, 60) });
+      const sanitized = firstText.text.replace(/[\x00-\x1F\x7F\u200B-\u200F\u2028-\u202F\uFEFF]/g, "").replace(/^Image(?=[A-Z])/g, "").replace(/\s+/g, " ").trim();
+      if (sanitized) {
+        updateSessionMutable(sessionId, { title: sanitized.slice(0, 60) });
+      }
     }
   }
   console.log(`[driver] ${sessionId} acquiring container...`);
-  let spriteName;
+  let sandboxName;
   try {
-    spriteName = await acquireForFirstTurn(sessionId);
-    console.log(`[driver] ${sessionId} container ready: ${spriteName}`);
+    sandboxName = await acquireForFirstTurn(sessionId);
+    console.log(`[driver] ${sessionId} container ready: ${sandboxName}`);
     const latestAgent = getAgent(session.agent.id);
     if (latestAgent && latestAgent.skills && latestAgent.skills.length > 0) {
       const currentSkills = new Map((agent.skills ?? []).map((s) => [s.name, s.content.length]));
@@ -199,7 +202,7 @@ async function runTurn(sessionId, inputs, _depth = 0, parentTrace) {
         console.log(`[driver] ${sessionId} injecting ${newSkills.length} new skill(s)...`);
         const envRow = getEnvironment(session.environment_id);
         const sp = await resolveContainerProvider(envRow?.config?.provider);
-        await installSkills(spriteName, sp, newSkills, agent.engine);
+        await installSkills(sandboxName, sp, newSkills, agent.engine);
         console.log(`[driver] ${sessionId} skills injected`);
       }
     }
@@ -207,7 +210,7 @@ async function runTurn(sessionId, inputs, _depth = 0, parentTrace) {
     if (freshSession2?.resources && freshSession2.resources.length > 0) {
       const envRow = getEnvironment(session.environment_id);
       const sp = await resolveContainerProvider(envRow?.config?.provider);
-      await provisionResources(spriteName, freshSession2.resources, sp);
+      await provisionResources(sandboxName, freshSession2.resources, sp);
     }
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
@@ -271,7 +274,7 @@ async function runTurn(sessionId, inputs, _depth = 0, parentTrace) {
     let ollamaHostPort;
     if (!turnBuild.env.OLLAMA_HOST) {
       const envRow = getEnvironment(session.environment_id);
-      const provName = envRow?.config?.provider ?? "sprites";
+      const provName = envRow?.config?.provider ?? "docker";
       if (provName === "docker" || provName === "podman") {
         ollamaHostPort = "host.docker.internal:11434";
       } else if (provName === "apple-container" || provName === "apple-firecracker") {
@@ -328,19 +331,19 @@ ${turnBuild.stdin}`;
   });
   if (agent.engine === "claude" && toolResults.length > 0) {
     const { TOOL_BRIDGE_RESPONSE_PATH, TOOL_BRIDGE_PENDING_PATH } = await import("./backends/claude/tool-bridge.js");
-    const spriteName2 = getSessionRow(sessionId)?.sprite_name;
-    if (spriteName2) {
+    const sandboxName2 = getSessionRow(sessionId)?.sandbox_name;
+    if (sandboxName2) {
       for (const r of toolResults) {
         const responseJson = JSON.stringify({ content: r.content });
         await provider.exec(
-          spriteName2,
+          sandboxName2,
           ["bash", "-c", `cat > ${TOOL_BRIDGE_RESPONSE_PATH}`],
           { stdin: responseJson, secrets }
         ).catch((err) => {
           console.warn(`[driver] failed to write tool bridge response:`, err);
         });
         await provider.exec(
-          spriteName2,
+          sandboxName2,
           ["rm", "-f", TOOL_BRIDGE_PENDING_PATH],
           { secrets }
         ).catch(() => {
@@ -357,7 +360,7 @@ ${turnBuild.stdin}`;
   });
   let exec;
   try {
-    exec = await provider.startExec(spriteName, {
+    exec = await provider.startExec(sandboxName, {
       argv,
       stdin,
       signal: controller.signal,
@@ -379,7 +382,7 @@ ${turnBuild.stdin}`;
   let permissionPollTimer = null;
   if (agent.confirmation_mode) {
     permissionPollTimer = setInterval(() => {
-      void checkPermissionSentinel(sessionId, spriteName, provider).catch(
+      void checkPermissionSentinel(sessionId, sandboxName, provider).catch(
         (err) => {
           console.warn(`[driver] permission sentinel check failed:`, err);
         }
@@ -511,12 +514,12 @@ ${turnBuild.stdin}`;
     result?.usage
   );
   const sessionRowForSync = getSessionRow(sessionId);
-  if (sessionRowForSync?.sprite_name && !isProxied(sessionId)) {
+  if (sessionRowForSync?.sandbox_name && !isProxied(sessionId)) {
     try {
       const { syncContainerFiles } = await import("./sync/container-file-sync.js");
       const syncResult = await syncContainerFiles({
         sessionId,
-        spriteName: sessionRowForSync.sprite_name,
+        sandboxName: sessionRowForSync.sandbox_name,
         provider,
         secrets
       });
@@ -541,7 +544,7 @@ ${turnBuild.stdin}`;
       emit("session.status_idle", { stop_reason: formatStopReason("custom_tool_call", customToolEventIds) }, { at: now });
       updateSessionStatus(sessionId, "idle", "custom_tool_call");
       const { TOOL_BRIDGE_RESPONSE_PATH, TOOL_BRIDGE_PENDING_PATH } = await import("./backends/claude/tool-bridge.js");
-      const sprName = getSessionRow(sessionId)?.sprite_name;
+      const sprName = getSessionRow(sessionId)?.sandbox_name;
       if (sprName) {
         const responseJson = JSON.stringify({ content: [{ type: "text", text: serverToolResult.text }] });
         const envForSession = getEnvironment(session.environment_id);
@@ -691,11 +694,11 @@ function getPendingConfirmations() {
   if (!gd.__caPendingConfirmations) gd.__caPendingConfirmations = /* @__PURE__ */ new Set();
   return gd.__caPendingConfirmations;
 }
-async function checkPermissionSentinel(sessionId, spriteName, provider) {
+async function checkPermissionSentinel(sessionId, sandboxName, provider) {
   if (getPendingConfirmations().has(sessionId)) return;
   try {
     const result = await provider.exec(
-      spriteName,
+      sandboxName,
       ["test", "-f", PERMISSION_BRIDGE_PENDING_PATH]
     );
     if (result.exit_code !== 0) return;
@@ -705,7 +708,7 @@ async function checkPermissionSentinel(sessionId, spriteName, provider) {
   let request;
   try {
     const result = await provider.exec(
-      spriteName,
+      sandboxName,
       ["cat", PERMISSION_BRIDGE_REQUEST_PATH]
     );
     request = JSON.parse(result.stdout);
@@ -727,8 +730,8 @@ async function checkPermissionSentinel(sessionId, spriteName, provider) {
 }
 async function writePermissionResponse(sessionId, result, denyMessage) {
   const row = getSessionRow(sessionId);
-  if (!row?.sprite_name) {
-    console.warn(`[driver] no sprite for session ${sessionId}, cannot write permission response`);
+  if (!row?.sandbox_name) {
+    console.warn(`[driver] no sandbox for session ${sessionId}, cannot write permission response`);
     return;
   }
   const env = getEnvironment(row.environment_id);
@@ -740,7 +743,7 @@ async function writePermissionResponse(sessionId, result, denyMessage) {
   });
   try {
     await provider.exec(
-      row.sprite_name,
+      row.sandbox_name,
       ["bash", "-c", `cat > ${PERMISSION_BRIDGE_RESPONSE_PATH}`],
       { stdin: response, secrets: permSecrets }
     );

package/dist/{chunk-DFE7VZWD.js → chunk-RMEX55EU.js}

@@ -1,13 +1,13 @@
 // src/backends/codex/wrapper-script.ts
 var CODEX_WRAPPER_PATH = "/tmp/.codex-wrapper";
-var SPRITE_WRAPPER_SCRIPT = [
+var SANDBOX_WRAPPER_SCRIPT = [
   "#!/bin/bash",
   'while IFS= read -r line; do [ -z "$line" ] && break; export "$line"; done',
   'exec codex "$@"'
 ].join("\n");
-async function installCodexWrapper(spriteName, provider) {
-  const escaped = SPRITE_WRAPPER_SCRIPT.replace(/'/g, "'\\''");
-  await provider.exec(spriteName, [
+async function installCodexWrapper(sandboxName, provider) {
+  const escaped = SANDBOX_WRAPPER_SCRIPT.replace(/'/g, "'\\''");
+  await provider.exec(sandboxName, [
     "bash",
     "-c",
     `printf '%s' '${escaped}' > ${CODEX_WRAPPER_PATH} && chmod +x ${CODEX_WRAPPER_PATH}`

package/dist/{chunk-D5XOXR3A.js → chunk-S3SKODVV.js}

@@ -1,20 +1,20 @@
 import {
   createSession
-} from "./chunk-MBLMAWSE.js";
+} from "./chunk-I5ZA45YL.js";
 import {
   createEnvironment,
   deleteEnvironment,
   getEnvironment
-} from "./chunk-XTZ5RQDF.js";
+} from "./chunk-NUO56TF7.js";
 import {
   archiveAgent,
   createAgent,
   getAgent
-} from "./chunk-BAH4JSTO.js";
+} from "./chunk-JEI7I3EH.js";
 import {
   getDrizzle,
   init_drizzle
-} from "./chunk-XNK2KUTI.js";
+} from "./chunk-SXE7H3VK.js";
 
 // src/db/batch.ts
 init_drizzle();

package/dist/{chunk-OGONPLTA.js → chunk-SHKBQQ7W.js}

@@ -1,21 +1,21 @@
 import {
   piBackend
-} from "./chunk-UVCPCX74.js";
+} from "./chunk-GR4QPRB7.js";
 import {
   opencodeBackend
-} from "./chunk-Q4XYK6FF.js";
+} from "./chunk-HE7EOIPA.js";
 import {
   geminiBackend
-} from "./chunk-XLVCC4IB.js";
+} from "./chunk-374KGHBM.js";
 import {
   codexBackend
-} from "./chunk-KDAZ5TBL.js";
+} from "./chunk-G37JVAOI.js";
 import {
   factoryBackend
-} from "./chunk-3MNDEAPX.js";
+} from "./chunk-HR5YA24J.js";
 import {
   claudeBackend
-} from "./chunk-JFY6EH24.js";
+} from "./chunk-A7MX6RSQ.js";
 
 // src/backends/registry.ts
 var BACKENDS = {

package/dist/{chunk-5ZRGJTR3.js → chunk-SNZ4PDVT.js}

@@ -6,31 +6,31 @@ import {
 import {
   forwardToAnthropic,
   validateAnthropicProxy
-} from "./chunk-6ZJ6X6H7.js";
+} from "./chunk-YIYEPKVQ.js";
 import {
   jsonOk,
   routeWrap
-} from "./chunk-2FWZ247V.js";
+} from "./chunk-PFLR7INE.js";
 import {
   getProxiedTenantId,
   isProxied,
   markProxied,
   unmarkProxied
-} from "./chunk-7BGILLYC.js";
+} from "./chunk-NIOWKTIF.js";
 import {
   archiveAgent,
   createAgent,
   getAgent,
   listAgents,
   updateAgent
-} from "./chunk-BAH4JSTO.js";
+} from "./chunk-JEI7I3EH.js";
 import {
   resolveBackend
-} from "./chunk-OGONPLTA.js";
+} from "./chunk-SHKBQQ7W.js";
 import {
   getDb,
   init_client
-} from "./chunk-DZDWNOEY.js";
+} from "./chunk-5GZEX4HV.js";
 import {
   badRequest,
   conflict,

package/dist/{chunk-JMDS2RJJ.js → chunk-SS2EEKNM.js}

@@ -1,6 +1,6 @@
 import {
   getConfig
-} from "./chunk-Q5KHBU7P.js";
+} from "./chunk-YEUALILD.js";
 
 // src/backends/pi/auth.ts
 function buildPiAuthEnv() {

package/dist/{chunk-7XFIUYFM.js → chunk-SWIP7JBQ.js}

@@ -1,15 +1,15 @@
 // src/backends/opencode/wrapper-script.ts
 var OPENCODE_WRAPPER_PATH = "/tmp/.opencode-wrapper";
-var SPRITE_WRAPPER_SCRIPT = [
+var SANDBOX_WRAPPER_SCRIPT = [
   "#!/bin/bash",
   "set -e",
   'while IFS= read -r line; do [ -z "$line" ] && break; export "$line"; done',
   "PROMPT=$(cat)",
   'exec opencode "$@" "$PROMPT"'
 ].join("\n");
-async function installOpencodeWrapper(spriteName, provider) {
-  const escaped = SPRITE_WRAPPER_SCRIPT.replace(/'/g, "'\\''");
-  await provider.exec(spriteName, [
+async function installOpencodeWrapper(sandboxName, provider) {
+  const escaped = SANDBOX_WRAPPER_SCRIPT.replace(/'/g, "'\\''");
+  await provider.exec(sandboxName, [
     "bash",
     "-c",
     `printf '%s' '${escaped}' > ${OPENCODE_WRAPPER_PATH} && chmod +x ${OPENCODE_WRAPPER_PATH}`

package/dist/{chunk-XNK2KUTI.js → chunk-SXE7H3VK.js}

@@ -1,11 +1,11 @@
 import {
   init_schema,
   schema_exports
-} from "./chunk-N5CUDEUJ.js";
+} from "./chunk-LHHBOQUR.js";
 import {
   getDb,
   init_client
-} from "./chunk-DZDWNOEY.js";
+} from "./chunk-5GZEX4HV.js";
 import {
   __esm
 } from "./chunk-2ESYSVXG.js";

package/dist/{chunk-G5RQN53K.js → chunk-TBSWWUJS.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-XBHDQK4Z.js";
 import {
   getConfig
-} from "./chunk-Q5KHBU7P.js";
+} from "./chunk-YEUALILD.js";
 
 // src/backends/claude/args.ts
 function buildClaudeArgs(input) {

package/dist/{chunk-TY7XTT5N.js → chunk-TJA3RHWR.js}

@@ -1,6 +1,6 @@
 import {
   getConfig
-} from "./chunk-Q5KHBU7P.js";
+} from "./chunk-YEUALILD.js";
 
 // src/backends/gemini/auth.ts
 function buildGeminiAuthEnv() {

package/dist/{chunk-4BYPJFC5.js → chunk-UF25F3MH.js}

@@ -1,43 +1,43 @@
 import {
   resolveVaultSecrets
-} from "./chunk-3WJMUX5B.js";
+} from "./chunk-DO4WVWW7.js";
 import {
   dockerProvider
 } from "./chunk-RMZRSYIJ.js";
 import {
   appendEvent
-} from "./chunk-MXRGQRFX.js";
+} from "./chunk-EOFJ2MWJ.js";
 import {
-  allSessionSprites,
+  allSessionSandboxes,
   countInEnv,
   register,
   unregister
-} from "./chunk-AKRE4OEL.js";
+} from "./chunk-EFOIR7R3.js";
 import {
   resolveContainerProvider
-} from "./chunk-5A6E4F5D.js";
+} from "./chunk-N2RHTKW7.js";
 import {
   getSession,
   getSessionRow,
-  setSessionSprite
-} from "./chunk-MBLMAWSE.js";
+  setSessionSandbox
+} from "./chunk-I5ZA45YL.js";
 import {
   getEnvironment,
   getEnvironmentRow
-} from "./chunk-XTZ5RQDF.js";
+} from "./chunk-NUO56TF7.js";
 import {
   getAgent
-} from "./chunk-BAH4JSTO.js";
+} from "./chunk-JEI7I3EH.js";
 import {
   resolveBackend
-} from "./chunk-OGONPLTA.js";
+} from "./chunk-SHKBQQ7W.js";
 import {
   deleteSprite,
   listSprites
-} from "./chunk-TH54MJMX.js";
+} from "./chunk-IEG5LIX7.js";
 import {
   getConfig
-} from "./chunk-Q5KHBU7P.js";
+} from "./chunk-YEUALILD.js";
 import {
   init_clock,
   nowMs
@@ -51,8 +51,8 @@ init_clock();
 var lcLog = (...args) => {
   if (process.env.DEBUG_LIFECYCLE === "1") console.log(...args);
 };
-var SPRITE_NAME_PREFIX = "ca-sess-";
-async function installSkills(spriteName, provider, skills, engine) {
+var SANDBOX_NAME_PREFIX = "ca-sess-";
+async function installSkills(sandboxName, provider, skills, engine) {
   if (!skills || skills.length === 0) return;
   const SAFE_NAME_RE = /^[a-zA-Z0-9_.-]+$/;
   const safeSkills = skills.filter((s) => {
@@ -63,33 +63,33 @@ async function installSkills(spriteName, provider, skills, engine) {
     return true;
   });
   if (engine === "claude") {
-    await provider.exec(spriteName, ["mkdir", "-p", "/home/agent/.claude/skills"]);
+    await provider.exec(sandboxName, ["mkdir", "-p", "/home/agent/.claude/skills"]);
     for (const skill of safeSkills) {
       const dirPath = `/home/agent/.claude/skills/${skill.name}`;
       const filePath = `${dirPath}/SKILL.md`;
-      await provider.exec(spriteName, ["mkdir", "-p", dirPath]);
-      await provider.exec(spriteName, ["sh", "-c", 'cat > "$1"', "sh", filePath], {
+      await provider.exec(sandboxName, ["mkdir", "-p", dirPath]);
+      await provider.exec(sandboxName, ["sh", "-c", 'cat > "$1"', "sh", filePath], {
         stdin: skill.content
       });
     }
   }
-  await provider.exec(spriteName, ["mkdir", "-p", "/home/agent/.agents/skills"]);
+  await provider.exec(sandboxName, ["mkdir", "-p", "/home/agent/.agents/skills"]);
   for (const skill of safeSkills) {
     const dirPath = `/home/agent/.agents/skills/${skill.name}`;
     const filePath = `${dirPath}/SKILL.md`;
-    await provider.exec(spriteName, ["mkdir", "-p", dirPath]);
-    await provider.exec(spriteName, ["sh", "-c", 'cat > "$1"', "sh", filePath], {
+    await provider.exec(sandboxName, ["mkdir", "-p", dirPath]);
+    await provider.exec(sandboxName, ["sh", "-c", 'cat > "$1"', "sh", filePath], {
       stdin: skill.content
     });
   }
 }
-function deriveSpriteName(sessionId) {
-  return `${SPRITE_NAME_PREFIX}${sessionId.replace(/^sess_/, "").toLowerCase()}`;
+function deriveSandboxName(sessionId) {
+  return `${SANDBOX_NAME_PREFIX}${sessionId.replace(/^sess_/, "").toLowerCase()}`;
 }
 async function acquireForFirstTurn(sessionId) {
   const row = getSessionRow(sessionId);
   if (!row) throw new ApiError(404, "not_found_error", `session not found: ${sessionId}`);
-  if (row.sprite_name) return row.sprite_name;
+  if (row.sandbox_name) return row.sandbox_name;
   const env = getEnvironmentRow(row.environment_id);
   if (!env) throw new ApiError(404, "not_found_error", "environment not found");
   if (env.state !== "ready") {
@@ -99,8 +99,8 @@ async function acquireForFirstTurn(sessionId) {
       `environment is not ready (state=${env.state})`
     );
   }
-  if (countInEnv(env.id) >= getConfig().maxSpritesPerEnv) {
-    throw new ApiError(503, "server_busy", "env sprite pool exhausted");
+  if (countInEnv(env.id) >= getConfig().maxSandboxesPerEnv) {
+    throw new ApiError(503, "server_busy", "env sandbox pool exhausted");
   }
   const agent = getAgent(row.agent_id, row.agent_version);
   if (!agent) {
@@ -125,10 +125,18 @@ async function acquireForFirstTurn(sessionId) {
     create: (opts) => provider.create({ ...opts, secrets }),
     delete: (n, s) => provider.delete(n, s ?? secrets)
   } : provider;
-  const name = deriveSpriteName(sessionId);
+  const name = deriveSandboxName(sessionId);
   lcLog(`[lifecycle] ${sessionId} creating container via ${sp.name}...`);
-  await sp.create({ name });
-  lcLog(`[lifecycle] ${sessionId} container created: ${name}`);
+  try {
+    await sp.create({ name });
+    lcLog(`[lifecycle] ${sessionId} container created: ${name}`);
+  } catch (err) {
+    if (String(err).includes("already exists")) {
+      lcLog(`[lifecycle] ${sessionId} container ${name} already exists, reusing`);
+    } else {
+      throw err;
+    }
+  }
   const needsSlowPrep = backend.name !== "claude";
   if (needsSlowPrep) {
     appendEvent(sessionId, {
@@ -140,7 +148,7 @@ async function acquireForFirstTurn(sessionId) {
   }
   try {
     lcLog(`[lifecycle] ${sessionId} installing ${backend.name} engine on container...`);
-    await backend.prepareOnSprite(name, sp);
+    await backend.prepareOnSandbox(name, sp);
     lcLog(`[lifecycle] ${sessionId} engine installed`);
     if (agent.engine === "claude") {
       const customTools = agent.tools.filter(
@@ -214,17 +222,17 @@ async function acquireForFirstTurn(sessionId) {
     }
   }
   register({
-    spriteName: name,
+    sandboxName: name,
     envId: env.id,
     sessionId,
     createdAt: nowMs(),
     vaultSecrets: Object.keys(secrets).length > 0 ? secrets : void 0
   });
-  setSessionSprite(sessionId, name);
+  setSessionSandbox(sessionId, name);
   return name;
 }
-async function provisionResources(spriteName, resources, provider) {
-  await provider.exec(spriteName, ["mkdir", "-p", "/mnt/session/resources", "/mnt/session/uploads", "/mnt/session/outputs"]);
+async function provisionResources(sandboxName, resources, provider) {
+  await provider.exec(sandboxName, ["mkdir", "-p", "/mnt/session/resources", "/mnt/session/uploads", "/mnt/session/outputs"]);
   const MAX_RESOURCE_BYTES = 50 * 1024 * 1024;
   const SAFE_PATH_RE = /^[a-zA-Z0-9_./\-]+$/;
   function sanitizeMountPath(p) {
@@ -251,11 +259,11 @@ async function provisionResources(spriteName, resources, provider) {
     }
     const dir = mountTarget.substring(0, mountTarget.lastIndexOf("/"));
     if (dir) {
-      await provider.exec(spriteName, ["mkdir", "-p", dir]);
+      await provider.exec(sandboxName, ["mkdir", "-p", dir]);
     }
     const writeTo = async (target, content) => {
-      await provider.exec(spriteName, ["sh", "-c", 'cat > "$1"', "sh", target], { stdin: content });
-      await provider.exec(spriteName, ["chmod", "a-w", target]);
+      await provider.exec(sandboxName, ["sh", "-c", 'cat > "$1"', "sh", target], { stdin: content });
+      await provider.exec(sandboxName, ["chmod", "a-w", target]);
     };
     if (r.type === "uri" && r.uri) {
       try {
@@ -315,9 +323,9 @@ async function provisionResources(spriteName, resources, provider) {
           gitArgs.push("--branch", safeBranch);
         }
         gitArgs.push("--", r.repository_url, repoDir);
-        const result = await provider.exec(spriteName, gitArgs, { timeoutMs: 12e4 });
+        const result = await provider.exec(sandboxName, gitArgs, { timeoutMs: 12e4 });
         if (safeCommit && result.exit_code === 0) {
-          await provider.exec(spriteName, ["git", "-C", repoDir, "checkout", safeCommit], { timeoutMs: 3e4 });
+          await provider.exec(sandboxName, ["git", "-C", repoDir, "checkout", safeCommit], { timeoutMs: 3e4 });
         }
         if (result.exit_code !== 0) {
           console.warn(`[lifecycle] git clone failed for ${r.repository_url}: ${result.stderr.slice(0, 200)}`);
@@ -331,7 +339,7 @@ async function provisionResources(spriteName, resources, provider) {
 async function releaseSession(sessionId) {
   const entry = unregister(sessionId);
   const row = getSessionRow(sessionId);
-  const name = entry?.spriteName ?? row?.sprite_name ?? null;
+  const name = entry?.sandboxName ?? row?.sandbox_name ?? null;
   if (name) {
     const envObj = row ? getEnvironment(row.environment_id) : null;
     const provider = await resolveContainerProvider(envObj?.config?.provider);
@@ -339,18 +347,18 @@ async function releaseSession(sessionId) {
       console.warn(`releaseSession: failed to delete container ${name}:`, err);
     });
   }
-  if (row?.sprite_name) setSessionSprite(sessionId, null);
+  if (row?.sandbox_name) setSessionSandbox(sessionId, null);
 }
-async function reconcileOrphans() {
+async function reconcileOrphanSandboxes() {
   let deleted = 0;
   let kept = 0;
   const liveNames = new Set(
-    allSessionSprites().map((e) => e.spriteName).filter(Boolean)
+    allSessionSandboxes().map((e) => e.sandboxName).filter(Boolean)
   );
   let token;
   for (; ; ) {
     const res = await listSprites({
-      prefix: SPRITE_NAME_PREFIX,
+      prefix: SANDBOX_NAME_PREFIX,
       max_results: 100,
       continuation_token: token
     });
@@ -369,13 +377,13 @@ async function reconcileOrphans() {
   }
   return { deleted, kept };
 }
-async function reconcileDockerOrphans() {
+async function reconcileDockerOrphanSandboxes() {
   let deleted = 0;
   let kept = 0;
   const liveNames = new Set(
-    allSessionSprites().map((e) => e.spriteName).filter(Boolean)
+    allSessionSandboxes().map((e) => e.sandboxName).filter(Boolean)
   );
-  const containers = await dockerProvider.list({ prefix: SPRITE_NAME_PREFIX });
+  const containers = await dockerProvider.list({ prefix: SANDBOX_NAME_PREFIX });
   for (const c of containers) {
     if (liveNames.has(c.name)) {
       kept++;
@@ -393,6 +401,6 @@ export {
   acquireForFirstTurn,
   provisionResources,
   releaseSession,
-  reconcileOrphans,
-  reconcileDockerOrphans
+  reconcileOrphanSandboxes,
+  reconcileDockerOrphanSandboxes
 };

package/dist/{chunk-V364DYC3.js → chunk-UVUSSZ74.js}

@@ -1,6 +1,6 @@
 import {
   getConfig
-} from "./chunk-Q5KHBU7P.js";
+} from "./chunk-YEUALILD.js";
 
 // src/backends/codex/auth.ts
 function buildCodexAuthEnv() {