npm - @electric-agent/studio - Versions diffs - 1.13.1 → 1.14.0 - Mend

@electric-agent/studio 1.13.1 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/dist/active-sessions.d.ts +4 -13
package/dist/active-sessions.d.ts.map +1 -1
package/dist/active-sessions.js +5 -39
package/dist/active-sessions.js.map +1 -1
package/dist/bridge/claude-code-base.d.ts +0 -2
package/dist/bridge/claude-code-base.d.ts.map +1 -1
package/dist/bridge/claude-code-base.js +0 -2
package/dist/bridge/claude-code-base.js.map +1 -1
package/dist/bridge/claude-md-generator.d.ts +2 -12
package/dist/bridge/claude-md-generator.d.ts.map +1 -1
package/dist/bridge/claude-md-generator.js +94 -72
package/dist/bridge/claude-md-generator.js.map +1 -1
package/dist/bridge/role-skills.d.ts.map +1 -1
package/dist/bridge/role-skills.js +0 -8
package/dist/bridge/role-skills.js.map +1 -1
package/dist/client/assets/index-BfvQSMwH.css +1 -0
package/dist/client/assets/index-BtX82X61.js +234 -0
package/dist/client/index.html +2 -2
package/dist/room-router.d.ts.map +1 -1
package/dist/room-router.js +5 -20
package/dist/room-router.js.map +1 -1
package/dist/sandbox/docker.d.ts +0 -10
package/dist/sandbox/docker.d.ts.map +1 -1
package/dist/sandbox/docker.js +1 -115
package/dist/sandbox/docker.js.map +1 -1
package/dist/sandbox/sprites.d.ts +0 -1
package/dist/sandbox/sprites.d.ts.map +1 -1
package/dist/sandbox/sprites.js +0 -51
package/dist/sandbox/sprites.js.map +1 -1
package/dist/sandbox/types.d.ts +0 -5
package/dist/sandbox/types.d.ts.map +1 -1
package/dist/server.d.ts +0 -12
package/dist/server.d.ts.map +1 -1
package/dist/server.js +187 -1097
package/dist/server.js.map +1 -1
package/dist/session-auth.d.ts +0 -3
package/dist/session-auth.d.ts.map +1 -1
package/dist/session-auth.js +0 -10
package/dist/session-auth.js.map +1 -1
package/dist/sessions.d.ts +0 -2
package/dist/sessions.d.ts.map +1 -1
package/dist/sessions.js.map +1 -1
package/package.json +2 -2
package/dist/api-schemas.d.ts +0 -244
package/dist/api-schemas.d.ts.map +0 -1
package/dist/api-schemas.js +0 -103
package/dist/api-schemas.js.map +0 -1
package/dist/bridge/codex-docker.d.ts +0 -70
package/dist/bridge/codex-docker.d.ts.map +0 -1
package/dist/bridge/codex-docker.js +0 -234
package/dist/bridge/codex-docker.js.map +0 -1
package/dist/bridge/codex-json-parser.d.ts +0 -31
package/dist/bridge/codex-json-parser.d.ts.map +0 -1
package/dist/bridge/codex-json-parser.js +0 -267
package/dist/bridge/codex-json-parser.js.map +0 -1
package/dist/bridge/codex-md-generator.d.ts +0 -14
package/dist/bridge/codex-md-generator.d.ts.map +0 -1
package/dist/bridge/codex-md-generator.js +0 -55
package/dist/bridge/codex-md-generator.js.map +0 -1
package/dist/bridge/codex-sprites.d.ts +0 -64
package/dist/bridge/codex-sprites.d.ts.map +0 -1
package/dist/bridge/codex-sprites.js +0 -227
package/dist/bridge/codex-sprites.js.map +0 -1
package/dist/bridge/daytona.d.ts +0 -35
package/dist/bridge/daytona.d.ts.map +0 -1
package/dist/bridge/daytona.js +0 -141
package/dist/bridge/daytona.js.map +0 -1
package/dist/bridge/docker-stdio.d.ts +0 -30
package/dist/bridge/docker-stdio.d.ts.map +0 -1
package/dist/bridge/docker-stdio.js +0 -135
package/dist/bridge/docker-stdio.js.map +0 -1
package/dist/bridge/sprites.d.ts +0 -32
package/dist/bridge/sprites.d.ts.map +0 -1
package/dist/bridge/sprites.js +0 -133
package/dist/bridge/sprites.js.map +0 -1
package/dist/client/assets/index-BXdgNRgB.js +0 -235
package/dist/client/assets/index-IvCtVUfs.css +0 -1
package/dist/github-app.d.ts +0 -14
package/dist/github-app.d.ts.map +0 -1
package/dist/github-app.js +0 -62
package/dist/github-app.js.map +0 -1
package/dist/github-app.test.d.ts +0 -2
package/dist/github-app.test.d.ts.map +0 -1
package/dist/github-app.test.js +0 -62
package/dist/github-app.test.js.map +0 -1
package/dist/validate.d.ts +0 -10
package/dist/validate.d.ts.map +0 -1
package/dist/validate.js +0 -24
package/dist/validate.js.map +0 -1

package/dist/server.js CHANGED Viewed

@@ -7,9 +7,8 @@ import { ts } from "@electric-agent/protocol";
 import { serve } from "@hono/node-server";
 import { serveStatic } from "@hono/node-server/serve-static";
 import { Hono } from "hono";
+import { cors } from "hono/cors";
 import { ActiveSessions } from "./active-sessions.js";
-import { addAgentSchema, addSessionToRoomSchema, createAppRoomSchema, createRoomSchema, createSandboxSchema, createSessionSchema, iterateRoomSessionSchema, iterateSessionSchema, resumeSessionSchema, sendRoomMessageSchema, } from "./api-schemas.js";
-import { PRODUCTION_ALLOWED_TOOLS } from "./bridge/claude-code-base.js";
 import { ClaudeCodeDockerBridge } from "./bridge/claude-code-docker.js";
 import { ClaudeCodeSpritesBridge, } from "./bridge/claude-code-sprites.js";
 import { createAppSkillContent, generateClaudeMd, resolveRoleSkill, roomMessagingSkillContent, } from "./bridge/claude-md-generator.js";
@@ -17,14 +16,11 @@ import { HostedStreamBridge } from "./bridge/hosted.js";
 import { DEFAULT_ELECTRIC_URL, getClaimUrl, provisionElectricResources } from "./electric-api.js";
 import { createGate, rejectAllGates, resolveGate } from "./gate.js";
 import { ghListAccounts, ghListBranches, ghListRepos, isGhAuthenticated } from "./git.js";
-import { createOrgRepo, getInstallationToken } from "./github-app.js";
 import { generateInviteCode } from "./invite-code.js";
 import { resolveProjectDir } from "./project-utils.js";
-import { Registry } from "./registry.js";
 import { RoomRouter } from "./room-router.js";
-import { deriveGlobalHookSecret, deriveHookToken, deriveRoomToken, deriveSessionToken, validateGlobalHookSecret, validateHookToken, validateRoomToken, validateSessionToken, } from "./session-auth.js";
+import { deriveGlobalHookSecret, deriveHookToken, deriveSessionToken, validateGlobalHookSecret, validateHookToken, validateSessionToken, } from "./session-auth.js";
 import { getRoomStreamConnectionInfo, getStreamConnectionInfo, } from "./streams.js";
-import { isResponse, validateBody } from "./validate.js";
 /** Active session bridges — one per running session */
 const bridges = new Map();
 /** Active room routers — one per room with agent-to-agent messaging */
@@ -71,62 +67,9 @@ function resolveStudioUrl(port) {
     // Fallback — won't work from sprites VMs, but at least logs a useful URL
     return `http://localhost:${port}`;
 }
-// ---------------------------------------------------------------------------
-// Rate limiting — in-memory sliding window per IP
-// ---------------------------------------------------------------------------
-const MAX_SESSIONS_PER_IP_PER_HOUR = Number(process.env.MAX_SESSIONS_PER_IP_PER_HOUR) || 5;
-const MAX_TOTAL_SESSIONS = Number(process.env.MAX_TOTAL_SESSIONS || 50);
-const RATE_LIMIT_WINDOW_MS = 60 * 60 * 1000; // 1 hour
-const sessionCreationsByIp = new Map();
-// GitHub App config (prod mode — repo creation in electric-apps org)
-const GITHUB_APP_ID = process.env.GITHUB_APP_ID;
-const GITHUB_INSTALLATION_ID = process.env.GITHUB_INSTALLATION_ID;
-const GITHUB_PRIVATE_KEY = process.env.GITHUB_PRIVATE_KEY?.replace(/\\n/g, "\n");
-const GITHUB_ORG = "electric-apps";
-// Rate limiting for GitHub token endpoint
-const githubTokenRequestsBySession = new Map();
-const MAX_GITHUB_TOKENS_PER_SESSION_PER_HOUR = 10;
-function extractClientIp(c) {
-    return (c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ||
-        c.req.header("cf-connecting-ip") ||
-        "unknown");
-}
-function checkSessionRateLimit(ip) {
-    const now = Date.now();
-    const cutoff = now - RATE_LIMIT_WINDOW_MS;
-    let timestamps = sessionCreationsByIp.get(ip) ?? [];
-    // Prune stale entries
-    timestamps = timestamps.filter((t) => t > cutoff);
-    if (timestamps.length >= MAX_SESSIONS_PER_IP_PER_HOUR) {
-        sessionCreationsByIp.set(ip, timestamps);
-        return false;
-    }
-    timestamps.push(now);
-    sessionCreationsByIp.set(ip, timestamps);
-    return true;
-}
-function checkGlobalSessionCap(sessions) {
-    return sessions.size() >= MAX_TOTAL_SESSIONS;
-}
-function checkGithubTokenRateLimit(sessionId) {
-    const now = Date.now();
-    const requests = githubTokenRequestsBySession.get(sessionId) ?? [];
-    const recent = requests.filter((t) => now - t < RATE_LIMIT_WINDOW_MS);
-    if (recent.length >= MAX_GITHUB_TOKENS_PER_SESSION_PER_HOUR) {
-        return false;
-    }
-    recent.push(now);
-    githubTokenRequestsBySession.set(sessionId, recent);
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Per-session cost budget
-// ---------------------------------------------------------------------------
-const MAX_SESSION_COST_USD = Number(process.env.MAX_SESSION_COST_USD) || 5;
 /**
  * Accumulate cost and turn metrics from a session_end event into the session's totals.
  * Called each time a Claude Code run finishes (initial + iterate runs).
- * In production mode, enforces a per-session cost budget.
  */
 function accumulateSessionCost(config, sessionId, event) {
     if (event.type !== "session_end")
@@ -147,39 +90,12 @@ function accumulateSessionCost(config, sessionId, event) {
     }
     config.sessions.update(sessionId, updates);
     console.log(`[session:${sessionId}] Cost: $${updates.totalCostUsd?.toFixed(4) ?? "?"} (${updates.totalTurns ?? "?"} turns)`);
-    // Enforce budget in production mode
-    if (!config.devMode &&
-        updates.totalCostUsd != null &&
-        updates.totalCostUsd > MAX_SESSION_COST_USD) {
-        console.log(`[session:${sessionId}] Budget exceeded: $${updates.totalCostUsd.toFixed(2)} > $${MAX_SESSION_COST_USD}`);
-        const bridge = bridges.get(sessionId);
-        if (bridge) {
-            bridge
-                .emit({
-                type: "budget_exceeded",
-                budget_usd: MAX_SESSION_COST_USD,
-                spent_usd: updates.totalCostUsd,
-                ts: ts(),
-            })
-                .catch(() => { });
-        }
-        config.sessions.update(sessionId, { status: "error" });
-        closeBridge(sessionId);
-    }
 }
 /**
  * Create a Claude Code bridge for a session.
  * Spawns `claude` CLI with stream-json I/O inside the sandbox.
- * In production mode, enforces tool restrictions and hardcodes the model.
  */
 function createClaudeCodeBridge(config, sessionId, claudeConfig) {
-    // Production mode: restrict tools and hardcode model
-    if (!config.devMode) {
-        if (!claudeConfig.allowedTools) {
-            claudeConfig.allowedTools = PRODUCTION_ALLOWED_TOOLS;
-        }
-        claudeConfig.model = undefined; // force default (claude-sonnet-4-6)
-    }
     const conn = sessionStream(config, sessionId);
     let bridge;
     if (config.sandbox.runtime === "sprites") {
@@ -211,6 +127,31 @@ function closeBridge(sessionId) {
         bridges.delete(sessionId);
     }
 }
+/**
+ * Detect git operations from natural language prompts.
+ * Returns structured gitOp fields if matched, null otherwise.
+ */
+function detectGitOp(request) {
+    const lower = request.toLowerCase().trim();
+    // Commit: "commit", "commit the code", "commit changes", "commit with message ..."
+    if (/^(git\s+)?commit\b/.test(lower) || /^save\s+(my\s+)?(changes|progress|work)\b/.test(lower)) {
+        // Extract commit message after "commit" keyword, or after "message:" / "msg:"
+        const msgMatch = request.match(/(?:commit\s+(?:with\s+(?:message\s+)?)?|message:\s*|msg:\s*)["']?(.+?)["']?\s*$/i);
+        const message = msgMatch?.[1]?.replace(/^(the\s+)?(code|changes)\s*/i, "").trim();
+        return { gitOp: "commit", gitMessage: message || undefined };
+    }
+    // Push: "push", "push to github", "push to remote", "git push"
+    if (/^(git\s+)?push\b/.test(lower)) {
+        return { gitOp: "push" };
+    }
+    // Create PR: "create pr", "open pr", "make pr", "create pull request"
+    if (/^(create|open|make)\s+(a\s+)?(pr|pull\s*request)\b/.test(lower)) {
+        // Try to extract title after the PR keyword
+        const titleMatch = request.match(/(?:pr|pull\s*request)\s+(?:(?:titled?|called|named)\s+)?["']?(.+?)["']?\s*$/i);
+        return { gitOp: "create-pr", gitPrTitle: titleMatch?.[1] || undefined };
+    }
+    return null;
+}
 /**
  * Map a Claude Code hook event JSON payload to an EngineEvent.
  *
@@ -324,6 +265,8 @@ function mapHookToEngineEvent(body) {
 }
 export function createApp(config) {
     const app = new Hono();
+    // CORS for local development
+    app.use("*", cors({ origin: "*" }));
     // --- API Routes ---
     // Health check
     app.get("/api/health", (c) => {
@@ -341,13 +284,6 @@ export function createApp(config) {
         checks.sandbox = config.sandbox.runtime;
         return c.json({ healthy, checks }, healthy ? 200 : 503);
     });
-    // Public config — exposes non-sensitive flags to the client
-    app.get("/api/config", (c) => {
-        return c.json({
-            devMode: config.devMode,
-            maxSessionCostUsd: config.devMode ? undefined : MAX_SESSION_COST_USD,
-        });
-    });
     // Provision Electric Cloud resources via the Claim API
     app.post("/api/provision-electric", async (c) => {
         try {
@@ -545,7 +481,6 @@ export function createApp(config) {
         if (hookEvent.type === "ask_user_question") {
             const toolUseId = hookEvent.tool_use_id;
             console.log(`[hook-event] Blocking for ask_user_question gate: ${toolUseId}`);
-            config.sessions.update(sessionId, { needsInput: true });
             try {
                 const gateTimeout = 5 * 60 * 1000; // 5 minutes
                 const result = await Promise.race([
@@ -553,7 +488,6 @@ export function createApp(config) {
                     new Promise((_, reject) => setTimeout(() => reject(new Error("AskUserQuestion gate timed out")), gateTimeout)),
                 ]);
                 console.log(`[hook-event] ask_user_question gate resolved: ${toolUseId}`);
-                config.sessions.update(sessionId, { needsInput: false });
                 return c.json({
                     hookSpecificOutput: {
                         hookEventName: "PreToolUse",
@@ -567,7 +501,6 @@ export function createApp(config) {
             }
             catch (err) {
                 console.error(`[hook-event] ask_user_question gate error:`, err);
-                config.sessions.update(sessionId, { needsInput: false });
                 return c.json({ ok: true }); // Don't block Claude Code on timeout
             }
         }
@@ -689,7 +622,6 @@ export function createApp(config) {
         if (hookEvent.type === "ask_user_question") {
             const toolUseId = hookEvent.tool_use_id;
             console.log(`[hook] Blocking for ask_user_question gate: ${toolUseId}`);
-            config.sessions.update(sessionId, { needsInput: true });
             try {
                 const gateTimeout = 5 * 60 * 1000;
                 const result = await Promise.race([
@@ -697,7 +629,6 @@ export function createApp(config) {
                     new Promise((_, reject) => setTimeout(() => reject(new Error("AskUserQuestion gate timed out")), gateTimeout)),
                 ]);
                 console.log(`[hook] ask_user_question gate resolved: ${toolUseId}`);
-                config.sessions.update(sessionId, { needsInput: false });
                 return c.json({
                     sessionId,
                     hookSpecificOutput: {
@@ -712,7 +643,6 @@ export function createApp(config) {
             }
             catch (err) {
                 console.error(`[hook] ask_user_question gate error:`, err);
-                config.sessions.update(sessionId, { needsInput: false });
                 return c.json({ ok: true, sessionId });
             }
         }
@@ -808,40 +738,17 @@ echo "Start claude in this project — the session will appear in the studio UI.
     });
     // Start new project
     app.post("/api/sessions", async (c) => {
-        const body = await validateBody(c, createSessionSchema);
-        if (isResponse(body))
-            return body;
-        // In prod mode, use server-side API key; ignore user-provided credentials
-        const apiKey = config.devMode
-            ? body.apiKey || process.env.ANTHROPIC_API_KEY
-            : process.env.ANTHROPIC_API_KEY;
-        const oauthToken = config.devMode
-            ? body.oauthToken || process.env.CLAUDE_OAUTH_TOKEN
-            : undefined;
-        const ghToken = config.devMode ? body.ghToken : undefined;
-        // Block freeform sessions in production mode
-        if (body.freeform && !config.devMode) {
-            return c.json({ error: "Freeform sessions are not available" }, 403);
-        }
-        // Rate-limit session creation in production mode
-        if (!config.devMode) {
-            const ip = extractClientIp(c);
-            if (!checkSessionRateLimit(ip)) {
-                return c.json({ error: "Too many sessions. Please try again later." }, 429);
-            }
-            if (checkGlobalSessionCap(config.sessions)) {
-                return c.json({ error: "Service at capacity, please try again later" }, 503);
-            }
+        const body = (await c.req.json());
+        if (!body.description) {
+            return c.json({ error: "description is required" }, 400);
         }
         const sessionId = crypto.randomUUID();
-        const inferredName = config.devMode
-            ? body.name ||
-                body.description
-                    .slice(0, 40)
-                    .replace(/[^a-z0-9]+/gi, "-")
-                    .replace(/^-|-$/g, "")
-                    .toLowerCase()
-            : `electric-${sessionId.slice(0, 8)}`;
+        const inferredName = body.name ||
+            body.description
+                .slice(0, 40)
+                .replace(/[^a-z0-9]+/gi, "-")
+                .replace(/^-|-$/g, "")
+                .toLowerCase();
         const baseDir = body.baseDir || process.cwd();
         const { projectName } = resolveProjectDir(baseDir, inferredName);
         console.log(`[session] Creating new session: id=${sessionId} project=${projectName}`);
@@ -878,10 +785,11 @@ echo "Start claude in this project — the session will appear in the studio UI.
         // Freeform sessions skip the infra config gate — no Electric/DB setup needed
         let ghAccounts = [];
         if (!body.freeform) {
-            // Gather GitHub accounts for the merged setup gate (dev mode only)
-            if (config.devMode && ghToken && isGhAuthenticated(ghToken)) {
+            // Gather GitHub accounts for the merged setup gate
+            // Only check if the client provided a token — never fall back to server-side GH_TOKEN
+            if (body.ghToken && isGhAuthenticated(body.ghToken)) {
                 try {
-                    ghAccounts = ghListAccounts(ghToken);
+                    ghAccounts = ghListAccounts(body.ghToken);
                 }
                 catch {
                     // gh not available — no repo setup
@@ -964,15 +872,9 @@ echo "Start claude in this project — the session will appear in the studio UI.
             const handle = await config.sandbox.create(sessionId, {
                 projectName,
                 infra,
-                apiKey,
-                oauthToken,
-                ghToken,
-                ...((!config.devMode || GITHUB_APP_ID) && {
-                    prodMode: {
-                        sessionToken: deriveSessionToken(config.streamConfig.secret, sessionId),
-                        studioUrl: resolveStudioUrl(config.port),
-                    },
-                }),
+                apiKey: body.apiKey,
+                oauthToken: body.oauthToken,
+                ghToken: body.ghToken,
             });
             console.log(`[session:${sessionId}] Sandbox created: projectDir=${handle.projectDir} port=${handle.port} previewUrl=${handle.previewUrl ?? "none"}`);
             await bridge.emit({
@@ -1038,54 +940,6 @@ echo "Start claude in this project — the session will appear in the studio UI.
                             ts: ts(),
                         });
                     }
-                    // Create GitHub repo via GitHub App when credentials are available
-                    let prodGitConfig;
-                    if (GITHUB_APP_ID && GITHUB_INSTALLATION_ID && GITHUB_PRIVATE_KEY) {
-                        try {
-                            // Repo name matches the project name (already has random slug)
-                            const repoSlug = projectName;
-                            await bridge.emit({
-                                type: "log",
-                                level: "build",
-                                message: "Creating GitHub repository...",
-                                ts: ts(),
-                            });
-                            const { token } = await getInstallationToken(GITHUB_APP_ID, GITHUB_INSTALLATION_ID, GITHUB_PRIVATE_KEY);
-                            const repo = await createOrgRepo(GITHUB_ORG, repoSlug, token);
-                            if (repo) {
-                                const actualRepoName = `${GITHUB_ORG}/${repo.htmlUrl.split("/").pop()}`;
-                                // Initialize git and set remote in the sandbox
-                                await config.sandbox.exec(handle, `cd '${handle.projectDir}' && git init -b main && git remote add origin '${repo.cloneUrl}'`);
-                                prodGitConfig = {
-                                    mode: "pre-created",
-                                    repoName: actualRepoName,
-                                    repoUrl: repo.htmlUrl,
-                                };
-                                config.sessions.update(sessionId, {
-                                    git: {
-                                        branch: "main",
-                                        remoteUrl: repo.htmlUrl,
-                                        repoName: actualRepoName,
-                                        lastCommitHash: null,
-                                        lastCommitMessage: null,
-                                        lastCheckpointAt: null,
-                                    },
-                                });
-                                await bridge.emit({
-                                    type: "log",
-                                    level: "done",
-                                    message: `GitHub repo created: ${repo.htmlUrl}`,
-                                    ts: ts(),
-                                });
-                            }
-                            else {
-                                console.warn(`[session:${sessionId}] Failed to create GitHub repo`);
-                            }
-                        }
-                        catch (err) {
-                            console.error(`[session:${sessionId}] GitHub repo creation error:`, err);
-                        }
-                    }
                     // Write CLAUDE.md to the sandbox workspace.
                     // Our generator includes hardcoded playbook paths and reading order
                     // so we don't depend on @tanstack/intent generating a skill block.
@@ -1094,18 +948,15 @@ echo "Start claude in this project — the session will appear in the studio UI.
                         projectName,
                         projectDir: handle.projectDir,
                         runtime: config.sandbox.runtime,
-                        production: !config.devMode,
-                        ...(prodGitConfig
-                            ? { git: prodGitConfig }
-                            : repoConfig
-                                ? {
-                                    git: {
-                                        mode: "create",
-                                        repoName: `${repoConfig.account}/${repoConfig.repoName}`,
-                                        visibility: repoConfig.visibility,
-                                    },
-                                }
-                                : {}),
+                        ...(repoConfig
+                            ? {
+                                git: {
+                                    mode: "create",
+                                    repoName: `${repoConfig.account}/${repoConfig.repoName}`,
+                                    visibility: repoConfig.visibility,
+                                },
+                            }
+                            : {}),
                     });
                     try {
                         await config.sandbox.exec(handle, `cat > '${handle.projectDir}/CLAUDE.md' << 'CLAUDEMD_EOF'\n${claudeMd}\nCLAUDEMD_EOF`);
@@ -1267,54 +1118,79 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const session = config.sessions.get(sessionId);
         if (!session)
             return c.json({ error: "Session not found" }, 404);
-        const body = await validateBody(c, iterateSessionSchema);
-        if (isResponse(body))
-            return body;
-        const handle = config.sandbox.get(sessionId);
-        if (!handle || !config.sandbox.isAlive(handle)) {
-            return c.json({ error: "Container is not running" }, 400);
-        }
-        // Ensure we have a CC bridge (not just a stream writer).
-        // After server restart, bridges are lost — getOrCreateBridge would create
-        // a HostedStreamBridge that can only write to the stream but can't spawn
-        // Claude Code processes. We need a ClaudeCodeDockerBridge to restart the agent.
-        let bridge = bridges.get(sessionId);
-        if (!bridge) {
-            const hookToken = deriveHookToken(config.streamConfig.secret, sessionId);
-            const claudeConfig = config.sandbox.runtime === "sprites"
-                ? {
-                    prompt: body.request,
-                    cwd: session.sandboxProjectDir || handle.projectDir,
-                    studioUrl: resolveStudioUrl(config.port),
-                    hookToken,
+        const body = (await c.req.json());
+        if (!body.request) {
+            return c.json({ error: "request is required" }, 400);
+        }
+        // Intercept operational commands (start/stop/restart the app/server)
+        const normalised = body.request
+            .toLowerCase()
+            .replace(/[^a-z ]/g, "")
+            .trim();
+        const appOrServer = /\b(app|server|dev server|dev|vite)\b/;
+        const isStartCmd = /^(start|run|launch|boot)\b/.test(normalised) && appOrServer.test(normalised);
+        const isStopCmd = /^(stop|kill|shutdown|shut down)\b/.test(normalised) && appOrServer.test(normalised);
+        const isRestartCmd = /^restart\b/.test(normalised) && appOrServer.test(normalised);
+        if (isStartCmd || isStopCmd || isRestartCmd) {
+            const bridge = getOrCreateBridge(config, sessionId);
+            await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
+            try {
+                const handle = config.sandbox.get(sessionId);
+                if (isStopCmd) {
+                    if (handle && config.sandbox.isAlive(handle))
+                        await config.sandbox.stopApp(handle);
+                    await bridge.emit({ type: "log", level: "done", message: "App stopped", ts: ts() });
                 }
-                : {
-                    prompt: body.request,
-                    cwd: session.sandboxProjectDir || handle.projectDir,
-                    studioPort: config.port,
-                    hookToken,
-                };
-            bridge = createClaudeCodeBridge(config, sessionId, claudeConfig);
-            // Re-register basic event tracking callbacks
-            bridge.onAgentEvent((event) => {
-                if (event.type === "session_start") {
-                    const ccSessionId = event.session_id;
-                    if (ccSessionId) {
-                        config.sessions.update(sessionId, { lastCoderSessionId: ccSessionId });
+                else {
+                    if (!handle || !config.sandbox.isAlive(handle)) {
+                        return c.json({ error: "Container is not running" }, 400);
                     }
+                    if (isRestartCmd)
+                        await config.sandbox.stopApp(handle);
+                    await config.sandbox.startApp(handle);
+                    await bridge.emit({
+                        type: "log",
+                        level: "done",
+                        message: "App started",
+                        ts: ts(),
+                    });
+                    await bridge.emit({
+                        type: "app_status",
+                        status: "running",
+                        port: session.appPort,
+                        previewUrl: session.previewUrl,
+                        ts: ts(),
+                    });
                 }
-                if (event.type === "session_end") {
-                    accumulateSessionCost(config, sessionId, event);
-                }
-            });
-            bridge.onComplete(async (success) => {
-                config.sessions.update(sessionId, {
-                    status: success ? "complete" : "error",
-                });
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : "Operation failed";
+                await bridge.emit({ type: "log", level: "error", message: msg, ts: ts() });
+            }
+            return c.json({ ok: true });
+        }
+        // Intercept git commands (commit, push, create PR)
+        const gitOp = detectGitOp(body.request);
+        if (gitOp) {
+            const bridge = getOrCreateBridge(config, sessionId);
+            await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
+            const handle = config.sandbox.get(sessionId);
+            if (!handle || !config.sandbox.isAlive(handle)) {
+                return c.json({ error: "Container is not running" }, 400);
+            }
+            // Send git requests as user messages via Claude Code bridge
+            await bridge.sendCommand({
+                command: "iterate",
+                request: body.request,
             });
-            console.log(`[iterate] Recreated CC bridge for session ${sessionId} after restart`);
+            return c.json({ ok: true });
+        }
+        const handle = config.sandbox.get(sessionId);
+        if (!handle || !config.sandbox.isAlive(handle)) {
+            return c.json({ error: "Container is not running" }, 400);
         }
         // Write user prompt to the stream
+        const bridge = getOrCreateBridge(config, sessionId);
         await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
         config.sessions.update(sessionId, { status: "running" });
         await bridge.sendCommand({
@@ -1325,28 +1201,6 @@ echo "Start claude in this project — the session will appear in the studio UI.
         });
         return c.json({ ok: true });
     });
-    // Generate a GitHub installation token for the sandbox (prod mode only)
-    app.post("/api/sessions/:id/github-token", async (c) => {
-        const sessionId = c.req.param("id");
-        if (config.devMode) {
-            return c.json({ error: "Not available in dev mode" }, 403);
-        }
-        if (!GITHUB_APP_ID || !GITHUB_INSTALLATION_ID || !GITHUB_PRIVATE_KEY) {
-            return c.json({ error: "GitHub App not configured" }, 500);
-        }
-        if (!checkGithubTokenRateLimit(sessionId)) {
-            return c.json({ error: "Too many token requests" }, 429);
-        }
-        try {
-            const result = await getInstallationToken(GITHUB_APP_ID, GITHUB_INSTALLATION_ID, GITHUB_PRIVATE_KEY);
-            return c.json(result);
-        }
-        catch (err) {
-            const message = err instanceof Error ? err.message : "Unknown error";
-            console.error(`GitHub token error for session ${sessionId}:`, message);
-            return c.json({ error: "Failed to generate GitHub token" }, 500);
-        }
-    });
     // Respond to a gate (approval, clarification, continue, revision)
     app.post("/api/sessions/:id/respond", async (c) => {
         const sessionId = c.req.param("id");
@@ -1637,9 +1491,7 @@ echo "Start claude in this project — the session will appear in the studio UI.
     });
     // Create a standalone sandbox (not tied to session creation flow)
     app.post("/api/sandboxes", async (c) => {
-        const body = await validateBody(c, createSandboxSchema);
-        if (isResponse(body))
-            return body;
+        const body = (await c.req.json());
         const sessionId = body.sessionId ?? crypto.randomUUID();
         try {
             const handle = await config.sandbox.create(sessionId, {
@@ -1677,715 +1529,30 @@ echo "Start claude in this project — the session will appear in the studio UI.
         return c.req.header("X-Room-Token") ?? c.req.query("token") ?? undefined;
     }
     // Protect room-scoped routes via X-Room-Token header
-    // "create-app" is a creation endpoint — no room token exists yet
-    const roomAuthExemptIds = new Set(["create-app"]);
     app.use("/api/rooms/:id/*", async (c, next) => {
         const id = c.req.param("id");
-        if (roomAuthExemptIds.has(id))
-            return next();
         const token = extractRoomToken(c);
-        if (!token || !validateRoomToken(config.streamConfig.secret, id, token)) {
+        if (!token || !validateSessionToken(config.streamConfig.secret, id, token)) {
             return c.json({ error: "Invalid or missing room token" }, 401);
         }
         return next();
     });
     app.use("/api/rooms/:id", async (c, next) => {
-        const id = c.req.param("id");
-        if (roomAuthExemptIds.has(id))
-            return next();
         if (c.req.method !== "GET" && c.req.method !== "DELETE")
             return next();
+        const id = c.req.param("id");
         const token = extractRoomToken(c);
-        if (!token || !validateRoomToken(config.streamConfig.secret, id, token)) {
+        if (!token || !validateSessionToken(config.streamConfig.secret, id, token)) {
             return c.json({ error: "Invalid or missing room token" }, 401);
         }
         return next();
     });
-    // Create a room with 3 agents for multi-agent app creation
-    app.post("/api/rooms/create-app", async (c) => {
-        const body = await validateBody(c, createAppRoomSchema);
-        if (isResponse(body))
-            return body;
-        // In prod mode, use server-side API key; ignore user-provided credentials
-        const apiKey = config.devMode
-            ? body.apiKey || process.env.ANTHROPIC_API_KEY
-            : process.env.ANTHROPIC_API_KEY;
-        const oauthToken = config.devMode
-            ? body.oauthToken || process.env.CLAUDE_OAUTH_TOKEN
-            : undefined;
-        const ghToken = config.devMode ? body.ghToken : undefined;
-        // Rate-limit session creation in production mode
-        if (!config.devMode) {
-            const ip = extractClientIp(c);
-            if (!checkSessionRateLimit(ip)) {
-                return c.json({ error: "Too many sessions. Please try again later." }, 429);
-            }
-            if (checkGlobalSessionCap(config.sessions)) {
-                return c.json({ error: "Service at capacity, please try again later" }, 503);
-            }
-        }
-        const roomId = crypto.randomUUID();
-        const roomName = body.name || `app-${roomId.slice(0, 8)}`;
-        // Create the room's durable stream
-        const roomConn = roomStream(config, roomId);
-        try {
-            await DurableStream.create({
-                url: roomConn.url,
-                headers: roomConn.headers,
-                contentType: "application/json",
-            });
-        }
-        catch (err) {
-            console.error(`[room:create-app] Failed to create room stream:`, err);
-            return c.json({ error: "Failed to create room stream" }, 500);
-        }
-        // Create and start the router
-        const router = new RoomRouter(roomId, roomName, config.streamConfig);
-        await router.start();
-        roomRouters.set(roomId, router);
-        // Save to room registry
-        const code = generateInviteCode();
-        await config.rooms.addRoom({
-            id: roomId,
-            code,
-            name: roomName,
-            createdAt: new Date().toISOString(),
-            revoked: false,
-        });
-        // Define the 3 agents with randomized display names
-        const agentSuffixes = [
-            "fox",
-            "owl",
-            "lynx",
-            "wolf",
-            "bear",
-            "hawk",
-            "pine",
-            "oak",
-            "elm",
-            "ivy",
-            "ray",
-            "arc",
-            "reef",
-            "dusk",
-            "ash",
-            "sage",
-        ];
-        const pick = () => agentSuffixes[Math.floor(Math.random() * agentSuffixes.length)];
-        const usedSuffixes = new Set();
-        const uniquePick = () => {
-            let s = pick();
-            while (usedSuffixes.has(s))
-                s = pick();
-            usedSuffixes.add(s);
-            return s;
-        };
-        const agentDefs = [
-            { name: `coder-${uniquePick()}`, role: "coder" },
-            { name: `reviewer-${uniquePick()}`, role: "reviewer" },
-            { name: `designer-${uniquePick()}`, role: "ui-designer" },
-        ];
-        // Create session IDs and streams upfront for all 3 agents
-        const sessions = [];
-        for (const agentDef of agentDefs) {
-            const sessionId = crypto.randomUUID();
-            const conn = sessionStream(config, sessionId);
-            try {
-                await DurableStream.create({
-                    url: conn.url,
-                    headers: conn.headers,
-                    contentType: "application/json",
-                });
-            }
-            catch (err) {
-                console.error(`[room:create-app] Failed to create stream for ${agentDef.name}:`, err);
-                return c.json({ error: `Failed to create stream for ${agentDef.name}` }, 500);
-            }
-            const sessionToken = deriveSessionToken(config.streamConfig.secret, sessionId);
-            sessions.push({ name: agentDef.name, role: agentDef.role, sessionId, sessionToken });
-        }
-        const roomToken = deriveRoomToken(config.streamConfig.secret, roomId);
-        console.log(`[room:create-app] Created room ${roomId} with agents: ${sessions.map((s) => s.name).join(", ")}`);
-        // Return immediately so the client can show the room + sessions
-        // The async flow handles sandbox creation, skill injection, and agent startup
-        // Sessions are created in agentDefs order: [coder, reviewer, ui-designer]
-        const coderSession = sessions[0];
-        const reviewerSession = sessions[1];
-        const uiDesignerSession = sessions[2];
-        const coderBridge = getOrCreateBridge(config, coderSession.sessionId);
-        // Record all sessions
-        for (const s of sessions) {
-            const projectName = s.role === "coder" && config.devMode
-                ? body.name ||
-                    body.description
-                        .slice(0, 40)
-                        .replace(/[^a-z0-9]+/gi, "-")
-                        .replace(/^-|-$/g, "")
-                        .toLowerCase()
-                : `room-${s.name}-${s.sessionId.slice(0, 8)}`;
-            const sandboxProjectDir = `/home/agent/workspace/${projectName}`;
-            const session = {
-                id: s.sessionId,
-                projectName,
-                sandboxProjectDir,
-                description: s.role === "coder" ? body.description : `Room agent: ${s.name} (${s.role})`,
-                createdAt: new Date().toISOString(),
-                lastActiveAt: new Date().toISOString(),
-                status: "running",
-            };
-            config.sessions.add(session);
-        }
-        // Write user prompt to coder's stream
-        await coderBridge.emit({ type: "user_prompt", message: body.description, ts: ts() });
-        // Gather GitHub accounts for the infra config gate (dev mode only)
-        let ghAccounts = [];
-        if (config.devMode && ghToken && isGhAuthenticated(ghToken)) {
-            try {
-                ghAccounts = ghListAccounts(ghToken);
-            }
-            catch {
-                // gh not available
-            }
-        }
-        // Emit infra config gate on coder's stream
-        const coderProjectName = config.sessions.get(coderSession.sessionId)?.projectName ?? coderSession.name;
-        await coderBridge.emit({
-            type: "infra_config_prompt",
-            projectName: coderProjectName,
-            ghAccounts,
-            runtime: config.sandbox.runtime,
-            ts: ts(),
-        });
-        // Async flow: wait for gate, create sandboxes, start agents
-        const asyncFlow = async () => {
-            // 1. Wait for infra config gate on coder's session
-            await router.sendMessage("system", `Waiting for setup — open ${coderSession.name}'s session to confirm infrastructure.`);
-            console.log(`[room:create-app:${roomId}] Waiting for infra_config gate...`);
-            let infra;
-            let repoConfig = null;
-            let claimId;
-            try {
-                const gateValue = await createGate(coderSession.sessionId, "infra_config");
-                console.log(`[room:create-app:${roomId}] Infra gate resolved: mode=${gateValue.mode}`);
-                if (gateValue.mode === "cloud" || gateValue.mode === "claim") {
-                    infra = {
-                        mode: "cloud",
-                        databaseUrl: gateValue.databaseUrl,
-                        electricUrl: gateValue.electricUrl,
-                        sourceId: gateValue.sourceId,
-                        secret: gateValue.secret,
-                    };
-                    if (gateValue.mode === "claim") {
-                        claimId = gateValue.claimId;
-                    }
-                }
-                else {
-                    infra = { mode: "local" };
-                }
-                // Extract repo config if provided
-                if (gateValue.repoAccount && gateValue.repoName?.trim()) {
-                    repoConfig = {
-                        account: gateValue.repoAccount,
-                        repoName: gateValue.repoName,
-                        visibility: gateValue.repoVisibility ?? "private",
-                    };
-                    config.sessions.update(coderSession.sessionId, {
-                        git: {
-                            branch: "main",
-                            remoteUrl: null,
-                            repoName: `${repoConfig.account}/${repoConfig.repoName}`,
-                            repoVisibility: repoConfig.visibility,
-                            lastCommitHash: null,
-                            lastCommitMessage: null,
-                            lastCheckpointAt: null,
-                        },
-                    });
-                }
-            }
-            catch (err) {
-                console.log(`[room:create-app:${roomId}] Infra gate error (defaulting to local):`, err);
-                infra = { mode: "local" };
-            }
-            // 2. Create sandboxes in parallel
-            // Coder gets full scaffold, reviewer/ui-designer get minimal
-            await router.sendMessage("system", "Creating sandboxes");
-            await coderBridge.emit({
-                type: "log",
-                level: "build",
-                message: "Creating sandboxes for all agents...",
-                ts: ts(),
-            });
-            const sandboxOpts = (sid) => ({
-                ...((!config.devMode || GITHUB_APP_ID) && {
-                    prodMode: {
-                        sessionToken: deriveSessionToken(config.streamConfig.secret, sid),
-                        studioUrl: resolveStudioUrl(config.port),
-                    },
-                }),
-            });
-            const coderInfo = config.sessions.get(coderSession.sessionId);
-            if (!coderInfo)
-                throw new Error("Coder session not found in registry");
-            const reviewerInfo = config.sessions.get(reviewerSession.sessionId);
-            if (!reviewerInfo)
-                throw new Error("Reviewer session not found in registry");
-            const uiDesignerInfo = config.sessions.get(uiDesignerSession.sessionId);
-            if (!uiDesignerInfo)
-                throw new Error("UI designer session not found in registry");
-            const [coderHandle, reviewerHandle, uiDesignerHandle] = await Promise.all([
-                config.sandbox.create(coderSession.sessionId, {
-                    projectName: coderInfo.projectName,
-                    infra,
-                    apiKey,
-                    oauthToken,
-                    ghToken,
-                    ...sandboxOpts(coderSession.sessionId),
-                }),
-                config.sandbox.create(reviewerSession.sessionId, {
-                    projectName: reviewerInfo.projectName,
-                    infra: { mode: "none" },
-                    apiKey,
-                    oauthToken,
-                    ghToken,
-                    ...sandboxOpts(reviewerSession.sessionId),
-                }),
-                config.sandbox.create(uiDesignerSession.sessionId, {
-                    projectName: uiDesignerInfo.projectName,
-                    infra: { mode: "none" },
-                    apiKey,
-                    oauthToken,
-                    ghToken,
-                    ...sandboxOpts(uiDesignerSession.sessionId),
-                }),
-            ]);
-            const handles = [
-                { session: coderSession, handle: coderHandle },
-                { session: reviewerSession, handle: reviewerHandle },
-                { session: uiDesignerSession, handle: uiDesignerHandle },
-            ];
-            // Update session info with sandbox details
-            for (const { session: s, handle } of handles) {
-                config.sessions.update(s.sessionId, {
-                    appPort: handle.port,
-                    sandboxProjectDir: handle.projectDir,
-                    previewUrl: handle.previewUrl,
-                    ...(s.role === "coder" && claimId ? { claimId } : {}),
-                });
-            }
-            await coderBridge.emit({
-                type: "log",
-                level: "done",
-                message: "All sandboxes ready",
-                ts: ts(),
-            });
-            // 3. Set up coder sandbox (full scaffold + CLAUDE.md + skills + GitHub repo)
-            {
-                const handle = coderHandle;
-                // Copy scaffold
-                await coderBridge.emit({
-                    type: "log",
-                    level: "build",
-                    message: "Setting up project...",
-                    ts: ts(),
-                });
-                try {
-                    if (config.sandbox.runtime === "docker") {
-                        await config.sandbox.exec(handle, `cp -r /opt/scaffold-base '${handle.projectDir}'`);
-                        await config.sandbox.exec(handle, `cd '${handle.projectDir}' && sed -i 's/"name": "scaffold-base"/"name": "${coderInfo.projectName.replace(/[^a-z0-9_-]/gi, "-")}"/' package.json`);
-                    }
-                    else {
-                        await config.sandbox.exec(handle, `source /etc/profile.d/npm-global.sh 2>/dev/null; electric-agent scaffold '${handle.projectDir}' --name '${coderInfo.projectName}' --skip-git`);
-                    }
-                    await coderBridge.emit({
-                        type: "log",
-                        level: "done",
-                        message: "Project ready",
-                        ts: ts(),
-                    });
-                }
-                catch (err) {
-                    console.error(`[room:create-app:${roomId}] Project setup failed:`, err);
-                    await coderBridge.emit({
-                        type: "log",
-                        level: "error",
-                        message: `Project setup failed: ${err instanceof Error ? err.message : "unknown"}`,
-                        ts: ts(),
-                    });
-                }
-                // GitHub repo creation (uses GitHub App when credentials are available)
-                let repoUrl = null;
-                let prodGitConfig;
-                if (GITHUB_APP_ID && GITHUB_INSTALLATION_ID && GITHUB_PRIVATE_KEY) {
-                    try {
-                        const repoSlug = coderInfo.projectName;
-                        await coderBridge.emit({
-                            type: "log",
-                            level: "build",
-                            message: "Creating GitHub repository...",
-                            ts: ts(),
-                        });
-                        const { token } = await getInstallationToken(GITHUB_APP_ID, GITHUB_INSTALLATION_ID, GITHUB_PRIVATE_KEY);
-                        const repo = await createOrgRepo(GITHUB_ORG, repoSlug, token);
-                        if (repo) {
-                            const actualRepoName = `${GITHUB_ORG}/${repo.htmlUrl.split("/").pop()}`;
-                            await config.sandbox.exec(handle, `cd '${handle.projectDir}' && git init -b main && git remote add origin '${repo.cloneUrl}'`);
-                            prodGitConfig = {
-                                mode: "pre-created",
-                                repoName: actualRepoName,
-                                repoUrl: repo.htmlUrl,
-                            };
-                            repoUrl = repo.htmlUrl;
-                            config.sessions.update(coderSession.sessionId, {
-                                git: {
-                                    branch: "main",
-                                    remoteUrl: repo.htmlUrl,
-                                    repoName: actualRepoName,
-                                    lastCommitHash: null,
-                                    lastCommitMessage: null,
-                                    lastCheckpointAt: null,
-                                },
-                            });
-                            await coderBridge.emit({
-                                type: "log",
-                                level: "done",
-                                message: `GitHub repo created: ${repo.htmlUrl}`,
-                                ts: ts(),
-                            });
-                        }
-                    }
-                    catch (err) {
-                        console.error(`[room:create-app:${roomId}] GitHub repo creation error:`, err);
-                    }
-                }
-                else if (repoConfig) {
-                    repoUrl = `https://github.com/${repoConfig.account}/${repoConfig.repoName}`;
-                }
-                // Write CLAUDE.md to coder sandbox
-                const claudeMd = generateClaudeMd({
-                    description: body.description,
-                    projectName: coderInfo.projectName,
-                    projectDir: handle.projectDir,
-                    runtime: config.sandbox.runtime,
-                    production: !config.devMode,
-                    ...(prodGitConfig
-                        ? { git: prodGitConfig }
-                        : repoConfig
-                            ? {
-                                git: {
-                                    mode: "create",
-                                    repoName: `${repoConfig.account}/${repoConfig.repoName}`,
-                                    visibility: repoConfig.visibility,
-                                },
-                            }
-                            : {}),
-                });
-                try {
-                    await config.sandbox.exec(handle, `cat > '${handle.projectDir}/CLAUDE.md' << 'CLAUDEMD_EOF'\n${claudeMd}\nCLAUDEMD_EOF`);
-                }
-                catch (err) {
-                    console.error(`[room:create-app:${roomId}] Failed to write CLAUDE.md:`, err);
-                }
-                // Write create-app skill to coder sandbox
-                if (createAppSkillContent) {
-                    try {
-                        const skillDir = `${handle.projectDir}/.claude/skills/create-app`;
-                        const skillB64 = Buffer.from(createAppSkillContent).toString("base64");
-                        await config.sandbox.exec(handle, `mkdir -p '${skillDir}' && echo '${skillB64}' | base64 -d > '${skillDir}/SKILL.md'`);
-                    }
-                    catch (err) {
-                        console.error(`[room:create-app:${roomId}] Failed to write create-app skill:`, err);
-                    }
-                }
-                // Write room-messaging skill to coder sandbox
-                if (roomMessagingSkillContent) {
-                    try {
-                        const skillDir = `${handle.projectDir}/.claude/skills/room-messaging`;
-                        const skillB64 = Buffer.from(roomMessagingSkillContent).toString("base64");
-                        await config.sandbox.exec(handle, `mkdir -p '${skillDir}' && echo '${skillB64}' | base64 -d > '${skillDir}/SKILL.md'`);
-                    }
-                    catch (err) {
-                        console.error(`[room:create-app:${roomId}] Failed to write room-messaging skill to coder:`, err);
-                    }
-                }
-                // 4. Create Claude Code bridge for coder
-                const coderPrompt = `/create-app ${body.description}`;
-                const coderHookToken = deriveHookToken(config.streamConfig.secret, coderSession.sessionId);
-                const coderClaudeConfig = config.sandbox.runtime === "sprites"
-                    ? {
-                        prompt: coderPrompt,
-                        cwd: handle.projectDir,
-                        studioUrl: resolveStudioUrl(config.port),
-                        hookToken: coderHookToken,
-                        agentName: coderSession.name,
-                    }
-                    : {
-                        prompt: coderPrompt,
-                        cwd: handle.projectDir,
-                        studioPort: config.port,
-                        hookToken: coderHookToken,
-                        agentName: coderSession.name,
-                    };
-                const coderCcBridge = createClaudeCodeBridge(config, coderSession.sessionId, coderClaudeConfig);
-                // Track coder events
-                coderCcBridge.onAgentEvent((event) => {
-                    if (event.type === "session_start") {
-                        const ccSessionId = event.session_id;
-                        if (ccSessionId) {
-                            config.sessions.update(coderSession.sessionId, {
-                                lastCoderSessionId: ccSessionId,
-                            });
-                        }
-                    }
-                    if (event.type === "session_end") {
-                        accumulateSessionCost(config, coderSession.sessionId, event);
-                    }
-                    // Route assistant_message output to the room router
-                    if (event.type === "assistant_message" && "text" in event) {
-                        router
-                            .handleAgentOutput(coderSession.sessionId, event.text)
-                            .catch((err) => {
-                            console.error(`[room:create-app:${roomId}] handleAgentOutput error (coder):`, err);
-                        });
-                    }
-                    // Notify room when coder is waiting for user input
-                    if (event.type === "ask_user_question") {
-                        config.sessions.update(coderSession.sessionId, { needsInput: true });
-                        router
-                            .sendMessage("system", `${coderSession.name} needs input — open their session to respond.`)
-                            .catch((err) => {
-                            console.error(`[room:create-app:${roomId}] Failed to send gate notification:`, err);
-                        });
-                    }
-                    if (event.type === "gate_resolved") {
-                        config.sessions.update(coderSession.sessionId, { needsInput: false });
-                        router
-                            .sendMessage("system", `${coderSession.name} received input — resuming.`)
-                            .catch(() => { });
-                    }
-                });
-                // Coder completion handler: notify room on success or failure
-                coderCcBridge.onComplete(async (success) => {
-                    const updates = {
-                        status: success ? "complete" : "error",
-                    };
-                    let repoInfo = "";
-                    try {
-                        const gs = await config.sandbox.gitStatus(handle, handle.projectDir);
-                        if (gs.initialized) {
-                            const existing = config.sessions.get(coderSession.sessionId);
-                            updates.git = {
-                                branch: gs.branch ?? "main",
-                                remoteUrl: existing?.git?.remoteUrl ?? null,
-                                repoName: existing?.git?.repoName ?? null,
-                                repoVisibility: existing?.git?.repoVisibility,
-                                lastCommitHash: gs.lastCommitHash ?? null,
-                                lastCommitMessage: gs.lastCommitMessage ?? null,
-                                lastCheckpointAt: existing?.git?.lastCheckpointAt ?? null,
-                            };
-                            if (existing?.git?.repoName) {
-                                repoInfo = ` Repo: https://github.com/${existing.git.repoName}`;
-                            }
-                        }
-                    }
-                    catch {
-                        // Sandbox may be stopped
-                    }
-                    config.sessions.update(coderSession.sessionId, updates);
-                    const msg = success
-                        ? `@room DONE: App is ready.${repoInfo}`
-                        : "@room Coder session ended unexpectedly.";
-                    router.handleAgentOutput(coderSession.sessionId, msg).catch((err) => {
-                        console.error(`[room:create-app:${roomId}] Failed to send coder completion message:`, err);
-                    });
-                });
-                await coderBridge.emit({
-                    type: "log",
-                    level: "build",
-                    message: `Running: claude "/create-app ${body.description}"`,
-                    ts: ts(),
-                });
-                await coderCcBridge.start();
-                // Add coder as room participant
-                const coderParticipant = {
-                    sessionId: coderSession.sessionId,
-                    name: coderSession.name,
-                    role: "coder",
-                    bridge: coderCcBridge,
-                };
-                await router.addParticipant(coderParticipant, false);
-                // Send the initial command to the coder
-                await coderCcBridge.sendCommand({
-                    command: "new",
-                    description: body.description,
-                    projectName: coderInfo.projectName,
-                    baseDir: "/home/agent/workspace",
-                });
-                // Store the repoUrl for reviewer/ui-designer prompts
-                // (we continue setting up those agents now)
-                const finalRepoUrl = repoUrl;
-                // 5. Set up reviewer and ui-designer sandboxes
-                const supportAgents = [
-                    { session: reviewerSession, handle: reviewerHandle },
-                    { session: uiDesignerSession, handle: uiDesignerHandle },
-                ];
-                for (const { session: agentSession, handle: agentHandle } of supportAgents) {
-                    const agentBridge = getOrCreateBridge(config, agentSession.sessionId);
-                    // Write a minimal CLAUDE.md
-                    const minimalClaudeMd = "Room agent workspace";
-                    try {
-                        await config.sandbox.exec(agentHandle, `mkdir -p '${agentHandle.projectDir}' && cat > '${agentHandle.projectDir}/CLAUDE.md' << 'CLAUDEMD_EOF'\n${minimalClaudeMd}\nCLAUDEMD_EOF`);
-                    }
-                    catch (err) {
-                        console.error(`[room:create-app:${roomId}] Failed to write CLAUDE.md for ${agentSession.name}:`, err);
-                    }
-                    // Write room-messaging skill
-                    if (roomMessagingSkillContent) {
-                        try {
-                            const skillDir = `${agentHandle.projectDir}/.claude/skills/room-messaging`;
-                            const skillB64 = Buffer.from(roomMessagingSkillContent).toString("base64");
-                            await config.sandbox.exec(agentHandle, `mkdir -p '${skillDir}' && echo '${skillB64}' | base64 -d > '${skillDir}/SKILL.md'`);
-                        }
-                        catch (err) {
-                            console.error(`[room:create-app:${roomId}] Failed to write room-messaging skill for ${agentSession.name}:`, err);
-                        }
-                    }
-                    // Resolve and inject role skill
-                    const roleSkill = resolveRoleSkill(agentSession.role);
-                    if (roleSkill) {
-                        try {
-                            const skillDir = `${agentHandle.projectDir}/.claude/skills/role`;
-                            const skillB64 = Buffer.from(roleSkill.skillContent).toString("base64");
-                            await config.sandbox.exec(agentHandle, `mkdir -p '${skillDir}' && echo '${skillB64}' | base64 -d > '${skillDir}/SKILL.md'`);
-                        }
-                        catch (err) {
-                            console.error(`[room:create-app:${roomId}] Failed to write role skill for ${agentSession.name}:`, err);
-                        }
-                    }
-                    // Build prompt
-                    const repoRef = finalRepoUrl ? ` The GitHub repo is: ${finalRepoUrl}.` : "";
-                    const agentPrompt = agentSession.role === "reviewer"
-                        ? `You are "reviewer", a code review agent in a multi-agent room. Read .claude/skills/role/SKILL.md for your role guidelines.${repoRef} Wait for the coder to send a @room DONE: message before starting any work.`
-                        : `You are "ui-designer", a UI design agent in a multi-agent room. Read .claude/skills/role/SKILL.md for your role guidelines.${repoRef} Wait for the coder to send a @room DONE: message before starting any work.`;
-                    // Create Claude Code bridge
-                    const agentHookToken = deriveHookToken(config.streamConfig.secret, agentSession.sessionId);
-                    const agentClaudeConfig = config.sandbox.runtime === "sprites"
-                        ? {
-                            prompt: agentPrompt,
-                            cwd: agentHandle.projectDir,
-                            studioUrl: resolveStudioUrl(config.port),
-                            hookToken: agentHookToken,
-                            agentName: agentSession.name,
-                            ...(roleSkill?.allowedTools && {
-                                allowedTools: roleSkill.allowedTools,
-                            }),
-                        }
-                        : {
-                            prompt: agentPrompt,
-                            cwd: agentHandle.projectDir,
-                            studioPort: config.port,
-                            hookToken: agentHookToken,
-                            agentName: agentSession.name,
-                            ...(roleSkill?.allowedTools && {
-                                allowedTools: roleSkill.allowedTools,
-                            }),
-                        };
-                    const ccBridge = createClaudeCodeBridge(config, agentSession.sessionId, agentClaudeConfig);
-                    // Track events
-                    ccBridge.onAgentEvent((event) => {
-                        console.log(`[room:create-app:${roomId}] ${agentSession.name} event: type=${event.type}${event.type === "assistant_message" && "text" in event ? ` text=${event.text.slice(0, 120)}` : ""}`);
-                        if (event.type === "session_start") {
-                            const ccSessionId = event.session_id;
-                            if (ccSessionId) {
-                                config.sessions.update(agentSession.sessionId, {
-                                    lastCoderSessionId: ccSessionId,
-                                });
-                            }
-                        }
-                        if (event.type === "session_end") {
-                            accumulateSessionCost(config, agentSession.sessionId, event);
-                        }
-                        if (event.type === "assistant_message" && "text" in event) {
-                            const text = event.text;
-                            console.log(`[room:create-app:${roomId}] ${agentSession.name} assistant_message -> calling handleAgentOutput (sessionId=${agentSession.sessionId})`);
-                            router.handleAgentOutput(agentSession.sessionId, text).catch((err) => {
-                                console.error(`[room:create-app:${roomId}] handleAgentOutput error (${agentSession.name}):`, err);
-                            });
-                        }
-                        if (event.type === "ask_user_question") {
-                            config.sessions.update(agentSession.sessionId, { needsInput: true });
-                            router
-                                .sendMessage("system", `${agentSession.name} needs input — open their session to respond.`)
-                                .catch((err) => {
-                                console.error(`[room:create-app:${roomId}] Failed to send gate notification (${agentSession.name}):`, err);
-                            });
-                        }
-                        if (event.type === "gate_resolved") {
-                            config.sessions.update(agentSession.sessionId, { needsInput: false });
-                            router
-                                .sendMessage("system", `${agentSession.name} received input — resuming.`)
-                                .catch(() => { });
-                        }
-                    });
-                    ccBridge.onComplete(async (success) => {
-                        config.sessions.update(agentSession.sessionId, {
-                            status: success ? "complete" : "error",
-                        });
-                    });
-                    await agentBridge.emit({
-                        type: "log",
-                        level: "done",
-                        message: `Sandbox ready for "${agentSession.name}"`,
-                        ts: ts(),
-                    });
-                    await ccBridge.start();
-                    // Add as room participant (not gated — messages flow freely)
-                    const participant = {
-                        sessionId: agentSession.sessionId,
-                        name: agentSession.name,
-                        role: agentSession.role,
-                        bridge: ccBridge,
-                    };
-                    await router.addParticipant(participant, false);
-                }
-                console.log(`[room:create-app:${roomId}] All 3 agents started and added to room`);
-                await router.sendMessage("system", `All agents ready — ${coderSession.name} is building, ${reviewerSession.name} and ${uiDesignerSession.name} waiting.`);
-            }
-        };
-        asyncFlow().catch(async (err) => {
-            console.error(`[room:create-app:${roomId}] Flow failed:`, err);
-            for (const s of sessions) {
-                config.sessions.update(s.sessionId, { status: "error" });
-            }
-            try {
-                await coderBridge.emit({
-                    type: "log",
-                    level: "error",
-                    message: `Room creation failed: ${err instanceof Error ? err.message : String(err)}`,
-                    ts: ts(),
-                });
-            }
-            catch {
-                // Bridge may not be usable
-            }
-        });
-        return c.json({
-            roomId,
-            code,
-            name: roomName,
-            roomToken,
-            sessions: sessions.map((s) => ({
-                sessionId: s.sessionId,
-                name: s.name,
-                role: s.role,
-                sessionToken: s.sessionToken,
-            })),
-        }, 201);
-    });
     // Create a room
     app.post("/api/rooms", async (c) => {
-        const body = await validateBody(c, createRoomSchema);
-        if (isResponse(body))
-            return body;
+        const body = (await c.req.json());
+        if (!body.name) {
+            return c.json({ error: "name is required" }, 400);
+        }
         const roomId = crypto.randomUUID();
         // Create the room's durable stream
         const conn = roomStream(config, roomId);
@@ -2415,12 +1582,12 @@ echo "Start claude in this project — the session will appear in the studio UI.
             createdAt: new Date().toISOString(),
             revoked: false,
         });
-        const roomToken = deriveRoomToken(config.streamConfig.secret, roomId);
+        const roomToken = deriveSessionToken(config.streamConfig.secret, roomId);
         console.log(`[room] Created: id=${roomId} name=${body.name} code=${code}`);
         return c.json({ roomId, code, roomToken }, 201);
     });
-    // Join an agent room by id + invite code (outside /api/rooms/:id to avoid auth middleware)
-    app.get("/api/join-room/:id/:code", (c) => {
+    // Join an agent room by id + invite code
+    app.get("/api/rooms/join/:id/:code", (c) => {
         const id = c.req.param("id");
         const code = c.req.param("code");
         const room = config.rooms.getRoom(id);
@@ -2428,38 +1595,25 @@ echo "Start claude in this project — the session will appear in the studio UI.
             return c.json({ error: "Room not found" }, 404);
         if (room.revoked)
             return c.json({ error: "Room has been revoked" }, 410);
-        const roomToken = deriveRoomToken(config.streamConfig.secret, room.id);
+        const roomToken = deriveSessionToken(config.streamConfig.secret, room.id);
         return c.json({ id: room.id, code: room.code, name: room.name, roomToken });
     });
     // Get room state
     app.get("/api/rooms/:id", (c) => {
         const roomId = c.req.param("id");
         const router = roomRouters.get(roomId);
-        if (router) {
-            return c.json({
-                roomId,
-                state: router.state,
-                roundCount: router.roundCount,
-                participants: router.participants.map((p) => ({
-                    sessionId: p.sessionId,
-                    name: p.name,
-                    role: p.role,
-                    running: p.bridge.isRunning(),
-                    needsInput: config.sessions.get(p.sessionId)?.needsInput ?? false,
-                })),
-            });
-        }
-        // No active router — check if room exists in the registry (e.g. after server restart)
-        const roomEntry = config.rooms.getRoom(roomId);
-        if (!roomEntry)
+        if (!router)
             return c.json({ error: "Room not found" }, 404);
-        // Return basic room state without live participants
-        // Sessions are still readable via their individual SSE streams
         return c.json({
             roomId,
-            state: "closed",
-            roundCount: 0,
-            participants: [],
+            state: router.state,
+            roundCount: router.roundCount,
+            participants: router.participants.map((p) => ({
+                sessionId: p.sessionId,
+                name: p.name,
+                role: p.role,
+                running: p.bridge.isRunning(),
+            })),
         });
     });
     // Add an agent to a room
@@ -2468,26 +1622,7 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const router = roomRouters.get(roomId);
         if (!router)
             return c.json({ error: "Room not found" }, 404);
-        const body = await validateBody(c, addAgentSchema);
-        if (isResponse(body))
-            return body;
-        // Rate-limit and gate credentials in production mode
-        if (!config.devMode) {
-            const ip = extractClientIp(c);
-            if (!checkSessionRateLimit(ip)) {
-                return c.json({ error: "Too many sessions. Please try again later." }, 429);
-            }
-            if (checkGlobalSessionCap(config.sessions)) {
-                return c.json({ error: "Service at capacity, please try again later" }, 503);
-            }
-        }
-        const apiKey = config.devMode
-            ? body.apiKey || process.env.ANTHROPIC_API_KEY
-            : process.env.ANTHROPIC_API_KEY;
-        const oauthToken = config.devMode
-            ? body.oauthToken || process.env.CLAUDE_OAUTH_TOKEN
-            : undefined;
-        const ghToken = config.devMode ? body.ghToken : undefined;
+        const body = (await c.req.json());
         const sessionId = crypto.randomUUID();
         const randomSuffix = sessionId.slice(0, 6);
         const agentName = body.name?.trim() || `agent-${randomSuffix}`;
@@ -2536,15 +1671,9 @@ echo "Start claude in this project — the session will appear in the studio UI.
                 const handle = await config.sandbox.create(sessionId, {
                     projectName,
                     infra: { mode: "local" },
-                    apiKey,
-                    oauthToken,
-                    ghToken,
-                    ...((!config.devMode || GITHUB_APP_ID) && {
-                        prodMode: {
-                            sessionToken: deriveSessionToken(config.streamConfig.secret, sessionId),
-                            studioUrl: resolveStudioUrl(config.port),
-                        },
-                    }),
+                    apiKey: body.apiKey,
+                    oauthToken: body.oauthToken,
+                    ghToken: body.ghToken,
                 });
                 config.sessions.update(sessionId, {
                     appPort: handle.port,
@@ -2658,9 +1787,10 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const router = roomRouters.get(roomId);
         if (!router)
             return c.json({ error: "Room not found" }, 404);
-        const body = await validateBody(c, addSessionToRoomSchema);
-        if (isResponse(body))
-            return body;
+        const body = (await c.req.json());
+        if (!body.sessionId || !body.name) {
+            return c.json({ error: "sessionId and name are required" }, 400);
+        }
         const { sessionId } = body;
         // Require a valid session token — caller must already own this session.
         // Room auth is handled by middleware via X-Room-Token; Authorization
@@ -2740,9 +1870,10 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const participant = router.participants.find((p) => p.sessionId === sessionId);
         if (!participant)
             return c.json({ error: "Session not found in this room" }, 404);
-        const body = await validateBody(c, iterateRoomSessionSchema);
-        if (isResponse(body))
-            return body;
+        const body = (await c.req.json());
+        if (!body.request) {
+            return c.json({ error: "request is required" }, 400);
+        }
         await participant.bridge.sendCommand({
             command: "iterate",
             request: body.request,
@@ -2755,19 +1886,19 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const router = roomRouters.get(roomId);
         if (!router)
             return c.json({ error: "Room not found" }, 404);
-        const body = await validateBody(c, sendRoomMessageSchema);
-        if (isResponse(body))
-            return body;
+        const body = (await c.req.json());
+        if (!body.from || !body.body) {
+            return c.json({ error: "from and body are required" }, 400);
+        }
         await router.sendMessage(body.from, body.body, body.to);
         return c.json({ ok: true });
     });
-    // SSE proxy for room events (works even after server restart — reads from durable stream)
+    // SSE proxy for room events
     app.get("/api/rooms/:id/events", async (c) => {
         const roomId = c.req.param("id");
-        // Verify room exists in registry or has active router
-        if (!roomRouters.has(roomId) && !config.rooms.getRoom(roomId)) {
+        const router = roomRouters.get(roomId);
+        if (!router)
             return c.json({ error: "Room not found" }, 404);
-        }
         const connection = roomStream(config, roomId);
         const lastEventId = c.req.header("Last-Event-ID") || c.req.query("offset") || "-1";
         const reader = new DurableStream({
@@ -2984,9 +2115,7 @@ echo "Start claude in this project — the session will appear in the studio UI.
         if (!handle || !sandboxDir) {
             return c.json({ error: "Container not available" }, 404);
         }
-        const resolvedPath = path.resolve(filePath);
-        const resolvedDir = path.resolve(sandboxDir) + path.sep;
-        if (!resolvedPath.startsWith(resolvedDir) && resolvedPath !== path.resolve(sandboxDir)) {
+        if (!filePath.startsWith(sandboxDir)) {
             return c.json({ error: "Path outside project directory" }, 403);
         }
         const content = await config.sandbox.readFile(handle, filePath);
@@ -2997,8 +2126,6 @@ echo "Start claude in this project — the session will appear in the studio UI.
     });
     // List GitHub accounts (personal + orgs) — requires client-provided token
     app.get("/api/github/accounts", (c) => {
-        if (!config.devMode)
-            return c.json({ error: "Not available" }, 403);
         const token = c.req.header("X-GH-Token");
         if (!token)
             return c.json({ accounts: [] });
@@ -3010,10 +2137,8 @@ echo "Start claude in this project — the session will appear in the studio UI.
             return c.json({ error: e instanceof Error ? e.message : "Failed to list accounts" }, 500);
         }
     });
-    // List GitHub repos for the authenticated user — requires client-provided token (dev mode only)
+    // List GitHub repos for the authenticated user — requires client-provided token
     app.get("/api/github/repos", (c) => {
-        if (!config.devMode)
-            return c.json({ error: "Not available" }, 403);
         const token = c.req.header("X-GH-Token");
         if (!token)
             return c.json({ repos: [] });
@@ -3026,8 +2151,6 @@ echo "Start claude in this project — the session will appear in the studio UI.
         }
     });
     app.get("/api/github/repos/:owner/:repo/branches", (c) => {
-        if (!config.devMode)
-            return c.json({ error: "Not available" }, 403);
         const owner = c.req.param("owner");
         const repo = c.req.param("repo");
         const token = c.req.header("X-GH-Token");
@@ -3041,38 +2164,33 @@ echo "Start claude in this project — the session will appear in the studio UI.
             return c.json({ error: e instanceof Error ? e.message : "Failed to list branches" }, 500);
         }
     });
-    // Read Claude credentials from macOS Keychain (dev convenience).
-    // Disabled by default — enable via devMode: true or STUDIO_DEV_MODE=1.
-    if (config.devMode) {
-        app.get("/api/credentials/keychain", (c) => {
-            if (process.platform !== "darwin") {
-                return c.json({ apiKey: null });
-            }
-            try {
-                const raw = execFileSync("security", ["find-generic-password", "-s", "Claude Code-credentials", "-w"], { encoding: "utf-8", timeout: 3000, stdio: ["ignore", "pipe", "ignore"] }).trim();
-                const parsed = JSON.parse(raw);
-                const token = parsed.claudeAiOauth?.accessToken ?? null;
-                if (token) {
-                    console.log(`[dev] Loaded OAuth token from keychain (length: ${token.length})`);
-                }
-                else {
-                    console.log("[dev] No OAuth token found in keychain");
-                }
-                return c.json({ oauthToken: token });
+    // Read Claude credentials from macOS Keychain (dev convenience)
+    app.get("/api/credentials/keychain", (c) => {
+        if (process.platform !== "darwin") {
+            return c.json({ apiKey: null });
+        }
+        try {
+            const raw = execFileSync("security", ["find-generic-password", "-s", "Claude Code-credentials", "-w"], { encoding: "utf-8", timeout: 3000, stdio: ["ignore", "pipe", "ignore"] }).trim();
+            const parsed = JSON.parse(raw);
+            const token = parsed.claudeAiOauth?.accessToken ?? null;
+            if (token) {
+                console.log(`[dev] Loaded OAuth token from keychain (length: ${token.length})`);
             }
-            catch {
-                return c.json({ oauthToken: null });
+            else {
+                console.log("[dev] No OAuth token found in keychain");
             }
-        });
-    }
-    // Resume a project from a GitHub repo (dev mode only)
+            return c.json({ oauthToken: token });
+        }
+        catch {
+            return c.json({ oauthToken: null });
+        }
+    });
+    // Resume a project from a GitHub repo
     app.post("/api/sessions/resume", async (c) => {
-        if (!config.devMode) {
-            return c.json({ error: "Resume from repo not available" }, 403);
+        const body = (await c.req.json());
+        if (!body.repoUrl) {
+            return c.json({ error: "repoUrl is required" }, 400);
         }
-        const body = await validateBody(c, resumeSessionSchema);
-        if (isResponse(body))
-            return body;
         const sessionId = crypto.randomUUID();
         const repoName = body.repoUrl
             .split("/")
@@ -3152,7 +2270,6 @@ echo "Start claude in this project — the session will appear in the studio UI.
                 projectName: repoName,
                 projectDir: handle.projectDir,
                 runtime: config.sandbox.runtime,
-                production: !config.devMode,
                 git: {
                     mode: "existing",
                     repoName: parseRepoNameFromUrl(body.repoUrl) ?? repoName,
@@ -3317,42 +2434,15 @@ echo "Start claude in this project — the session will appear in the studio UI.
     return app;
 }
 export async function startWebServer(opts) {
-    const devMode = opts.devMode ?? process.env.STUDIO_DEV_MODE === "1";
-    if (devMode) {
-        console.log("[studio] Dev mode enabled — keychain endpoint active");
-    }
-    // Hydrate session registry from durable stream (survives restarts)
-    const registry = await Registry.create(opts.streamConfig);
     const config = {
         port: opts.port ?? 4400,
         dataDir: opts.dataDir ?? path.resolve(process.cwd(), ".electric-agent"),
-        sessions: ActiveSessions.fromRegistry(registry),
+        sessions: new ActiveSessions(),
         rooms: opts.rooms,
         sandbox: opts.sandbox,
         streamConfig: opts.streamConfig,
         bridgeMode: opts.bridgeMode ?? "claude-code",
-        devMode,
     };
-    // Reconnect to surviving sandbox containers (Docker only)
-    if (config.sandbox.runtime === "docker") {
-        const dockerProvider = config.sandbox;
-        const allSessions = registry.listSessions();
-        dockerProvider.reconnect(allSessions);
-        // Mark sessions with live containers as "complete" (not stale),
-        // and sessions without containers as "error"
-        for (const session of allSessions) {
-            if (session.status === "running") {
-                const handle = dockerProvider.get(session.id);
-                config.sessions.update(session.id, {
-                    status: handle ? "complete" : "error",
-                });
-            }
-        }
-    }
-    else {
-        // Non-Docker: mark all running sessions as stale
-        registry.cleanupStaleSessions(0);
-    }
     fs.mkdirSync(config.dataDir, { recursive: true });
     const app = createApp(config);
     const hostname = process.env.NODE_ENV === "production" ? "0.0.0.0" : "127.0.0.1";