@fitlab-ai/agent-infra 0.6.2 → 0.6.4

package/lib/sandbox/commands/enter.ts

@@ -11,6 +11,8 @@ import {
 import { runInteractiveEngine, runSafeEngine } from '../shell.ts';
 import { resolveTaskBranch } from '../task-resolver.ts';
 import { dotfilesCacheDir, materializeDotfiles } from '../dotfiles.ts';
+import { runInteractiveWithClipboardBridge } from '../clipboard/bridge.ts';
+import { detectHostTimezone } from '../host-timezone.ts';
 
 const USAGE = `Usage: ai sandbox exec <branch> [cmd...]`;
 const TMUX_ENTRY_PATH = '/usr/local/bin/sandbox-tmux-entry';
@@ -38,6 +40,11 @@ export function terminalEnvFlags(env: NodeJS.ProcessEnv = process.env): string[]
   return flags;
 }
 
+export function hostTimezoneEnvFlags(detect = detectHostTimezone): string[] {
+  const tz = detect();
+  return tz ? ['-e', `TZ=${tz}`] : [];
+}
+
 export function formatCredentialSyncStatus(
   result: ReturnType<typeof reconcileClaudeCredentials>,
   isTTY = process.stderr.isTTY
@@ -65,7 +72,7 @@ export function formatCredentialSyncStatus(
   return null;
 }
 
-export function enter(args: string[]): number {
+export async function enter(args: string[]): Promise<number> {
   if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
     process.stdout.write(`${USAGE}\n`);
     if (args.length === 0) {
@@ -100,7 +107,7 @@ export function enter(args: string[]): number {
     }
   }
 
-  const envFlags = terminalEnvFlags();
+  const envFlags = [...terminalEnvFlags(), ...hostTimezoneEnvFlags()];
   if (cmd.length === 0) {
     try {
       materializeDotfiles(config.dotfilesDir, dotfilesCacheDir(config.home, config.project));
@@ -108,7 +115,12 @@ export function enter(args: string[]): number {
       process.stderr.write(`Warning: dotfiles snapshot rebuild failed: ${redactCommandError(error instanceof Error ? error.message : 'unknown error')}\n`);
     }
 
-    return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH]);
+    return runInteractiveWithClipboardBridge({
+      engine,
+      dockerArgs: ['exec', '-it', ...envFlags, container, 'bash', TMUX_ENTRY_PATH],
+      container,
+      home: config.home
+    });
   }
 
   return runInteractiveEngine(engine, 'docker', ['exec', '-it', ...envFlags, container, ...cmd]);

package/lib/sandbox/commands/ls.ts

@@ -9,7 +9,13 @@ import { runSafeEngine } from '../shell.ts';
 import { resolveTools, toolProjectDirCandidates } from '../tools.ts';
 
 const USAGE = 'Usage: ai sandbox ls';
-const CONTAINER_LIST_HEADER = 'NAMES\tSTATUS\tBRANCH';
+const CONTAINER_TABLE_HEADERS = ['NAMES', 'STATUS', 'BRANCH'] as const;
+
+type ContainerTableRow = {
+  name: string;
+  status: string;
+  branch: string;
+};
 
 // Exported to lock the docker/podman-compatible format in unit tests.
 export function containerListFormat(): string {
@@ -35,6 +41,22 @@ export function parseLabels(csv: string): Record<string, string> {
   return labels;
 }
 
+export function formatContainerTable(rows: ContainerTableRow[]): string[] {
+  const columns = rows.map((row) => [row.name, row.status, row.branch] as const);
+  const widths = [
+    Math.max(CONTAINER_TABLE_HEADERS[0].length, ...rows.map((row) => row.name.length)),
+    Math.max(CONTAINER_TABLE_HEADERS[1].length, ...rows.map((row) => row.status.length)),
+    Math.max(CONTAINER_TABLE_HEADERS[2].length, ...rows.map((row) => row.branch.length))
+  ] as const;
+  const renderRow = (values: readonly [string, string, string]): string =>
+    `${values[0].padEnd(widths[0])}  ${values[1].padEnd(widths[1])}  ${values[2]}`.trimEnd();
+
+  return [
+    renderRow(CONTAINER_TABLE_HEADERS),
+    ...columns.map((column) => renderRow(column))
+  ];
+}
+
 function listChildren(dir: string): string[] {
   if (!fs.existsSync(dir)) {
     return [];
@@ -69,11 +91,13 @@ export function ls(args: string[] = []): void {
     p.log.warn('  No sandbox containers');
   } else {
     const branchKey = sandboxBranchLabel(config);
-    process.stdout.write(`  ${CONTAINER_LIST_HEADER}\n`);
-    for (const line of containers.split('\n')) {
+    const rows = containers.split('\n').map((line) => {
       const [name = '', status = '', labelsCsv = ''] = line.split('\t');
       const branch = parseLabels(labelsCsv)[branchKey] ?? '';
-      process.stdout.write(`  ${name}\t${status}\t${branch}\n`);
+      return { name, status, branch };
+    });
+    for (const line of formatContainerTable(rows)) {
+      process.stdout.write(`  ${line}\n`);
     }
   }
 

package/lib/sandbox/commands/prune.ts

@@ -0,0 +1,211 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { parseArgs } from 'node:util';
+import * as p from '@clack/prompts';
+import pc from 'picocolors';
+import { loadConfig } from '../config.ts';
+import type { SandboxConfig } from '../config.ts';
+import { safeNameCandidates, sandboxBranchLabel, sandboxLabel } from '../constants.ts';
+import { detectEngine } from '../engine.ts';
+import { hostJoin } from '../engines/wsl2-paths.ts';
+import { removeManagedDir, removeWorktreeDir } from '../managed-fs.ts';
+import { parseLabels } from './ls.ts';
+import { runEngine, runSafe } from '../shell.ts';
+import { resolveTools } from '../tools.ts';
+import type { SandboxTool } from '../tools.ts';
+
+const USAGE = `Usage: ai sandbox prune [--dry-run]`;
+
+type OrphanKind = 'shell' | 'worktree' | 'share' | 'tool';
+
+export type OrphanGroup = {
+  kind: OrphanKind;
+  label: string;
+  base: string;
+  dirs: string[];
+};
+
+function listChildDirs(base: string): string[] {
+  if (!fs.existsSync(base)) {
+    return [];
+  }
+
+  return fs.readdirSync(base)
+    .sort()
+    .map((entry) => path.join(base, entry))
+    .filter((entry) => {
+      try {
+        return fs.statSync(entry).isDirectory();
+      } catch {
+        return false;
+      }
+    });
+}
+
+function activeSafeNames(activeBranches: string[]): Set<string> {
+  const names = new Set<string>();
+  for (const branch of activeBranches) {
+    try {
+      for (const name of safeNameCandidates(branch)) {
+        names.add(name);
+      }
+    } catch {
+      names.add(branch);
+    }
+  }
+  return names;
+}
+
+function orphanDirs(base: string, activeNames: Set<string>): string[] {
+  return listChildDirs(base).filter((dir) => !activeNames.has(path.basename(dir)));
+}
+
+function addGroup(groups: OrphanGroup[], group: OrphanGroup): void {
+  if (group.dirs.length > 0) {
+    groups.push(group);
+  }
+}
+
+export function collectOrphanGroups(
+  config: SandboxConfig,
+  tools: SandboxTool[],
+  activeBranches: string[]
+): OrphanGroup[] {
+  const activeNames = activeSafeNames(activeBranches);
+  const groups: OrphanGroup[] = [];
+  const shareBranchesBase = hostJoin(config.shareBase, 'branches');
+
+  addGroup(groups, {
+    kind: 'shell',
+    label: 'Shell config dirs',
+    base: config.shellConfigBase,
+    dirs: orphanDirs(config.shellConfigBase, activeNames)
+  });
+  addGroup(groups, {
+    kind: 'worktree',
+    label: 'Worktrees',
+    base: config.worktreeBase,
+    dirs: orphanDirs(config.worktreeBase, activeNames)
+  });
+  addGroup(groups, {
+    kind: 'share',
+    label: 'Share branch dirs',
+    base: shareBranchesBase,
+    dirs: orphanDirs(shareBranchesBase, activeNames)
+  });
+
+  for (const tool of tools) {
+    const base = hostJoin(tool.sandboxBase, config.project);
+    addGroup(groups, {
+      kind: 'tool',
+      label: `${tool.name} state`,
+      base,
+      dirs: orphanDirs(base, activeNames)
+    });
+  }
+
+  return groups;
+}
+
+export function removeOrphanGroups(config: SandboxConfig, groups: OrphanGroup[]): boolean {
+  let removedWorktrees = false;
+  for (const group of groups) {
+    for (const dir of group.dirs) {
+      if (group.kind === 'worktree') {
+        removeWorktreeDir(config.repoRoot, group.base, dir);
+        removedWorktrees = true;
+      } else {
+        removeManagedDir(group.base, dir);
+      }
+    }
+  }
+  return removedWorktrees;
+}
+
+function activeBranchesFromLabels(config: SandboxConfig, labelsOutput: string): string[] {
+  const branchKey = sandboxBranchLabel(config);
+  return labelsOutput.split('\n')
+    .map((line) => parseLabels(line)[branchKey] ?? '')
+    .filter(Boolean);
+}
+
+function orphanCount(groups: OrphanGroup[]): number {
+  return groups.reduce((sum, group) => sum + group.dirs.length, 0);
+}
+
+function writeGroups(groups: OrphanGroup[]): void {
+  for (const group of groups) {
+    p.log.step(group.label);
+    for (const dir of group.dirs) {
+      process.stdout.write(`  ${dir}\n`);
+    }
+  }
+}
+
+export async function prune(args: string[]): Promise<void> {
+  const { values } = parseArgs({
+    args,
+    strict: true,
+    options: {
+      'dry-run': { type: 'boolean' },
+      help: { type: 'boolean', short: 'h' }
+    }
+  });
+
+  if (values.help) {
+    process.stdout.write(`${USAGE}\n`);
+    return;
+  }
+
+  const config = loadConfig();
+  const tools = resolveTools(config);
+  const engine = detectEngine(config);
+  const psArgs = [
+    'ps',
+    '-a',
+    '--filter',
+    `label=${sandboxLabel(config)}`,
+    '--format',
+    '{{.Labels}}'
+  ];
+  let labelsOutput: string;
+  try {
+    labelsOutput = runEngine(engine, 'docker', psArgs);
+  } catch {
+    throw new Error('Unable to determine active sandbox branches: docker ps failed');
+  }
+  const groups = collectOrphanGroups(config, tools, activeBranchesFromLabels(config, labelsOutput));
+  const count = orphanCount(groups);
+
+  p.intro(pc.cyan(`Pruning orphaned sandbox state for ${config.project}`));
+
+  if (count === 0) {
+    p.log.success('No orphaned sandbox state dirs found');
+    p.outro(pc.green('Sandbox prune complete'));
+    return;
+  }
+
+  writeGroups(groups);
+
+  if (values['dry-run']) {
+    p.outro(pc.green('Dry run complete'));
+    return;
+  }
+
+  const shouldRemove = await p.confirm({
+    message: `Remove ${count} orphaned sandbox state dirs?`,
+    initialValue: true
+  });
+
+  if (p.isCancel(shouldRemove) || !shouldRemove) {
+    p.outro('Cancelled');
+    return;
+  }
+
+  const removedWorktrees = removeOrphanGroups(config, groups);
+  if (removedWorktrees) {
+    runSafe('git', ['-C', config.repoRoot, 'worktree', 'prune']);
+  }
+
+  p.outro(pc.green('Orphaned sandbox state dirs removed'));
+}

package/lib/sandbox/commands/rm.ts

@@ -11,31 +11,23 @@ import {
   sandboxBranchLabel,
   sandboxLabel,
   shareBranchDir,
+  shellConfigDirCandidates,
   worktreeDirCandidates
 } from '../constants.ts';
 import { ENGINES, detectEngine, engineDisplayName, isManagedEngine, stopManagedVm } from '../engine.ts';
-import { run, runOk, runSafe, runSafeEngine } from '../shell.ts';
+import { removeManagedDir, removeWorktreeDir } from '../managed-fs.ts';
+import { runOk, runSafe, runSafeEngine } from '../shell.ts';
 import { resolveTaskBranch } from '../task-resolver.ts';
 import { resolveTools, toolConfigDirCandidates, toolProjectDirCandidates } from '../tools.ts';
 import type { SandboxTool } from '../tools.ts';
 
 const USAGE = `Usage: ai sandbox rm <branch> [--all]`;
+export { assertManagedPath } from '../managed-fs.ts';
 
 function projectToolDirs(config: SandboxConfig, tools: SandboxTool[]): string[] {
   return tools.flatMap((tool) => toolProjectDirCandidates(tool, config.project));
 }
 
-export function assertManagedPath(root: string, target: string): void {
-  const resolvedRoot = path.resolve(root);
-  const resolvedTarget = path.resolve(target);
-  const relative = path.relative(resolvedRoot, resolvedTarget);
-  if (relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))) {
-    return;
-  }
-
-  throw new Error(`Refusing to remove path outside managed sandbox root: ${target}`);
-}
-
 async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string): Promise<void> {
   assertValidBranchName(branch);
   const engine = detectEngine(config);
@@ -93,12 +85,7 @@ async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string
 
     if (shouldRemoveWorktree) {
       for (const worktree of existingWorktrees) {
-        try {
-          run('git', ['-C', config.repoRoot, 'worktree', 'remove', worktree, '--force']);
-        } catch {
-          assertManagedPath(config.worktreeBase, worktree);
-          fs.rmSync(worktree, { recursive: true, force: true });
-        }
+        removeWorktreeDir(config.repoRoot, config.worktreeBase, worktree);
       }
 
       const shouldDeleteBranch = await p.confirm({
@@ -116,12 +103,16 @@ async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string
 
   for (const { tool, candidates } of toolCandidates) {
     for (const dir of candidates.filter((candidate) => fs.existsSync(candidate))) {
-      assertManagedPath(tool.sandboxBase, dir);
-      fs.rmSync(dir, { recursive: true, force: true });
+      removeManagedDir(tool.sandboxBase, dir);
       p.log.success(`${tool.name} state removed: ${dir}`);
     }
   }
 
+  for (const dir of shellConfigDirCandidates(config, effectiveBranch).filter((candidate) => fs.existsSync(candidate))) {
+    removeManagedDir(config.shellConfigBase, dir);
+    p.log.success(`Shell config removed: ${dir}`);
+  }
+
   const shareBranch = shareBranchDir(config, effectiveBranch);
   if (fs.existsSync(shareBranch)) {
     const shouldRemoveShare = await p.confirm({
@@ -129,8 +120,7 @@ async function rmOne(config: SandboxConfig, tools: SandboxTool[], branch: string
       initialValue: true
     });
     if (!p.isCancel(shouldRemoveShare) && shouldRemoveShare) {
-      assertManagedPath(config.shareBase, shareBranch);
-      fs.rmSync(shareBranch, { recursive: true, force: true });
+      removeManagedDir(config.shareBase, shareBranch);
       p.log.success(`Share dir removed: ${shareBranch}`);
     }
   }
@@ -171,12 +161,7 @@ async function rmAll(config: SandboxConfig, tools: SandboxTool[]): Promise<void>
     if (!p.isCancel(shouldRemoveWorktrees) && shouldRemoveWorktrees) {
       for (const entry of fs.readdirSync(config.worktreeBase)) {
         const dir = path.join(config.worktreeBase, entry);
-        try {
-          run('git', ['-C', config.repoRoot, 'worktree', 'remove', dir, '--force']);
-        } catch {
-          assertManagedPath(config.worktreeBase, dir);
-          fs.rmSync(dir, { recursive: true, force: true });
-        }
+        removeWorktreeDir(config.repoRoot, config.worktreeBase, dir);
       }
       runSafe('git', ['-C', config.repoRoot, 'worktree', 'prune']);
     }
@@ -184,20 +169,33 @@ async function rmAll(config: SandboxConfig, tools: SandboxTool[]): Promise<void>
 
   for (const dir of projectToolDirs(config, tools)) {
     if (fs.existsSync(dir)) {
-      assertManagedPath(path.dirname(dir), dir);
-      fs.rmSync(dir, { recursive: true, force: true });
+      removeManagedDir(path.dirname(dir), dir);
       p.log.success(`Removed tool state: ${dir}`);
     }
   }
 
+  if (fs.existsSync(config.shellConfigBase) && fs.readdirSync(config.shellConfigBase).length > 0) {
+    const shouldRemoveShellConfigs = await p.confirm({
+      message: `Remove all shell config dirs in ${config.shellConfigBase}?`,
+      initialValue: true
+    });
+
+    if (!p.isCancel(shouldRemoveShellConfigs) && shouldRemoveShellConfigs) {
+      for (const entry of fs.readdirSync(config.shellConfigBase)) {
+        const dir = path.join(config.shellConfigBase, entry);
+        removeManagedDir(config.shellConfigBase, dir);
+      }
+      p.log.success(`Project shell config dirs removed: ${config.shellConfigBase}`);
+    }
+  }
+
   if (fs.existsSync(config.shareBase) && fs.readdirSync(config.shareBase).length > 0) {
     const shouldRemoveAllShares = await p.confirm({
       message: `Remove all share dirs for project (${config.shareBase})?`,
       initialValue: true
     });
     if (!p.isCancel(shouldRemoveAllShares) && shouldRemoveAllShares) {
-      assertManagedPath(path.dirname(config.shareBase), config.shareBase);
-      fs.rmSync(config.shareBase, { recursive: true, force: true });
+      removeManagedDir(path.dirname(config.shareBase), config.shareBase);
       p.log.success(`Project share dirs removed: ${config.shareBase}`);
     }
   }

package/lib/sandbox/config.ts

@@ -46,6 +46,7 @@ export type SandboxConfig = {
   imageName: string;
   worktreeBase: string;
   shareBase: string;
+  shellConfigBase: string;
   dotfilesDir: string;
   engine: string | null;
   runtimes: string[];
@@ -145,6 +146,7 @@ export function loadConfig({
     imageName: `${project}-sandbox:latest`,
     worktreeBase: hostJoin(home, '.agent-infra', 'worktrees', project),
     shareBase: hostJoin(home, '.agent-infra', 'share', project),
+    shellConfigBase: hostJoin(home, '.agent-infra', 'config', project),
     dotfilesDir: hostJoin(home, '.agent-infra', 'dotfiles'),
     engine,
     runtimes,

package/lib/sandbox/constants.ts

@@ -9,6 +9,7 @@ type SandboxPathConfig = {
   containerPrefix: string;
   worktreeBase: string;
   shareBase: string;
+  shellConfigBase: string;
 };
 
 type HostResources = {
@@ -86,6 +87,14 @@ export function shareBranchDir(config: Pick<SandboxPathConfig, 'shareBase'>, bra
   return hostJoin(config.shareBase, 'branches', sanitizeBranchName(branch));
 }
 
+export function shellConfigDir(config: Pick<SandboxPathConfig, 'shellConfigBase'>, branch: string): string {
+  return hostJoin(config.shellConfigBase, sanitizeBranchName(branch));
+}
+
+export function shellConfigDirCandidates(config: Pick<SandboxPathConfig, 'shellConfigBase'>, branch: string): string[] {
+  return safeNameCandidates(branch).map((name) => hostJoin(config.shellConfigBase, name));
+}
+
 export function sandboxLabel(config: Pick<SandboxPathConfig, 'project'>): string {
   return `${config.project}.sandbox`;
 }

package/lib/sandbox/host-timezone.ts

@@ -0,0 +1,42 @@
+import fs from 'node:fs';
+import os from 'node:os';
+
+export type DetectHostTimezoneOptions = {
+  platform?: NodeJS.Platform;
+  readlink?: (targetPath: string) => string;
+  env?: NodeJS.ProcessEnv;
+};
+
+const ZONEINFO_MARK = '/zoneinfo/';
+const IANA_ZONE_RE = /^[A-Za-z][A-Za-z0-9_+-]*(\/[A-Za-z0-9_+-]+)*$/;
+
+function safeTimezone(value: string | undefined): string | null {
+  if (!value || !IANA_ZONE_RE.test(value)) {
+    return null;
+  }
+  return value;
+}
+
+export function detectHostTimezone(options: DetectHostTimezoneOptions = {}): string | null {
+  const platform = options.platform ?? os.platform();
+  const env = options.env ?? process.env;
+  if (env.TZ) {
+    return safeTimezone(env.TZ);
+  }
+
+  if (platform !== 'darwin' && platform !== 'linux') {
+    return null;
+  }
+
+  const readlink = options.readlink ?? fs.readlinkSync;
+  try {
+    const target = readlink('/etc/localtime');
+    const idx = target.indexOf(ZONEINFO_MARK);
+    if (idx < 0) {
+      return null;
+    }
+    return safeTimezone(target.slice(idx + ZONEINFO_MARK.length));
+  } catch {
+    return null;
+  }
+}

package/lib/sandbox/index.ts

@@ -6,6 +6,7 @@ Commands:
   refresh                      Sync host Claude Code credentials to all sandbox copies
   ls                           List sandboxes for the current project
   rm <branch> [--all]          Remove a sandbox or all sandboxes
+  prune [--dry-run]            Remove orphaned per-branch state dirs
   vm status|start|stop         Manage the sandbox VM (macOS) or check the backend (Windows)
   rebuild [--quiet]            Rebuild the sandbox image
 
@@ -33,7 +34,7 @@ export async function runSandbox(args: string[]): Promise<void> {
     }
     case 'exec': {
       const { enter } = await import('./commands/enter.ts');
-      const exitCode = enter(rest);
+      const exitCode = await enter(rest);
       if (typeof exitCode === 'number' && exitCode !== 0) {
         process.exitCode = exitCode;
       }
@@ -57,6 +58,11 @@ export async function runSandbox(args: string[]): Promise<void> {
       await rm(rest);
       break;
     }
+    case 'prune': {
+      const { prune } = await import('./commands/prune.ts');
+      await prune(rest);
+      break;
+    }
     case 'vm': {
       const { vm } = await import('./commands/vm.ts');
       await vm(rest);

package/lib/sandbox/managed-fs.ts

@@ -0,0 +1,27 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { run } from './shell.ts';
+
+export function assertManagedPath(root: string, target: string): void {
+  const resolvedRoot = path.resolve(root);
+  const resolvedTarget = path.resolve(target);
+  const relative = path.relative(resolvedRoot, resolvedTarget);
+  if (relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))) {
+    return;
+  }
+
+  throw new Error(`Refusing to remove path outside managed sandbox root: ${target}`);
+}
+
+export function removeManagedDir(root: string, dir: string): void {
+  assertManagedPath(root, dir);
+  fs.rmSync(dir, { recursive: true, force: true });
+}
+
+export function removeWorktreeDir(repoRoot: string, worktreeBase: string, dir: string): void {
+  try {
+    run('git', ['-C', repoRoot, 'worktree', 'remove', dir, '--force']);
+  } catch {
+    removeManagedDir(worktreeBase, dir);
+  }
+}

package/lib/sandbox/runtimes/base.dockerfile

@@ -3,7 +3,6 @@ FROM ubuntu:22.04
 LABEL description="AI coding sandbox"
 
 ENV DEBIAN_FRONTEND=noninteractive
-ENV TZ=Asia/Shanghai
 
 ARG HOST_UID=1000
 ARG HOST_GID=1000
@@ -22,7 +21,7 @@ RUN apt-get update && apt-get install -y \
     build-essential ca-certificates gnupg lsb-release \
     libevent-core-2.1-7 libncursesw6 libtinfo6 \
     pkg-config bison libevent-dev libncurses-dev \
-    locales \
+    locales tzdata \
     && locale-gen en_US.UTF-8 \
     && (curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
         | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg) \
@@ -45,13 +44,13 @@ RUN apt-get update && apt-get install -y \
     && rm -rf /var/lib/apt/lists/*
 
 # Enable extended keys in CSI u format so Shift+Enter and other modified
-# keys are forwarded through tmux. Preserve terminal-detection variables
+# keys are forwarded through tmux. Preserve terminal/timezone variables
 # injected at `docker exec` time when new tmux sessions are created.
 RUN printf '%s\n' \
       'set -g extended-keys always' \
       'set -g extended-keys-format csi-u' \
       "set -as terminal-features 'xterm*:extkeys'" \
-      "set -ga update-environment 'TERM_PROGRAM TERM_PROGRAM_VERSION LC_TERMINAL LC_TERMINAL_VERSION'" \
+      "set -ga update-environment 'TERM_PROGRAM TERM_PROGRAM_VERSION LC_TERMINAL LC_TERMINAL_VERSION TZ'" \
       'set -g mouse on' \
       'set -g status-interval 1' \
       'set -g status-right-length 80' \
@@ -146,7 +145,7 @@ RUN cat > /usr/local/bin/sandbox-tmux-entry <<'SCRIPT' && chmod +x /usr/local/bi
 #!/bin/sh
 set -eu
 
-sandbox-dotfiles-link >/dev/null || true
+sandbox-dotfiles-link >/dev/null 2>&1 || true
 
 SESSION=work
 
@@ -154,20 +153,26 @@ if ! command -v tmux >/dev/null 2>&1; then
   exec bash
 fi
 
-if ! tmux has-session -t "$SESSION" 2>/dev/null; then
-  exec tmux new-session -s "$SESSION"
-fi
-
-tmux list-sessions -F '#{session_name} #{session_attached}' 2>/dev/null | \
-  while read -r name attached; do
-    [ "$name" = "$SESSION" ] && continue
+# Drop stale grouped sessions left by older entry-script versions (the windows
+# live on $SESSION, so killing the group members only removes view entries).
+tmux list-sessions -F '#{session_name}' 2>/dev/null | while IFS= read -r name; do
     case "$name" in
-      ''|*[!0-9]*) continue ;;
+      "$SESSION"-*) tmux kill-session -t "$name" 2>/dev/null || true ;;
     esac
-    [ "$attached" = "0" ] && tmux kill-session -t "$name" 2>/dev/null || true
-  done
+done
+
+# Reuse the single $SESSION; -d detaches any pre-existing client so the new
+# one becomes the sole owner of window-size, eliminating size races.
+if tmux has-session -t "$SESSION" 2>/dev/null; then
+  # Push the per-exec TZ into the running session's env so new
+  # windows/panes pick up the host timezone without a session kill.
+  if [ -n "${TZ:-}" ]; then
+    tmux set-environment -t "$SESSION" TZ "$TZ" 2>/dev/null || true
+  fi
+  exec tmux attach -d -t "$SESSION"
+fi
 
-exec tmux new-session -t "$SESSION"
+exec tmux new-session -s "$SESSION"
 SCRIPT
 
 ENV LANG=en_US.UTF-8

package/lib/sandbox/tools.ts

@@ -28,7 +28,7 @@ function createBuiltinTools(home: string, project: string): Record<string, Sandb
     'claude-code': {
       id: 'claude-code',
       name: 'Claude Code',
-      npmPackage: '@anthropic-ai/claude-code',
+      npmPackage: '@anthropic-ai/claude-code@stable',
       sandboxBase: hostJoin(home, '.agent-infra', 'sandboxes', 'claude-code'),
       containerMount: '/home/devuser/.claude',
       versionCmd: 'claude --version',