@fitlab-ai/agent-infra 0.6.2-alpha.1 → 0.6.3

package/dist/lib/sandbox/commands/create.js

@@ -8,17 +8,18 @@ import * as p from '@clack/prompts';
 import pc from 'picocolors';
 import * as toml from 'smol-toml';
 import { loadConfig } from "../config.js";
-import { assertValidBranchName, containerName, containerNameCandidates, parsePositiveIntegerOption, sandboxBranchLabel, sandboxImageConfigLabel, sandboxLabel, sanitizeBranchName, shareBranchDir, shareCommonDir, worktreeDirCandidates } from "../constants.js";
+import { assertValidBranchName, containerName, containerNameCandidates, parsePositiveIntegerOption, sandboxBranchLabel, sandboxImageConfigLabel, sandboxLabel, shareBranchDir, shareCommonDir, shellConfigDir, worktreeDirCandidates } from "../constants.js";
 import { prepareDockerfile } from "../dockerfile.js";
 import { detectEngine, ensureDocker } from "../engine.js";
 import { commandForEngine, execEngine, run, runEngine, runOk, runOkEngine, runSafe, runSafeEngine, runVerboseEngine } from "../shell.js";
 import { resolveTaskBranch } from "../task-resolver.js";
 import { resolveTools, toolConfigDirCandidates, toolNpmPackagesArg } from "../tools.js";
 import { hostJoin, toEnginePath, volumeArg } from "../engines/wsl2-paths.js";
+import { clipboardHostDir, CONTAINER_CLIPBOARD_MOUNT } from "../clipboard/paths.js";
 import { validateSelinuxDisableEnv } from "../engines/selinux.js";
 import { resolveBuildUid } from "../engines/native.js";
 import { dotfilesCacheDir, materializeDotfiles } from "../dotfiles.js";
-import { assertClaudeCredentialsAvailable, redactCommandError, validateClaudeCredentialsEnvOverride } from "../credentials.js";
+import { prepareClaudeCredentials, redactCommandError, validateClaudeCredentialsEnvOverride } from "../credentials.js";
 const OPENCODE_YOLO_PERMISSION = '{"*":"allow","read":"allow","bash":"allow","edit":"allow","webfetch":"allow","external_directory":"allow","doom_loop":"allow"}';
 const SANDBOX_ALIAS_BLOCK_BEGIN = '# >>> agent-infra managed aliases >>>';
 const SANDBOX_ALIAS_BLOCK_END = '# <<< agent-infra managed aliases <<<';
@@ -70,7 +71,13 @@ function resolveToolDirs(config, tools, branch) {
     });
 }
 export function hostShellConfigDir(home, project, branch) {
-    return hostJoin(home, '.agent-infra', 'config', project, sanitizeBranchName(branch));
+    return shellConfigDir({ shellConfigBase: hostJoin(home, '.agent-infra', 'config', project) }, branch);
+}
+export function buildClipboardVolumeArgs(engine, home) {
+    return [
+        '-v',
+        volumeArg(engine, clipboardHostDir(home), CONTAINER_CLIPBOARD_MOUNT, ':ro')
+    ];
 }
 function runtimeChecks(runtimes) {
     const checks = [];
@@ -825,11 +832,13 @@ export async function create(args) {
     assertBranchAvailable(config.repoRoot, branch, { allowedWorktrees: worktreeCandidates });
     const tools = resolveTools(effectiveConfig);
     const resolvedTools = resolveToolDirs(effectiveConfig, tools, branch);
-    // Fail fast before any filesystem/docker side effects so a missing
-    // Claude Code credential blob doesn't leave the user with a stale
-    // worktree, docker image, or temporary Dockerfile they need to manually
-    // clean up.
-    assertClaudeCredentialsAvailable(effectiveConfig.home, effectiveConfig.project, resolvedTools);
+    // Fatal credential states still fail before filesystem/docker side effects.
+    // A genuinely missing Claude Code credential only removes Claude Code's
+    // sandbox config and credential mounts for this create run.
+    const credentialOutcome = prepareClaudeCredentials(effectiveConfig.home, effectiveConfig.project, resolvedTools);
+    const effectiveResolvedTools = credentialOutcome.status === 'SKIPPED'
+        ? resolvedTools.filter(({ tool }) => tool.id !== 'claude-code')
+        : resolvedTools;
     const container = containerName(effectiveConfig, branch);
     const worktree = worktreeCandidates.find((candidate) => fs.existsSync(candidate)) ?? worktreeCandidates[0] ?? '';
     const shareCommon = shareCommonDir(effectiveConfig);
@@ -840,6 +849,11 @@ export async function create(args) {
     const engine = detectEngine(effectiveConfig);
     p.intro(pc.cyan('AI Sandbox'));
     p.log.info(`Project: ${pc.bold(effectiveConfig.project)} | Branch: ${pc.bold(branch)} | Base: ${pc.bold(baseBranch || 'HEAD')}`);
+    if (credentialOutcome.status === 'SKIPPED') {
+        p.log.warn('Claude Code credentials not found on host - creating this sandbox WITHOUT Claude Code credentials.\n'
+            + '  Claude Code is still installed in the image but will not be authenticated.\n'
+            + '  To enable it: run "claude" once on the host to complete login, then re-run "ai sandbox create".');
+    }
     try {
         p.log.step('Checking container engine...');
         await ensureDocker(effectiveConfig, (detail) => {
@@ -913,7 +927,7 @@ export async function create(args) {
             {
                 title: 'Preparing tool state',
                 task: async () => {
-                    for (const { tool, dir } of resolvedTools) {
+                    for (const { tool, dir } of effectiveResolvedTools) {
                         fs.mkdirSync(dir, { recursive: true });
                         for (const { hostPath, sandboxName } of tool.hostPreSeedFiles ?? []) {
                             const destination = path.join(dir, sandboxName);
@@ -946,7 +960,7 @@ export async function create(args) {
                             fs.writeFileSync(filePath, content, 'utf8');
                         }
                     }
-                    return `${resolvedTools.length} tool config directories ready`;
+                    return `${effectiveResolvedTools.length} tool config directories ready`;
                 }
             },
             {
@@ -978,31 +992,32 @@ export async function create(args) {
                     const cachedGpg = needsGpg
                         ? readGpgCache(effectiveConfig.home, effectiveConfig.project, undefined, signingKey)
                         : null;
-                    const envFile = buildContainerEnvFile(resolvedTools, engine);
+                    const envFile = buildContainerEnvFile(effectiveResolvedTools, engine);
                     let hostShellConfig;
                     try {
-                        const claudeCodeEntry = resolvedTools.find(({ tool }) => tool.id === 'claude-code');
+                        const claudeCodeEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'claude-code');
                         if (claudeCodeEntry) {
                             ensureClaudeOnboarding(claudeCodeEntry.dir, effectiveConfig.home);
                             ensureClaudeSettings(claudeCodeEntry.dir, effectiveConfig.home);
-                            // Credential availability is asserted up-front in create() so we
-                            // know the shared credentials file already exists at this point.
+                            // prepareClaudeCredentials wrote the shared credentials file
+                            // before this point. If credentials were missing, the
+                            // claude-code entry was removed from effectiveResolvedTools.
                         }
-                        const codexEntry = resolvedTools.find(({ tool }) => tool.id === 'codex');
+                        const codexEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'codex');
                         if (codexEntry) {
                             ensureCodexModelInheritance(codexEntry.dir, effectiveConfig.home);
                             ensureCodexWorkspaceTrust(codexEntry.dir);
                         }
-                        const geminiEntry = resolvedTools.find(({ tool }) => tool.id === 'gemini-cli');
+                        const geminiEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'gemini-cli');
                         if (geminiEntry) {
                             ensureGeminiWorkspaceTrust(geminiEntry.dir);
                         }
-                        const opencodeEntry = resolvedTools.find(({ tool }) => tool.id === 'opencode');
+                        const opencodeEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'opencode');
                         if (opencodeEntry) {
                             // The TUI reads <toolDir>/opencode.json via OPENCODE_CONFIG pinned in tools.js.
                             ensureOpenCodeModelInheritance(opencodeEntry.dir, effectiveConfig.home);
                         }
-                        const toolVolumes = resolvedTools.flatMap(({ tool, dir }) => [
+                        const toolVolumes = effectiveResolvedTools.flatMap(({ tool, dir }) => [
                             '-v',
                             volumeArg(engine, dir, tool.containerMount)
                         ]);
@@ -1017,7 +1032,7 @@ export async function create(args) {
                             '-v',
                             volumeArg(engine, hostPath, containerPath, ':ro')
                         ]);
-                        const liveMountVolumes = resolvedTools.flatMap(({ tool }) => (tool.hostLiveMounts ?? [])
+                        const liveMountVolumes = effectiveResolvedTools.flatMap(({ tool }) => (tool.hostLiveMounts ?? [])
                             .filter(({ hostPath }) => fs.existsSync(hostPath))
                             .flatMap(({ hostPath, containerSubpath }) => [
                             '-v',
@@ -1026,6 +1041,7 @@ export async function create(args) {
                         fs.mkdirSync(workspaceDir, { recursive: true });
                         fs.mkdirSync(shareCommon, { recursive: true });
                         fs.mkdirSync(shareBranch, { recursive: true });
+                        fs.mkdirSync(clipboardHostDir(effectiveConfig.home), { recursive: true, mode: 0o700 });
                         const dotfilesSnapshot = materializeDotfiles(effectiveConfig.dotfilesDir, dotfilesCacheDir(effectiveConfig.home, effectiveConfig.project));
                         const dotfilesMount = dotfilesSnapshot
                             ? buildDotfilesVolumeArgs(engine, dotfilesSnapshot.cacheDir)
@@ -1049,6 +1065,7 @@ export async function create(args) {
                             volumeArg(engine, shareCommon, '/share/common'),
                             '-v',
                             volumeArg(engine, shareBranch, '/share/branch'),
+                            ...buildClipboardVolumeArgs(engine, effectiveConfig.home),
                             '-v',
                             volumeArg(engine, path.join(effectiveConfig.repoRoot, '.git'), `${toEnginePath(engine, effectiveConfig.repoRoot)}/.git`),
                             '-v',
@@ -1105,7 +1122,7 @@ export async function create(args) {
                                 : 'Host GPG keys unavailable; using stripped git config fallback...');
                         }
                     }
-                    for (const { tool } of resolvedTools) {
+                    for (const { tool } of effectiveResolvedTools) {
                         for (const command of tool.postSetupCmds ?? []) {
                             runSafeEngine(engine, 'docker', ['exec', container, 'bash', '-lc', command]);
                         }
@@ -1143,7 +1160,7 @@ export async function create(args) {
         }
     }
     p.outro(pc.green('Sandbox ready'));
-    const toolHints = resolvedTools.map(({ tool, dir }) => {
+    const toolHints = effectiveResolvedTools.map(({ tool, dir }) => {
         const hasLiveMount = (tool.hostLiveMounts ?? []).some(({ hostPath }) => fs.existsSync(hostPath));
         const hint = hasLiveMount
             ? 'Live-mounted auth/config files stay in sync with the host.'

package/dist/lib/sandbox/commands/enter.js

@@ -5,6 +5,7 @@ import { formatCredentialWarnings, formatRemaining, reconcileClaudeCredentials,
 import { runInteractiveEngine, runSafeEngine } from "../shell.js";
 import { resolveTaskBranch } from "../task-resolver.js";
 import { dotfilesCacheDir, materializeDotfiles } from "../dotfiles.js";
+import { runInteractiveWithClipboardBridge } from "../clipboard/bridge.js";
 const USAGE = `Usage: ai sandbox exec <branch> [cmd...]`;
 const TMUX_ENTRY_PATH = '/usr/local/bin/sandbox-tmux-entry';
 // Terminal-detection variables that interactive TUIs (e.g. claude-code)
@@ -51,7 +52,7 @@ export function formatCredentialSyncStatus(result, isTTY = process.stderr.isTTY)
     }
     return null;
 }
-export function enter(args) {
+export async function enter(args) {
     if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
         process.stdout.write(`${USAGE}\n`);
         if (args.length === 0) {
@@ -91,7 +92,12 @@ export function enter(args) {
         catch (error) {
             process.stderr.write(`Warning: dotfiles snapshot rebuild failed: ${redactCommandError(error instanceof Error ? error.message : 'unknown error')}\n`);
         }
-        return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH]);
+        return runInteractiveWithClipboardBridge({
+            engine,
+            dockerArgs: ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH],
+            container,
+            home: config.home
+        });
     }
     return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, ...cmd]);
 }

package/dist/lib/sandbox/commands/ls.js

@@ -8,7 +8,7 @@ import { detectEngine } from "../engine.js";
 import { runSafeEngine } from "../shell.js";
 import { resolveTools, toolProjectDirCandidates } from "../tools.js";
 const USAGE = 'Usage: ai sandbox ls';
-const CONTAINER_LIST_HEADER = 'NAMES\tSTATUS\tBRANCH';
+const CONTAINER_TABLE_HEADERS = ['NAMES', 'STATUS', 'BRANCH'];
 // Exported to lock the docker/podman-compatible format in unit tests.
 export function containerListFormat() {
     return '{{.Names}}\t{{.Status}}\t{{.Labels}}';
@@ -30,6 +30,19 @@ export function parseLabels(csv) {
     }
     return labels;
 }
+export function formatContainerTable(rows) {
+    const columns = rows.map((row) => [row.name, row.status, row.branch]);
+    const widths = [
+        Math.max(CONTAINER_TABLE_HEADERS[0].length, ...rows.map((row) => row.name.length)),
+        Math.max(CONTAINER_TABLE_HEADERS[1].length, ...rows.map((row) => row.status.length)),
+        Math.max(CONTAINER_TABLE_HEADERS[2].length, ...rows.map((row) => row.branch.length))
+    ];
+    const renderRow = (values) => `${values[0].padEnd(widths[0])}  ${values[1].padEnd(widths[1])}  ${values[2]}`.trimEnd();
+    return [
+        renderRow(CONTAINER_TABLE_HEADERS),
+        ...columns.map((column) => renderRow(column))
+    ];
+}
 function listChildren(dir) {
     if (!fs.existsSync(dir)) {
         return [];
@@ -60,11 +73,13 @@ export function ls(args = []) {
     }
     else {
         const branchKey = sandboxBranchLabel(config);
-        process.stdout.write(`  ${CONTAINER_LIST_HEADER}\n`);
-        for (const line of containers.split('\n')) {
+        const rows = containers.split('\n').map((line) => {
             const [name = '', status = '', labelsCsv = ''] = line.split('\t');
             const branch = parseLabels(labelsCsv)[branchKey] ?? '';
-            process.stdout.write(`  ${name}\t${status}\t${branch}\n`);
+            return { name, status, branch };
+        });
+        for (const line of formatContainerTable(rows)) {
+            process.stdout.write(`  ${line}\n`);
         }
     }
     p.log.step('Worktrees');

package/dist/lib/sandbox/commands/prune.js

@@ -0,0 +1,176 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { parseArgs } from 'node:util';
+import * as p from '@clack/prompts';
+import pc from 'picocolors';
+import { loadConfig } from "../config.js";
+import { safeNameCandidates, sandboxBranchLabel, sandboxLabel } from "../constants.js";
+import { detectEngine } from "../engine.js";
+import { hostJoin } from "../engines/wsl2-paths.js";
+import { removeManagedDir, removeWorktreeDir } from "../managed-fs.js";
+import { parseLabels } from "./ls.js";
+import { runEngine, runSafe } from "../shell.js";
+import { resolveTools } from "../tools.js";
+const USAGE = `Usage: ai sandbox prune [--dry-run]`;
+function listChildDirs(base) {
+    if (!fs.existsSync(base)) {
+        return [];
+    }
+    return fs.readdirSync(base)
+        .sort()
+        .map((entry) => path.join(base, entry))
+        .filter((entry) => {
+        try {
+            return fs.statSync(entry).isDirectory();
+        }
+        catch {
+            return false;
+        }
+    });
+}
+function activeSafeNames(activeBranches) {
+    const names = new Set();
+    for (const branch of activeBranches) {
+        try {
+            for (const name of safeNameCandidates(branch)) {
+                names.add(name);
+            }
+        }
+        catch {
+            names.add(branch);
+        }
+    }
+    return names;
+}
+function orphanDirs(base, activeNames) {
+    return listChildDirs(base).filter((dir) => !activeNames.has(path.basename(dir)));
+}
+function addGroup(groups, group) {
+    if (group.dirs.length > 0) {
+        groups.push(group);
+    }
+}
+export function collectOrphanGroups(config, tools, activeBranches) {
+    const activeNames = activeSafeNames(activeBranches);
+    const groups = [];
+    const shareBranchesBase = hostJoin(config.shareBase, 'branches');
+    addGroup(groups, {
+        kind: 'shell',
+        label: 'Shell config dirs',
+        base: config.shellConfigBase,
+        dirs: orphanDirs(config.shellConfigBase, activeNames)
+    });
+    addGroup(groups, {
+        kind: 'worktree',
+        label: 'Worktrees',
+        base: config.worktreeBase,
+        dirs: orphanDirs(config.worktreeBase, activeNames)
+    });
+    addGroup(groups, {
+        kind: 'share',
+        label: 'Share branch dirs',
+        base: shareBranchesBase,
+        dirs: orphanDirs(shareBranchesBase, activeNames)
+    });
+    for (const tool of tools) {
+        const base = hostJoin(tool.sandboxBase, config.project);
+        addGroup(groups, {
+            kind: 'tool',
+            label: `${tool.name} state`,
+            base,
+            dirs: orphanDirs(base, activeNames)
+        });
+    }
+    return groups;
+}
+export function removeOrphanGroups(config, groups) {
+    let removedWorktrees = false;
+    for (const group of groups) {
+        for (const dir of group.dirs) {
+            if (group.kind === 'worktree') {
+                removeWorktreeDir(config.repoRoot, group.base, dir);
+                removedWorktrees = true;
+            }
+            else {
+                removeManagedDir(group.base, dir);
+            }
+        }
+    }
+    return removedWorktrees;
+}
+function activeBranchesFromLabels(config, labelsOutput) {
+    const branchKey = sandboxBranchLabel(config);
+    return labelsOutput.split('\n')
+        .map((line) => parseLabels(line)[branchKey] ?? '')
+        .filter(Boolean);
+}
+function orphanCount(groups) {
+    return groups.reduce((sum, group) => sum + group.dirs.length, 0);
+}
+function writeGroups(groups) {
+    for (const group of groups) {
+        p.log.step(group.label);
+        for (const dir of group.dirs) {
+            process.stdout.write(`  ${dir}\n`);
+        }
+    }
+}
+export async function prune(args) {
+    const { values } = parseArgs({
+        args,
+        strict: true,
+        options: {
+            'dry-run': { type: 'boolean' },
+            help: { type: 'boolean', short: 'h' }
+        }
+    });
+    if (values.help) {
+        process.stdout.write(`${USAGE}\n`);
+        return;
+    }
+    const config = loadConfig();
+    const tools = resolveTools(config);
+    const engine = detectEngine(config);
+    const psArgs = [
+        'ps',
+        '-a',
+        '--filter',
+        `label=${sandboxLabel(config)}`,
+        '--format',
+        '{{.Labels}}'
+    ];
+    let labelsOutput;
+    try {
+        labelsOutput = runEngine(engine, 'docker', psArgs);
+    }
+    catch {
+        throw new Error('Unable to determine active sandbox branches: docker ps failed');
+    }
+    const groups = collectOrphanGroups(config, tools, activeBranchesFromLabels(config, labelsOutput));
+    const count = orphanCount(groups);
+    p.intro(pc.cyan(`Pruning orphaned sandbox state for ${config.project}`));
+    if (count === 0) {
+        p.log.success('No orphaned sandbox state dirs found');
+        p.outro(pc.green('Sandbox prune complete'));
+        return;
+    }
+    writeGroups(groups);
+    if (values['dry-run']) {
+        p.outro(pc.green('Dry run complete'));
+        return;
+    }
+    const shouldRemove = await p.confirm({
+        message: `Remove ${count} orphaned sandbox state dirs?`,
+        initialValue: true
+    });
+    if (p.isCancel(shouldRemove) || !shouldRemove) {
+        p.outro('Cancelled');
+        return;
+    }
+    const removedWorktrees = removeOrphanGroups(config, groups);
+    if (removedWorktrees) {
+        runSafe('git', ['-C', config.repoRoot, 'worktree', 'prune']);
+    }
+    p.outro(pc.green('Orphaned sandbox state dirs removed'));
+}
+//# sourceMappingURL=prune.js.map

package/dist/lib/sandbox/commands/rm.js

@@ -4,24 +4,17 @@ import { parseArgs } from 'node:util';
 import * as p from '@clack/prompts';
 import pc from 'picocolors';
 import { loadConfig } from "../config.js";
-import { assertValidBranchName, containerNameCandidates, sandboxBranchLabel, sandboxLabel, shareBranchDir, worktreeDirCandidates } from "../constants.js";
+import { assertValidBranchName, containerNameCandidates, sandboxBranchLabel, sandboxLabel, shareBranchDir, shellConfigDirCandidates, worktreeDirCandidates } from "../constants.js";
 import { ENGINES, detectEngine, engineDisplayName, isManagedEngine, stopManagedVm } from "../engine.js";
-import { run, runOk, runSafe, runSafeEngine } from "../shell.js";
+import { removeManagedDir, removeWorktreeDir } from "../managed-fs.js";
+import { runOk, runSafe, runSafeEngine } from "../shell.js";
 import { resolveTaskBranch } from "../task-resolver.js";
 import { resolveTools, toolConfigDirCandidates, toolProjectDirCandidates } from "../tools.js";
 const USAGE = `Usage: ai sandbox rm <branch> [--all]`;
+export { assertManagedPath } from "../managed-fs.js";
 function projectToolDirs(config, tools) {
     return tools.flatMap((tool) => toolProjectDirCandidates(tool, config.project));
 }
-export function assertManagedPath(root, target) {
-    const resolvedRoot = path.resolve(root);
-    const resolvedTarget = path.resolve(target);
-    const relative = path.relative(resolvedRoot, resolvedTarget);
-    if (relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))) {
-        return;
-    }
-    throw new Error(`Refusing to remove path outside managed sandbox root: ${target}`);
-}
 async function rmOne(config, tools, branch) {
     assertValidBranchName(branch);
     const engine = detectEngine(config);
@@ -73,13 +66,7 @@ async function rmOne(config, tools, branch) {
         }
         if (shouldRemoveWorktree) {
             for (const worktree of existingWorktrees) {
-                try {
-                    run('git', ['-C', config.repoRoot, 'worktree', 'remove', worktree, '--force']);
-                }
-                catch {
-                    assertManagedPath(config.worktreeBase, worktree);
-                    fs.rmSync(worktree, { recursive: true, force: true });
-                }
+                removeWorktreeDir(config.repoRoot, config.worktreeBase, worktree);
             }
             const shouldDeleteBranch = await p.confirm({
                 message: `Also delete local branch '${effectiveBranch}'?`,
@@ -94,11 +81,14 @@ async function rmOne(config, tools, branch) {
     }
     for (const { tool, candidates } of toolCandidates) {
         for (const dir of candidates.filter((candidate) => fs.existsSync(candidate))) {
-            assertManagedPath(tool.sandboxBase, dir);
-            fs.rmSync(dir, { recursive: true, force: true });
+            removeManagedDir(tool.sandboxBase, dir);
             p.log.success(`${tool.name} state removed: ${dir}`);
         }
     }
+    for (const dir of shellConfigDirCandidates(config, effectiveBranch).filter((candidate) => fs.existsSync(candidate))) {
+        removeManagedDir(config.shellConfigBase, dir);
+        p.log.success(`Shell config removed: ${dir}`);
+    }
     const shareBranch = shareBranchDir(config, effectiveBranch);
     if (fs.existsSync(shareBranch)) {
         const shouldRemoveShare = await p.confirm({
@@ -106,8 +96,7 @@ async function rmOne(config, tools, branch) {
             initialValue: true
         });
         if (!p.isCancel(shouldRemoveShare) && shouldRemoveShare) {
-            assertManagedPath(config.shareBase, shareBranch);
-            fs.rmSync(shareBranch, { recursive: true, force: true });
+            removeManagedDir(config.shareBase, shareBranch);
             p.log.success(`Share dir removed: ${shareBranch}`);
         }
     }
@@ -144,32 +133,37 @@ async function rmAll(config, tools) {
         if (!p.isCancel(shouldRemoveWorktrees) && shouldRemoveWorktrees) {
             for (const entry of fs.readdirSync(config.worktreeBase)) {
                 const dir = path.join(config.worktreeBase, entry);
-                try {
-                    run('git', ['-C', config.repoRoot, 'worktree', 'remove', dir, '--force']);
-                }
-                catch {
-                    assertManagedPath(config.worktreeBase, dir);
-                    fs.rmSync(dir, { recursive: true, force: true });
-                }
+                removeWorktreeDir(config.repoRoot, config.worktreeBase, dir);
             }
             runSafe('git', ['-C', config.repoRoot, 'worktree', 'prune']);
         }
     }
     for (const dir of projectToolDirs(config, tools)) {
         if (fs.existsSync(dir)) {
-            assertManagedPath(path.dirname(dir), dir);
-            fs.rmSync(dir, { recursive: true, force: true });
+            removeManagedDir(path.dirname(dir), dir);
             p.log.success(`Removed tool state: ${dir}`);
         }
     }
+    if (fs.existsSync(config.shellConfigBase) && fs.readdirSync(config.shellConfigBase).length > 0) {
+        const shouldRemoveShellConfigs = await p.confirm({
+            message: `Remove all shell config dirs in ${config.shellConfigBase}?`,
+            initialValue: true
+        });
+        if (!p.isCancel(shouldRemoveShellConfigs) && shouldRemoveShellConfigs) {
+            for (const entry of fs.readdirSync(config.shellConfigBase)) {
+                const dir = path.join(config.shellConfigBase, entry);
+                removeManagedDir(config.shellConfigBase, dir);
+            }
+            p.log.success(`Project shell config dirs removed: ${config.shellConfigBase}`);
+        }
+    }
     if (fs.existsSync(config.shareBase) && fs.readdirSync(config.shareBase).length > 0) {
         const shouldRemoveAllShares = await p.confirm({
             message: `Remove all share dirs for project (${config.shareBase})?`,
             initialValue: true
         });
         if (!p.isCancel(shouldRemoveAllShares) && shouldRemoveAllShares) {
-            assertManagedPath(path.dirname(config.shareBase), config.shareBase);
-            fs.rmSync(config.shareBase, { recursive: true, force: true });
+            removeManagedDir(path.dirname(config.shareBase), config.shareBase);
             p.log.success(`Project share dirs removed: ${config.shareBase}`);
         }
     }

package/dist/lib/sandbox/config.js

@@ -86,6 +86,7 @@ export function loadConfig({ platformFn = platform, writeStderr = (chunk) => pro
         imageName: `${project}-sandbox:latest`,
         worktreeBase: hostJoin(home, '.agent-infra', 'worktrees', project),
         shareBase: hostJoin(home, '.agent-infra', 'share', project),
+        shellConfigBase: hostJoin(home, '.agent-infra', 'config', project),
         dotfilesDir: hostJoin(home, '.agent-infra', 'dotfiles'),
         engine,
         runtimes,

package/dist/lib/sandbox/constants.js

@@ -57,6 +57,12 @@ export function shareCommonDir(config) {
 export function shareBranchDir(config, branch) {
     return hostJoin(config.shareBase, 'branches', sanitizeBranchName(branch));
 }
+export function shellConfigDir(config, branch) {
+    return hostJoin(config.shellConfigBase, sanitizeBranchName(branch));
+}
+export function shellConfigDirCandidates(config, branch) {
+    return safeNameCandidates(branch).map((name) => hostJoin(config.shellConfigBase, name));
+}
 export function sandboxLabel(config) {
     return `${config.project}.sandbox`;
 }

package/dist/lib/sandbox/credentials.js

@@ -395,43 +395,62 @@ export function formatRemaining(expiresAt) {
     const minutes = totalMinutes % 60;
     return hours > 0 ? `${hours}h ${minutes}m` : `${minutes}m`;
 }
-export function assertClaudeCredentialsAvailable(home, project, resolvedTools, extractFn = extractClaudeCredentialsBlob, writeFn = writeClaudeCredentialsFile, inspectFn = inspectClaudeKeychainStatus) {
+export function prepareClaudeCredentials(home, project, resolvedTools, extractFn = extractClaudeCredentialsBlob, writeFn = writeClaudeCredentialsFile, inspectFn = inspectClaudeKeychainStatus) {
     const claudeCodeEntry = resolvedTools.find(({ tool }) => tool.id === 'claude-code');
     if (!claudeCodeEntry) {
-        return;
+        return { status: 'NOT_APPLICABLE' };
     }
     let blob = null;
     const hasCustomInspectFn = inspectFn !== inspectClaudeKeychainStatus;
     const hasCustomExtractFn = extractFn !== extractClaudeCredentialsBlob;
     if (hasCustomInspectFn || !hasCustomExtractFn) {
         const inspection = inspectFn(home);
-        if (inspection.status === 'KEYCHAIN_LOCKED') {
-            throw new Error([
-                'Claude Code credentials are stored in the macOS keychain, but the keychain is locked.',
-                '',
-                buildLockedGuidance()
-            ].join('\n'));
+        switch (inspection.status) {
+            case 'OK':
+                blob = inspection.blob;
+                break;
+            case 'MISSING':
+                return { status: 'SKIPPED' };
+            case 'KEYCHAIN_LOCKED':
+                throw new Error([
+                    'Claude Code credentials are stored in the macOS keychain, but the keychain is locked.',
+                    '',
+                    buildLockedGuidance()
+                ].join('\n'));
+            case 'STALE_ACCESS':
+                throw new Error([
+                    'Claude Code credentials on host are invalid or expired.',
+                    '',
+                    'The sandbox needs valid Claude Code OAuth credentials so the container can use Claude Code.',
+                    '',
+                    'To fix:',
+                    '  1. On the host, run "claude" once and complete the OAuth login flow.',
+                    '  2. Verify with "claude /status" that you see your subscription.',
+                    '  3. Re-run "ai sandbox create".'
+                ].join('\n'));
+            case 'KEYCHAIN_ERROR':
+                throw new Error([
+                    'Claude Code credentials could not be read from the host keychain.',
+                    '',
+                    inspection.detail ? `Detail: ${inspection.detail}` : 'Detail: unknown keychain error',
+                    '',
+                    'To fix:',
+                    '  1. Unlock or repair the host keychain, then re-run "ai sandbox create".',
+                    '  2. For SSH / CI, set AGENT_INFRA_CLAUDE_CREDENTIALS_FILE to an absolute path containing a valid credentials blob.'
+                ].join('\n'));
+            default: {
+                const _exhaustive = inspection;
+                throw new Error(`Unhandled Claude Code credential inspection status: ${_exhaustive.status}`);
+            }
         }
-        blob = inspection.status === 'OK' ? inspection.blob : null;
     }
     else {
         blob = extractFn(home);
-    }
-    if (!blob) {
-        throw new Error([
-            'Claude Code credentials not found on host.',
-            '',
-            'The sandbox needs your Claude Code OAuth credentials so the container can use Claude Code.',
-            '',
-            'To fix:',
-            '  1. On the host, run "claude" once and complete the OAuth login flow.',
-            '  2. Verify with "claude /status" that you see your subscription.',
-            '  3. Re-run "ai sandbox create".',
-            '',
-            'Alternatively, if you do not need Claude Code in this sandbox,',
-            'remove "claude-code" from the "sandbox.tools" array in .agents/.airc.json.'
-        ].join('\n'));
+        if (!blob) {
+            return { status: 'SKIPPED' };
+        }
     }
     writeFn(home, project, blob);
+    return { status: 'OK' };
 }
 //# sourceMappingURL=credentials.js.map