@clipboard-health/groundcrew 4.0.3 → 4.2.0

package/dist/lib/cmuxAdapter.js

@@ -0,0 +1,163 @@
+/**
+ * cmux Workspace backend. cmux is the macOS TUI; workspaces surface in its
+ * own app, so `accessHint` has nothing concise to emit. cmux can paint a
+ * per-workspace status pill, which `open` applies best-effort.
+ */
+import { isSignalAborted, runWorkspaceCommand, } from "./workspaceAdapter.js";
+import { errorMessage, log } from "./util.js";
+export const cmuxAdapter = {
+    async open(spec, signal) {
+        const output = await runWorkspaceCommand("cmux", [
+            "--json",
+            "new-workspace",
+            "--name",
+            spec.name,
+            "--cwd",
+            spec.cwd,
+            "--command",
+            spec.command,
+        ], signal);
+        const workspaceId = extractCmuxOpenId(output);
+        if (workspaceId === undefined) {
+            log(`cmux new-workspace returned unrecognized output for ${spec.name}; if a workspace was created, run \`cmux close-workspace\` manually.`);
+            throw new Error(`Unexpected cmux output: ${output}`);
+        }
+        if (spec.status !== undefined) {
+            try {
+                await applyCmuxStatus(workspaceId, spec.status, signal);
+            }
+            catch (error) {
+                // Status pills are best-effort. cmux v2+ dropped `set-status` entirely,
+                // so swallow that specific gap silently; surface anything else so a real
+                // regression doesn't hide behind the same swallow.
+                if (!isCmuxSetStatusUnsupported(error)) {
+                    log(`cmux set-status failed for ${spec.name} (continuing): ${errorMessage(error)}`);
+                }
+            }
+        }
+    },
+    async list(signal) {
+        const raw = await listCmuxRaw(signal);
+        return raw?.map((ws) => ({ name: ws.title }));
+    },
+    async close(name, signal) {
+        const raw = await listCmuxRaw(signal);
+        if (raw === undefined) {
+            // cmux v2 `workspace.close` rejects titles, so forwarding `name`
+            // would always fail. The list failure has already been logged by
+            // `listCmuxRaw`; bail rather than guarantee a downstream error.
+            log(`cmux close-workspace skipped for ${name}: list-workspaces failed, no usable id`);
+            return { kind: "unavailable" };
+        }
+        const match = raw.find((ws) => ws.title === name);
+        if (match === undefined) {
+            return { kind: "missing" };
+        }
+        try {
+            await closeCmuxWorkspace(match.id, signal);
+            return { kind: "closed" };
+        }
+        catch (error) {
+            if (isSignalAborted(signal)) {
+                throw error;
+            }
+            const remaining = await listCmuxRaw(signal);
+            if (remaining === undefined) {
+                return { kind: "unavailable", error };
+            }
+            const isStillPresent = remaining.some((ws) => ws.title === name);
+            if (!isStillPresent) {
+                return { kind: "closed" };
+            }
+            throw error;
+        }
+    },
+    accessHint(_name) {
+        // cmux is a TUI; users surface workspaces by launching the cmux app,
+        // not a shell command. No useful hint to emit.
+        // oxlint-disable-next-line unicorn/no-useless-undefined -- explicit signal that the backend has no hint
+        return undefined;
+    },
+};
+function parseCmuxList(output) {
+    // oxlint-disable-next-line typescript/no-unsafe-type-assertion -- cmux --json list-workspaces always emits this shape
+    const parsed = JSON.parse(output);
+    const items = [];
+    /* v8 ignore next @preserve -- cmux always emits a workspaces field; default keeps the loop safe */
+    for (const ws of parsed.workspaces ?? []) {
+        if (typeof ws.title !== "string" || ws.title.length === 0) {
+            continue;
+        }
+        const id = pickCmuxId(ws);
+        if (id === undefined) {
+            log(`cmux list-workspaces returned workspace "${ws.title}" without a usable id or ref; skipping`);
+            continue;
+        }
+        items.push({ title: ws.title, id });
+    }
+    return items;
+}
+/**
+ * The stable workspace handle cmux v2 expects in JSON-RPC params. Prefer
+ * the UUID; fall back to the legacy `workspace:N` short ref when older
+ * cmux builds don't surface it. Returns `undefined` when neither is
+ * available — cmux v2 `workspace.close` rejects titles, so we must never
+ * forward `title` as a workspace handle.
+ */
+function pickCmuxId(ws) {
+    if (typeof ws.id === "string" && ws.id.length > 0) {
+        return ws.id;
+    }
+    if (typeof ws.ref === "string" && ws.ref.length > 0) {
+        return ws.ref;
+    }
+    return undefined;
+}
+async function listCmuxRaw(signal) {
+    try {
+        return parseCmuxList(await runWorkspaceCommand("cmux", ["--json", "list-workspaces"], signal));
+    }
+    catch (error) {
+        if (isSignalAborted(signal)) {
+            throw error;
+        }
+        log(`cmux list-workspaces failed: ${errorMessage(error)}`);
+        return undefined;
+    }
+}
+function extractCmuxOpenId(output) {
+    try {
+        // oxlint-disable-next-line typescript/no-unsafe-type-assertion -- cmux --json prints a workspace_id/ref object
+        const parsed = JSON.parse(output);
+        const uuid = parsed.workspace_id ?? parsed.id ?? "";
+        if (uuid.length > 0) {
+            return uuid;
+        }
+        const ref = parsed.workspace_ref ?? parsed.ref ?? "";
+        if (ref.length > 0) {
+            return ref;
+        }
+    }
+    catch {
+        /* not JSON; fall through to regex */
+    }
+    const match = /workspace:\d+/.exec(output);
+    return match ? match[0] : undefined;
+}
+async function applyCmuxStatus(workspaceId, status, signal) {
+    const arguments_ = ["set-status", "model", status.text];
+    if (status.icon !== undefined) {
+        arguments_.push("--icon", status.icon);
+    }
+    if (status.color !== undefined) {
+        arguments_.push("--color", status.color);
+    }
+    arguments_.push("--workspace", workspaceId);
+    await runWorkspaceCommand("cmux", arguments_, signal);
+}
+async function closeCmuxWorkspace(workspaceId, signal) {
+    await runWorkspaceCommand("cmux", ["close-workspace", "--workspace", workspaceId], signal);
+}
+function isCmuxSetStatusUnsupported(error) {
+    return errorMessage(error).includes('unknown command "set-status"');
+}

package/dist/lib/config.d.ts

@@ -41,16 +41,12 @@ export type LocalRunnerSetting = LocalRunner | "auto";
 export declare const LOCAL_RUNNER_SETTINGS: readonly LocalRunnerSetting[];
 /**
  * Per-model Docker Sandboxes (sdx) binding. Required at launch when
- * `local.runner` resolves to `sdx` so groundcrew knows which sbx agent
- * to address and how to seed the sandbox.
+ * `local.runner` resolves to `sdx` so groundcrew knows which existing
+ * sbx sandbox to address.
  */
 export interface SandboxDefinition {
     /** sbx agent name (e.g. "claude", "codex"). */
     agent: string;
-    /** Optional `sbx run --template` value. */
-    template?: string;
-    /** Optional `sbx run --kit` values (each passed as a separate flag). */
-    kits?: string[];
     /**
      * Setup command run **inside** the sandbox before the agent exec.
      * Defaults to the shared `.groundcrew/setup.sh --deps-only` convention
@@ -58,42 +54,6 @@ export interface SandboxDefinition {
      */
     setupCommand?: string;
 }
-/**
- * Recipe used by `crew sandbox auth <model>` to drive an interactive
- * login flow inside a sbx sandbox and then verify it. The flow is
- * picker-driven — no positional `<tool>` argument; the picker lists
- * every recipe visible to the current sandbox.
- *
- * `binary` defaults to the recipe key (typically the agent or CLI name).
- * `authenticatedPattern` matches against combined stdout+stderr from
- * `statusArgs` — exit code alone isn't reliable because some CLIs
- * report "not logged in" while still exiting 0.
- * `kind` controls visibility in the interactive picker: `"agent"`
- * recipes are scoped to a specific sbx agent and only appear when you
- * `auth` against that agent's sandbox; `"tool"` recipes (default)
- * appear in every sandbox's picker because they're cross-cutting
- * (github, npm, gcloud, …). Defaults to `"tool"` when omitted.
- *
- * Ship-side recipes for `claude`, `codex`, and `cursor` live in
- * `src/commands/sandbox/auth.ts`; users register additional tools
- * under `sandbox.authRecipes` in their config.
- */
-export interface AuthRecipe {
-    displayName: string;
-    binary?: string;
-    loginArgs: readonly string[];
-    statusArgs: readonly string[];
-    authenticatedPattern: RegExp;
-    kind?: "agent" | "tool";
-    /**
-     * Environment variables passed to `sbx exec` for both the login and
-     * status calls. Use this for CLIs whose default flow assumes a
-     * browser or other host-only feature — e.g. cursor-agent wants
-     * `NO_OPEN_BROWSER=1` to print a device code instead of trying to
-     * launch a browser inside the sandbox.
-     */
-    env?: Record<string, string>;
-}
 export interface ModelDefinition {
     /**
      * Shell command launched for the model. Wrapped with Safehouse/clearance
@@ -201,32 +161,6 @@ export interface Config {
     local?: {
         runner?: LocalRunnerSetting;
     };
-    /**
-     * Sandbox-wide settings. `authRecipes` lets users register additional
-     * tools (github, npm, gcloud, …) for `crew sandbox auth <model>` to
-     * authenticate inside the sandbox. The auth flow is picker-driven —
-     * registered recipes show up in the picker alongside the shipped ones,
-     * and a user recipe under the same key (e.g. "claude") overrides the
-     * shipped one.
-     */
-    sandbox?: {
-        authRecipes?: Record<string, AuthRecipe>;
-        /**
-         * When true (default), every `crew sandbox ensure` / `auth` run applies
-         * a small set of git defaults inside the sandbox so robot commits push
-         * over `gh`-managed HTTPS regardless of how the user cloned the repo:
-         *
-         *   - disable GPG signing for commits and tags
-         *   - rewrite `git@github.com:` and `ssh://git@github.com/` URLs to
-         *     `https://github.com/` so push uses gh's credential helper
-         *   - after a successful `github` auth recipe login, run
-         *     `gh auth setup-git` inside the sandbox
-         *
-         * Set `false` to skip both the git-config block and the post-login
-         * `gh auth setup-git` step.
-         */
-        gitDefaults?: boolean;
-    };
     logging?: {
         /**
          * Append-mode log file destination. `log()` and `logEvent()` tee here
@@ -281,14 +215,6 @@ export interface ResolvedConfig {
     local: {
         runner: LocalRunnerSetting;
     };
-    /**
-     * Sandbox-wide settings. Always present after defaults; `authRecipes`
-     * is `{}` when the user provides none.
-     */
-    sandbox: {
-        authRecipes: Record<string, AuthRecipe>;
-        gitDefaults: boolean;
-    };
     logging: {
         file: string;
     };

package/dist/lib/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAIrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,eAAe,QAAQ,CAAC;AAErC;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5D,eAAO,MAAM,uBAAuB,EAAE,SAAS,oBAAoB,EAIzD,CAAC;AAEX;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvD;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,MAAM,CAAC;AAEtD,eAAO,MAAM,qBAAqB,EAAE,SAAS,kBAAkB,EAKrD,CAAC;AAEX;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7B,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;;;OAOG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE;QACN,QAAQ,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACjD,CAAC;IACF;;;;OAIG;IACH,OAAO,CAAC,EAAE,iBAAiB,CAAC;CAC7B;AAED;;;;;;;;;GASG;AACH,KAAK,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG;IAAE,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC;AAC/D,KAAK,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,GAAG;IAC1E,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AACF,UAAU,2BAA2B;IACnC,QAAQ,EAAE,IAAI,CAAC;CAChB;AACD,KAAK,mBAAmB,GAAG,0BAA0B,GAAG,2BAA2B,CAAC;AAEpF;;;;;;;;;GASG;AACH,MAAM,WAAW,MAAM;IACrB;;;;;;;;;OASG;IACH,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE;QACJ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,CAAC,EAAE;QACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,sBAAsB,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB;;;;;WAKG;QACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;KACnD,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;;;OAIG;IACH,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC;;;;OAIG;IACH,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,kBAAkB,CAAC;KAC7B,CAAC;IACF;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACzC;;;;;;;;;;;;;WAaG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,CAAC;IACF,OAAO,CAAC,EAAE;QACR;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,GAAG,EAAE;QACH,MAAM,EAAE,MAAM,CAAC;QACf,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,CAAC;QAC1B,wBAAwB,EAAE,MAAM,CAAC;QACjC,sBAAsB,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;KAC9C,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF;;;OAGG;IACH,aAAa,EAAE,oBAAoB,CAAC;IACpC;;;;OAIG;IACH,KAAK,EAAE;QACL,MAAM,EAAE,kBAAkB,CAAC;KAC5B,CAAC;IACF;;;OAGG;IACH,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACxC,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AA0OD;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EACtC,IAAI,EAAE,MAAM,GACX,OAAO,CAKT;AA+cD,wBAAsB,UAAU,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAwBpE"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAIrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,eAAe,QAAQ,CAAC;AAErC;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5D,eAAO,MAAM,uBAAuB,EAAE,SAAS,oBAAoB,EAIzD,CAAC;AAEX;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvD;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,MAAM,CAAC;AAEtD,eAAO,MAAM,qBAAqB,EAAE,SAAS,kBAAkB,EAKrD,CAAC;AAEX;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;;;OAOG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE;QACN,QAAQ,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACjD,CAAC;IACF;;;;OAIG;IACH,OAAO,CAAC,EAAE,iBAAiB,CAAC;CAC7B;AAED;;;;;;;;;GASG;AACH,KAAK,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG;IAAE,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC;AAC/D,KAAK,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,GAAG;IAC1E,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AACF,UAAU,2BAA2B;IACnC,QAAQ,EAAE,IAAI,CAAC;CAChB;AACD,KAAK,mBAAmB,GAAG,0BAA0B,GAAG,2BAA2B,CAAC;AAEpF;;;;;;;;;GASG;AACH,MAAM,WAAW,MAAM;IACrB;;;;;;;;;OASG;IACH,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE;QACJ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,CAAC,EAAE;QACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,sBAAsB,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB;;;;;WAKG;QACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;KACnD,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;;;OAIG;IACH,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC;;;;OAIG;IACH,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,kBAAkB,CAAC;KAC7B,CAAC;IACF,OAAO,CAAC,EAAE;QACR;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,GAAG,EAAE;QACH,MAAM,EAAE,MAAM,CAAC;QACf,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;IACF,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,CAAC;QAC1B,wBAAwB,EAAE,MAAM,CAAC;QACjC,sBAAsB,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;KAC9C,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF;;;OAGG;IACH,aAAa,EAAE,oBAAoB,CAAC;IACpC;;;;OAIG;IACH,KAAK,EAAE;QACL,MAAM,EAAE,kBAAkB,CAAC;KAC5B,CAAC;IACF,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AA4ND;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EACtC,IAAI,EAAE,MAAM,GACX,OAAO,CAKT;AA+ZD,wBAAsB,UAAU,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAwBpE"}

package/dist/lib/config.js

@@ -126,29 +126,6 @@ function normalizeOptionalString(value, path) {
     }
     return value.trim();
 }
-function normalizeOptionalBoolean(value, path) {
-    if (value === undefined) {
-        return undefined;
-    }
-    if (typeof value !== "boolean") {
-        fail(`${path} must be a boolean`);
-    }
-    return value;
-}
-function normalizeOptionalStringArray(value, path) {
-    if (value === undefined) {
-        return undefined;
-    }
-    if (!Array.isArray(value)) {
-        fail(`${path} must be an array`);
-    }
-    return value.map((entry, index) => {
-        if (typeof entry !== "string" || entry.trim().length === 0) {
-            fail(`${path}[${index}] must be a non-empty string`);
-        }
-        return entry.trim();
-    });
-}
 function isWorkspaceKindSetting(value) {
     return (typeof value === "string" && WORKSPACE_KIND_SETTINGS.includes(value));
 }
@@ -177,27 +154,29 @@ function normalizeSandbox(value, path) {
     if (!isPlainObject(value)) {
         fail(`${path} must be an object`);
     }
-    const { agent, template, kits, setupCommand } = value;
+    if (Object.hasOwn(value, "template")) {
+        failRemovedConfigKey(`${path}.template`, "Groundcrew no longer creates or re-templates sdx sandboxes.");
+    }
+    if (Object.hasOwn(value, "kits")) {
+        failRemovedConfigKey(`${path}.kits`, "Groundcrew no longer creates sdx sandboxes or applies sandbox kits.");
+    }
+    const { agent, setupCommand } = value;
     requireString(agent, `${path}.agent`);
     const trimmedAgent = agent.trim();
     if (trimmedAgent.length === 0) {
         fail(`${path}.agent must be a non-empty string (got ${JSON.stringify(agent)})`);
     }
     const sandbox = { agent: trimmedAgent };
-    const normalizedTemplate = normalizeOptionalString(template, `${path}.template`);
-    if (normalizedTemplate !== undefined) {
-        sandbox.template = normalizedTemplate;
-    }
-    const normalizedKits = normalizeOptionalStringArray(kits, `${path}.kits`);
-    if (normalizedKits !== undefined) {
-        sandbox.kits = normalizedKits;
-    }
     const normalizedSetup = normalizeOptionalString(setupCommand, `${path}.setupCommand`);
     if (normalizedSetup !== undefined) {
         sandbox.setupCommand = normalizedSetup;
     }
     return sandbox;
 }
+function failRemovedConfigKey(path, reason) {
+    fail(`${path} is no longer supported: ${reason} ` +
+        "Provision and manage the sandbox yourself with `sbx` (for example `sbx create --name groundcrew-<agent> <agent> <projectDir>`), then keep only `models.definitions.<model>.sandbox.agent` plus optional `setupCommand` in crew.config.ts.");
+}
 function failIfLegacyModelKeys(name, override) {
     if (!isPlainObject(override)) {
         fail(`models.definitions.${name} must be an object`);
@@ -296,11 +275,6 @@ function requireObject(value, path) {
         fail(`${path} must be an object (got ${JSON.stringify(value)})`);
     }
 }
-function requireOptionalObject(value, path) {
-    if (value !== undefined && !isPlainObject(value)) {
-        fail(`${path} must be an object`);
-    }
-}
 function failOnLegacyLinearShape(user) {
     if (!Object.hasOwn(user, "linear")) {
         return;
@@ -312,6 +286,21 @@ function failOnLegacyLinearShape(user) {
         "If you only want a subset of your Linear tickets to be picked up, leave the unwanted tickets unassigned or remove their `agent-*` label.",
     ].join("\n"));
 }
+function failOnRemovedSandboxSettings(user) {
+    const { sandbox } = user;
+    if (sandbox === undefined) {
+        return;
+    }
+    if (!isPlainObject(sandbox)) {
+        fail("sandbox must be an object");
+    }
+    if (Object.hasOwn(sandbox, "authRecipes")) {
+        failRemovedConfigKey("sandbox.authRecipes", "Groundcrew no longer drives in-sandbox auth flows.");
+    }
+    if (Object.hasOwn(sandbox, "gitDefaults")) {
+        failRemovedConfigKey("sandbox.gitDefaults", "Groundcrew no longer seeds git defaults inside sdx sandboxes.");
+    }
+}
 function normalizeSources(raw) {
     if (raw === undefined) {
         return [];
@@ -348,71 +337,14 @@ function normalizeSources(raw) {
     // oxlint-disable-next-line typescript/no-unsafe-type-assertion -- structural validation above guarantees array of {kind: string} entries; per-source Zod validation lives in buildSources
     return raw;
 }
-function normalizeAuthRecipes(value, path) {
-    if (value === undefined) {
-        return {};
-    }
-    if (!isPlainObject(value)) {
-        fail(`${path} must be an object`);
-    }
-    const recipes = {};
-    for (const [key, raw] of Object.entries(value)) {
-        const recipePath = `${path}.${key}`;
-        if (!isPlainObject(raw)) {
-            fail(`${recipePath} must be an object`);
-        }
-        const { displayName, binary, loginArgs, statusArgs, authenticatedPattern, kind, env } = raw;
-        requireString(displayName, `${recipePath}.displayName`);
-        const loginArray = normalizeOptionalStringArray(loginArgs, `${recipePath}.loginArgs`);
-        const statusArray = normalizeOptionalStringArray(statusArgs, `${recipePath}.statusArgs`);
-        if (loginArray === undefined) {
-            fail(`${recipePath}.loginArgs is required`);
-        }
-        if (statusArray === undefined) {
-            fail(`${recipePath}.statusArgs is required`);
-        }
-        if (!(authenticatedPattern instanceof RegExp)) {
-            fail(`${recipePath}.authenticatedPattern must be a RegExp`);
-        }
-        const recipe = {
-            displayName,
-            loginArgs: loginArray,
-            statusArgs: statusArray,
-            authenticatedPattern,
-        };
-        const binaryString = normalizeOptionalString(binary, `${recipePath}.binary`);
-        if (binaryString !== undefined) {
-            recipe.binary = binaryString;
-        }
-        if (kind !== undefined) {
-            if (kind !== "agent" && kind !== "tool") {
-                fail(`${recipePath}.kind must be "agent" or "tool"`);
-            }
-            recipe.kind = kind;
-        }
-        if (env !== undefined) {
-            if (!isPlainObject(env)) {
-                fail(`${recipePath}.env must be an object`);
-            }
-            const normalizedEnv = {};
-            for (const [envKey, envValue] of Object.entries(env)) {
-                if (typeof envValue !== "string") {
-                    fail(`${recipePath}.env.${envKey} must be a string`);
-                }
-                normalizedEnv[envKey] = envValue;
-            }
-            recipe.env = normalizedEnv;
-        }
-        recipes[key] = recipe;
-    }
-    return recipes;
-}
 function applyDefaults(user) {
     // Guard the top-level shape before reading nested fields, so a
     // malformed runtime config produces a `groundcrew config: ...` error
     // instead of a raw `TypeError: Cannot read properties of undefined`.
     // oxlint-disable-next-line typescript/no-unsafe-type-assertion -- `user` is loosely typed input from the loader; we narrow with requireObject below
-    failOnLegacyLinearShape(user);
+    const rawUser = user;
+    failOnLegacyLinearShape(rawUser);
+    failOnRemovedSandboxSettings(rawUser);
     requireObject(user.workspace, "workspace");
     if (isPlainObject(user.models) && Object.hasOwn(user.models, "isolation")) {
         fail("models.isolation is no longer supported: set `local.runner` ('safehouse' | 'sdx' | 'none' | 'auto') instead");
@@ -420,7 +352,6 @@ function applyDefaults(user) {
     if (Object.hasOwn(user, "remote")) {
         fail("remote is no longer supported: groundcrew runs locally via safehouse/sdx/none; remove the remote block from your config");
     }
-    requireOptionalObject(user.sandbox, "sandbox");
     const userLocal = user.local;
     if (userLocal !== undefined && !isPlainObject(userLocal)) {
         fail("local must be an object");
@@ -445,10 +376,6 @@ function applyDefaults(user) {
         local: {
             runner: normalizeLocalRunner(userLocal?.runner, "local.runner") ?? "auto",
         },
-        sandbox: {
-            authRecipes: normalizeAuthRecipes(user.sandbox?.authRecipes, "sandbox.authRecipes"),
-            gitDefaults: normalizeOptionalBoolean(user.sandbox?.gitDefaults, "sandbox.gitDefaults") ?? true,
-        },
         logging: {
             file: expandHome(normalizeOptionalString(user.logging?.file, "logging.file") ?? defaultLogFile()),
         },

package/dist/lib/launchCommand.d.ts

@@ -36,9 +36,9 @@ interface LaunchCommandArguments {
     runner: LocalRunner;
     /**
      * sbx sandbox name when `runner === "sdx"`. Derived by the caller from
-     * `sandboxNameFor({ repository, model })`. Required for sdx; ignored
-     * otherwise. Kept off the model definition so a model can launch under
-     * safehouse on one host and sdx on another without config edits.
+     * `sandboxNameFor({ agent })`. Required for sdx; ignored otherwise.
+     * Kept off the model definition so a model can launch under safehouse
+     * on one host and sdx on another without config edits.
      */
     sandboxName?: string | undefined;
 }

package/dist/lib/sandboxName.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Derive the sbx sandbox name groundcrew expects for a given sbx agent.
+ * Groundcrew only addresses this existing sandbox at launch time; it does
+ * not probe, create, mutate, or remove it.
+ */
+export declare function sandboxNameFor(arguments_: {
+    agent: string;
+}): string;
+//# sourceMappingURL=sandboxName.d.ts.map

package/dist/lib/sandboxName.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandboxName.d.ts","sourceRoot":"","sources":["../../src/lib/sandboxName.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAMpE"}

package/dist/lib/sandboxName.js

@@ -0,0 +1,12 @@
+/**
+ * Derive the sbx sandbox name groundcrew expects for a given sbx agent.
+ * Groundcrew only addresses this existing sandbox at launch time; it does
+ * not probe, create, mutate, or remove it.
+ */
+export function sandboxNameFor(arguments_) {
+    const raw = `groundcrew-${arguments_.agent}`.toLowerCase();
+    return raw
+        .replaceAll(/[^a-z0-9.+-]+/g, "-")
+        .replaceAll(/-+/g, "-")
+        .replaceAll(/^-|-$/g, "");
+}

package/dist/lib/tmuxAdapter.d.ts

@@ -0,0 +1,9 @@
+/**
+ * tmux Workspace backend. Workspaces live as windows inside one dedicated
+ * `groundcrew` tmux session; the window name is the ticket id. tmux can't
+ * paint status pills, so `open` silently drops `spec.status`. This is the
+ * Linux/WSL path where cmux is unavailable.
+ */
+import { type Adapter } from "./workspaceAdapter.ts";
+export declare const tmuxAdapter: Adapter;
+//# sourceMappingURL=tmuxAdapter.d.ts.map

package/dist/lib/tmuxAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tmuxAdapter.d.ts","sourceRoot":"","sources":["../../src/lib/tmuxAdapter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,KAAK,OAAO,EAIb,MAAM,uBAAuB,CAAC;AAY/B,eAAO,MAAM,WAAW,EAAE,OAgEzB,CAAC"}