@growthub/cli 0.9.13 → 0.9.16

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-config.js

@@ -338,6 +338,82 @@ async function writeWorkspaceApiWebhookSettings(patch) {
   return next.integrations.filter((item) => item?.sourceType === "custom-api-webhooks");
 }
 
+/**
+ * Source Records persistence — sidecar store for live-backed dataModel objects.
+ *
+ * Records are written by POST /api/workspace/refresh-sources when a resolver
+ * fetches live data for a source with `binding.sourceStorage: "workspace-source-records"`.
+ *
+ * Persistence is keyed by `sourceId` and stored in a JSON sidecar file
+ * (`growthub.source-records.json`) beside `growthub.config.json`. The same
+ * filesystem / read-only / database mode rules apply: in read-only mode writes
+ * are rejected gracefully so the refresh button surface is disabled.
+ *
+ * Shape: { [sourceId]: { records: Record[], integrationId: string, fetchedAt: string } }
+ */
+
+const SOURCE_RECORDS_FILENAME = "growthub.source-records.json";
+
+function resolveSourceRecordsPath() {
+  return path.resolve(/*turbopackIgnore: true*/ process.cwd(), SOURCE_RECORDS_FILENAME);
+}
+
+async function readWorkspaceSourceRecords(sourceId) {
+  const recordsPath = resolveSourceRecordsPath();
+  try {
+    const raw = await fs.readFile(recordsPath, "utf8");
+    const all = JSON.parse(raw);
+    if (sourceId) {
+      return all[sourceId] || null;
+    }
+    return all;
+  } catch {
+    return sourceId ? null : {};
+  }
+}
+
+async function writeWorkspaceSourceRecords(sourceId, records, metadata = {}) {
+  const persistence = describePersistenceMode();
+  if (persistence.mode !== PERSISTENCE_ADAPTERS.FILESYSTEM || !persistence.canSave) {
+    const error = new Error(persistence.reason);
+    error.code = "WORKSPACE_PERSISTENCE_READ_ONLY";
+    error.guidance = persistence.guidance || READ_ONLY_GUIDANCE;
+    throw error;
+  }
+  if (typeof sourceId !== "string" || !sourceId.trim()) {
+    const error = new Error("sourceId must be a non-empty string");
+    error.code = "INVALID_SOURCE_RECORDS_WRITE";
+    throw error;
+  }
+  if (!Array.isArray(records)) {
+    const error = new Error("records must be an array");
+    error.code = "INVALID_SOURCE_RECORDS_WRITE";
+    throw error;
+  }
+  const recordsPath = resolveSourceRecordsPath();
+  const expectedDir = path.resolve(/*turbopackIgnore: true*/ process.cwd());
+  if (path.dirname(recordsPath) !== expectedDir) {
+    const error = new Error(`refused to write outside workspace cwd: ${recordsPath}`);
+    error.code = "WORKSPACE_PERSISTENCE_PATH_REFUSED";
+    throw error;
+  }
+  let all = {};
+  try {
+    const raw = await fs.readFile(recordsPath, "utf8");
+    all = JSON.parse(raw);
+  } catch {
+    all = {};
+  }
+  all[sourceId.trim()] = {
+    records,
+    integrationId: metadata.integrationId || null,
+    fetchedAt: metadata.fetchedAt || new Date().toISOString(),
+    recordCount: records.length
+  };
+  await fs.writeFile(recordsPath, `${JSON.stringify(all, null, 2)}\n`, "utf8");
+  return all[sourceId.trim()];
+}
+
 export {
   GRID_COLUMNS,
   GRID_ROWS,
@@ -346,9 +422,11 @@ export {
   READ_ONLY_GUIDANCE,
   describePersistenceMode,
   readWorkspaceConfig,
+  readWorkspaceSourceRecords,
   resolveWorkspaceConfigPath,
   validateWorkspaceConfig,
   writeWorkspaceConfig,
   writeWorkspaceApiWebhookSettings,
-  writeWorkspaceIdentitySettings
+  writeWorkspaceIdentitySettings,
+  writeWorkspaceSourceRecords
 };

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-data-model.js

@@ -171,9 +171,12 @@ function deriveManualObjectTable(object) {
     id: `manual-object:${object.id || source}`,
     label: object.label || object.name || source,
     source,
+    objectType: object.objectType || "custom",
+    icon: object.icon || null,
     columns,
     rows,
     binding: object.binding || { mode: "manual", source: "Data Model" },
+    relations: Array.isArray(object.relations) ? object.relations : [],
     mutable: true,
     storage: "manual-object",
     objectId: object.id,
@@ -313,6 +316,141 @@ function uniqueObjectId(workspaceConfig, name) {
   return `${base}-${index}`;
 }
 
+/**
+ * Top-level object type presets.
+ * Each entry defines: label, icon (Lucide name), description, default columns, and
+ * any built-in relations.  These are the five first-class types the UI offers when
+ * a user clicks "New object" — they act like schema templates, not hard constraints.
+ *
+ * Relation shape:
+ *   {
+ *     id:              string,   // stable slug within this object
+ *     name:            string,   // display label
+ *     field:           string,   // FK column on THIS object
+ *     targetObjectType:string,   // objectType of the referenced object
+ *     type:            "belongs-to" | "has-many",
+ *     description:     string
+ *   }
+ */
+const OBJECT_TYPE_PRESETS = {
+  "data-source": {
+    label: "Data Source",
+    icon: "Globe",
+    description: "Custom API, webhook, or external feed. References an API Registry record while credentials stay in workspace settings.",
+    columns: ["Name", "registryId", "endpoint", "authRef", "baseUrl", "status", "lastTested", "lastResponse"],
+    relations: [
+      {
+        id: "resolver-binding",
+        name: "Resolver",
+        field: "registryId",
+        targetObjectType: "api-registry",
+        type: "belongs-to",
+        description: "The API Registry entry whose fetchRecords function resolves this source. Set registryId to match the resolver integrationId."
+      }
+    ]
+  },
+  "api-registry": {
+    label: "API Registry",
+    icon: "Code2",
+    description: "HTTP API records with endpoint config, auth references, connection status, and stored test output.",
+    columns: ["integrationId", "authRef", "baseUrl", "endpoint", "method", "status", "lastTested", "lastResponse", "entityTypes", "description"],
+    relations: []
+  },
+  "people": {
+    label: "People",
+    icon: "Users",
+    description: "Contacts, leads, or team members with standard CRM fields.",
+    columns: ["Name", "Email", "Phone", "Company", "Status", "Role"],
+    relations: []
+  },
+  "tasks": {
+    label: "Tasks",
+    icon: "CheckSquare",
+    description: "Action items, to-dos, or work items.",
+    columns: ["Name", "Status", "DueDate", "Assignee", "Priority"],
+    relations: []
+  },
+  "sandbox-environment": {
+    label: "Sandbox Environment",
+    icon: "Terminal",
+    description: "Execution locality: local (process sandbox or Paperclip thin local agent-host CLI) or serverless (delegates to an API Registry HTTP target: Edge/QStash/cron webhook). Env refs resolve server-side; run history in growthub.source-records.json. Not a widget binding source.",
+    columns: [
+      "Name",
+      "lifecycleStatus",
+      "version",
+      "runLocality",
+      "schedulerRegistryId",
+      "runtime",
+      "adapter",
+      "agentHost",
+      "envRefs",
+      "networkAllow",
+      "allowList",
+      "instructions",
+      "command",
+      "timeoutMs",
+      "status",
+      "lastTested",
+      "lastRunId",
+      "lastSourceId",
+      "lastResponse"
+    ],
+    relations: [
+      {
+        id: "scheduler-registry-binding",
+        name: "Scheduler (serverless)",
+        field: "schedulerRegistryId",
+        targetObjectType: "api-registry",
+        type: "belongs-to",
+        description: "When runLocality is serverless, POST /api/workspace/sandbox-run sends growthub-sandbox-run-v1 to this API Registry record (METHOD, baseUrl, endpoint, authRef resolved server-side). Use for Supabase Edge URL, QStash forwarder, Vercel-exposed webhook, cron targets, etc."
+      }
+    ]
+  },
+  "custom": {
+    label: "Custom",
+    icon: "Plus",
+    description: "Start with a blank table — define your own fields and records.",
+    columns: ["Name"],
+    relations: []
+  }
+};
+
+/**
+ * Create a typed business object from a preset template.
+ * Accepts objectType (one of the OBJECT_TYPE_PRESETS keys) and an optional icon override.
+ * The object is stored in dataModel.objects[] alongside manual objects.
+ */
+function createTypedBusinessObject(workspaceConfig, { name, objectType = "custom", icon } = {}) {
+  const label = String(name || "").trim();
+  if (!label) return workspaceConfig;
+  const preset = OBJECT_TYPE_PRESETS[objectType] || OBJECT_TYPE_PRESETS.custom;
+  const columns = [...preset.columns];
+  const dataModel =
+    workspaceConfig.dataModel && typeof workspaceConfig.dataModel === "object" && !Array.isArray(workspaceConfig.dataModel)
+      ? workspaceConfig.dataModel
+      : {};
+  const id = uniqueObjectId(workspaceConfig, label);
+  const object = {
+    id,
+    label,
+    source: label,
+    objectType,
+    icon: icon || preset.icon,
+    columns,
+    rows: [],
+    binding: { mode: "manual", source: "Data Model" },
+    relations: preset.relations ? preset.relations.map((r) => ({ ...r })) : [],
+    fieldSettings: { hidden: [], order: columns }
+  };
+  return {
+    ...workspaceConfig,
+    dataModel: {
+      ...dataModel,
+      objects: [...normalizeManualObjects(workspaceConfig), object]
+    }
+  };
+}
+
 function createManualBusinessObject(workspaceConfig, { name, fields } = {}) {
   const label = String(name || "").trim();
   const columns = Array.from(new Set((Array.isArray(fields) ? fields : String(fields || "").split(","))
@@ -408,6 +546,73 @@ function describeBindingLane(binding) {
   return "manual";
 }
 
+/**
+ * Saved env-key references — name-only projection of workspace integrations[].
+ *
+ * Used by the sandbox-environment drawer's env-ref multi-select. The browser
+ * receives the `endpointRef` slug only (never the secret value); the sandbox
+ * run route resolves the slug to a server-side env value using the same
+ * `envKeyCandidates(authRef)` pattern as `test-api-record/route.js`.
+ *
+ * Returns: [{ id, endpointRef, kind, hasSecret }]
+ */
+function listSavedEnvRefs(workspaceConfig) {
+  const integrations = Array.isArray(workspaceConfig?.integrations) ? workspaceConfig.integrations : [];
+  return integrations
+    .filter((entry) => entry?.sourceType === "custom-api-webhooks" && typeof entry.endpointRef === "string" && entry.endpointRef.trim())
+    .map((entry) => ({
+      id: entry.id || entry.endpointRef,
+      endpointRef: entry.endpointRef,
+      kind: entry.kind === "webhook" ? "webhook" : "api",
+      hasSecret: entry.hasSecret === true
+    }));
+}
+
+/**
+ * Parse a sandbox-environment row's `envRefs` column into a clean string array.
+ * Stored as a comma-separated string in the row to keep the column flat under
+ * the existing governed Data Model schema; rendered as a multi-select chip
+ * group in the drawer. The server reads the same comma-separated form.
+ */
+function parseSandboxEnvRefs(value) {
+  if (Array.isArray(value)) {
+    return value.map((item) => String(item || "").trim()).filter(Boolean);
+  }
+  if (typeof value !== "string") return [];
+  return value
+    .split(",")
+    .map((item) => item.trim())
+    .filter(Boolean);
+}
+
+/**
+ * Parse a sandbox-environment row's `allowList` column into a clean array of
+ * domain hostnames. Stored as comma-separated string for governed flatness;
+ * the run route enforces the list when `networkAllow` is truthy.
+ */
+function parseSandboxAllowList(value) {
+  if (Array.isArray(value)) {
+    return value.map((item) => String(item || "").trim().toLowerCase()).filter(Boolean);
+  }
+  if (typeof value !== "string") return [];
+  return value
+    .split(",")
+    .map((item) => item.trim().toLowerCase())
+    .filter(Boolean);
+}
+
+/**
+ * Stable sourceId for a sandbox-environment row's run history sidecar.
+ * Keyed by object id + slugified Name so the key survives reorder of rows
+ * inside the same object. The sandbox-run route uses this id to read/write
+ * `growthub.source-records.json`.
+ */
+function sandboxRunSourceId(objectId, name) {
+  const slug = String(name || "").trim().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+  if (!objectId || !slug) return null;
+  return `sandbox:${objectId}:${slug}`;
+}
+
 function describeBindingMode(binding) {
   const lane = describeBindingLane(binding);
   if (lane === "data-source") return { label: "Data source scope", description: "Integration reference selected in the existing widget source flow. Dynamic data resolves through the governed server-side integration path." };
@@ -417,17 +622,23 @@ function describeBindingMode(binding) {
 }
 
 export {
+  OBJECT_TYPE_PRESETS,
   addTableField,
   addTableRow,
   appendRowsToTable,
   createManualBusinessObject,
+  createTypedBusinessObject,
   deleteTableRow,
   describeBindingLane,
   describeBindingMode,
   duplicateTableRow,
   exportTableAsCsv,
   importTableFromCsv,
+  listSavedEnvRefs,
   listWorkspaceDataModelTables,
+  parseSandboxAllowList,
+  parseSandboxEnvRefs,
   replaceTableContent,
+  sandboxRunSourceId,
   updateTableCell
 };

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-schema.js

@@ -47,6 +47,35 @@ const KNOWN_FILTER_OPERATORS = ["eq", "ne", "contains", "gt", "lt", "isEmpty", "
 const KNOWN_FILTER_CONJUNCTIONS = ["and", "or"];
 const KNOWN_SORT_DIRECTIONS = ["asc", "desc"];
 const KNOWN_AGGREGATIONS = ["sum", "avg", "count", "min", "max"];
+const KNOWN_SANDBOX_RUNTIMES = ["python", "node", "bash"];
+/** Where execution is delegated: locally (process / agent-host CLI) or to a scheduler webhook (Supabase Edge, QStash, Vercel cron hitting your URL, etc.). */
+const KNOWN_SANDBOX_RUN_LOCALITY = ["local", "serverless"];
+const KNOWN_SANDBOX_LIFECYCLE_STATUSES = ["draft", "live"];
+const DEFAULT_SANDBOX_RUN_LOCALITY = "local";
+const DEFAULT_SANDBOX_ADAPTER = "local-process";
+const SANDBOX_DEFAULT_TIMEOUT_MS = 60000;
+const SANDBOX_MAX_TIMEOUT_MS = 600000;
+/**
+ * Canonical Paperclip local agent-host slugs — mirrors the upstream
+ * `AGENT_ADAPTER_TYPES` enum in `packages/shared/src/constants.ts`. The
+ * sandbox-environment row's `agentHost` column accepts any of these values
+ * when `adapter === "local-agent-host"`. The standalone workspace starter
+ * does NOT import the @paperclipai/adapter-* packages directly — instead the
+ * default `local-agent-host` adapter spawns the host CLI binary the user has
+ * on PATH (cross-platform: macOS / Windows / Linux), keeping the workspace
+ * starter portable and thin.
+ */
+const KNOWN_SANDBOX_AGENT_HOSTS = [
+  "claude_local",
+  "codex_local",
+  "cursor",
+  "gemini_local",
+  "opencode_local",
+  "pi_local",
+  "qwen_local",
+  "openclaw_gateway",
+  "hermes_local"
+];
 
 const NORMALIZED_OBJECT_FIELD_IDS = ["id", "label", "secondaryLabel", "entityType", "provider", "lane", "status"];
 const WORKSPACE_TEMPLATE_KIND = "growthub-workspace-template";
@@ -152,7 +181,9 @@ const WIDGET_SCHEMA_CONTRACTS = {
     lane: "string optional (when mode === 'integration')",
     entityId: "string optional — stable source object ID (never a token or credential)",
     entityType: "string optional — adapter-provided object type",
-    entityLabel: "string optional — display-only resolved label, not authoritative"
+    entityLabel: "string optional — display-only resolved label, not authoritative",
+    sourceStorage: "'workspace-source-records' optional — marks this binding as live-backed; records are written by POST /api/workspace/refresh-sources and keyed by dataModel.objects[].sourceId",
+    sourceId: "string optional — stable key in growthub.source-records.json; required when sourceStorage === 'workspace-source-records'"
   },
   NormalizedIntegrationEntity: {
     id: "non-empty string — stable source object ID",
@@ -200,19 +231,19 @@ const SAMPLE_DATA_BINDINGS = {
 function defaultConfigFor(kind) {
   switch (kind) {
     case "chart":
-      return { values: [58, 36, 72, 48, 64], binding: SAMPLE_DATA_BINDINGS.reportingJson };
+      return { values: [], binding: { mode: "manual", source: "", rows: [] } };
     case "view":
       return {
         source: "",
         layout: "Table",
         columns: [],
         rows: [],
-        binding: { mode: "manual", source: "Static rows", rows: [] }
+        binding: { mode: "manual", source: "", rows: [] }
       };
     case "iframe":
       return { url: "" };
     case "rich-text":
-      return { text: "", binding: { mode: "manual", source: "Manual text", rows: [] } };
+      return { text: "", binding: { mode: "manual", source: "", rows: [] } };
     default:
       return {};
   }
@@ -396,8 +427,11 @@ function validateStaticDataBinding(binding, path, errors) {
     if (typeof binding.integrationId !== "string" || !binding.integrationId.trim()) {
       errors.push(`${path}.integrationId is required when mode is integration`);
     }
-    if (typeof binding.lane !== "string" || !binding.lane.trim()) {
-      errors.push(`${path}.lane is required when mode is integration`);
+    // lane is not required when sourceStorage delegates routing to a registry resolver
+    if (binding.sourceStorage !== "workspace-source-records") {
+      if (typeof binding.lane !== "string" || !binding.lane.trim()) {
+        errors.push(`${path}.lane is required when mode is integration`);
+      }
     }
   }
   if (binding.source !== undefined && typeof binding.source !== "string") {
@@ -439,6 +473,14 @@ function validateStaticDataBinding(binding, path, errors) {
   if (binding.entityLabel !== undefined && typeof binding.entityLabel !== "string") {
     errors.push(`${path}.entityLabel must be a string`);
   }
+  if (binding.sourceStorage !== undefined) {
+    if (binding.sourceStorage !== "workspace-source-records") {
+      errors.push(`${path}.sourceStorage must be "workspace-source-records" when present`);
+    }
+  }
+  if (binding.sourceId !== undefined && typeof binding.sourceId !== "string") {
+    errors.push(`${path}.sourceId must be a string`);
+  }
 }
 
 function validateFieldSettings(fieldSettings, path, errors) {
@@ -778,6 +820,65 @@ function validateCanvasConfig(canvas, errors) {
   }
 }
 
+function validateSandboxEnvironmentRow(row, path, errors) {
+  if (!isPlainObject(row)) return;
+  const lifecycleStatus = String(row.lifecycleStatus || "").trim().toLowerCase();
+  if (row.lifecycleStatus !== undefined && row.lifecycleStatus !== "" && !KNOWN_SANDBOX_LIFECYCLE_STATUSES.includes(lifecycleStatus)) {
+    errors.push(`${path}.lifecycleStatus must be one of ${KNOWN_SANDBOX_LIFECYCLE_STATUSES.join(", ")}`);
+  }
+  if (row.version !== undefined && typeof row.version !== "string" && typeof row.version !== "number") {
+    errors.push(`${path}.version must be a string or number`);
+  }
+  const runLocalityNorm = String(row.runLocality || "").trim().toLowerCase();
+  if (row.runLocality !== undefined && row.runLocality !== "" && !KNOWN_SANDBOX_RUN_LOCALITY.includes(runLocalityNorm)) {
+    errors.push(`${path}.runLocality must be one of ${KNOWN_SANDBOX_RUN_LOCALITY.join(", ")}`);
+  }
+  if (runLocalityNorm === "serverless") {
+    if (typeof row.schedulerRegistryId !== "string" || !row.schedulerRegistryId.trim()) {
+      errors.push(`${path}.schedulerRegistryId must reference an API Registry integrationId when runLocality is serverless`);
+    }
+  }
+  if (runLocalityNorm === "local" && row.runtime !== undefined && row.runtime !== "" && !KNOWN_SANDBOX_RUNTIMES.includes(row.runtime)) {
+    errors.push(`${path}.runtime must be one of ${KNOWN_SANDBOX_RUNTIMES.join(", ")}`);
+  }
+  if (row.adapter !== undefined && typeof row.adapter !== "string") {
+    errors.push(`${path}.adapter must be a string`);
+  }
+  if (row.agentHost !== undefined && row.agentHost !== "" && !KNOWN_SANDBOX_AGENT_HOSTS.includes(row.agentHost)) {
+    errors.push(`${path}.agentHost must be one of ${KNOWN_SANDBOX_AGENT_HOSTS.join(", ")}`);
+  }
+  if (row.envRefs !== undefined && typeof row.envRefs !== "string" && !Array.isArray(row.envRefs)) {
+    errors.push(`${path}.envRefs must be a comma-separated string or array of env-ref slugs (never values)`);
+  }
+  if (row.networkAllow !== undefined) {
+    const value = String(row.networkAllow).trim().toLowerCase();
+    if (!["", "true", "false", "0", "1", "on", "off"].includes(value)) {
+      errors.push(`${path}.networkAllow must coerce to a boolean (true/false/on/off)`);
+    }
+  }
+  if (row.allowList !== undefined && typeof row.allowList !== "string" && !Array.isArray(row.allowList)) {
+    errors.push(`${path}.allowList must be a comma-separated string or array of hostnames`);
+  }
+  if (row.instructions !== undefined && typeof row.instructions !== "string") {
+    errors.push(`${path}.instructions must be a string`);
+  }
+  if (row.command !== undefined && typeof row.command !== "string") {
+    errors.push(`${path}.command must be a string`);
+  }
+  if (row.lastRunId !== undefined && typeof row.lastRunId !== "string") {
+    errors.push(`${path}.lastRunId must be a string`);
+  }
+  if (row.lastSourceId !== undefined && typeof row.lastSourceId !== "string") {
+    errors.push(`${path}.lastSourceId must be a string`);
+  }
+  if (row.timeoutMs !== undefined && row.timeoutMs !== "") {
+    const ms = Number(row.timeoutMs);
+    if (!Number.isFinite(ms) || ms < 0 || ms > SANDBOX_MAX_TIMEOUT_MS) {
+      errors.push(`${path}.timeoutMs must be a finite number between 0 and ${SANDBOX_MAX_TIMEOUT_MS}`);
+    }
+  }
+}
+
 function validateDataModelConfig(dataModel, errors) {
   if (dataModel === undefined) return;
   if (!isPlainObject(dataModel)) {
@@ -805,15 +906,25 @@ function validateDataModelConfig(dataModel, errors) {
     }
     if (typeof object.label !== "string" || !object.label.trim()) errors.push(`${prefix}.label must be a non-empty string`);
     if (object.source !== undefined && typeof object.source !== "string") errors.push(`${prefix}.source must be a string`);
+    if (object.sourceId !== undefined && typeof object.sourceId !== "string") errors.push(`${prefix}.sourceId must be a string`);
     validateStringArray(object.columns, `${prefix}.columns`, errors);
     if (!Array.isArray(object.rows)) {
       errors.push(`${prefix}.rows must be an array`);
     } else {
       object.rows.forEach((row, rowIndex) => {
-        if (!isPlainObject(row)) errors.push(`${prefix}.rows[${rowIndex}] must be a plain object`);
+        if (!isPlainObject(row)) {
+          errors.push(`${prefix}.rows[${rowIndex}] must be a plain object`);
+          return;
+        }
+        if (object.objectType === "sandbox-environment") {
+          validateSandboxEnvironmentRow(row, `${prefix}.rows[${rowIndex}]`, errors);
+        }
       });
     }
     validateStaticDataBinding(object.binding, `${prefix}.binding`, errors);
+    if (object.binding?.sourceStorage === "workspace-source-records" && typeof object.sourceId !== "string") {
+      errors.push(`${prefix}.sourceId is required when binding.sourceStorage is "workspace-source-records"`);
+    }
     validateFieldSettings(object.fieldSettings, `${prefix}.fieldSettings`, errors);
   });
 }
@@ -1062,11 +1173,19 @@ export {
   KNOWN_AGGREGATIONS,
   KNOWN_CHART_TYPES,
   KNOWN_DATA_BINDING_MODES,
+  DEFAULT_SANDBOX_RUN_LOCALITY,
+  KNOWN_SANDBOX_LIFECYCLE_STATUSES,
   KNOWN_FIELDS,
   KNOWN_FILTER_CONJUNCTIONS,
   KNOWN_FILTER_OPERATORS,
+  KNOWN_SANDBOX_AGENT_HOSTS,
+  KNOWN_SANDBOX_RUN_LOCALITY,
+  KNOWN_SANDBOX_RUNTIMES,
   KNOWN_SORT_DIRECTIONS,
   KNOWN_WIDGET_KINDS,
+  DEFAULT_SANDBOX_ADAPTER,
+  SANDBOX_DEFAULT_TIMEOUT_MS,
+  SANDBOX_MAX_TIMEOUT_MS,
   NORMALIZED_OBJECT_FIELD_IDS,
   SAMPLE_DATA_BINDINGS,
   SAMPLE_VIEW_ROWS,

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/package.json

@@ -10,6 +10,7 @@
     "lint": "next lint"
   },
   "dependencies": {
+    "@tanstack/react-table": "^8.21.3",
     "lucide-react": "^0.468.0",
     "next": "16.2.4",
     "react": "19.2.4",

package/assets/worker-kits/growthub-custom-workspace-starter-v1/kit.json

@@ -61,6 +61,7 @@
     "studio/src/main.jsx",
     "studio/src/App.jsx",
     "studio/src/app.css",
+    "apps/workspace/docs/sandbox-environment-primitive.md",
     "apps/workspace/README.md",
     "apps/workspace/.env.example",
     "apps/workspace/package.json",
@@ -76,6 +77,12 @@
     "apps/workspace/app/workspace-builder.jsx",
     "apps/workspace/app/settings/integrations/page.jsx",
     "apps/workspace/app/api/workspace/route.js",
+    "apps/workspace/app/api/workspace/refresh-sources/route.js",
+    "apps/workspace/app/api/workspace/test-source/route.js",
+    "apps/workspace/app/api/workspace/register-resolver/route.js",
+    "apps/workspace/app/api/workspace/resolvers/route.js",
+    "apps/workspace/app/api/workspace/sandbox-adapters/route.js",
+    "apps/workspace/app/api/workspace/sandbox-run/route.js",
     "apps/workspace/app/api/settings/integrations/route.js",
     "apps/workspace/lib/workspace-schema.js",
     "apps/workspace/lib/workspace-config.js",
@@ -85,6 +92,15 @@
     "apps/workspace/lib/adapters/auth/index.js",
     "apps/workspace/lib/adapters/integrations/index.js",
     "apps/workspace/lib/adapters/integrations/growthub-connection-normalizer.js",
+    "apps/workspace/lib/adapters/integrations/source-resolver-registry.js",
+    "apps/workspace/lib/adapters/integrations/resolver-loader.js",
+    "apps/workspace/lib/adapters/integrations/resolvers/README.md",
+    "apps/workspace/lib/adapters/sandboxes/adapter-loader.js",
+    "apps/workspace/lib/adapters/sandboxes/adapters/README.md",
+    "apps/workspace/lib/adapters/sandboxes/default-local-agent-host.js",
+    "apps/workspace/lib/adapters/sandboxes/default-local-process.js",
+    "apps/workspace/lib/adapters/sandboxes/index.js",
+    "apps/workspace/lib/adapters/sandboxes/sandbox-adapter-registry.js",
     "apps/workspace/lib/adapters/payments/index.js",
     "apps/workspace/lib/adapters/persistence/index.js",
     "apps/workspace/lib/adapters/persistence/postgres.js",