@fitlab-ai/agent-infra 0.5.9 → 0.6.0

package/lib/sandbox/commands/enter.ts

@@ -0,0 +1,115 @@
+import { loadConfig } from '../config.ts';
+import { assertValidBranchName, containerNameCandidates } from '../constants.ts';
+import { detectEngine } from '../engine.ts';
+import {
+  formatCredentialWarnings,
+  formatRemaining,
+  reconcileClaudeCredentials,
+  redactCommandError,
+  validateClaudeCredentialsEnvOverride
+} from '../credentials.ts';
+import { runInteractiveEngine, runSafeEngine } from '../shell.ts';
+import { resolveTaskBranch } from '../task-resolver.ts';
+import { dotfilesCacheDir, materializeDotfiles } from '../dotfiles.ts';
+
+const USAGE = `Usage: ai sandbox exec <branch> [cmd...]`;
+const TMUX_ENTRY_PATH = '/usr/local/bin/sandbox-tmux-entry';
+
+// Terminal-detection variables that interactive TUIs (e.g. claude-code)
+// inspect to enable progressive enhancements such as the kitty keyboard
+// protocol, which is what makes Shift+Enter distinguishable from Enter.
+// `docker exec` does not forward these by default, so we must pass them
+// through explicitly.
+const FORWARDED_TERMINAL_ENV = [
+  'TERM_PROGRAM',
+  'TERM_PROGRAM_VERSION',
+  'LC_TERMINAL',
+  'LC_TERMINAL_VERSION'
+];
+
+export function terminalEnvFlags(env: NodeJS.ProcessEnv = process.env): string[] {
+  const flags: string[] = [];
+  for (const name of FORWARDED_TERMINAL_ENV) {
+    const value = env[name];
+    if (value) {
+      flags.push('-e', `${name}=${value}`);
+    }
+  }
+  return flags;
+}
+
+export function formatCredentialSyncStatus(
+  result: ReturnType<typeof reconcileClaudeCredentials>,
+  isTTY = process.stderr.isTTY
+): string | null {
+  if (result.status === 'STALE_ACCESS') {
+    return 'Warning: Claude Code credentials on host appear stale. Run "ai sandbox refresh" or "claude /login" to renew.\n';
+  }
+  if (result.status === 'MISSING') {
+    return 'Warning: Claude Code credentials missing on host. Run "claude /login" to authenticate.\n';
+  }
+  if (result.status === 'KEYCHAIN_WRITE_FAILED') {
+    return `Warning: A sandbox refresh produced newer credentials but host Keychain write failed (${formatCredentialWarnings(result.warnings)}). Run "ai sandbox refresh" again or "claude /status" on the host to retry.\n`;
+  }
+  if (result.status === 'KEYCHAIN_LOCKED' || result.status === 'KEYCHAIN_ERROR') {
+    return 'Warning: Host keychain is unavailable; Claude credential sync skipped. Run "ai sandbox refresh" for details.\n';
+  }
+  if (result.status === 'OK' && result.authoritative !== 'host') {
+    const message = `Synced Claude Code credentials from sandbox refresh back to host (expires in ${formatRemaining(result.expiresAt)})`;
+    return isTTY ? `\x1b[2m${message}\x1b[0m\n` : `${message}\n`;
+  }
+  if (result.status === 'OK' && result.filesWritten.length > 0) {
+    const message = `Synced Claude Code credentials from host Keychain (expires in ${formatRemaining(result.expiresAt)})`;
+    return isTTY ? `\x1b[2m${message}\x1b[0m\n` : `${message}\n`;
+  }
+  return null;
+}
+
+export function enter(args: string[]): number {
+  if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
+    process.stdout.write(`${USAGE}\n`);
+    if (args.length === 0) {
+      return 1;
+    }
+    return 0;
+  }
+
+  const config = loadConfig();
+  validateClaudeCredentialsEnvOverride();
+  const engine = detectEngine(config);
+  const [branchOrTaskId = '', ...cmd] = args;
+  const branch = resolveTaskBranch(branchOrTaskId, config.repoRoot);
+  assertValidBranchName(branch);
+  const running = runSafeEngine(engine, 'docker', ['ps', '--format', '{{.Names}}']).split('\n');
+  const container = containerNameCandidates(config, branch).find((name) => running.includes(name));
+
+  if (!container) {
+    throw new Error(`No running sandbox found for branch '${branch}'`);
+  }
+
+  if (config.tools.includes('claude-code')) {
+    try {
+      // Scan all projects so a refresh from a neighbouring sandbox can still flow back to the host.
+      const result = reconcileClaudeCredentials(config.home);
+      const message = formatCredentialSyncStatus(result);
+      if (message) {
+        process.stderr.write(message);
+      }
+    } catch (error) {
+      process.stderr.write(`Warning: Failed to sync Claude Code credentials: ${redactCommandError(error instanceof Error ? error.message : 'unknown error')}\n`);
+    }
+  }
+
+  const envFlags = terminalEnvFlags();
+  if (cmd.length === 0) {
+    try {
+      materializeDotfiles(config.dotfilesDir, dotfilesCacheDir(config.home, config.project));
+    } catch (error) {
+      process.stderr.write(`Warning: dotfiles snapshot rebuild failed: ${redactCommandError(error instanceof Error ? error.message : 'unknown error')}\n`);
+    }
+
+    return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH]);
+  }
+
+  return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, ...cmd]);
+}

package/lib/sandbox/commands/{ls.js → ls.ts}

@@ -2,14 +2,40 @@ import fs from 'node:fs';
 import path from 'node:path';
 import * as p from '@clack/prompts';
 import pc from 'picocolors';
-import { loadConfig } from '../config.js';
-import { sandboxLabel } from '../constants.js';
-import { runSafe } from '../shell.js';
-import { resolveTools, toolProjectDirCandidates } from '../tools.js';
+import { loadConfig } from '../config.ts';
+import { sandboxBranchLabel, sandboxLabel } from '../constants.ts';
+import { detectEngine } from '../engine.ts';
+import { runSafeEngine } from '../shell.ts';
+import { resolveTools, toolProjectDirCandidates } from '../tools.ts';
 
 const USAGE = 'Usage: ai sandbox ls';
+const CONTAINER_LIST_HEADER = 'NAMES\tSTATUS\tBRANCH';
 
-function listChildren(dir) {
+// Exported to lock the docker/podman-compatible format in unit tests.
+export function containerListFormat(): string {
+  return '{{.Names}}\t{{.Status}}\t{{.Labels}}';
+}
+
+export function parseLabels(csv: string): Record<string, string> {
+  if (!csv) {
+    return {};
+  }
+
+  const labels: Record<string, string> = {};
+  for (const pair of csv.split(',')) {
+    if (!pair) {
+      continue;
+    }
+    const eq = pair.indexOf('=');
+    if (eq < 0) {
+      continue;
+    }
+    labels[pair.slice(0, eq)] = pair.slice(eq + 1);
+  }
+  return labels;
+}
+
+function listChildren(dir: string): string[] {
   if (!fs.existsSync(dir)) {
     return [];
   }
@@ -17,32 +43,37 @@ function listChildren(dir) {
   return fs.readdirSync(dir).sort().map((entry) => path.join(dir, entry));
 }
 
-export function ls(args = []) {
+export function ls(args: string[] = []): void {
   if (args.length > 0 && (args[0] === '--help' || args[0] === '-h')) {
     process.stdout.write(`${USAGE}\n`);
     return;
   }
 
   const config = loadConfig();
+  const engine = detectEngine(config);
   const tools = resolveTools(config);
   const label = sandboxLabel(config);
-  const containers = runSafe('docker', [
+  const containers = runSafeEngine(engine, 'docker', [
     'ps',
     '-a',
     '--filter',
     `label=${label}`,
     '--format',
-    'table {{.Names}}\t{{.Status}}\t{{.Label "' + `${label}.branch` + '"}}'
+    containerListFormat()
   ]);
 
   p.intro(pc.cyan(`Sandbox status for ${config.project}`));
 
   p.log.step('Containers');
-  if (!containers || containers.split('\n').length <= 1) {
+  if (!containers) {
     p.log.warn('  No sandbox containers');
   } else {
+    const branchKey = sandboxBranchLabel(config);
+    process.stdout.write(`  ${CONTAINER_LIST_HEADER}\n`);
     for (const line of containers.split('\n')) {
-      process.stdout.write(`  ${line}\n`);
+      const [name = '', status = '', labelsCsv = ''] = line.split('\t');
+      const branch = parseLabels(labelsCsv)[branchKey] ?? '';
+      process.stdout.write(`  ${name}\t${status}\t${branch}\n`);
     }
   }
 

package/lib/sandbox/commands/rebuild.ts

@@ -0,0 +1,135 @@
+import { parseArgs } from 'node:util';
+import { createHash } from 'node:crypto';
+import * as p from '@clack/prompts';
+import pc from 'picocolors';
+import { loadConfig } from '../config.ts';
+import type { SandboxConfig } from '../config.ts';
+import { prepareDockerfile } from '../dockerfile.ts';
+import { sandboxImageConfigLabel, sandboxLabel } from '../constants.ts';
+import { detectEngine, ensureDocker } from '../engine.ts';
+import { runEngine, runOkEngine, runSafeEngine, runVerboseEngine } from '../shell.ts';
+import { resolveTools, toolNpmPackagesArg } from '../tools.ts';
+import type { SandboxTool } from '../tools.ts';
+import { toEnginePath } from '../engines/wsl2-paths.ts';
+import { resolveBuildUid } from '../engines/native.ts';
+
+const USAGE = `Usage: ai sandbox rebuild [--quiet]`;
+
+type PreparedDockerfile = ReturnType<typeof prepareDockerfile>;
+type EngineRunFn = (engine: string, cmd: string, args: string[], opts?: { cwd?: string }) => string;
+type EngineRunSafeFn = EngineRunFn;
+
+function buildSignature(preparedDockerfile: PreparedDockerfile, tools: SandboxTool[]): string {
+  return createHash('sha256')
+    .update(JSON.stringify({
+      dockerfile: preparedDockerfile.signature,
+      tools: tools.map((tool) => tool.npmPackage)
+    }))
+    .digest('hex')
+    .slice(0, 12);
+}
+
+export function buildArgs(
+  config: SandboxConfig,
+  tools: SandboxTool[],
+  dockerfilePath: string,
+  imageSignature: string,
+  {
+    engine,
+    runFn = runEngine,
+    runSafeFn = runSafeEngine,
+    env = process.env
+  }: {
+    engine?: string;
+    runFn?: EngineRunFn;
+    runSafeFn?: EngineRunSafeFn;
+    env?: NodeJS.ProcessEnv;
+  } = {}
+): string[] {
+  const selectedEngine = engine ?? detectEngine(config);
+  const { uid: hostUid, gid: hostGid } = resolveBuildUid({
+    engine: selectedEngine,
+    runFn,
+    runSafeFn,
+    env
+  });
+
+  return [
+    'build',
+    '-t',
+    config.imageName,
+    '--build-arg',
+    `HOST_UID=${hostUid}`,
+    '--build-arg',
+    `HOST_GID=${hostGid}`,
+    '--build-arg',
+    `AI_TOOL_PACKAGES=${toolNpmPackagesArg(tools)}`,
+    '--label',
+    sandboxLabel(config),
+    '--label',
+    `${sandboxImageConfigLabel(config)}=${imageSignature}`,
+    '-f',
+    toEnginePath(selectedEngine, dockerfilePath),
+    toEnginePath(selectedEngine, config.repoRoot)
+  ];
+}
+
+function removeImageIfPresent(imageName: string, engine: string): void {
+  if (runOkEngine(engine, 'docker', ['image', 'inspect', imageName])) {
+    runEngine(engine, 'docker', ['rmi', imageName]);
+  }
+}
+
+export async function rebuild(args: string[]): Promise<void> {
+  const { values } = parseArgs({
+    args,
+    allowPositionals: true,
+    strict: true,
+    options: {
+      quiet: { type: 'boolean', short: 'q' },
+      help: { type: 'boolean', short: 'h' }
+    }
+  });
+
+  if (values.help) {
+    process.stdout.write(`${USAGE}\n`);
+    return;
+  }
+
+  const config = loadConfig();
+  const tools = resolveTools(config);
+  const preparedDockerfile = prepareDockerfile(config);
+  const imageSignature = buildSignature(preparedDockerfile, tools);
+  const quiet = values.quiet ?? false;
+  const engine = detectEngine(config);
+
+  await ensureDocker(config, undefined);
+  p.intro(pc.cyan('Rebuilding sandbox image'));
+
+  try {
+    if (quiet) {
+      const spinner = p.spinner();
+      spinner.start(`Removing old image ${config.imageName}...`);
+      removeImageIfPresent(config.imageName, engine);
+      spinner.stop('Old image removed');
+      spinner.start('Building image...');
+      runEngine(engine, 'docker', buildArgs(config, tools, preparedDockerfile.path, imageSignature, { engine }), {
+        cwd: config.repoRoot
+      });
+      spinner.stop(pc.green('Sandbox image rebuilt'));
+    } else {
+      p.log.step(`Removing old image ${config.imageName}`);
+      removeImageIfPresent(config.imageName, engine);
+      p.log.step('Building image');
+      runVerboseEngine(
+        engine,
+        'docker',
+        buildArgs(config, tools, preparedDockerfile.path, imageSignature, { engine }),
+        { cwd: config.repoRoot }
+      );
+      p.log.success(pc.green('Sandbox image rebuilt'));
+    }
+  } finally {
+    preparedDockerfile.cleanup();
+  }
+}

package/lib/sandbox/commands/refresh.ts

@@ -0,0 +1,128 @@
+import { homedir } from 'node:os';
+import { parseArgs } from 'node:util';
+import {
+  buildLockedGuidance,
+  discoverProjects,
+  formatCredentialWarnings,
+  formatRemaining,
+  reconcileClaudeCredentials,
+  redactCommandError,
+  validateClaudeCredentialsEnvOverride
+} from '../credentials.ts';
+import { runProbe } from '../shell.ts';
+
+const USAGE = 'Usage: ai sandbox refresh';
+
+type ReconcileOptions = NonNullable<Parameters<typeof reconcileClaudeCredentials>[1]>;
+
+type RefreshDeps = Partial<ReconcileOptions> & {
+  spawnFn?: typeof runProbe;
+  discoverFn?: typeof discoverProjects;
+  writeStdout?: (chunk: string) => unknown;
+  writeStderr?: (chunk: string) => unknown;
+};
+
+export function probeClaudeStatus(spawnFn: typeof runProbe = runProbe): { ok: boolean; stderr: string; error: string | null } {
+  const result = spawnFn('claude', ['/status'], {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+    timeout: 30_000
+  });
+  return {
+    ok: result.status === 0,
+    stderr: result.stderr?.toString() ?? '',
+    error: result.error?.message ?? null
+  };
+}
+
+export async function refresh(args: string[], deps: RefreshDeps = {}): Promise<number> {
+  const {
+    spawnFn = runProbe,
+    execFn,
+    readFn,
+    existsFn,
+    writeFn,
+    writeHostFn,
+    discoverFn = discoverProjects,
+    writeStdout = (chunk: string) => process.stdout.write(chunk),
+    writeStderr = (chunk: string) => process.stderr.write(chunk)
+  } = deps;
+
+  if (args[0] === '--help' || args[0] === '-h' || args[0] === 'help') {
+    writeStdout(`${USAGE}\n`);
+    return 0;
+  }
+
+  const { positionals } = parseArgs({ args, allowPositionals: true, strict: true });
+  if (positionals.length > 0) {
+    throw new Error(USAGE);
+  }
+  validateClaudeCredentialsEnvOverride();
+
+  const home = homedir();
+  if (!home) {
+    throw new Error('sandbox: home directory is required');
+  }
+
+  const projects = discoverFn(home);
+  if (projects.length === 0) {
+    writeStdout('No project credentials to refresh.\n');
+    return 0;
+  }
+
+  const reconcileOptions = { execFn, readFn, existsFn, writeFn, writeHostFn, projects };
+  let result = reconcileClaudeCredentials(home, reconcileOptions);
+  if (result.status === 'STALE_ACCESS' && result.authoritative === null) {
+    writeStdout('Host credentials appear stale; probing claude /status to trigger refresh...\n');
+    const probe = probeClaudeStatus(spawnFn);
+    if (!probe.ok) {
+      writeStderr(`Probe failed: ${redactCommandError(probe.stderr || probe.error || 'unknown error')}\n`);
+      writeStderr('Run "claude /login" on the host to renew credentials.\n');
+      return 1;
+    }
+    writeStdout('Probe succeeded; re-inspecting host credentials.\n');
+    result = reconcileClaudeCredentials(home, reconcileOptions);
+  }
+
+  if (result.status === 'MISSING') {
+    writeStderr('No Claude Code credentials found on host.\n');
+    writeStderr('Run "claude /login" on the host to authenticate.\n');
+    return 1;
+  }
+
+  if (result.status === 'KEYCHAIN_LOCKED') {
+    writeStderr(`${buildLockedGuidance()}\n`);
+    return 1;
+  }
+
+  if (result.status === 'KEYCHAIN_ERROR') {
+    writeStderr(`Host keychain error: ${redactCommandError(result.detail || 'unknown error')}\n`);
+    writeStderr(`${buildLockedGuidance()}\n`);
+    return 1;
+  }
+
+  if (result.status === 'KEYCHAIN_WRITE_FAILED') {
+    writeStderr(`[host] keychain write failed: ${formatCredentialWarnings(result.warnings) || 'unknown error'}\n`);
+    return 1;
+  }
+
+  if (result.status !== 'OK') {
+    writeStderr('Host credentials still invalid after probe; run "claude /login".\n');
+    return 1;
+  }
+
+  if (result.authoritative && result.authoritative !== 'host' && result.hostWritten) {
+    writeStdout(`[host] reconciled from ${result.authoritative}\n`);
+  }
+
+  for (const project of projects) {
+    const action = result.filesWritten.includes(project) ? 'updated' : 'unchanged';
+    writeStdout(`[${project}] ${action}; expires in ${formatRemaining(result.expiresAt)}\n`);
+  }
+
+  for (const failure of result.fileErrors) {
+    writeStderr(`[${failure.project}] sync failed: ${failure.error}\n`);
+  }
+
+  return result.fileErrors.length > 0 ? 1 : 0;
+}

package/lib/sandbox/commands/{rm.js → rm.ts}

@@ -3,27 +3,42 @@ import path from 'node:path';
 import { parseArgs } from 'node:util';
 import * as p from '@clack/prompts';
 import pc from 'picocolors';
-import { loadConfig } from '../config.js';
+import { loadConfig } from '../config.ts';
+import type { SandboxConfig } from '../config.ts';
 import {
   assertValidBranchName,
   containerNameCandidates,
   sandboxBranchLabel,
   sandboxLabel,
+  shareBranchDir,
   worktreeDirCandidates
-} from '../constants.js';
-import { detectEngine, engineDisplayName, isManagedEngine, stopManagedVm } from '../engine.js';
-import { run, runOk, runSafe } from '../shell.js';
-import { resolveTaskBranch } from '../task-resolver.js';
-import { resolveTools, toolConfigDirCandidates, toolProjectDirCandidates } from '../tools.js';
+} from '../constants.ts';
+import { ENGINES, detectEngine, engineDisplayName, isManagedEngine, stopManagedVm } from '../engine.ts';
+import { run, runOk, runSafe, runSafeEngine } from '../shell.ts';
+import { resolveTaskBranch } from '../task-resolver.ts';
+import { resolveTools, toolConfigDirCandidates, toolProjectDirCandidates } from '../tools.ts';
+import type { SandboxTool } from '../tools.ts';
 
 const USAGE = `Usage: ai sandbox rm <branch> [--all]`;
 
-function projectToolDirs(config, tools) {
+function projectToolDirs(config: SandboxConfig, tools: SandboxTool[]): string[] {
   return tools.flatMap((tool) => toolProjectDirCandidates(tool, config.project));
 }
 
-async function rmOne(config, tools, branch) {
+export function assertManagedPath(root: string, target: string): void {
+  const resolvedRoot = path.resolve(root);
+  const resolvedTarget = path.resolve(target);
+  const relative = path.relative(resolvedRoot, resolvedTarget);
+  if (relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))) {
+    return;
+  }
+
+  throw new Error(`Refusing to remove path outside managed sandbox root: ${target}`);
+}
+
+async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string): Promise<void> {
   assertValidBranchName(branch);
+  const engine = detectEngine(config);
   let effectiveBranch = branch;
   let worktreeCandidates = worktreeDirCandidates(config, branch);
   let toolCandidates = tools.map((tool) => ({
@@ -33,16 +48,16 @@ async function rmOne(config, tools, branch) {
 
   p.intro(pc.cyan(`Removing sandbox for ${branch}`));
 
-  const existing = runSafe('docker', ['ps', '-a', '--format', '{{.Names}}']).split('\n').filter(Boolean);
+  const existing = runSafeEngine(engine, 'docker', ['ps', '-a', '--format', '{{.Names}}']).split('\n').filter(Boolean);
   const matchedContainers = containerNameCandidates(config, branch)
     .filter((name) => existing.includes(name));
 
   if (matchedContainers.length > 0) {
-    const resolvedBranch = runSafe('docker', [
+    const resolvedBranch = runSafeEngine(engine, 'docker', [
       'inspect',
       '-f',
       `{{ index .Config.Labels "${sandboxBranchLabel(config)}" }}`,
-      matchedContainers[0]
+      matchedContainers[0] ?? ''
     ]);
     if (resolvedBranch) {
       effectiveBranch = resolvedBranch;
@@ -56,8 +71,8 @@ async function rmOne(config, tools, branch) {
     const spinner = p.spinner();
     spinner.start(`Stopping container(s): ${matchedContainers.join(', ')}`);
     for (const name of matchedContainers) {
-      runSafe('docker', ['stop', name]);
-      runSafe('docker', ['rm', name]);
+      runSafeEngine(engine, 'docker', ['stop', name]);
+      runSafeEngine(engine, 'docker', ['rm', name]);
     }
     spinner.stop(pc.green(`Removed container(s): ${matchedContainers.join(', ')}`));
   } else {
@@ -81,6 +96,7 @@ async function rmOne(config, tools, branch) {
         try {
           run('git', ['-C', config.repoRoot, 'worktree', 'remove', worktree, '--force']);
         } catch {
+          assertManagedPath(config.worktreeBase, worktree);
           fs.rmSync(worktree, { recursive: true, force: true });
         }
       }
@@ -100,18 +116,33 @@ async function rmOne(config, tools, branch) {
 
   for (const { tool, candidates } of toolCandidates) {
     for (const dir of candidates.filter((candidate) => fs.existsSync(candidate))) {
+      assertManagedPath(tool.sandboxBase, dir);
       fs.rmSync(dir, { recursive: true, force: true });
       p.log.success(`${tool.name} state removed: ${dir}`);
     }
   }
 
+  const shareBranch = shareBranchDir(config, effectiveBranch);
+  if (fs.existsSync(shareBranch)) {
+    const shouldRemoveShare = await p.confirm({
+      message: `Remove share dir for branch '${effectiveBranch}' (${shareBranch})?`,
+      initialValue: true
+    });
+    if (!p.isCancel(shouldRemoveShare) && shouldRemoveShare) {
+      assertManagedPath(config.shareBase, shareBranch);
+      fs.rmSync(shareBranch, { recursive: true, force: true });
+      p.log.success(`Share dir removed: ${shareBranch}`);
+    }
+  }
+
   p.outro(pc.green('Sandbox removed'));
 }
 
-async function rmAll(config, tools) {
+async function rmAll(config: SandboxConfig, tools: SandboxTool[]): Promise<void> {
+  const engine = detectEngine(config);
   p.intro(pc.cyan(`Removing all sandboxes for ${config.project}`));
 
-  const containers = runSafe('docker', [
+  const containers = runSafeEngine(engine, 'docker', [
     'ps',
     '-a',
     '--filter',
@@ -123,8 +154,8 @@ async function rmAll(config, tools) {
     const spinner = p.spinner();
     spinner.start('Stopping project sandbox containers...');
     for (const name of containers.split('\n').filter(Boolean)) {
-      runSafe('docker', ['stop', name]);
-      runSafe('docker', ['rm', name]);
+      runSafeEngine(engine, 'docker', ['stop', name]);
+      runSafeEngine(engine, 'docker', ['rm', name]);
     }
     spinner.stop(pc.green('Project sandbox containers removed'));
   } else {
@@ -143,6 +174,7 @@ async function rmAll(config, tools) {
         try {
           run('git', ['-C', config.repoRoot, 'worktree', 'remove', dir, '--force']);
         } catch {
+          assertManagedPath(config.worktreeBase, dir);
           fs.rmSync(dir, { recursive: true, force: true });
         }
       }
@@ -152,21 +184,39 @@ async function rmAll(config, tools) {
 
   for (const dir of projectToolDirs(config, tools)) {
     if (fs.existsSync(dir)) {
+      assertManagedPath(path.dirname(dir), dir);
       fs.rmSync(dir, { recursive: true, force: true });
       p.log.success(`Removed tool state: ${dir}`);
     }
   }
 
+  if (fs.existsSync(config.shareBase) && fs.readdirSync(config.shareBase).length > 0) {
+    const shouldRemoveAllShares = await p.confirm({
+      message: `Remove all share dirs for project (${config.shareBase})?`,
+      initialValue: true
+    });
+    if (!p.isCancel(shouldRemoveAllShares) && shouldRemoveAllShares) {
+      assertManagedPath(path.dirname(config.shareBase), config.shareBase);
+      fs.rmSync(config.shareBase, { recursive: true, force: true });
+      p.log.success(`Project share dirs removed: ${config.shareBase}`);
+    }
+  }
+
   const shouldRemoveImage = await p.confirm({
     message: `Remove image ${config.imageName}?`,
     initialValue: false
   });
   if (!p.isCancel(shouldRemoveImage) && shouldRemoveImage) {
-    runSafe('docker', ['rmi', config.imageName]);
+    runSafeEngine(engine, 'docker', ['rmi', config.imageName]);
   }
 
-  const engine = detectEngine(config);
   if (isManagedEngine(engine)) {
+    if (engine === ENGINES.WSL2) {
+      p.log.warn('Windows uses Docker Desktop with WSL2. Stop it from Docker Desktop or run "wsl --shutdown" manually.');
+      p.outro(pc.green('All project sandboxes removed'));
+      return;
+    }
+
     const name = engineDisplayName(engine);
     const shouldStopVm = await p.confirm({
       message: `Stop ${name} VM?`,
@@ -180,7 +230,7 @@ async function rmAll(config, tools) {
   p.outro(pc.green('All project sandboxes removed'));
 }
 
-export async function rm(args) {
+export async function rm(args: string[]): Promise<void> {
   const { values, positionals } = parseArgs({
     args,
     allowPositionals: true,
@@ -208,6 +258,6 @@ export async function rm(args) {
     return;
   }
 
-  const branch = resolveTaskBranch(positionals[0], config.repoRoot);
+  const branch = resolveTaskBranch(positionals[0] ?? '', config.repoRoot);
   await rmOne(config, tools, branch);
 }