@electric-ax/agents 0.4.11 → 0.4.13

package/dist/entrypoint.js

@@ -1,10 +1,12 @@
 #!/usr/bin/env node
 import path from "node:path";
+import { Agent, cacheStores, interceptors, setGlobalDispatcher } from "undici";
 import fs from "node:fs";
 import pino from "pino";
 import { fileURLToPath } from "node:url";
-import { MOONSHOT_API_BASE_URL, MOONSHOT_PROVIDER, appendPathToUrl, completeWithLowCostModel, createEntityRegistry, createPullWakeRunner, createRuntimeHandler, createSkillTools, createSkillsRegistry, db, detectAvailableProviders, getMoonshotApiKey, getMoonshotModels, readCodexAccessToken, registerToolProvider, unregisterToolProvider } from "@electric-ax/agents-runtime";
-import { braveSearchTool, createBashTool, createEditTool, createEventSourceTools, createFetchUrlTool, createReadFileTool, createSendTool, createWriteTool, fetchUrlTool } from "@electric-ax/agents-runtime/tools";
+import { MOONSHOT_API_BASE_URL, MOONSHOT_PROVIDER, appendPathToUrl, completeWithLowCostModel, createEntityRegistry, createPullWakeRunner, createRuntimeHandler, createSkillTools, createSkillsRegistry, db, detectAvailableProviders, getMoonshotApiKey, getMoonshotModel, getMoonshotModels, readCodexAccessToken, registerToolProvider, unregisterToolProvider } from "@electric-ax/agents-runtime";
+import { braveSearchTool, createBashTool, createEditTool, createEventSourceTools, createFetchUrlTool, createReadFileTool, createSendTool, createWriteTool } from "@electric-ax/agents-runtime/tools";
+import { chooseDefaultSandbox, isE2BAvailable, remoteSandbox } from "@electric-ax/agents-runtime/sandbox";
 import { z } from "zod";
 import { createHash } from "node:crypto";
 import fs$1 from "node:fs/promises";
@@ -15,6 +17,18 @@ import { nanoid } from "nanoid";
 import { getModels } from "@mariozechner/pi-ai";
 import { bridgeMcpTool, buildPromptTools, buildResourceTools, createRegistry, keychainPersistence, loadConfig, mcp, watchConfig } from "@electric-ax/agents-mcp";
 
+//#region src/durable-streams-cache.ts
+const MEMORY_CACHE_SIZE_BYTES = 100 * 1024 * 1024;
+function installDurableStreamsFetchCache(options = {}) {
+	if (options === false) return;
+	const store = options.store === `sqlite` || options.sqliteLocation ? new cacheStores.SqliteCacheStore({
+		location: options.sqliteLocation,
+		maxCount: options.maxCount
+	}) : new cacheStores.MemoryCacheStore({ maxSize: MEMORY_CACHE_SIZE_BYTES });
+	setGlobalDispatcher(new Agent().compose(interceptors.cache({ store })));
+}
+
+//#endregion
 //#region src/log.ts
 const LOG_LEVEL = process.env.ELECTRIC_AGENTS_LOG_LEVEL ?? `info`;
 const IS_ELECTRON_MAIN = Boolean(process.versions.electron);
@@ -764,7 +778,8 @@ function createSpawnWorkerTool(ctx, modelConfig) {
 					wake: {
 						on: `runFinished`,
 						includeResponse: true
-					}
+					},
+					sandbox: `inherit`
 				});
 				const workerUrl = handle.entityUrl;
 				return {
@@ -863,6 +878,15 @@ async function fetchAvailableModelIds(provider) {
 function knownModelsForProvider(provider) {
 	return provider === MOONSHOT_PROVIDER ? getMoonshotModels() : getModels(provider);
 }
+function resolveBuiltinModelContextWindow(modelConfig) {
+	const modelId = String(modelConfig.model);
+	if (modelConfig.provider === MOONSHOT_PROVIDER) return getMoonshotModel(modelId)?.contextWindow ?? null;
+	if (!modelConfig.provider) return null;
+	return knownModelsForProvider(modelConfig.provider).find((model) => model.id === modelId)?.contextWindow ?? null;
+}
+function resolveBuiltinModelSourceBudget(modelConfig) {
+	return resolveBuiltinModelContextWindow(modelConfig) ?? 1e5;
+}
 function choiceForKnownModel(provider, model) {
 	return {
 		provider,
@@ -1151,19 +1175,19 @@ function getToolName(tool) {
 	const name = tool.name;
 	return typeof name === `string` ? name : null;
 }
-function createHortonTools(workingDirectory, ctx, readSet, opts = {}) {
+function createHortonTools(sandbox, ctx, readSet, opts = {}) {
 	return [
-		createBashTool(workingDirectory),
-		createReadFileTool(workingDirectory, readSet),
-		createWriteTool(workingDirectory, readSet),
-		createEditTool(workingDirectory, readSet),
+		createBashTool(sandbox),
+		createReadFileTool(sandbox, readSet),
+		createWriteTool(sandbox, readSet),
+		createEditTool(sandbox, readSet),
 		braveSearchTool,
-		...opts.modelCatalog && opts.modelConfig ? [createFetchUrlTool({
+		...opts.modelCatalog && opts.modelConfig ? [createFetchUrlTool(sandbox, {
 			catalog: opts.modelCatalog,
 			modelConfig: opts.modelConfig,
 			log: (message) => serverLog.info(message),
 			logPrefix: opts.logPrefix ?? `[horton]`
-		})] : [fetchUrlTool],
+		})] : [createFetchUrlTool(sandbox)],
 		createSpawnWorkerTool(ctx, opts.modelConfig),
 		createSendTool(ctx.send, { selfEntityUrl: ctx.entityUrl }),
 		...opts.docsSearchTool ? [opts.docsSearchTool] : []
@@ -1217,11 +1241,10 @@ async function extractFirstUserMessage(ctx) {
 function messageSeq(message) {
 	return typeof message._seq === `number` ? message._seq : -1;
 }
-function readAgentsMd(workingDirectory) {
-	const agentsMdPath = path.join(workingDirectory, `AGENTS.md`);
+async function readAgentsMd(sandbox) {
+	const agentsMdPath = path.posix.join(sandbox.workingDirectory, `AGENTS.md`);
 	try {
-		if (!fs.existsSync(agentsMdPath) || !fs.statSync(agentsMdPath).isFile()) return null;
-		const content = fs.readFileSync(agentsMdPath, `utf8`);
+		const content = (await sandbox.readFile(agentsMdPath)).toString(`utf8`);
 		return [
 			`<context_file kind="instructions" path="${agentsMdPath}">`,
 			content,
@@ -1232,16 +1255,17 @@ function readAgentsMd(workingDirectory) {
 	}
 }
 function createAssistantHandler(options) {
-	const { workingDirectory, streamFn, docsSupport, docsSearchTool, skillsRegistry, modelCatalog, docsUrl } = options;
+	const { streamFn, docsSupport, docsSearchTool, skillsRegistry, modelCatalog, docsUrl } = options;
 	const hasSkills = Boolean(skillsRegistry && skillsRegistry.catalog.size > 0);
 	return async function assistantHandler(ctx, wake) {
 		const readSet = new Set();
-		const effectiveCwd = typeof ctx.args.workingDirectory === `string` && ctx.args.workingDirectory.trim().length > 0 ? ctx.args.workingDirectory : workingDirectory;
 		const modelConfig = resolveBuiltinModelConfig(modelCatalog, ctx.args);
-		const agentsMd = readAgentsMd(effectiveCwd);
+		const sourceBudget = resolveBuiltinModelSourceBudget(modelConfig);
+		const sandboxCwd = ctx.sandbox.workingDirectory;
+		const agentsMd = await readAgentsMd(ctx.sandbox);
 		const tools = [
 			...ctx.electricTools,
-			...createHortonTools(effectiveCwd, ctx, readSet, {
+			...createHortonTools(ctx.sandbox, ctx, readSet, {
 				docsSearchTool,
 				modelConfig,
 				modelCatalog,
@@ -1270,7 +1294,7 @@ function createAssistantHandler(options) {
 			}
 		})() : Promise.resolve();
 		if (docsSupport) ctx.useContext({
-			sourceBudget: 1e5,
+			sourceBudget,
 			sources: {
 				docs_toc: {
 					content: () => docsSupport.renderCompressedToc(),
@@ -1299,7 +1323,7 @@ function createAssistantHandler(options) {
 			}
 		});
 		else if (skillsRegistry && skillsRegistry.catalog.size > 0) ctx.useContext({
-			sourceBudget: 1e5,
+			sourceBudget,
 			sources: {
 				skills_catalog: {
 					content: () => skillsRegistry.renderCatalog(2e3),
@@ -1318,7 +1342,7 @@ function createAssistantHandler(options) {
 			}
 		});
 		else if (agentsMd) ctx.useContext({
-			sourceBudget: 1e5,
+			sourceBudget,
 			sources: {
 				conversation: {
 					content: () => ctx.timelineMessages(),
@@ -1332,7 +1356,7 @@ function createAssistantHandler(options) {
 			}
 		});
 		ctx.useAgent({
-			systemPrompt: buildHortonSystemPrompt(effectiveCwd, {
+			systemPrompt: buildHortonSystemPrompt(sandboxCwd, {
 				hasDocsSupport: Boolean(docsSupport),
 				hasSkills,
 				docsUrl,
@@ -1360,7 +1384,6 @@ function registerHorton(registry, options) {
 		serverLog.warn(`[horton-docs] warmup failed: ${error instanceof Error ? error.message : String(error)}`);
 	});
 	const assistantHandler = createAssistantHandler({
-		workingDirectory,
 		streamFn,
 		docsSupport,
 		docsSearchTool,
@@ -1376,6 +1399,15 @@ function registerHorton(registry, options) {
 	registry.define(`horton`, {
 		description: `Friendly capable assistant — chat, code, research, dispatch`,
 		creationSchema: hortonCreationSchema,
+		permissionGrants: [{
+			subject_kind: `principal_kind`,
+			subject_value: `user`,
+			permission: `spawn`
+		}, {
+			subject_kind: `principal_kind`,
+			subject_value: `user`,
+			permission: `manage`
+		}],
 		handler: assistantHandler
 	});
 	return [`horton`];
@@ -1417,26 +1449,29 @@ function parseWorkerArgs(value) {
 	if (typeof value.reasoningEffort === `string` && REASONING_EFFORT_VALUES.includes(value.reasoningEffort)) args.reasoningEffort = value.reasoningEffort;
 	return args;
 }
-function buildToolsForWorker(tools, workingDirectory, ctx, readSet) {
+function buildToolsForWorker(tools, sandbox, ctx, readSet, opts) {
 	const out = [];
 	for (const name of tools) switch (name) {
 		case `bash`:
-			out.push(createBashTool(workingDirectory));
+			out.push(createBashTool(sandbox));
 			break;
 		case `read`:
-			out.push(createReadFileTool(workingDirectory, readSet));
+			out.push(createReadFileTool(sandbox, readSet));
 			break;
 		case `write`:
-			out.push(createWriteTool(workingDirectory, readSet));
+			out.push(createWriteTool(sandbox, readSet));
 			break;
 		case `edit`:
-			out.push(createEditTool(workingDirectory, readSet));
+			out.push(createEditTool(sandbox, readSet));
 			break;
 		case `web_search`:
 			out.push(braveSearchTool);
 			break;
 		case `fetch_url`:
-			out.push(fetchUrlTool);
+			out.push(createFetchUrlTool(sandbox, {
+				catalog: opts.modelCatalog,
+				modelConfig: opts.modelConfig
+			}));
 			break;
 		case `spawn_worker`:
 			out.push(createSpawnWorkerTool(ctx));
@@ -1544,14 +1579,26 @@ function buildSharedStateTools(shared, schema, mode) {
 	return tools;
 }
 function registerWorker(registry, options) {
-	const { workingDirectory, streamFn, modelCatalog } = options;
+	const { streamFn, modelCatalog } = options;
 	registry.define(`worker`, {
 		description: `Internal — generic worker spawned by other agents. Configure via spawn args (systemPrompt + tools + optional sharedDb).`,
+		permissionGrants: [{
+			subject_kind: `principal_kind`,
+			subject_value: `user`,
+			permission: `spawn`
+		}, {
+			subject_kind: `principal_kind`,
+			subject_value: `user`,
+			permission: `manage`
+		}],
 		async handler(ctx) {
 			const args = parseWorkerArgs(ctx.args);
 			const readSet = new Set();
-			const builtinTools = buildToolsForWorker(args.tools, workingDirectory, ctx, readSet);
 			const modelConfig = resolveBuiltinModelConfig(modelCatalog, args);
+			const builtinTools = buildToolsForWorker(args.tools, ctx.sandbox, ctx, readSet, {
+				modelCatalog,
+				modelConfig
+			});
 			const sharedStateTools = [];
 			if (args.sharedDb) {
 				const shared = await ctx.observe(db(args.sharedDb.id, args.sharedDb.schema));
@@ -1628,6 +1675,7 @@ async function createBuiltinAgentHandler(options) {
 		modelCatalog
 	});
 	typeNames.push(`worker`);
+	const sandboxProfiles = await buildBuiltinSandboxProfiles(cwd);
 	const runtime = createRuntimeHandler({
 		baseUrl: agentServerUrl,
 		serveEndpoint,
@@ -1638,7 +1686,8 @@ async function createBuiltinAgentHandler(options) {
 		idleTimeout: 5 * 6e4,
 		createElectricTools: createBuiltinElectricTools(createElectricTools),
 		publicUrl,
-		name: runtimeName ?? `builtin-agents`
+		name: runtimeName ?? `builtin-agents`,
+		sandboxProfiles
 	});
 	return {
 		handler: runtime.onEnter,
@@ -1652,6 +1701,85 @@ async function registerBuiltinAgentTypes(bootstrap) {
 	await bootstrap.runtime.registerTypes();
 	serverLog.info(`[builtin-agents] ${bootstrap.typeNames.length} built-in agent types ready: ${bootstrap.typeNames.join(`, `)}`);
 }
+/**
+* Guard so repeated `buildBuiltinSandboxProfiles` calls in one process don't
+* re-run the boot sweep.
+*/
+let dockerSweptOnBoot = false;
+function sweepOrphanedDockerSandboxesOnce(sweep) {
+	if (dockerSweptOnBoot) return;
+	dockerSweptOnBoot = true;
+	sweep().then((removed) => {
+		if (removed.length > 0) serverLog.info(`[builtin-agents] docker sandbox boot sweep removed ${removed.length} leftover container(s)`);
+	}).catch((err) => serverLog.warn(`[builtin-agents] docker sandbox boot sweep error: ${err instanceof Error ? err.message : String(err)}`));
+}
+/**
+* Built-in sandbox profiles. `local` is always available. `docker` is
+* gated on Docker being reachable so a user without Docker installed
+* sees only what works — the UI never offers a non-functional choice.
+*/
+async function buildBuiltinSandboxProfiles(workingDirectory) {
+	const profiles = [{
+		name: `local`,
+		label: `Local`,
+		description: `Runs on the host without isolation. Full filesystem access.`,
+		factory: ({ args }) => chooseDefaultSandbox(resolveCwd(args, workingDirectory))
+	}];
+	try {
+		const { isDockerAvailable } = await import(`@electric-ax/agents-runtime/sandbox/docker`);
+		if (await isDockerAvailable()) {
+			const { dockerSandbox, sweepOrphanedDockerSandboxes } = await import(`@electric-ax/agents-runtime/sandbox/docker`);
+			sweepOrphanedDockerSandboxesOnce(sweepOrphanedDockerSandboxes);
+			profiles.push({
+				name: `docker`,
+				label: `Docker`,
+				description: `Runs in a hardened Docker container: dropped capabilities, no privilege escalation, and CPU/memory/process limits. The chosen working directory is mounted read-write and, by default, network egress is unrestricted (allow-all).`,
+				factory: ({ args, sandboxKey, persistent, owner, entityType, entityUrl }) => {
+					const cwd = readWorkingDirectoryArg(args);
+					return dockerSandbox({
+						initialNetworkPolicy: { mode: `allow-all` },
+						extraMounts: cwd ? [{
+							hostPath: cwd,
+							containerPath: `/work`,
+							readOnly: false
+						}] : void 0,
+						sandboxKey,
+						persistent,
+						owner,
+						entityType,
+						entityUrl
+					});
+				}
+			});
+		} else serverLog.info(`[builtin-agents] docker daemon not reachable — docker sandbox profile not registered`);
+	} catch (err) {
+		serverLog.warn(`[builtin-agents] failed to probe docker availability: ${err instanceof Error ? err.message : String(err)}`);
+	}
+	if (process.env.E2B_API_KEY) if (await isE2BAvailable()) profiles.push({
+		name: `e2b`,
+		label: `E2B`,
+		description: `Runs in a remote E2B microVM. Persistent sandboxes survive across wakes and are reachable from any runner.`,
+		remote: true,
+		factory: ({ sandboxKey, persistent, owner }) => remoteSandbox({
+			provider: `e2b`,
+			apiKey: process.env.E2B_API_KEY,
+			sandboxKey,
+			persistent,
+			owner,
+			initialNetworkPolicy: { mode: `allow-all` }
+		})
+	});
+	else serverLog.info(`[builtin-agents] E2B_API_KEY set but the "e2b" package is not installed — e2b sandbox profile not registered`);
+	console.log(`[builtin-agents] sandbox profiles advertised: ${profiles.map((p) => p.name).join(`, `)}`);
+	return profiles;
+}
+function readWorkingDirectoryArg(args) {
+	const v = args.workingDirectory;
+	return typeof v === `string` && v.trim().length > 0 ? v : null;
+}
+function resolveCwd(args, fallback) {
+	return readWorkingDirectoryArg(args) ?? fallback;
+}
 
 //#endregion
 //#region src/server.ts
@@ -1662,6 +1790,8 @@ var BuiltinAgentsServer = class {
 	mcpToolProviderName = null;
 	mcpApplyInFlight = new Set();
 	mcpStopping = false;
+	mcpExtras = [];
+	mcpLastJsonConfig = null;
 	pullWakeRunner = null;
 	options;
 	constructor(options) {
@@ -1671,8 +1801,70 @@ var BuiltinAgentsServer = class {
 	get mcpRegistry() {
 		return this._mcpRegistry;
 	}
+	/**
+	* Replace the in-memory `extras` list and re-apply the merged config
+	* against the last-known workspace `mcp.json` state. Workspace
+	* `mcp.json` still wins on name collision. No-op once `stop()` has
+	* latched `mcpStopping`.
+	*/
+	async setExtraMcpServers(extras) {
+		if (!this._mcpRegistry || this.mcpStopping) return;
+		this.mcpExtras = extras;
+		await this.applyMerged(this.mcpLastJsonConfig);
+	}
+	async wirePersistence(cfg) {
+		const servers = [];
+		for (const s of cfg.servers) if (s.transport === `http` && s.auth?.mode === `authorizationCode`) {
+			const persist = await keychainPersistence({ server: s.name });
+			servers.push({
+				...s,
+				auth: {
+					...s.auth,
+					...persist
+				}
+			});
+		} else servers.push(s);
+		return {
+			...cfg,
+			servers
+		};
+	}
+	mergeMcp(jsonCfg) {
+		const jsonServers = jsonCfg?.servers ?? [];
+		const jsonNames = new Set(jsonServers.map((s) => s.name));
+		const filteredExtras = this.mcpExtras.filter((s) => !jsonNames.has(s.name));
+		return {
+			servers: [...filteredExtras, ...jsonServers],
+			raw: jsonCfg?.raw
+		};
+	}
+	async runApply(jsonCfg) {
+		if (this.mcpStopping) return;
+		const registry = this._mcpRegistry;
+		if (!registry) return;
+		try {
+			const wired = await this.wirePersistence(this.mergeMcp(jsonCfg));
+			if (this.mcpStopping) return;
+			await registry.applyConfig(wired);
+		} catch (e) {
+			serverLog.error(`[mcp] applyConfig:`, e);
+			try {
+				this.options.onConfigError?.(e);
+			} catch (cbErr) {
+				serverLog.error(`[mcp] onConfigError callback failed:`, cbErr);
+			}
+		}
+	}
+	applyMerged(jsonCfg) {
+		this.mcpLastJsonConfig = jsonCfg;
+		const p = this.runApply(jsonCfg);
+		this.mcpApplyInFlight.add(p);
+		p.finally(() => this.mcpApplyInFlight.delete(p));
+		return p;
+	}
 	async start() {
 		if (this.bootstrap || this.pullWakeRunner) throw new Error(`Builtin agents runtime already started`);
+		installDurableStreamsFetchCache(this.options.durableStreamsFetchCache);
 		const pullWake = this.options.pullWake;
 		if (!pullWake?.runnerId) throw new Error(`Builtin agents require a pull-wake runner id`);
 		try {
@@ -1683,76 +1875,28 @@ var BuiltinAgentsServer = class {
 			});
 			this._mcpRegistry = mcpRegistry;
 			const mcpConfigPath = this.options.loadProjectMcpConfig ? path.resolve(this.options.workingDirectory ?? process.cwd(), `mcp.json`) : null;
-			const extras = this.options.extraMcpServers ?? [];
-			const wirePersistence = async (cfg) => {
-				const servers = [];
-				for (const s of cfg.servers) if (s.transport === `http` && s.auth?.mode === `authorizationCode`) {
-					const persist = await keychainPersistence({ server: s.name });
-					servers.push({
-						...s,
-						auth: {
-							...s.auth,
-							...persist
-						}
-					});
-				} else servers.push(s);
-				return {
-					...cfg,
-					servers
-				};
-			};
-			const merge = (jsonCfg) => {
-				const jsonServers = jsonCfg?.servers ?? [];
-				const jsonNames = new Set(jsonServers.map((s) => s.name));
-				const filteredExtras = extras.filter((s) => !jsonNames.has(s.name));
-				return {
-					servers: [...filteredExtras, ...jsonServers],
-					raw: jsonCfg?.raw
-				};
-			};
-			const onConfigError = this.options.onConfigError;
-			const runApply = async (jsonCfg) => {
-				if (this.mcpStopping) return;
-				try {
-					const wired = await wirePersistence(merge(jsonCfg));
-					if (this.mcpStopping) return;
-					await mcpRegistry.applyConfig(wired);
-				} catch (e) {
-					serverLog.error(`[mcp] applyConfig:`, e);
-					try {
-						onConfigError?.(e);
-					} catch (cbErr) {
-						serverLog.error(`[mcp] onConfigError callback failed:`, cbErr);
-					}
-				}
-			};
-			const applyMerged = (jsonCfg) => {
-				const p = runApply(jsonCfg);
-				this.mcpApplyInFlight.add(p);
-				p.finally(() => this.mcpApplyInFlight.delete(p));
-				return p;
-			};
+			this.mcpExtras = this.options.extraMcpServers ?? [];
 			if (mcpConfigPath) {
 				try {
 					const cfg = await loadConfig(mcpConfigPath, process.env);
-					applyMerged(cfg);
+					this.applyMerged(cfg);
 				} catch (err) {
 					if (err.code !== `ENOENT`) throw err;
-					if (extras.length === 0) serverLog.info(`[mcp] no ${mcpConfigPath} — starting with no servers`);
-					else serverLog.info(`[mcp] no ${mcpConfigPath} — starting with ${extras.length} server(s) from extras`);
-					applyMerged(null);
+					if (this.mcpExtras.length === 0) serverLog.info(`[mcp] no ${mcpConfigPath} — starting with no servers`);
+					else serverLog.info(`[mcp] no ${mcpConfigPath} — starting with ${this.mcpExtras.length} server(s) from extras`);
+					this.applyMerged(null);
 				}
 				try {
 					this.mcpWatcherCloser = await watchConfig(mcpConfigPath, {
-						onChange: (cfg) => void applyMerged(cfg),
+						onChange: (cfg) => void this.applyMerged(cfg),
 						onError: (e) => serverLog.error(`[mcp] config error:`, e)
 					});
 				} catch (e) {
 					serverLog.error(`[mcp] config watcher failed to start:`, e);
 				}
 			} else {
-				if (extras.length > 0) serverLog.info(`[mcp] starting with ${extras.length} server(s) from extras`);
-				applyMerged(null);
+				if (this.mcpExtras.length > 0) serverLog.info(`[mcp] starting with ${this.mcpExtras.length} server(s) from extras`);
+				this.applyMerged(null);
 			}
 			this.mcpToolProviderName = `mcp`;
 			registerToolProvider({
@@ -1860,6 +2004,7 @@ var BuiltinAgentsServer = class {
 	async registerPullWakeRunner(pullWake) {
 		const headers = new Headers(typeof pullWake.headers === `function` ? await pullWake.headers() : pullWake.headers);
 		headers.set(`content-type`, `application/json`);
+		const profiles = this.bootstrap?.runtime.sandboxProfileDescriptors ?? [];
 		const response = await fetch(appendPathToUrl(this.options.agentServerUrl, `/_electric/runners`), {
 			method: `POST`,
 			headers,
@@ -1868,7 +2013,8 @@ var BuiltinAgentsServer = class {
 				owner_principal: pullWake.ownerPrincipal,
 				label: pullWake.label ?? `Built-in agents`,
 				kind: `local`,
-				admin_status: `enabled`
+				admin_status: `enabled`,
+				sandbox_profiles: profiles
 			})
 		});
 		if (!response.ok) throw new Error(`Failed to register pull-wake runner ${pullWake.runnerId}: ${response.status} ${await response.text()}`);