@clipboard-health/groundcrew 3.2.0 → 3.3.0

package/README.md

@@ -522,9 +522,9 @@ Cross-team projects work — the orchestrator caches the in-progress state ID pe
 </details>
 
 <details>
-<summary>Claude launches in bypass-permissions mode by default</summary>
+<summary>Claude launches in auto mode by default</summary>
 
-Groundcrew creates isolated per-ticket worktrees for unattended runs, so the shipped `claude` command is `claude --permission-mode bypassPermissions` to avoid workspace-trust and tool-permission prompts blocking automation. Override `models.definitions.claude.cmd` for a stricter mode.
+Groundcrew creates isolated per-ticket worktrees for unattended runs, so the shipped `claude` command is `claude --permission-mode auto` to let Claude proceed without stopping for clarifying questions while keeping its built-in safety prompts intact. Override `models.definitions.claude.cmd` for `bypassPermissions` if you need to suppress tool-permission prompts entirely, or for a stricter mode.
 
 </details>
 

package/crew.config.example.ts

@@ -92,6 +92,25 @@ export default {
   // // macOS when you need an agent to use Docker safely.
   // local: { runner: "auto" },
   //
+  // // Additional auth recipes for `crew sandbox auth <model> <tool>`. The
+  // // shipped recipes (claude/codex/cursor agents + github tool) are merged
+  // // with whatever you declare here; your recipe wins on key collision.
+  // // Describe each tool's in-sandbox login + status commands and a regex
+  // // that matches its logged-in output. Omit `kind` for cross-cutting
+  // // tools that should appear in every sandbox's picker; set
+  // // `kind: "agent"` to scope a recipe to a single sbx agent.
+  // sandbox: {
+  //   authRecipes: {
+  //     gcloud: {
+  //       displayName: "gcloud",
+  //       binary: "gcloud",
+  //       loginArgs: ["auth", "login", "--no-launch-browser"],
+  //       statusArgs: ["auth", "list", "--filter=status:ACTIVE", "--format=value(account)"],
+  //       authenticatedPattern: /@/,
+  //     },
+  //   },
+  // },
+  //
   // prompts: {
   //   // Keep personal workflow instructions next to this config, for example
   //   // `${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/initial-prompt.md`.

package/dist/cli.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAmKA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BvD"}
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAyKA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BvD"}

package/dist/cli.js

@@ -5,6 +5,7 @@ import { initConfigCli } from "./commands/init.js";
 import { interruptWorkspaceCli } from "./commands/interruptWorkspace.js";
 import { orchestrate } from "./commands/orchestrator.js";
 import { resumeWorkspaceCli } from "./commands/resumeWorkspace.js";
+import { sandboxCli } from "./commands/sandbox/index.js";
 import { setupReposCli } from "./commands/setupRepos.js";
 import { setupWorkspaceCli } from "./commands/setupWorkspace.js";
 import { errorMessage, readTicketArgument, writeError, writeOutput } from "./lib/util.js";
@@ -108,6 +109,11 @@ const SUBCOMMANDS = {
         usage: "<ticket>",
         invoke: resumeWorkspaceCli,
     },
+    sandbox: {
+        summary: "Manage Docker Sandboxes (sbx) for configured models",
+        usage: "<list|ensure|regenerate|auth|rm> [...args]",
+        invoke: sandboxCli,
+    },
     setup: {
         summary: "Project-level setup commands (currently: repos)",
         usage: "repos [--dry-run] [<repo>...]",

package/dist/commands/sandbox/auth.d.ts

@@ -0,0 +1,3 @@
+import type { ResolvedConfig } from "../../lib/config.ts";
+export declare function runAuth(config: ResolvedConfig, argv: string[]): Promise<void>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/commands/sandbox/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/commands/sandbox/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAc,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAuNtE,wBAAsB,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAcnF"}

package/dist/commands/sandbox/auth.js

@@ -0,0 +1,227 @@
+import { runCommandAsync } from "../../lib/commandRunner.js";
+import { writeOutput } from "../../lib/util.js";
+import { ensureOne } from "./lifecycle.js";
+import { resolveModel, sandboxModels } from "./model.js";
+import { pickTools } from "./picker.js";
+/**
+ * Built-in recipes shipped with crew. Users register additional tools
+ * by adding entries under `sandbox.authRecipes` in `crew.config.ts`;
+ * a user recipe under the same key overrides the built-in.
+ *
+ * `kind: "agent"` recipes only appear in the picker when the current
+ * sandbox's agent matches the recipe key. `kind: "tool"` (the default
+ * for user recipes) is cross-cutting and always appears.
+ */
+const BUILTIN_AUTH_RECIPES = {
+    claude: {
+        displayName: "Claude",
+        loginArgs: ["auth", "login"],
+        statusArgs: ["auth", "status"],
+        authenticatedPattern: /"loggedIn"\s*:\s*true/,
+        kind: "agent",
+    },
+    codex: {
+        displayName: "Codex",
+        // `--device-auth` keeps the OAuth flow headless: codex prints a URL
+        // and a code instead of trying to open a browser inside the sandbox.
+        loginArgs: ["login", "--device-auth"],
+        statusArgs: ["login", "status"],
+        // Match "Logged in using …" but not a hypothetical "Not logged in".
+        authenticatedPattern: /(^|\W)Logged in using\b/i,
+        kind: "agent",
+    },
+    cursor: {
+        displayName: "Cursor",
+        binary: "cursor-agent",
+        loginArgs: ["login"],
+        statusArgs: ["status"],
+        // Authenticated output is "✓ Logged in as <email>"; the unauthenticated
+        // output is "Not logged in", which a loose /Logged in/i would falsely
+        // match.
+        authenticatedPattern: /Logged in as\b/i,
+        kind: "agent",
+        // cursor-agent tries to open a browser by default and silently
+        // writes a partial auth file when xdg-open fails; this env var
+        // switches it to a device-code flow that works without a browser.
+        env: { NO_OPEN_BROWSER: "1" },
+    },
+    github: {
+        displayName: "GitHub CLI",
+        binary: "gh",
+        loginArgs: ["auth", "login"],
+        statusArgs: ["auth", "status"],
+        authenticatedPattern: /Logged in to github\.com/i,
+        kind: "tool",
+    },
+};
+function binaryFor(toolKey, recipe) {
+    return recipe.binary ?? toolKey;
+}
+function envFlags(recipe) {
+    const entries = Object.entries(recipe.env ?? {});
+    return entries.flatMap(([key, value]) => ["-e", `${key}=${value}`]);
+}
+// User-supplied recipes can carry arbitrary tokens; wrap each in single
+// quotes so spaces and shell metacharacters can't change how the in-sandbox
+// shell tokenizes the status command.
+function shellQuote(value) {
+    return `'${value.replaceAll("'", `'\\''`)}'`;
+}
+async function probeAuthStatus(sandboxName, toolKey, recipe) {
+    // Some CLIs print status to stderr instead of stdout (codex does
+    // this). Fold stderr into stdout via the in-sandbox shell so the
+    // pattern match sees the message regardless of which stream it
+    // landed on.
+    const innerCommand = `${[binaryFor(toolKey, recipe), ...recipe.statusArgs]
+        .map(shellQuote)
+        .join(" ")} 2>&1`;
+    try {
+        const output = await runCommandAsync("sbx", [
+            "exec",
+            ...envFlags(recipe),
+            sandboxName,
+            "sh",
+            "-c",
+            innerCommand,
+        ]);
+        // Reset lastIndex so a /g or /y user recipe doesn't carry state
+        // across probes and return a false negative.
+        recipe.authenticatedPattern.lastIndex = 0;
+        return recipe.authenticatedPattern.test(output);
+    }
+    catch {
+        return false;
+    }
+}
+async function loginAndVerify(input) {
+    const { sandboxName, toolKey, recipe, modelName, gitDefaults } = input;
+    const binary = binaryFor(toolKey, recipe);
+    writeOutput(`${sandboxName}: launching '${recipe.displayName}' login...`);
+    writeOutput("Complete the login flow in the prompts/browser, then return here.");
+    await runCommandAsync("sbx", ["exec", "-it", ...envFlags(recipe), sandboxName, binary, ...recipe.loginArgs], { stdio: "inherit" });
+    writeOutput("");
+    writeOutput(`${sandboxName}: verifying '${recipe.displayName}' authentication...`);
+    const authenticated = await probeAuthStatus(sandboxName, toolKey, recipe);
+    if (authenticated) {
+        writeOutput(`${sandboxName}: '${recipe.displayName}' authenticated.`);
+        if (gitDefaults && toolKey === "github" && binary === "gh") {
+            await runGhSetupGit(sandboxName);
+        }
+        return;
+    }
+    writeOutput(`${sandboxName}: could not confirm '${recipe.displayName}' authentication — re-run 'crew sandbox auth ${modelName}' to retry.`);
+}
+/**
+ * Register `gh` as git's credential helper inside the sandbox so HTTPS
+ * pushes succeed without prompting. Best-effort — a failure here doesn't
+ * undo the login itself, so we warn and move on.
+ */
+async function runGhSetupGit(sandboxName) {
+    writeOutput(`${sandboxName}: wiring 'gh' as git credential helper...`);
+    try {
+        await runCommandAsync("sbx", ["exec", sandboxName, "gh", "auth", "setup-git"]);
+        writeOutput(`${sandboxName}: 'gh auth setup-git' done.`);
+    }
+    catch (error) {
+        writeOutput(`${sandboxName}: warning — 'gh auth setup-git' failed: ${String(error)}`);
+    }
+}
+function availableRecipes(config) {
+    const merged = {
+        ...BUILTIN_AUTH_RECIPES,
+        ...config.sandbox.authRecipes,
+    };
+    return Object.entries(merged)
+        .map(([key, recipe]) => ({ key, recipe }))
+        .toSorted((a, b) => a.key.localeCompare(b.key));
+}
+function shouldShowInPicker(entry, currentAgent) {
+    // Tools (the default) appear in every sandbox. Agent recipes only
+    // appear when they match the current sandbox's agent, so opening
+    // 'crew sandbox auth codex' doesn't list Claude or Cursor.
+    const kind = entry.recipe.kind ?? "tool";
+    return kind === "tool" || entry.key === currentAgent;
+}
+const AUTH_USAGE = "Usage: crew sandbox auth <model> | --all";
+function parseAuthArgs(config, argv) {
+    const positionals = [];
+    let all = false;
+    for (const argument of argv) {
+        if (argument === "--all") {
+            all = true;
+            continue;
+        }
+        if (argument.startsWith("-")) {
+            throw new Error(`crew sandbox auth: unknown option '${argument}'`);
+        }
+        positionals.push(argument);
+    }
+    if (all && positionals.length > 0) {
+        throw new Error("crew sandbox auth: --all cannot be combined with a model name");
+    }
+    if (all) {
+        const models = sandboxModels(config);
+        if (models.length === 0) {
+            throw new Error("crew sandbox auth --all: no sandbox-bearing models configured");
+        }
+        return { models: models.map((model) => ({ modelName: model.modelName, model })) };
+    }
+    const [modelName, ...extras] = positionals;
+    if (modelName === undefined || extras.length > 0) {
+        throw new Error(AUTH_USAGE);
+    }
+    return { models: [{ modelName, model: resolveModel(config, modelName) }] };
+}
+export async function runAuth(config, argv) {
+    const { models } = parseAuthArgs(config, argv);
+    for (const [index, { modelName, model }] of models.entries()) {
+        if (models.length > 1) {
+            writeOutput("");
+            writeOutput(`════ ${modelName} (${index + 1}/${models.length}) ════`);
+        }
+        writeOutput(`${model.sandboxName}: ensuring sandbox is up...`);
+        // oxlint-disable-next-line no-await-in-loop -- each sandbox is interactive; running them sequentially keeps the prompts coherent
+        await ensureOne(config, model);
+        writeOutput("");
+        // oxlint-disable-next-line no-await-in-loop -- intentionally sequential, see above
+        await runAuthInteractive(config, model, modelName);
+    }
+}
+async function runAuthInteractive(config, model, modelName) {
+    const recipes = availableRecipes(config).filter((entry) => shouldShowInPicker(entry, model.sandbox.agent));
+    writeOutput(`${model.sandboxName}: probing authentication status for ${recipes.length} tools...`);
+    const statuses = await Promise.all(recipes.map(async ({ key, recipe }) => ({
+        key,
+        recipe,
+        authenticated: await probeAuthStatus(model.sandboxName, key, recipe),
+    })));
+    const choices = statuses.map(({ key, recipe, authenticated }) => ({
+        key,
+        label: `${recipe.displayName} (${key})`,
+        authenticated,
+    }));
+    writeOutput("");
+    const selectedKeys = await pickTools(choices);
+    if (selectedKeys.length === 0) {
+        writeOutput("Nothing selected. Exiting.");
+        return;
+    }
+    const selectedRecipes = new Map(statuses.map((entry) => [entry.key, entry.recipe]));
+    for (const key of selectedKeys) {
+        const recipe = selectedRecipes.get(key);
+        /* v8 ignore next 3 @preserve - defensive; selectedKeys come from the same map */
+        if (recipe === undefined) {
+            continue;
+        }
+        writeOutput("");
+        writeOutput(`── ${recipe.displayName} ──`);
+        // oxlint-disable-next-line no-await-in-loop -- each login is interactive; running them sequentially keeps the prompts coherent
+        await loginAndVerify({
+            sandboxName: model.sandboxName,
+            toolKey: key,
+            recipe,
+            modelName,
+            gitDefaults: config.sandbox.gitDefaults,
+        });
+    }
+}

package/dist/commands/sandbox/index.d.ts

@@ -0,0 +1,2 @@
+export declare function sandboxCli(argv: string[]): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/sandbox/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/sandbox/index.ts"],"names":[],"mappings":"AAkBA,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B9D"}

package/dist/commands/sandbox/index.js

@@ -0,0 +1,47 @@
+import { loadConfig } from "../../lib/config.js";
+import { runAuth } from "./auth.js";
+import { runList } from "./inspect.js";
+import { runEnsure, runRegenerate, runRemove } from "./lifecycle.js";
+const USAGE = [
+    "Usage: crew sandbox <verb> [...args]",
+    "",
+    "Verbs:",
+    "  list                      Show every groundcrew-owned sandbox known to sbx",
+    "  ensure [<model>]          Provision the sandbox for one model, or all when omitted",
+    "  regenerate <model>|--all  Tear down and recreate from current template/kits",
+    "  auth <model>|--all        Open a checkbox picker of every tool available in <model>'s",
+    "                            sandbox and run the login flow for each one you select;",
+    "                            --all loops through every configured sandbox in turn",
+    "  rm <model>                Remove the sandbox for a model",
+].join("\n");
+export async function sandboxCli(argv) {
+    const [verb, ...rest] = argv;
+    if (verb === undefined) {
+        throw new Error(USAGE);
+    }
+    switch (verb) {
+        case "list": {
+            await runList();
+            return;
+        }
+        case "ensure": {
+            await runEnsure(await loadConfig(), rest);
+            return;
+        }
+        case "regenerate": {
+            await runRegenerate(await loadConfig(), rest);
+            return;
+        }
+        case "auth": {
+            await runAuth(await loadConfig(), rest);
+            return;
+        }
+        case "rm": {
+            await runRemove(await loadConfig(), rest);
+            return;
+        }
+        default: {
+            throw new Error(`Unknown sandbox sub-verb: ${verb}\n${USAGE}`);
+        }
+    }
+}

package/dist/commands/sandbox/inspect.d.ts

@@ -0,0 +1,2 @@
+export declare function runList(): Promise<void>;
+//# sourceMappingURL=inspect.d.ts.map

package/dist/commands/sandbox/inspect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inspect.d.ts","sourceRoot":"","sources":["../../../src/commands/sandbox/inspect.ts"],"names":[],"mappings":"AAKA,wBAAsB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAc7C"}

package/dist/commands/sandbox/inspect.js

@@ -0,0 +1,18 @@
+import { runCommandAsync } from "../../lib/commandRunner.js";
+import { writeOutput } from "../../lib/util.js";
+const SANDBOX_NAME_PREFIX = "groundcrew-";
+export async function runList() {
+    const output = await runCommandAsync("sbx", ["ls"]);
+    const names = output
+        .split("\n")
+        .map((line) => line.trim().split(/\s+/)[0])
+        .filter((name) => name !== undefined && name.startsWith(SANDBOX_NAME_PREFIX))
+        .map((name) => name.slice(SANDBOX_NAME_PREFIX.length));
+    if (names.length === 0) {
+        writeOutput("(none)");
+        return;
+    }
+    for (const name of names) {
+        writeOutput(name);
+    }
+}

package/dist/commands/sandbox/lifecycle.d.ts

@@ -0,0 +1,7 @@
+import type { ResolvedConfig } from "../../lib/config.ts";
+import { type SandboxModel } from "./model.ts";
+export declare function ensureOne(config: ResolvedConfig, model: SandboxModel, alreadyExists?: boolean): Promise<void>;
+export declare function runEnsure(config: ResolvedConfig, argv: string[]): Promise<void>;
+export declare function runRegenerate(config: ResolvedConfig, argv: string[]): Promise<void>;
+export declare function runRemove(config: ResolvedConfig, argv: string[]): Promise<void>;
+//# sourceMappingURL=lifecycle.d.ts.map

package/dist/commands/sandbox/lifecycle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../../src/commands/sandbox/lifecycle.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAG1D,OAAO,EAAsC,KAAK,YAAY,EAAiB,MAAM,YAAY,CAAC;AAElG,wBAAsB,SAAS,CAC7B,MAAM,EAAE,cAAc,EACtB,KAAK,EAAE,YAAY,EACnB,aAAa,CAAC,EAAE,OAAO,GACtB,OAAO,CAAC,IAAI,CAAC,CAQf;AAMD,wBAAsB,SAAS,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBrF;AAUD,wBAAsB,aAAa,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAiBzF;AAED,wBAAsB,SAAS,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAMrF"}

package/dist/commands/sandbox/lifecycle.js

@@ -0,0 +1,68 @@
+import { resolve } from "node:path";
+import { runCommandAsync } from "../../lib/commandRunner.js";
+import { ensureSandbox, sandboxExists } from "../../lib/dockerSandbox.js";
+import { writeOutput } from "../../lib/util.js";
+import { requireOnePositional, resolveModel, sandboxModels } from "./model.js";
+export async function ensureOne(config, model, alreadyExists) {
+    await ensureSandbox({
+        sandboxName: model.sandboxName,
+        sandbox: model.sandbox,
+        mountPath: resolve(config.workspace.projectDir),
+        gitDefaults: config.sandbox.gitDefaults,
+        ...(alreadyExists === undefined ? {} : { alreadyExists }),
+    });
+}
+async function removeOne(model) {
+    await runCommandAsync("sbx", ["rm", "--force", model.sandboxName]);
+}
+export async function runEnsure(config, argv) {
+    const targets = argv.length === 0
+        ? sandboxModels(config)
+        : [resolveModel(config, requireOnePositional(argv, "Usage: crew sandbox ensure [<model>]"))];
+    if (targets.length === 0) {
+        writeOutput("No sandbox models configured.");
+        return;
+    }
+    for (const model of targets) {
+        // oxlint-disable-next-line no-await-in-loop -- one sandbox at a time; probe then ensure
+        const existed = await sandboxExists(model.sandboxName);
+        writeOutput(existed
+            ? `${model.sandboxName}: already exists`
+            : `${model.sandboxName}: creating (agent=${model.sandbox.agent}, template=${model.sandbox.template ?? "default"})`);
+        // oxlint-disable-next-line no-await-in-loop -- sbx create is intentionally sequential
+        await ensureOne(config, model, existed);
+        if (!existed) {
+            writeOutput(`${model.sandboxName}: created`);
+        }
+    }
+}
+function regenerateTargets(config, argv) {
+    const target = requireOnePositional(argv, "Usage: crew sandbox regenerate <model>|--all");
+    if (target === "--all") {
+        return sandboxModels(config);
+    }
+    return [resolveModel(config, target)];
+}
+export async function runRegenerate(config, argv) {
+    const targets = regenerateTargets(config, argv);
+    if (targets.length === 0) {
+        writeOutput("No sandbox models configured.");
+        return;
+    }
+    for (const model of targets) {
+        writeOutput(`${model.sandboxName}: removing existing sandbox...`);
+        // oxlint-disable-next-line no-await-in-loop -- sbx rm/create are intentionally sequential
+        await removeOne(model);
+        writeOutput(`${model.sandboxName}: creating (agent=${model.sandbox.agent}, template=${model.sandbox.template ?? "default"})`);
+        // oxlint-disable-next-line no-await-in-loop -- sbx rm/create are intentionally sequential
+        await ensureOne(config, model, false);
+        writeOutput(`${model.sandboxName}: regenerated`);
+    }
+}
+export async function runRemove(config, argv) {
+    const modelName = requireOnePositional(argv, "Usage: crew sandbox rm <model>");
+    const model = resolveModel(config, modelName);
+    writeOutput(`${model.sandboxName}: removing...`);
+    await removeOne(model);
+    writeOutput(`${model.sandboxName}: removed`);
+}

package/dist/commands/sandbox/model.d.ts

@@ -0,0 +1,10 @@
+import type { ResolvedConfig, SandboxDefinition } from "../../lib/config.ts";
+export interface SandboxModel {
+    modelName: string;
+    sandbox: SandboxDefinition;
+    sandboxName: string;
+}
+export declare function sandboxModels(config: ResolvedConfig): SandboxModel[];
+export declare function resolveModel(config: ResolvedConfig, modelName: string): SandboxModel;
+export declare function requireOnePositional(argv: string[], usage: string): string;
+//# sourceMappingURL=model.d.ts.map

package/dist/commands/sandbox/model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"model.d.ts","sourceRoot":"","sources":["../../../src/commands/sandbox/model.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAG7E,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,cAAc,GAAG,YAAY,EAAE,CAcpE;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,GAAG,YAAY,CAapF;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAM1E"}

package/dist/commands/sandbox/model.js

@@ -0,0 +1,37 @@
+import { sandboxNameFor } from "../../lib/dockerSandbox.js";
+export function sandboxModels(config) {
+    const models = [];
+    for (const [modelName, definition] of Object.entries(config.models.definitions)) {
+        const { sandbox } = definition;
+        if (sandbox === undefined) {
+            continue;
+        }
+        models.push({
+            modelName,
+            sandbox,
+            sandboxName: sandboxNameFor({ agent: sandbox.agent }),
+        });
+    }
+    return models;
+}
+export function resolveModel(config, modelName) {
+    const definition = config.models.definitions[modelName];
+    if (definition === undefined) {
+        throw new Error(`crew sandbox: unknown model '${modelName}'`);
+    }
+    if (definition.sandbox === undefined) {
+        throw new Error(`crew sandbox: model '${modelName}' has no sandbox config`);
+    }
+    return {
+        modelName,
+        sandbox: definition.sandbox,
+        sandboxName: sandboxNameFor({ agent: definition.sandbox.agent }),
+    };
+}
+export function requireOnePositional(argv, usage) {
+    const [first, ...rest] = argv;
+    if (first === undefined || rest.length > 0) {
+        throw new Error(usage);
+    }
+    return first;
+}

package/dist/commands/sandbox/picker.d.ts

@@ -0,0 +1,20 @@
+export interface ToolChoice {
+    /** Recipe key (e.g. "claude", "github"). Returned in the selection. */
+    key: string;
+    /** Human-friendly label shown in the prompt. */
+    label: string;
+    /** Auth status decoration: ✓ when authenticated, ○ otherwise. */
+    authenticated: boolean;
+}
+/**
+ * Show an interactive checkbox picker so the engineer chooses which
+ * tools to authenticate. Items marked `authenticated` start unchecked
+ * (no need to re-auth); unauthed items start checked (default action
+ * is "auth what's missing"). The returned array is the list of `key`
+ * values that the engineer left checked when they confirmed.
+ *
+ * Extracted to its own module so tests can vi.mock it and skip stdin
+ * interaction; the real implementation pulls @inquirer/checkbox.
+ */
+export declare function pickTools(choices: readonly ToolChoice[]): Promise<readonly string[]>;
+//# sourceMappingURL=picker.d.ts.map

package/dist/commands/sandbox/picker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"picker.d.ts","sourceRoot":"","sources":["../../../src/commands/sandbox/picker.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,uEAAuE;IACvE,GAAG,EAAE,MAAM,CAAC;IACZ,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;;GASG;AACH,wBAAsB,SAAS,CAAC,OAAO,EAAE,SAAS,UAAU,EAAE,GAAG,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC,CAW1F"}

package/dist/commands/sandbox/picker.js

@@ -0,0 +1,23 @@
+import checkbox from "@inquirer/checkbox";
+/**
+ * Show an interactive checkbox picker so the engineer chooses which
+ * tools to authenticate. Items marked `authenticated` start unchecked
+ * (no need to re-auth); unauthed items start checked (default action
+ * is "auth what's missing"). The returned array is the list of `key`
+ * values that the engineer left checked when they confirmed.
+ *
+ * Extracted to its own module so tests can vi.mock it and skip stdin
+ * interaction; the real implementation pulls @inquirer/checkbox.
+ */
+export async function pickTools(choices) {
+    const selected = await checkbox({
+        message: "Select tools to authenticate (space to toggle, enter to confirm):",
+        choices: choices.map((choice) => ({
+            name: `${choice.authenticated ? "✓" : "○"} ${choice.label}`,
+            value: choice.key,
+            checked: !choice.authenticated,
+        })),
+        pageSize: Math.max(choices.length, 1),
+    });
+    return selected;
+}

package/dist/lib/agentLaunch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agentLaunch.d.ts","sourceRoot":"","sources":["../../src/lib/agentLaunch.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAOhF,UAAU,mBAAmB;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,EAAE,cAAc,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA6B/B;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,EAAE,cAAc,CAAC;IACvB,UAAU,EAAE,eAAe,CAAC;IAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB,GAAG,OAAO,CAAC,IAAI,CAAC,CAWhB;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,EAAE,cAAc,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB,GAAG,OAAO,CAAC,IAAI,CAAC,CAUhB"}
+{"version":3,"file":"agentLaunch.d.ts","sourceRoot":"","sources":["../../src/lib/agentLaunch.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAOhF,UAAU,mBAAmB;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,EAAE,cAAc,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA6B/B;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,EAAE,cAAc,CAAC;IACvB,UAAU,EAAE,eAAe,CAAC;IAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB,GAAG,OAAO,CAAC,IAAI,CAAC,CAYhB;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,EAAE,cAAc,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB,GAAG,OAAO,CAAC,IAAI,CAAC,CAUhB"}

package/dist/lib/agentLaunch.js

@@ -37,6 +37,7 @@ export async function ensureAgentSandbox(input) {
             sandboxName: input.sandboxName,
             sandbox: input.definition.sandbox,
             mountPath: resolve(input.config.workspace.projectDir),
+            gitDefaults: input.config.sandbox.gitDefaults,
         }, input.signal);
     }
 }

package/dist/lib/config.d.ts

@@ -58,13 +58,49 @@ export interface SandboxDefinition {
      */
     setupCommand?: string;
 }
+/**
+ * Recipe used by `crew sandbox auth <model>` to drive an interactive
+ * login flow inside a sbx sandbox and then verify it. The flow is
+ * picker-driven — no positional `<tool>` argument; the picker lists
+ * every recipe visible to the current sandbox.
+ *
+ * `binary` defaults to the recipe key (typically the agent or CLI name).
+ * `authenticatedPattern` matches against combined stdout+stderr from
+ * `statusArgs` — exit code alone isn't reliable because some CLIs
+ * report "not logged in" while still exiting 0.
+ * `kind` controls visibility in the interactive picker: `"agent"`
+ * recipes are scoped to a specific sbx agent and only appear when you
+ * `auth` against that agent's sandbox; `"tool"` recipes (default)
+ * appear in every sandbox's picker because they're cross-cutting
+ * (github, npm, gcloud, …). Defaults to `"tool"` when omitted.
+ *
+ * Ship-side recipes for `claude`, `codex`, and `cursor` live in
+ * `src/commands/sandbox/auth.ts`; users register additional tools
+ * under `sandbox.authRecipes` in their config.
+ */
+export interface AuthRecipe {
+    displayName: string;
+    binary?: string;
+    loginArgs: readonly string[];
+    statusArgs: readonly string[];
+    authenticatedPattern: RegExp;
+    kind?: "agent" | "tool";
+    /**
+     * Environment variables passed to `sbx exec` for both the login and
+     * status calls. Use this for CLIs whose default flow assumes a
+     * browser or other host-only feature — e.g. cursor-agent wants
+     * `NO_OPEN_BROWSER=1` to print a device code instead of trying to
+     * launch a browser inside the sandbox.
+     */
+    env?: Record<string, string>;
+}
 export interface ModelDefinition {
     /**
      * Shell command launched for the model. Wrapped with Safehouse/clearance
      * for execution. The rendered prompt is appended as a single quoted
      * positional argument. `{{worktree}}` is replaced before launch.
      *
-     * Keep this agent-native (e.g., `claude --permission-mode bypassPermissions`).
+     * Keep this agent-native (e.g., `claude --permission-mode auto`).
      * Groundcrew adds the Safehouse wrapper.
      */
     cmd: string;
@@ -192,6 +228,32 @@ export interface Config {
     local?: {
         runner?: LocalRunnerSetting;
     };
+    /**
+     * Sandbox-wide settings. `authRecipes` lets users register additional
+     * tools (github, npm, gcloud, …) for `crew sandbox auth <model>` to
+     * authenticate inside the sandbox. The auth flow is picker-driven —
+     * registered recipes show up in the picker alongside the shipped ones,
+     * and a user recipe under the same key (e.g. "claude") overrides the
+     * shipped one.
+     */
+    sandbox?: {
+        authRecipes?: Record<string, AuthRecipe>;
+        /**
+         * When true (default), every `crew sandbox ensure` / `auth` run applies
+         * a small set of git defaults inside the sandbox so robot commits push
+         * over `gh`-managed HTTPS regardless of how the user cloned the repo:
+         *
+         *   - disable GPG signing for commits and tags
+         *   - rewrite `git@github.com:` and `ssh://git@github.com/` URLs to
+         *     `https://github.com/` so push uses gh's credential helper
+         *   - after a successful `github` auth recipe login, run
+         *     `gh auth setup-git` inside the sandbox
+         *
+         * Set `false` to skip both the git-config block and the post-login
+         * `gh auth setup-git` step.
+         */
+        gitDefaults?: boolean;
+    };
     logging?: {
         /**
          * Append-mode log file destination. `log()` and `logEvent()` tee here
@@ -261,6 +323,14 @@ export interface ResolvedConfig {
     local: {
         runner: LocalRunnerSetting;
     };
+    /**
+     * Sandbox-wide settings. Always present after defaults; `authRecipes`
+     * is `{}` when the user provides none.
+     */
+    sandbox: {
+        authRecipes: Record<string, AuthRecipe>;
+        gitDefaults: boolean;
+    };
     logging: {
         file: string;
     };

package/dist/lib/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAIrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,eAAe,QAAQ,CAAC;AAErC;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5D,eAAO,MAAM,uBAAuB,EAAE,SAAS,oBAAoB,EAIzD,CAAC;AAEX;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvD;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,MAAM,CAAC;AAEtD,eAAO,MAAM,qBAAqB,EAAE,SAAS,kBAAkB,EAKrD,CAAC;AAEX;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;;;OAOG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE;QACN,QAAQ,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACjD,CAAC;IACF;;;;OAIG;IACH,OAAO,CAAC,EAAE,iBAAiB,CAAC;CAC7B;AAED;;;;;;;;;GASG;AACH,KAAK,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG;IAAE,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC;AAC/D,KAAK,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,GAAG;IAC1E,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AACF,UAAU,2BAA2B;IACnC,QAAQ,EAAE,IAAI,CAAC;CAChB;AACD,KAAK,mBAAmB,GAAG,0BAA0B,GAAG,2BAA2B,CAAC;AAEpF;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;;OAQG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE;QACT,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH;AAED;;;;GAIG;AACH,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE;QACN;;;;WAIG;QACH,QAAQ,EAAE,aAAa,EAAE,CAAC;KAC3B,CAAC;IACF;;;;;;;;;OASG;IACH,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE;QACJ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,CAAC,EAAE;QACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,sBAAsB,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB;;;;;WAKG;QACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;KACnD,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;;;OAIG;IACH,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC;;;;OAIG;IACH,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,kBAAkB,CAAC;KAC7B,CAAC;IACF,OAAO,CAAC,EAAE;QACR;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,qBAAqB;IACpC,2EAA2E;IAC3E,WAAW,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE;QACN,QAAQ,EAAE,qBAAqB,EAAE,CAAC;KACnC,CAAC;IACF;;;;;OAKG;IACH,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,GAAG,EAAE;QACH,MAAM,EAAE,MAAM,CAAC;QACf,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,CAAC;QAC1B,wBAAwB,EAAE,MAAM,CAAC;QACjC,sBAAsB,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;KAC9C,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF;;;OAGG;IACH,aAAa,EAAE,oBAAoB,CAAC;IACpC;;;;OAIG;IACH,KAAK,EAAE;QACL,MAAM,EAAE,kBAAkB,CAAC;KAC5B,CAAC;IACF,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AA4QD;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EACtC,IAAI,EAAE,MAAM,GACX,OAAO,CAKT;AA4dD;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EACtC,MAAM,EAAE,MAAM,GACb,qBAAqB,GAAG,SAAS,CAEnC;AAOD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAajG;AAID,wBAAsB,UAAU,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAwBpE"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAIrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,eAAe,QAAQ,CAAC;AAErC;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5D,eAAO,MAAM,uBAAuB,EAAE,SAAS,oBAAoB,EAIzD,CAAC;AAEX;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvD;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,MAAM,CAAC;AAEtD,eAAO,MAAM,qBAAqB,EAAE,SAAS,kBAAkB,EAKrD,CAAC;AAEX;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7B,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;;;OAOG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE;QACN,QAAQ,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACjD,CAAC;IACF;;;;OAIG;IACH,OAAO,CAAC,EAAE,iBAAiB,CAAC;CAC7B;AAED;;;;;;;;;GASG;AACH,KAAK,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG;IAAE,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC;AAC/D,KAAK,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,GAAG;IAC1E,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AACF,UAAU,2BAA2B;IACnC,QAAQ,EAAE,IAAI,CAAC;CAChB;AACD,KAAK,mBAAmB,GAAG,0BAA0B,GAAG,2BAA2B,CAAC;AAEpF;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;;OAQG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE;QACT,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH;AAED;;;;GAIG;AACH,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE;QACN;;;;WAIG;QACH,QAAQ,EAAE,aAAa,EAAE,CAAC;KAC3B,CAAC;IACF;;;;;;;;;OASG;IACH,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE;QACJ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,CAAC,EAAE;QACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,sBAAsB,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB;;;;;WAKG;QACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;KACnD,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;;;OAIG;IACH,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC;;;;OAIG;IACH,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,kBAAkB,CAAC;KAC7B,CAAC;IACF;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACzC;;;;;;;;;;;;;WAaG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,CAAC;IACF,OAAO,CAAC,EAAE;QACR;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,qBAAqB;IACpC,2EAA2E;IAC3E,WAAW,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE;QACN,QAAQ,EAAE,qBAAqB,EAAE,CAAC;KACnC,CAAC;IACF;;;;;OAKG;IACH,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,GAAG,EAAE;QACH,MAAM,EAAE,MAAM,CAAC;QACf,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,CAAC;QAC1B,wBAAwB,EAAE,MAAM,CAAC;QACjC,sBAAsB,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;KAC9C,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF;;;OAGG;IACH,aAAa,EAAE,oBAAoB,CAAC;IACpC;;;;OAIG;IACH,KAAK,EAAE;QACL,MAAM,EAAE,kBAAkB,CAAC;KAC5B,CAAC;IACF;;;OAGG;IACH,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACxC,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAsRD;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EACtC,IAAI,EAAE,MAAM,GACX,OAAO,CAKT;AAoiBD;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EACtC,MAAM,EAAE,MAAM,GACb,qBAAqB,GAAG,SAAS,CAEnC;AAOD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAajG;AAID,wBAAsB,UAAU,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAwBpE"}

package/dist/lib/config.js

@@ -42,7 +42,7 @@ const DEFAULT_ORCHESTRATOR = {
 };
 const DEFAULT_MODEL_DEFINITIONS = {
     claude: {
-        cmd: "claude --permission-mode bypassPermissions",
+        cmd: "claude --permission-mode auto",
         color: "#C15F3C",
         usage: { codexbar: { provider: "claude" } },
     },
@@ -132,6 +132,15 @@ function normalizeOptionalString(value, path) {
     }
     return value.trim();
 }
+function normalizeOptionalBoolean(value, path) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value !== "boolean") {
+        fail(`${path} must be a boolean`);
+    }
+    return value;
+}
 function normalizeOptionalStringArray(value, path) {
     if (value === undefined) {
         return undefined;
@@ -325,6 +334,11 @@ function requireObject(value, path) {
         fail(`${path} must be an object (got ${JSON.stringify(value)})`);
     }
 }
+function requireOptionalObject(value, path) {
+    if (value !== undefined && !isPlainObject(value)) {
+        fail(`${path} must be an object`);
+    }
+}
 function normalizeProject(value, index) {
     const path = `linear.projects[${index}]`;
     if (!isPlainObject(value)) {
@@ -429,6 +443,65 @@ function normalizeProjects(linear) {
     });
     return resolved;
 }
+function normalizeAuthRecipes(value, path) {
+    if (value === undefined) {
+        return {};
+    }
+    if (!isPlainObject(value)) {
+        fail(`${path} must be an object`);
+    }
+    const recipes = {};
+    for (const [key, raw] of Object.entries(value)) {
+        const recipePath = `${path}.${key}`;
+        if (!isPlainObject(raw)) {
+            fail(`${recipePath} must be an object`);
+        }
+        const { displayName, binary, loginArgs, statusArgs, authenticatedPattern, kind, env } = raw;
+        requireString(displayName, `${recipePath}.displayName`);
+        const loginArray = normalizeOptionalStringArray(loginArgs, `${recipePath}.loginArgs`);
+        const statusArray = normalizeOptionalStringArray(statusArgs, `${recipePath}.statusArgs`);
+        if (loginArray === undefined) {
+            fail(`${recipePath}.loginArgs is required`);
+        }
+        if (statusArray === undefined) {
+            fail(`${recipePath}.statusArgs is required`);
+        }
+        if (!(authenticatedPattern instanceof RegExp)) {
+            fail(`${recipePath}.authenticatedPattern must be a RegExp`);
+        }
+        const recipe = {
+            displayName,
+            loginArgs: loginArray,
+            statusArgs: statusArray,
+            authenticatedPattern,
+        };
+        const binaryString = normalizeOptionalString(binary, `${recipePath}.binary`);
+        if (binaryString !== undefined) {
+            recipe.binary = binaryString;
+        }
+        if (kind !== undefined) {
+            if (kind !== "agent" && kind !== "tool") {
+                fail(`${recipePath}.kind must be "agent" or "tool"`);
+            }
+            recipe.kind = kind;
+        }
+        if (env !== undefined) {
+            if (!isPlainObject(env)) {
+                fail(`${recipePath}.env must be an object`);
+            }
+            const normalizedEnv = {};
+            for (const [envKey, envValue] of Object.entries(env)) {
+                if (typeof envValue !== "string") {
+                    fail(`${recipePath}.env.${envKey} must be a string`);
+                }
+                normalizedEnv[envKey] = envValue;
+            }
+            recipe.env = normalizedEnv;
+        }
+        recipes[key] = recipe;
+    }
+    return recipes;
+}
 function applyDefaults(user) {
     // Guard the top-level shape before reading nested fields, so a
     // malformed runtime config produces a `groundcrew config: ...` error
@@ -443,6 +516,7 @@ function applyDefaults(user) {
     if (Object.hasOwn(user, "remote")) {
         fail("remote is no longer supported: groundcrew runs locally via safehouse/sdx/none; remove the remote block from your config");
     }
+    requireOptionalObject(user.sandbox, "sandbox");
     const userLocal = user.local;
     if (userLocal !== undefined && !isPlainObject(userLocal)) {
         fail("local must be an object");
@@ -470,6 +544,10 @@ function applyDefaults(user) {
         local: {
             runner: normalizeLocalRunner(userLocal?.runner, "local.runner") ?? "auto",
         },
+        sandbox: {
+            authRecipes: normalizeAuthRecipes(user.sandbox?.authRecipes, "sandbox.authRecipes"),
+            gitDefaults: normalizeOptionalBoolean(user.sandbox?.gitDefaults, "sandbox.gitDefaults") ?? true,
+        },
         logging: {
             file: expandHome(normalizeOptionalString(user.logging?.file, "logging.file") ?? defaultLogFile()),
         },

package/dist/lib/dockerSandbox.d.ts

@@ -25,15 +25,19 @@ interface EnsureSandboxArguments {
      * clone) are visible to `sbx exec -w <worktreeDir>` after creation.
      */
     mountPath: string;
+    /**
+     * When true, apply the standard git defaults inside the sandbox after
+     * it exists (idempotent, runs whether the sandbox was just created or
+     * already there). See `sandboxGitDefaults.ts` for what gets set.
+     */
+    gitDefaults: boolean;
+    /**
+     * Result of an earlier `sandboxExists` probe by the caller, used to
+     * skip the initial `sbx ls` here. Leave undefined to let this function
+     * probe on its own.
+     */
+    alreadyExists?: boolean;
 }
-/**
- * Idempotent guard: ensure a Docker Sandboxes container exists for the
- * given repository + model. Probes `sbx ls`; if `sandboxName` is missing,
- * calls `sbx create --name <name> [--template <t>] [--kit <k>]... <agent>
- * <mountPath>` to provision it. First-time agent auth still happens inside
- * the sandbox the first time `sbx exec` runs the agent — `create` only
- * provisions the container, it does not attach.
- */
 export declare function ensureSandbox(arguments_: EnsureSandboxArguments, signal?: AbortSignal): Promise<void>;
 export {};
 //# sourceMappingURL=dockerSandbox.d.ts.map

package/dist/lib/dockerSandbox.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dockerSandbox.d.ts","sourceRoot":"","sources":["../../src/lib/dockerSandbox.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAMpE;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAM/F;AAED,UAAU,sBAAsB;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,iBAAiB,CAAC;IAC3B;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,sBAAsB,EAClC,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,IAAI,CAAC,CAqBf"}
+{"version":3,"file":"dockerSandbox.d.ts","sourceRoot":"","sources":["../../src/lib/dockerSandbox.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGrD;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAMpE;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAM/F;AAED,UAAU,sBAAsB;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,iBAAiB,CAAC;IAC3B;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,WAAW,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAsBD,wBAAsB,aAAa,CACjC,UAAU,EAAE,sBAAsB,EAClC,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,IAAI,CAAC,CAuBf"}

package/dist/lib/dockerSandbox.js

@@ -1,4 +1,5 @@
 import { runCommandAsync } from "./commandRunner.js";
+import { applyGitDefaults } from "./sandboxGitDefaults.js";
 /**
  * Derive a deterministic sbx sandbox name from the sbx agent so every
  * groundcrew model that targets the same agent reuses one sandbox across
@@ -29,30 +30,40 @@ export async function sandboxExists(sandboxName, signal) {
  * Idempotent guard: ensure a Docker Sandboxes container exists for the
  * given repository + model. Probes `sbx ls`; if `sandboxName` is missing,
  * calls `sbx create --name <name> [--template <t>] [--kit <k>]... <agent>
- * <mountPath>` to provision it. First-time agent auth still happens inside
- * the sandbox the first time `sbx exec` runs the agent — `create` only
- * provisions the container, it does not attach.
+ * <mountPath>` to provision it. Once the container exists (newly created
+ * or pre-existing), applies the standard git defaults when enabled.
+ * First-time agent auth still happens inside the sandbox the first time
+ * `sbx exec` runs the agent — `create` only provisions the container, it
+ * does not attach.
  */
-export async function ensureSandbox(arguments_, signal) {
-    if (await sandboxExists(arguments_.sandboxName, signal)) {
-        return;
-    }
-    const createArguments = ["create", "--name", arguments_.sandboxName];
-    if (arguments_.sandbox.template !== undefined) {
-        createArguments.push("--template", arguments_.sandbox.template);
-    }
-    for (const kit of arguments_.sandbox.kits ?? []) {
-        createArguments.push("--kit", kit);
+async function resolveExistence(arguments_, signal) {
+    if (arguments_.alreadyExists === undefined) {
+        return await sandboxExists(arguments_.sandboxName, signal);
     }
-    createArguments.push(arguments_.sandbox.agent, arguments_.mountPath);
-    const options = signal === undefined ? {} : { signal };
-    try {
-        await runCommandAsync("sbx", createArguments, options);
-    }
-    catch (error) {
-        if (await sandboxExists(arguments_.sandboxName, signal)) {
-            return;
+    return arguments_.alreadyExists;
+}
+export async function ensureSandbox(arguments_, signal) {
+    const existed = await resolveExistence(arguments_, signal);
+    if (!existed) {
+        const createArguments = ["create", "--name", arguments_.sandboxName];
+        if (arguments_.sandbox.template !== undefined) {
+            createArguments.push("--template", arguments_.sandbox.template);
+        }
+        for (const kit of arguments_.sandbox.kits ?? []) {
+            createArguments.push("--kit", kit);
+        }
+        createArguments.push(arguments_.sandbox.agent, arguments_.mountPath);
+        const options = signal === undefined ? {} : { signal };
+        try {
+            await runCommandAsync("sbx", createArguments, options);
         }
-        throw error;
+        catch (error) {
+            if (!(await sandboxExists(arguments_.sandboxName, signal))) {
+                throw error;
+            }
+        }
+    }
+    if (arguments_.gitDefaults) {
+        await applyGitDefaults({ sandboxName: arguments_.sandboxName }, signal);
     }
 }

package/dist/lib/sandboxGitDefaults.d.ts

@@ -0,0 +1,10 @@
+interface ApplyGitDefaultsArguments {
+    sandboxName: string;
+}
+/**
+ * Apply the standard git defaults inside `sandboxName`. Idempotent —
+ * safe to call on every `ensure`/`auth` run to repair drift.
+ */
+export declare function applyGitDefaults(arguments_: ApplyGitDefaultsArguments, signal?: AbortSignal): Promise<void>;
+export {};
+//# sourceMappingURL=sandboxGitDefaults.d.ts.map

package/dist/lib/sandboxGitDefaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandboxGitDefaults.d.ts","sourceRoot":"","sources":["../../src/lib/sandboxGitDefaults.ts"],"names":[],"mappings":"AAyBA,UAAU,yBAAyB;IACjC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,yBAAyB,EACrC,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,IAAI,CAAC,CAOf"}

package/dist/lib/sandboxGitDefaults.js

@@ -0,0 +1,31 @@
+import { runCommandAsync } from "./commandRunner.js";
+/**
+ * Git defaults applied inside every sandbox when `sandbox.gitDefaults`
+ * is enabled (the default).
+ *
+ * - Disable GPG signing — robot commits inside the sandbox have no key
+ *   and would otherwise fail or end up unsigned silently.
+ * - Rewrite GitHub SSH URLs to HTTPS so push/fetch go through the `gh`
+ *   credential helper (wired by `gh auth setup-git` after a successful
+ *   `crew sandbox auth` github login), regardless of how the user
+ *   originally cloned the repo on the host.
+ *
+ * `url.<base>.insteadOf` is multi-valued in git; `--unset-all` before
+ * `--add` keeps the set identical across repeated runs instead of
+ * appending duplicates.
+ */
+const GIT_DEFAULT_COMMANDS = [
+    "git config --global commit.gpgsign false",
+    "git config --global tag.gpgsign false",
+    '(git config --global --unset-all url."https://github.com/".insteadOf 2>/dev/null || true)',
+    'git config --global --add url."https://github.com/".insteadOf "git@github.com:"',
+    'git config --global --add url."https://github.com/".insteadOf "ssh://git@github.com/"',
+].join(" && ");
+/**
+ * Apply the standard git defaults inside `sandboxName`. Idempotent —
+ * safe to call on every `ensure`/`auth` run to repair drift.
+ */
+export async function applyGitDefaults(arguments_, signal) {
+    const options = signal === undefined ? {} : { signal };
+    await runCommandAsync("sbx", ["exec", arguments_.sandboxName, "sh", "-c", GIT_DEFAULT_COMMANDS], options);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clipboard-health/groundcrew",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "Linear-driven orchestrator that launches AI coding agents in git worktrees, with workspace lifecycle and usage tracking.",
   "keywords": [
     "agent",
@@ -68,6 +68,7 @@
   },
   "dependencies": {
     "@clipboard-health/clearance": "1.0.8",
+    "@inquirer/checkbox": "5.1.5",
     "@linear/sdk": "85.0.0",
     "cosmiconfig": "9.0.1",
     "tslib": "2.8.1",