@fitlab-ai/agent-infra 0.6.2-alpha.1 → 0.6.3

package/lib/sandbox/commands/create.ts

@@ -17,9 +17,9 @@ import {
   sandboxBranchLabel,
   sandboxImageConfigLabel,
   sandboxLabel,
-  sanitizeBranchName,
   shareBranchDir,
   shareCommonDir,
+  shellConfigDir,
   worktreeDirCandidates
 } from '../constants.ts';
 import { prepareDockerfile } from '../dockerfile.ts';
@@ -39,11 +39,12 @@ import { resolveTaskBranch } from '../task-resolver.ts';
 import { resolveTools, toolConfigDirCandidates, toolNpmPackagesArg } from '../tools.ts';
 import type { SandboxTool } from '../tools.ts';
 import { hostJoin, toEnginePath, volumeArg } from '../engines/wsl2-paths.ts';
+import { clipboardHostDir, CONTAINER_CLIPBOARD_MOUNT } from '../clipboard/paths.ts';
 import { validateSelinuxDisableEnv } from '../engines/selinux.ts';
 import { resolveBuildUid } from '../engines/native.ts';
 import { dotfilesCacheDir, materializeDotfiles } from '../dotfiles.ts';
 import {
-  assertClaudeCredentialsAvailable,
+  prepareClaudeCredentials,
   redactCommandError,
   validateClaudeCredentialsEnvOverride
 } from '../credentials.ts';
@@ -127,7 +128,17 @@ function resolveToolDirs(config: Pick<SandboxCreateConfig, 'project'>, tools: Sa
 }
 
 export function hostShellConfigDir(home: string, project: string, branch: string): string {
-  return hostJoin(home, '.agent-infra', 'config', project, sanitizeBranchName(branch));
+  return shellConfigDir(
+    { shellConfigBase: hostJoin(home, '.agent-infra', 'config', project) },
+    branch
+  );
+}
+
+export function buildClipboardVolumeArgs(engine: string, home: string): string[] {
+  return [
+    '-v',
+    volumeArg(engine, clipboardHostDir(home), CONTAINER_CLIPBOARD_MOUNT, ':ro')
+  ];
 }
 
 function runtimeChecks(runtimes: string[]): RuntimeCheck[] {
@@ -1100,15 +1111,17 @@ export async function create(args: string[]): Promise<void> {
   assertBranchAvailable(config.repoRoot, branch, { allowedWorktrees: worktreeCandidates });
   const tools = resolveTools(effectiveConfig);
   const resolvedTools = resolveToolDirs(effectiveConfig, tools, branch);
-  // Fail fast before any filesystem/docker side effects so a missing
-  // Claude Code credential blob doesn't leave the user with a stale
-  // worktree, docker image, or temporary Dockerfile they need to manually
-  // clean up.
-  assertClaudeCredentialsAvailable(
+  // Fatal credential states still fail before filesystem/docker side effects.
+  // A genuinely missing Claude Code credential only removes Claude Code's
+  // sandbox config and credential mounts for this create run.
+  const credentialOutcome = prepareClaudeCredentials(
     effectiveConfig.home,
     effectiveConfig.project,
     resolvedTools
   );
+  const effectiveResolvedTools = credentialOutcome.status === 'SKIPPED'
+    ? resolvedTools.filter(({ tool }) => tool.id !== 'claude-code')
+    : resolvedTools;
   const container = containerName(effectiveConfig, branch);
   const worktree = worktreeCandidates.find((candidate) => fs.existsSync(candidate)) ?? worktreeCandidates[0] ?? '';
   const shareCommon = shareCommonDir(effectiveConfig);
@@ -1122,6 +1135,13 @@ export async function create(args: string[]): Promise<void> {
   p.log.info(
     `Project: ${pc.bold(effectiveConfig.project)} | Branch: ${pc.bold(branch)} | Base: ${pc.bold(baseBranch || 'HEAD')}`
   );
+  if (credentialOutcome.status === 'SKIPPED') {
+    p.log.warn(
+      'Claude Code credentials not found on host - creating this sandbox WITHOUT Claude Code credentials.\n'
+      + '  Claude Code is still installed in the image but will not be authenticated.\n'
+      + '  To enable it: run "claude" once on the host to complete login, then re-run "ai sandbox create".'
+    );
+  }
 
   try {
     p.log.step('Checking container engine...');
@@ -1206,7 +1226,7 @@ export async function create(args: string[]): Promise<void> {
       {
         title: 'Preparing tool state',
         task: async () => {
-          for (const { tool, dir } of resolvedTools) {
+          for (const { tool, dir } of effectiveResolvedTools) {
             fs.mkdirSync(dir, { recursive: true });
 
             for (const { hostPath, sandboxName } of tool.hostPreSeedFiles ?? []) {
@@ -1243,7 +1263,7 @@ export async function create(args: string[]): Promise<void> {
             }
           }
 
-          return `${resolvedTools.length} tool config directories ready`;
+          return `${effectiveResolvedTools.length} tool config directories ready`;
         }
       },
       {
@@ -1283,31 +1303,32 @@ export async function create(args: string[]): Promise<void> {
               signingKey
             )
             : null;
-          const envFile = buildContainerEnvFile(resolvedTools, engine);
+          const envFile = buildContainerEnvFile(effectiveResolvedTools, engine);
           let hostShellConfig: HostShellConfig;
           try {
-            const claudeCodeEntry = resolvedTools.find(({ tool }) => tool.id === 'claude-code');
+            const claudeCodeEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'claude-code');
             if (claudeCodeEntry) {
               ensureClaudeOnboarding(claudeCodeEntry.dir, effectiveConfig.home);
               ensureClaudeSettings(claudeCodeEntry.dir, effectiveConfig.home);
-              // Credential availability is asserted up-front in create() so we
-              // know the shared credentials file already exists at this point.
+              // prepareClaudeCredentials wrote the shared credentials file
+              // before this point. If credentials were missing, the
+              // claude-code entry was removed from effectiveResolvedTools.
             }
-            const codexEntry = resolvedTools.find(({ tool }) => tool.id === 'codex');
+            const codexEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'codex');
             if (codexEntry) {
               ensureCodexModelInheritance(codexEntry.dir, effectiveConfig.home);
               ensureCodexWorkspaceTrust(codexEntry.dir);
             }
-            const geminiEntry = resolvedTools.find(({ tool }) => tool.id === 'gemini-cli');
+            const geminiEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'gemini-cli');
             if (geminiEntry) {
               ensureGeminiWorkspaceTrust(geminiEntry.dir);
             }
-            const opencodeEntry = resolvedTools.find(({ tool }) => tool.id === 'opencode');
+            const opencodeEntry = effectiveResolvedTools.find(({ tool }) => tool.id === 'opencode');
             if (opencodeEntry) {
               // The TUI reads <toolDir>/opencode.json via OPENCODE_CONFIG pinned in tools.js.
               ensureOpenCodeModelInheritance(opencodeEntry.dir, effectiveConfig.home);
             }
-            const toolVolumes = resolvedTools.flatMap(({ tool, dir }) => [
+            const toolVolumes = effectiveResolvedTools.flatMap(({ tool, dir }) => [
               '-v',
               volumeArg(engine, dir, tool.containerMount)
             ]);
@@ -1322,7 +1343,7 @@ export async function create(args: string[]): Promise<void> {
               '-v',
               volumeArg(engine, hostPath, containerPath, ':ro')
             ]);
-            const liveMountVolumes = resolvedTools.flatMap(({ tool }) =>
+            const liveMountVolumes = effectiveResolvedTools.flatMap(({ tool }) =>
               (tool.hostLiveMounts ?? [])
                 .filter(({ hostPath }) => fs.existsSync(hostPath))
                 .flatMap(({ hostPath, containerSubpath }) => [
@@ -1334,6 +1355,7 @@ export async function create(args: string[]): Promise<void> {
             fs.mkdirSync(workspaceDir, { recursive: true });
             fs.mkdirSync(shareCommon, { recursive: true });
             fs.mkdirSync(shareBranch, { recursive: true });
+            fs.mkdirSync(clipboardHostDir(effectiveConfig.home), { recursive: true, mode: 0o700 });
 
             const dotfilesSnapshot = materializeDotfiles(
               effectiveConfig.dotfilesDir,
@@ -1362,6 +1384,7 @@ export async function create(args: string[]): Promise<void> {
               volumeArg(engine, shareCommon, '/share/common'),
               '-v',
               volumeArg(engine, shareBranch, '/share/branch'),
+              ...buildClipboardVolumeArgs(engine, effectiveConfig.home),
               '-v',
               volumeArg(
                 engine,
@@ -1435,7 +1458,7 @@ export async function create(args: string[]): Promise<void> {
             }
           }
 
-          for (const { tool } of resolvedTools) {
+          for (const { tool } of effectiveResolvedTools) {
             for (const command of tool.postSetupCmds ?? []) {
               runSafeEngine(engine, 'docker', ['exec', container, 'bash', '-lc', command]);
             }
@@ -1477,7 +1500,7 @@ export async function create(args: string[]): Promise<void> {
 
   p.outro(pc.green('Sandbox ready'));
 
-  const toolHints = resolvedTools.map(({ tool, dir }) => {
+  const toolHints = effectiveResolvedTools.map(({ tool, dir }) => {
     const hasLiveMount = (tool.hostLiveMounts ?? []).some(({ hostPath }) => fs.existsSync(hostPath));
     const hint = hasLiveMount
       ? 'Live-mounted auth/config files stay in sync with the host.'

package/lib/sandbox/commands/enter.ts

@@ -11,6 +11,7 @@ import {
 import { runInteractiveEngine, runSafeEngine } from '../shell.ts';
 import { resolveTaskBranch } from '../task-resolver.ts';
 import { dotfilesCacheDir, materializeDotfiles } from '../dotfiles.ts';
+import { runInteractiveWithClipboardBridge } from '../clipboard/bridge.ts';
 
 const USAGE = `Usage: ai sandbox exec <branch> [cmd...]`;
 const TMUX_ENTRY_PATH = '/usr/local/bin/sandbox-tmux-entry';
@@ -65,7 +66,7 @@ export function formatCredentialSyncStatus(
   return null;
 }
 
-export function enter(args: string[]): number {
+export async function enter(args: string[]): Promise<number> {
   if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
     process.stdout.write(`${USAGE}\n`);
     if (args.length === 0) {
@@ -108,7 +109,12 @@ export function enter(args: string[]): number {
       process.stderr.write(`Warning: dotfiles snapshot rebuild failed: ${redactCommandError(error instanceof Error ? error.message : 'unknown error')}\n`);
     }
 
-    return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH]);
+    return runInteractiveWithClipboardBridge({
+      engine,
+      dockerArgs: ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH],
+      container,
+      home: config.home
+    });
   }
 
   return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, ...cmd]);

package/lib/sandbox/commands/ls.ts

@@ -9,7 +9,13 @@ import { runSafeEngine } from '../shell.ts';
 import { resolveTools, toolProjectDirCandidates } from '../tools.ts';
 
 const USAGE = 'Usage: ai sandbox ls';
-const CONTAINER_LIST_HEADER = 'NAMES\tSTATUS\tBRANCH';
+const CONTAINER_TABLE_HEADERS = ['NAMES', 'STATUS', 'BRANCH'] as const;
+
+type ContainerTableRow = {
+  name: string;
+  status: string;
+  branch: string;
+};
 
 // Exported to lock the docker/podman-compatible format in unit tests.
 export function containerListFormat(): string {
@@ -35,6 +41,22 @@ export function parseLabels(csv: string): Record<string, string> {
   return labels;
 }
 
+export function formatContainerTable(rows: ContainerTableRow[]): string[] {
+  const columns = rows.map((row) => [row.name, row.status, row.branch] as const);
+  const widths = [
+    Math.max(CONTAINER_TABLE_HEADERS[0].length, ...rows.map((row) => row.name.length)),
+    Math.max(CONTAINER_TABLE_HEADERS[1].length, ...rows.map((row) => row.status.length)),
+    Math.max(CONTAINER_TABLE_HEADERS[2].length, ...rows.map((row) => row.branch.length))
+  ] as const;
+  const renderRow = (values: readonly [string, string, string]): string =>
+    `${values[0].padEnd(widths[0])}  ${values[1].padEnd(widths[1])}  ${values[2]}`.trimEnd();
+
+  return [
+    renderRow(CONTAINER_TABLE_HEADERS),
+    ...columns.map((column) => renderRow(column))
+  ];
+}
+
 function listChildren(dir: string): string[] {
   if (!fs.existsSync(dir)) {
     return [];
@@ -69,11 +91,13 @@ export function ls(args: string[] = []): void {
     p.log.warn('  No sandbox containers');
   } else {
     const branchKey = sandboxBranchLabel(config);
-    process.stdout.write(`  ${CONTAINER_LIST_HEADER}\n`);
-    for (const line of containers.split('\n')) {
+    const rows = containers.split('\n').map((line) => {
       const [name = '', status = '', labelsCsv = ''] = line.split('\t');
       const branch = parseLabels(labelsCsv)[branchKey] ?? '';
-      process.stdout.write(`  ${name}\t${status}\t${branch}\n`);
+      return { name, status, branch };
+    });
+    for (const line of formatContainerTable(rows)) {
+      process.stdout.write(`  ${line}\n`);
     }
   }
 

package/lib/sandbox/commands/prune.ts

@@ -0,0 +1,211 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { parseArgs } from 'node:util';
+import * as p from '@clack/prompts';
+import pc from 'picocolors';
+import { loadConfig } from '../config.ts';
+import type { SandboxConfig } from '../config.ts';
+import { safeNameCandidates, sandboxBranchLabel, sandboxLabel } from '../constants.ts';
+import { detectEngine } from '../engine.ts';
+import { hostJoin } from '../engines/wsl2-paths.ts';
+import { removeManagedDir, removeWorktreeDir } from '../managed-fs.ts';
+import { parseLabels } from './ls.ts';
+import { runEngine, runSafe } from '../shell.ts';
+import { resolveTools } from '../tools.ts';
+import type { SandboxTool } from '../tools.ts';
+
+const USAGE = `Usage: ai sandbox prune [--dry-run]`;
+
+type OrphanKind = 'shell' | 'worktree' | 'share' | 'tool';
+
+export type OrphanGroup = {
+  kind: OrphanKind;
+  label: string;
+  base: string;
+  dirs: string[];
+};
+
+function listChildDirs(base: string): string[] {
+  if (!fs.existsSync(base)) {
+    return [];
+  }
+
+  return fs.readdirSync(base)
+    .sort()
+    .map((entry) => path.join(base, entry))
+    .filter((entry) => {
+      try {
+        return fs.statSync(entry).isDirectory();
+      } catch {
+        return false;
+      }
+    });
+}
+
+function activeSafeNames(activeBranches: string[]): Set<string> {
+  const names = new Set<string>();
+  for (const branch of activeBranches) {
+    try {
+      for (const name of safeNameCandidates(branch)) {
+        names.add(name);
+      }
+    } catch {
+      names.add(branch);
+    }
+  }
+  return names;
+}
+
+function orphanDirs(base: string, activeNames: Set<string>): string[] {
+  return listChildDirs(base).filter((dir) => !activeNames.has(path.basename(dir)));
+}
+
+function addGroup(groups: OrphanGroup[], group: OrphanGroup): void {
+  if (group.dirs.length > 0) {
+    groups.push(group);
+  }
+}
+
+export function collectOrphanGroups(
+  config: SandboxConfig,
+  tools: SandboxTool[],
+  activeBranches: string[]
+): OrphanGroup[] {
+  const activeNames = activeSafeNames(activeBranches);
+  const groups: OrphanGroup[] = [];
+  const shareBranchesBase = hostJoin(config.shareBase, 'branches');
+
+  addGroup(groups, {
+    kind: 'shell',
+    label: 'Shell config dirs',
+    base: config.shellConfigBase,
+    dirs: orphanDirs(config.shellConfigBase, activeNames)
+  });
+  addGroup(groups, {
+    kind: 'worktree',
+    label: 'Worktrees',
+    base: config.worktreeBase,
+    dirs: orphanDirs(config.worktreeBase, activeNames)
+  });
+  addGroup(groups, {
+    kind: 'share',
+    label: 'Share branch dirs',
+    base: shareBranchesBase,
+    dirs: orphanDirs(shareBranchesBase, activeNames)
+  });
+
+  for (const tool of tools) {
+    const base = hostJoin(tool.sandboxBase, config.project);
+    addGroup(groups, {
+      kind: 'tool',
+      label: `${tool.name} state`,
+      base,
+      dirs: orphanDirs(base, activeNames)
+    });
+  }
+
+  return groups;
+}
+
+export function removeOrphanGroups(config: SandboxConfig, groups: OrphanGroup[]): boolean {
+  let removedWorktrees = false;
+  for (const group of groups) {
+    for (const dir of group.dirs) {
+      if (group.kind === 'worktree') {
+        removeWorktreeDir(config.repoRoot, group.base, dir);
+        removedWorktrees = true;
+      } else {
+        removeManagedDir(group.base, dir);
+      }
+    }
+  }
+  return removedWorktrees;
+}
+
+function activeBranchesFromLabels(config: SandboxConfig, labelsOutput: string): string[] {
+  const branchKey = sandboxBranchLabel(config);
+  return labelsOutput.split('\n')
+    .map((line) => parseLabels(line)[branchKey] ?? '')
+    .filter(Boolean);
+}
+
+function orphanCount(groups: OrphanGroup[]): number {
+  return groups.reduce((sum, group) => sum + group.dirs.length, 0);
+}
+
+function writeGroups(groups: OrphanGroup[]): void {
+  for (const group of groups) {
+    p.log.step(group.label);
+    for (const dir of group.dirs) {
+      process.stdout.write(`  ${dir}\n`);
+    }
+  }
+}
+
+export async function prune(args: string[]): Promise<void> {
+  const { values } = parseArgs({
+    args,
+    strict: true,
+    options: {
+      'dry-run': { type: 'boolean' },
+      help: { type: 'boolean', short: 'h' }
+    }
+  });
+
+  if (values.help) {
+    process.stdout.write(`${USAGE}\n`);
+    return;
+  }
+
+  const config = loadConfig();
+  const tools = resolveTools(config);
+  const engine = detectEngine(config);
+  const psArgs = [
+    'ps',
+    '-a',
+    '--filter',
+    `label=${sandboxLabel(config)}`,
+    '--format',
+    '{{.Labels}}'
+  ];
+  let labelsOutput: string;
+  try {
+    labelsOutput = runEngine(engine, 'docker', psArgs);
+  } catch {
+    throw new Error('Unable to determine active sandbox branches: docker ps failed');
+  }
+  const groups = collectOrphanGroups(config, tools, activeBranchesFromLabels(config, labelsOutput));
+  const count = orphanCount(groups);
+
+  p.intro(pc.cyan(`Pruning orphaned sandbox state for ${config.project}`));
+
+  if (count === 0) {
+    p.log.success('No orphaned sandbox state dirs found');
+    p.outro(pc.green('Sandbox prune complete'));
+    return;
+  }
+
+  writeGroups(groups);
+
+  if (values['dry-run']) {
+    p.outro(pc.green('Dry run complete'));
+    return;
+  }
+
+  const shouldRemove = await p.confirm({
+    message: `Remove ${count} orphaned sandbox state dirs?`,
+    initialValue: true
+  });
+
+  if (p.isCancel(shouldRemove) || !shouldRemove) {
+    p.outro('Cancelled');
+    return;
+  }
+
+  const removedWorktrees = removeOrphanGroups(config, groups);
+  if (removedWorktrees) {
+    runSafe('git', ['-C', config.repoRoot, 'worktree', 'prune']);
+  }
+
+  p.outro(pc.green('Orphaned sandbox state dirs removed'));
+}

package/lib/sandbox/commands/rm.ts

@@ -11,31 +11,23 @@ import {
   sandboxBranchLabel,
   sandboxLabel,
   shareBranchDir,
+  shellConfigDirCandidates,
   worktreeDirCandidates
 } from '../constants.ts';
 import { ENGINES, detectEngine, engineDisplayName, isManagedEngine, stopManagedVm } from '../engine.ts';
-import { run, runOk, runSafe, runSafeEngine } from '../shell.ts';
+import { removeManagedDir, removeWorktreeDir } from '../managed-fs.ts';
+import { runOk, runSafe, runSafeEngine } from '../shell.ts';
 import { resolveTaskBranch } from '../task-resolver.ts';
 import { resolveTools, toolConfigDirCandidates, toolProjectDirCandidates } from '../tools.ts';
 import type { SandboxTool } from '../tools.ts';
 
 const USAGE = `Usage: ai sandbox rm <branch> [--all]`;
+export { assertManagedPath } from '../managed-fs.ts';
 
 function projectToolDirs(config: SandboxConfig, tools: SandboxTool[]): string[] {
   return tools.flatMap((tool) => toolProjectDirCandidates(tool, config.project));
 }
 
-export function assertManagedPath(root: string, target: string): void {
-  const resolvedRoot = path.resolve(root);
-  const resolvedTarget = path.resolve(target);
-  const relative = path.relative(resolvedRoot, resolvedTarget);
-  if (relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))) {
-    return;
-  }
-
-  throw new Error(`Refusing to remove path outside managed sandbox root: ${target}`);
-}
-
 async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string): Promise<void> {
   assertValidBranchName(branch);
   const engine = detectEngine(config);
@@ -93,12 +85,7 @@ async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string
 
     if (shouldRemoveWorktree) {
       for (const worktree of existingWorktrees) {
-        try {
-          run('git', ['-C', config.repoRoot, 'worktree', 'remove', worktree, '--force']);
-        } catch {
-          assertManagedPath(config.worktreeBase, worktree);
-          fs.rmSync(worktree, { recursive: true, force: true });
-        }
+        removeWorktreeDir(config.repoRoot, config.worktreeBase, worktree);
       }
 
       const shouldDeleteBranch = await p.confirm({
@@ -116,12 +103,16 @@ async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string
 
   for (const { tool, candidates } of toolCandidates) {
     for (const dir of candidates.filter((candidate) => fs.existsSync(candidate))) {
-      assertManagedPath(tool.sandboxBase, dir);
-      fs.rmSync(dir, { recursive: true, force: true });
+      removeManagedDir(tool.sandboxBase, dir);
       p.log.success(`${tool.name} state removed: ${dir}`);
     }
   }
 
+  for (const dir of shellConfigDirCandidates(config, effectiveBranch).filter((candidate) => fs.existsSync(candidate))) {
+    removeManagedDir(config.shellConfigBase, dir);
+    p.log.success(`Shell config removed: ${dir}`);
+  }
+
   const shareBranch = shareBranchDir(config, effectiveBranch);
   if (fs.existsSync(shareBranch)) {
     const shouldRemoveShare = await p.confirm({
@@ -129,8 +120,7 @@ async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string
       initialValue: true
     });
     if (!p.isCancel(shouldRemoveShare) && shouldRemoveShare) {
-      assertManagedPath(config.shareBase, shareBranch);
-      fs.rmSync(shareBranch, { recursive: true, force: true });
+      removeManagedDir(config.shareBase, shareBranch);
       p.log.success(`Share dir removed: ${shareBranch}`);
     }
   }
@@ -171,12 +161,7 @@ async function rmAll(config: SandboxConfig, tools: SandboxTool[]): Promise<void>
     if (!p.isCancel(shouldRemoveWorktrees) && shouldRemoveWorktrees) {
       for (const entry of fs.readdirSync(config.worktreeBase)) {
         const dir = path.join(config.worktreeBase, entry);
-        try {
-          run('git', ['-C', config.repoRoot, 'worktree', 'remove', dir, '--force']);
-        } catch {
-          assertManagedPath(config.worktreeBase, dir);
-          fs.rmSync(dir, { recursive: true, force: true });
-        }
+        removeWorktreeDir(config.repoRoot, config.worktreeBase, dir);
       }
       runSafe('git', ['-C', config.repoRoot, 'worktree', 'prune']);
     }
@@ -184,20 +169,33 @@ async function rmAll(config: SandboxConfig, tools: SandboxTool[]): Promise<void>
 
   for (const dir of projectToolDirs(config, tools)) {
     if (fs.existsSync(dir)) {
-      assertManagedPath(path.dirname(dir), dir);
-      fs.rmSync(dir, { recursive: true, force: true });
+      removeManagedDir(path.dirname(dir), dir);
       p.log.success(`Removed tool state: ${dir}`);
     }
   }
 
+  if (fs.existsSync(config.shellConfigBase) && fs.readdirSync(config.shellConfigBase).length > 0) {
+    const shouldRemoveShellConfigs = await p.confirm({
+      message: `Remove all shell config dirs in ${config.shellConfigBase}?`,
+      initialValue: true
+    });
+
+    if (!p.isCancel(shouldRemoveShellConfigs) && shouldRemoveShellConfigs) {
+      for (const entry of fs.readdirSync(config.shellConfigBase)) {
+        const dir = path.join(config.shellConfigBase, entry);
+        removeManagedDir(config.shellConfigBase, dir);
+      }
+      p.log.success(`Project shell config dirs removed: ${config.shellConfigBase}`);
+    }
+  }
+
   if (fs.existsSync(config.shareBase) && fs.readdirSync(config.shareBase).length > 0) {
     const shouldRemoveAllShares = await p.confirm({
       message: `Remove all share dirs for project (${config.shareBase})?`,
       initialValue: true
     });
     if (!p.isCancel(shouldRemoveAllShares) && shouldRemoveAllShares) {
-      assertManagedPath(path.dirname(config.shareBase), config.shareBase);
-      fs.rmSync(config.shareBase, { recursive: true, force: true });
+      removeManagedDir(path.dirname(config.shareBase), config.shareBase);
       p.log.success(`Project share dirs removed: ${config.shareBase}`);
     }
   }

package/lib/sandbox/config.ts

@@ -46,6 +46,7 @@ export type SandboxConfig = {
   imageName: string;
   worktreeBase: string;
   shareBase: string;
+  shellConfigBase: string;
   dotfilesDir: string;
   engine: string | null;
   runtimes: string[];
@@ -145,6 +146,7 @@ export function loadConfig({
     imageName: `${project}-sandbox:latest`,
     worktreeBase: hostJoin(home, '.agent-infra', 'worktrees', project),
     shareBase: hostJoin(home, '.agent-infra', 'share', project),
+    shellConfigBase: hostJoin(home, '.agent-infra', 'config', project),
     dotfilesDir: hostJoin(home, '.agent-infra', 'dotfiles'),
     engine,
     runtimes,

package/lib/sandbox/constants.ts

@@ -9,6 +9,7 @@ type SandboxPathConfig = {
   containerPrefix: string;
   worktreeBase: string;
   shareBase: string;
+  shellConfigBase: string;
 };
 
 type HostResources = {
@@ -86,6 +87,14 @@ export function shareBranchDir(config: Pick<SandboxPathConfig, 'shareBase'>, bra
   return hostJoin(config.shareBase, 'branches', sanitizeBranchName(branch));
 }
 
+export function shellConfigDir(config: Pick<SandboxPathConfig, 'shellConfigBase'>, branch: string): string {
+  return hostJoin(config.shellConfigBase, sanitizeBranchName(branch));
+}
+
+export function shellConfigDirCandidates(config: Pick<SandboxPathConfig, 'shellConfigBase'>, branch: string): string[] {
+  return safeNameCandidates(branch).map((name) => hostJoin(config.shellConfigBase, name));
+}
+
 export function sandboxLabel(config: Pick<SandboxPathConfig, 'project'>): string {
   return `${config.project}.sandbox`;
 }