@h-rig/isolation-plugin 0.0.6-alpha.157 → 0.0.6-alpha.159

package/dist/src/isolation/index.js

@@ -0,0 +1,4062 @@
+// @bun
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+function __accessProp(key) {
+  return this[key];
+}
+var __toCommonJS = (from) => {
+  var entry = (__moduleCache ??= new WeakMap).get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (var key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(entry, key))
+        __defProp(entry, key, {
+          get: __accessProp.bind(from, key),
+          enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+        });
+  }
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __moduleCache;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = import.meta.require;
+
+// packages/isolation-plugin/src/sandbox/utils.ts
+import { existsSync as existsSync11, readdirSync as readdirSync2, realpathSync } from "fs";
+import { resolve as resolve11 } from "path";
+import { resolveMonorepoRoot as resolveMonorepoRoot2 } from "@rig/core/layout";
+function toRealPath(path) {
+  if (!existsSync11(path)) {
+    return resolve11(path);
+  }
+  try {
+    return realpathSync.native(path);
+  } catch {
+    return resolve11(path);
+  }
+}
+function resolveHostGitMetadataPaths(projectRoot, workspaceDir) {
+  const candidates = new Set;
+  const addPath = (candidate) => {
+    if (existsSync11(candidate)) {
+      candidates.add(toRealPath(candidate));
+    }
+  };
+  addPath(resolve11(projectRoot, ".git"));
+  addPath(resolve11(workspaceDir, "..", "..", ".git"));
+  for (const repoRoot of resolveHostRepoRootPaths(projectRoot)) {
+    addPath(resolve11(repoRoot, ".git"));
+  }
+  const workspaceGit = resolve11(workspaceDir, ".git");
+  if (existsSync11(workspaceGit)) {
+    addPath(workspaceGit);
+  }
+  return [...candidates];
+}
+function resolveHostRepoRootPaths(projectRoot) {
+  const candidates = new Set;
+  const addPath = (candidate) => {
+    if (existsSync11(candidate)) {
+      candidates.add(toRealPath(candidate));
+    }
+  };
+  try {
+    const monorepoRoot = resolveMonorepoRoot2(projectRoot);
+    if (toRealPath(monorepoRoot) !== toRealPath(projectRoot)) {
+      addPath(monorepoRoot);
+    }
+  } catch {}
+  const reposDir = resolve11(projectRoot, "repos");
+  if (existsSync11(reposDir)) {
+    for (const entry of readdirSync2(reposDir, { withFileTypes: true })) {
+      if (entry.isDirectory() || entry.isSymbolicLink()) {
+        addPath(resolve11(reposDir, entry.name));
+      }
+    }
+  }
+  return [...candidates];
+}
+function resolveNetworkWithPolicy(sandboxConfig, envOverride) {
+  if (envOverride) {
+    const envValue = parseBooleanEnv(envOverride, sandboxConfig.network);
+    if (envValue !== sandboxConfig.network) {
+      console.warn(`[sandbox] RIG_RUNTIME_SANDBOX_NETWORK=${envOverride} overrides policy sandbox.network=${sandboxConfig.network}`);
+    }
+    return envValue;
+  }
+  return sandboxConfig.network;
+}
+function parseBooleanEnv(raw, fallback) {
+  if (!raw) {
+    return fallback;
+  }
+  const normalized = raw.trim().toLowerCase();
+  if (normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on") {
+    return true;
+  }
+  if (normalized === "0" || normalized === "false" || normalized === "no" || normalized === "off") {
+    return false;
+  }
+  return fallback;
+}
+function uniq(values) {
+  return [...new Set(values)];
+}
+function seatbeltString(value) {
+  return `"${value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"")}"`;
+}
+var init_utils = () => {};
+
+// packages/isolation-plugin/src/sandbox/backend-seatbelt.ts
+var exports_backend_seatbelt = {};
+__export(exports_backend_seatbelt, {
+  SeatbeltBackend: () => SeatbeltBackend
+});
+import { mkdirSync as mkdirSync8, writeFileSync as writeFileSync5 } from "fs";
+import { resolve as resolve12 } from "path";
+
+class SeatbeltBackend {
+  kind = "macos-seatbelt";
+  binaryPath;
+  config;
+  ctx;
+  resolvedPaths;
+  constructor(binaryPath, config, ctx, resolvedPaths) {
+    this.binaryPath = binaryPath;
+    this.config = config;
+    this.ctx = ctx;
+    this.resolvedPaths = resolvedPaths;
+  }
+  wrap(options) {
+    const profilePath = this.writeSeatbeltProfile(options);
+    return {
+      command: [this.binaryPath, "-f", profilePath, ...options.command],
+      enabled: true,
+      backend: "macos-seatbelt",
+      profilePath
+    };
+  }
+  writeSeatbeltProfile(options) {
+    const sandboxDir = resolve12(options.runtime.rootDir, "sandbox");
+    mkdirSync8(sandboxDir, { recursive: true });
+    const profilePath = resolve12(sandboxDir, "seatbelt.sb");
+    const profile = this.renderProfile(options);
+    writeFileSync5(profilePath, `${profile}
+`, "utf-8");
+    return profilePath;
+  }
+  renderProfile(options) {
+    const { runtime, projectRoot } = options;
+    const { ctx, resolvedPaths, config } = this;
+    const workspaceReal = ctx.realPath(runtime.workspaceDir);
+    const runtimeRootReal = ctx.realPath(runtime.rootDir);
+    const homeReal = ctx.realPath(runtime.homeDir);
+    const tmpReal = ctx.realPath(runtime.tmpDir);
+    const cacheReal = ctx.realPath(runtime.cacheDir);
+    const hostGitDirs = resolveHostGitMetadataPaths(projectRoot, runtime.workspaceDir);
+    const hostRepoRoots = resolveHostRepoRootPaths(projectRoot).map((repoRoot) => ctx.realPath(repoRoot));
+    const bunDir = ctx.realPath(resolvedPaths.bunDir);
+    const claudeDir = resolvedPaths.claudeDir ? ctx.realPath(resolvedPaths.claudeDir) : null;
+    const allowNetwork = resolveNetworkWithPolicy(config, process.env.RIG_RUNTIME_SANDBOX_NETWORK);
+    const lines = [
+      "(version 1)",
+      "(deny default)",
+      '(import "system.sb")',
+      "(allow process*)",
+      "(allow process-info*)",
+      "(allow signal)",
+      "(allow sysctl-read)",
+      "(allow file-read-metadata)"
+    ];
+    if (allowNetwork) {
+      lines.push("(allow network*)");
+    }
+    for (const sysPath of [
+      "/usr/lib",
+      "/usr/bin",
+      "/usr/sbin",
+      "/usr/share",
+      "/bin",
+      "/sbin",
+      "/System",
+      "/Library",
+      "/Library/Frameworks",
+      "/Library/Developer",
+      "/Library/Apple",
+      "/Applications",
+      "/private/var/db",
+      "/opt/homebrew"
+    ]) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(sysPath)}))`);
+    }
+    lines.push(`(allow file-read* (subpath ${seatbeltString(bunDir)}))`);
+    if (claudeDir) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(claudeDir)}))`);
+    }
+    if (resolvedPaths.nodeDir) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(resolvedPaths.nodeDir)}))`);
+    }
+    for (const depPath of resolvedPaths.depRoots) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(depPath)}))`);
+    }
+    for (const rwPath of uniq([
+      workspaceReal,
+      runtimeRootReal,
+      homeReal,
+      tmpReal,
+      cacheReal
+    ])) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(rwPath)}))`);
+      lines.push(`(allow file-write* (subpath ${seatbeltString(rwPath)}))`);
+    }
+    for (const gitPath of hostGitDirs) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(gitPath)}))`);
+      lines.push(`(allow file-write* (subpath ${seatbeltString(gitPath)}))`);
+    }
+    const projectRootReal = ctx.realPath(projectRoot);
+    if (projectRootReal !== workspaceReal && !projectRootReal.startsWith(workspaceReal + "/")) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(projectRootReal)}))`);
+    }
+    for (const repoRoot of hostRepoRoots) {
+      if (!ctx.pathExists(repoRoot) || repoRoot === workspaceReal || repoRoot.startsWith(workspaceReal + "/") || repoRoot === projectRootReal || repoRoot.startsWith(projectRootReal + "/")) {
+        continue;
+      }
+      lines.push(`(allow file-read* (subpath ${seatbeltString(repoRoot)}))`);
+    }
+    const realHome = process.env.HOME?.trim();
+    if (realHome) {
+      for (const binSubdir of [".local/bin", ".cargo/bin"]) {
+        const binPath = resolve12(realHome, binSubdir);
+        if (ctx.pathExists(binPath)) {
+          lines.push(`(allow file-read* (subpath ${seatbeltString(ctx.realPath(binPath))}))`);
+        }
+      }
+    }
+    for (const tempPath of [
+      "/dev",
+      "/tmp",
+      "/private/tmp",
+      "/var/folders",
+      "/private/var/folders"
+    ]) {
+      lines.push(`(allow file-read* (subpath ${seatbeltString(tempPath)}))`);
+      lines.push(`(allow file-write* (subpath ${seatbeltString(tempPath)}))`);
+    }
+    return lines.join(`
+`);
+  }
+}
+var init_backend_seatbelt = __esm(() => {
+  init_utils();
+});
+
+// packages/isolation-plugin/src/sandbox/backend-bwrap.ts
+var exports_backend_bwrap = {};
+__export(exports_backend_bwrap, {
+  BwrapBackend: () => BwrapBackend
+});
+import { mkdirSync as mkdirSync9 } from "fs";
+import { resolve as resolve13 } from "path";
+
+class BwrapBackend {
+  kind = "linux-bwrap";
+  binaryPath;
+  config;
+  ctx;
+  resolvedPaths;
+  which;
+  constructor(binaryPath, config, ctx, resolvedPaths, which) {
+    this.binaryPath = binaryPath;
+    this.config = config;
+    this.ctx = ctx;
+    this.resolvedPaths = resolvedPaths;
+    this.which = which ?? ((bin) => Bun.which(bin));
+  }
+  wrap(options) {
+    const command = this.buildCommand(options);
+    return {
+      command,
+      enabled: true,
+      backend: "linux-bwrap"
+    };
+  }
+  buildCommand(options) {
+    const { runtime, projectRoot, command } = options;
+    const { ctx, resolvedPaths, config } = this;
+    const workspaceReal = ctx.realPath(runtime.workspaceDir);
+    const runtimeRootReal = ctx.realPath(runtime.rootDir);
+    const homeReal = ctx.realPath(runtime.homeDir);
+    const tmpReal = ctx.realPath(runtime.tmpDir);
+    const cacheReal = ctx.realPath(runtime.cacheDir);
+    const hostGitDirs = resolveHostGitMetadataPaths(projectRoot, runtime.workspaceDir);
+    const hostRepoRoots = resolveHostRepoRootPaths(projectRoot).map((repoRoot) => ctx.realPath(repoRoot));
+    const bunDir = ctx.realPath(resolvedPaths.bunDir);
+    const claudeDir = resolvedPaths.claudeDir ? ctx.realPath(resolvedPaths.claudeDir) : null;
+    const allowNetwork = resolveNetworkWithPolicy(config, process.env.RIG_RUNTIME_SANDBOX_NETWORK);
+    const args = [
+      this.binaryPath,
+      "--die-with-parent",
+      "--new-session",
+      "--unshare-pid",
+      "--tmpfs",
+      "/",
+      "--ro-bind",
+      "/usr",
+      "/usr",
+      "--ro-bind",
+      "/bin",
+      "/bin",
+      "--ro-bind",
+      "/sbin",
+      "/sbin"
+    ];
+    for (const libPath of ["/lib", "/lib64"]) {
+      if (ctx.pathExists(libPath)) {
+        args.push("--ro-bind", libPath, libPath);
+      }
+    }
+    for (const etcEntry of [
+      "/etc/ld.so.cache",
+      "/etc/ld.so.conf",
+      "/etc/ld.so.conf.d",
+      "/etc/resolv.conf",
+      "/etc/hosts",
+      "/etc/nsswitch.conf",
+      "/etc/gai.conf",
+      "/etc/host.conf",
+      "/etc/ssl",
+      "/etc/ca-certificates",
+      "/etc/pki",
+      "/etc/passwd",
+      "/etc/group",
+      "/etc/localtime",
+      "/etc/timezone",
+      "/etc/locale.conf",
+      "/etc/default/locale"
+    ]) {
+      if (ctx.pathExists(etcEntry)) {
+        args.push("--ro-bind", etcEntry, etcEntry);
+      }
+    }
+    if (ctx.pathExists("/run/systemd/resolve")) {
+      args.push("--ro-bind", "/run/systemd/resolve", "/run/systemd/resolve");
+    }
+    if (ctx.pathExists("/run/nscd")) {
+      args.push("--ro-bind", "/run/nscd", "/run/nscd");
+    }
+    args.push("--ro-bind", bunDir, bunDir);
+    if (claudeDir) {
+      args.push("--ro-bind", claudeDir, claudeDir);
+    }
+    if (resolvedPaths.nodeDir && ctx.pathExists(resolvedPaths.nodeDir)) {
+      args.push("--ro-bind", resolvedPaths.nodeDir, resolvedPaths.nodeDir);
+    }
+    for (const depPath of resolvedPaths.depRoots) {
+      if (ctx.pathExists(depPath)) {
+        args.push("--ro-bind", depPath, depPath);
+      }
+    }
+    const projectRootReal = ctx.realPath(projectRoot);
+    if (projectRootReal !== workspaceReal && !projectRootReal.startsWith(workspaceReal + "/") && ctx.pathExists(projectRootReal)) {
+      args.push("--ro-bind", projectRootReal, projectRootReal);
+    }
+    for (const repoRoot of hostRepoRoots) {
+      if (!ctx.pathExists(repoRoot) || repoRoot === workspaceReal || repoRoot.startsWith(workspaceReal + "/") || repoRoot === projectRootReal || repoRoot.startsWith(projectRootReal + "/")) {
+        continue;
+      }
+      args.push("--ro-bind", repoRoot, repoRoot);
+    }
+    args.push("--bind", workspaceReal, workspaceReal);
+    args.push("--bind", runtimeRootReal, runtimeRootReal);
+    for (const rwPath of uniq([homeReal, tmpReal, cacheReal])) {
+      if (rwPath !== runtimeRootReal && !rwPath.startsWith(runtimeRootReal + "/")) {
+        args.push("--bind", rwPath, rwPath);
+      }
+    }
+    for (const gitPath of hostGitDirs) {
+      if (!ctx.pathExists(gitPath))
+        continue;
+      if (gitPath === runtimeRootReal || gitPath.startsWith(runtimeRootReal + "/"))
+        continue;
+      if (gitPath === workspaceReal || gitPath.startsWith(workspaceReal + "/"))
+        continue;
+      args.push("--bind", gitPath, gitPath);
+    }
+    const realHome = process.env.HOME?.trim();
+    if (realHome) {
+      for (const binSubdir of [".local/bin", ".local/lib", ".cargo/bin"]) {
+        const binPath = ctx.realPath(resolve13(realHome, binSubdir));
+        if (ctx.pathExists(binPath)) {
+          args.push("--ro-bind", binPath, binPath);
+        }
+      }
+      const agentSshDir = resolve13(homeReal, ".ssh");
+      if (ctx.pathExists(agentSshDir)) {
+        args.push("--ro-bind", agentSshDir, agentSshDir);
+      } else {
+        const hostSshDir = resolve13(realHome, ".ssh");
+        if (ctx.pathExists(hostSshDir)) {
+          mkdirSync9(agentSshDir, { recursive: true });
+          args.push("--ro-bind", hostSshDir, agentSshDir);
+          args.push("--ro-bind", hostSshDir, hostSshDir);
+        }
+      }
+    }
+    args.push("--proc", "/proc");
+    args.push("--dev", "/dev");
+    args.push("--tmpfs", "/tmp");
+    args.push("--unsetenv", "CLAUDECODE");
+    args.push("--setenv", "HOME", homeReal);
+    args.push("--setenv", "TMPDIR", "/tmp");
+    args.push("--chdir", workspaceReal);
+    if (!allowNetwork) {
+      args.push("--unshare-net");
+    }
+    args.push("--", ...this.resolveCommandBinary(command));
+    return args;
+  }
+  resolveCommandBinary(command) {
+    if (command.length === 0)
+      return command;
+    const [bin, ...rest] = command;
+    if (!bin)
+      return command;
+    const resolved = this.which(bin);
+    if (!resolved)
+      return command;
+    try {
+      const { realpathSync: realpathSync2 } = __require("fs");
+      const resolvedBinary = realpathSync2(resolved);
+      return [resolvedBinary, ...rest];
+    } catch {
+      return [resolved, ...rest];
+    }
+  }
+}
+var init_backend_bwrap = __esm(() => {
+  init_utils();
+});
+
+// packages/isolation-plugin/src/isolation/index.ts
+import { existsSync as existsSync14, mkdirSync as mkdirSync10, readFileSync as readFileSync7, rmSync as rmSync8 } from "fs";
+import { copyFile, mkdir as mkdir3, writeFile as writeFile2 } from "fs/promises";
+import { resolve as resolve15 } from "path";
+import { BROWSER_CONTRACT_SERVICE_CAPABILITY, MEMORY } from "@rig/contracts";
+import { safePathSegment as safePathSegment3 } from "@rig/core/safe-identifiers";
+
+// packages/isolation-plugin/src/isolation/git-native.ts
+import { chmodSync, copyFileSync, existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, renameSync as renameSync2, rmSync, writeFileSync as writeFileSync2 } from "fs";
+import { tmpdir as tmpdir2 } from "os";
+import { dirname, isAbsolute, resolve as resolve2 } from "path";
+
+// packages/isolation-plugin/src/native-extract.ts
+import { existsSync, mkdirSync, readFileSync, renameSync, statSync, writeFileSync } from "fs";
+import { tmpdir } from "os";
+import { resolve } from "path";
+
+// packages/isolation-plugin/src/embedded-native-assets.ts
+var embeddedNatives = null;
+
+// packages/isolation-plugin/src/native-extract.ts
+var sharedNativeOutputDir = resolve(tmpdir(), "rig-native");
+var extractionCache = {};
+function hasEmbeddedNatives() {
+  return embeddedNatives != null;
+}
+function extractEmbeddedNative(name) {
+  if (name in extractionCache) {
+    return extractionCache[name] ?? null;
+  }
+  const entry = embeddedNatives?.[name];
+  if (!entry) {
+    extractionCache[name] = null;
+    return null;
+  }
+  try {
+    const targetPath = resolve(sharedNativeOutputDir, entry.fileName);
+    mkdirSync(sharedNativeOutputDir, { recursive: true });
+    const upToDate = existsSync(targetPath) && statSync(targetPath).size === entry.size;
+    if (!upToDate) {
+      const bytes = readFileSync(entry.filePath);
+      const tempPath = `${targetPath}.${process.pid}.${Date.now()}.tmp`;
+      writeFileSync(tempPath, bytes, { mode: 493 });
+      renameSync(tempPath, targetPath);
+    }
+    extractionCache[name] = targetPath;
+  } catch {
+    extractionCache[name] = null;
+  }
+  return extractionCache[name] ?? null;
+}
+
+// packages/isolation-plugin/src/isolation/git-native.ts
+var sharedGitNativeOutputDir = resolve2(tmpdir2(), "rig-native");
+var sharedGitNativeOutputPath = resolve2(sharedGitNativeOutputDir, `rig-git-${process.platform}-${process.arch}${process.platform === "win32" ? ".exe" : ""}`);
+var trackerCommandUsageProbe = "usage: rig-git fetch-ref <repo-path> <remote> <branch>";
+function temporaryGitBinaryOutputPath(outputPath) {
+  const suffix = process.platform === "win32" ? ".exe" : "";
+  return resolve2(dirname(outputPath), `.rig-git-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}${suffix}`);
+}
+function publishGitBinary(tempOutputPath, outputPath) {
+  try {
+    renameSync2(tempOutputPath, outputPath);
+  } catch (error) {
+    if (process.platform === "win32" && existsSync2(outputPath)) {
+      rmSync(outputPath, { force: true });
+      renameSync2(tempOutputPath, outputPath);
+      return;
+    }
+    throw error;
+  }
+}
+function isSharedGitNativeOutputPath(outputPath) {
+  return resolve2(outputPath) === sharedGitNativeOutputPath;
+}
+async function materializeFromSharedGitBinary(outputPath, buildKey) {
+  if (isSharedGitNativeOutputPath(outputPath))
+    return null;
+  const sharedManifest = nativeBuildManifestPath(sharedGitNativeOutputPath);
+  if (!existsSync2(sharedGitNativeOutputPath) || !await hasMatchingNativeBuildManifest(sharedManifest, buildKey) || !binarySupportsTrackerCommandsSync(sharedGitNativeOutputPath)) {
+    return null;
+  }
+  mkdirSync2(dirname(outputPath), { recursive: true });
+  copyFileSync(sharedGitNativeOutputPath, outputPath);
+  chmodSync(outputPath, 493);
+  await Bun.write(nativeBuildManifestPath(outputPath), `${JSON.stringify({ version: 1, buildKey }, null, 2)}
+`);
+  return outputPath;
+}
+function runtimeRigGitFileName() {
+  return `rig-git${process.platform === "win32" ? ".exe" : ""}`;
+}
+function rigGitSourceCandidates() {
+  const execDir = process.execPath?.trim() ? dirname(process.execPath.trim()) : "";
+  const cwd = process.cwd()?.trim() || "";
+  const projectRoot = process.env.PROJECT_RIG_ROOT?.trim() || "";
+  const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT?.trim() || "";
+  const moduleRelativeSource = resolve2(import.meta.dir, "../../native/rig-git.zig");
+  return [...new Set([
+    process.env.RIG_NATIVE_GIT_SOURCE?.trim() || "",
+    moduleRelativeSource,
+    projectRoot ? resolve2(projectRoot, "packages/isolation-plugin/native/rig-git.zig") : "",
+    hostProjectRoot ? resolve2(hostProjectRoot, "packages/isolation-plugin/native/rig-git.zig") : "",
+    cwd ? resolve2(cwd, "packages/isolation-plugin/native/rig-git.zig") : "",
+    execDir ? resolve2(execDir, "..", "..", "packages/isolation-plugin/native/rig-git.zig") : "",
+    execDir ? resolve2(execDir, "..", "native", "rig-git.zig") : ""
+  ].filter(Boolean))];
+}
+function nativePackageBinaryCandidates(fromDir, fileName) {
+  const candidates = [];
+  let cursor = resolve2(fromDir);
+  for (let index = 0;index < 8; index += 1) {
+    candidates.push(resolve2(cursor, "native", `${process.platform}-${process.arch}`, fileName), resolve2(cursor, "native", `${process.platform}-${process.arch}`, "bin", fileName), resolve2(cursor, "native", fileName), resolve2(cursor, "native", "bin", fileName));
+    const parent = dirname(cursor);
+    if (parent === cursor)
+      break;
+    cursor = parent;
+  }
+  return candidates;
+}
+function rigGitBinaryCandidates() {
+  const execDir = process.execPath?.trim() ? dirname(process.execPath.trim()) : "";
+  const fileName = runtimeRigGitFileName();
+  const explicit = process.env.RIG_NATIVE_GIT_BIN?.trim() || "";
+  return [...new Set([
+    explicit,
+    ...nativePackageBinaryCandidates(import.meta.dir, fileName),
+    execDir ? resolve2(execDir, fileName) : "",
+    execDir ? resolve2(execDir, "..", fileName) : "",
+    execDir ? resolve2(execDir, "..", "bin", fileName) : "",
+    sharedGitNativeOutputPath
+  ].filter(Boolean))];
+}
+function resolveGitSourcePath() {
+  for (const candidate of rigGitSourceCandidates()) {
+    if (candidate && existsSync2(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function resolveGitBinaryPath() {
+  if (process.env.RIG_DISABLE_ZIG_NATIVE === "1") {
+    return null;
+  }
+  for (const candidate of rigGitBinaryCandidates()) {
+    if (candidate && existsSync2(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function binarySupportsTrackerCommandsSync(binaryPath) {
+  try {
+    const probe = Bun.spawnSync([binaryPath, "fetch-ref", "."], {
+      stdout: "pipe",
+      stderr: "pipe"
+    });
+    const stdout = probe.stdout.toString().trim();
+    const stderr = probe.stderr.toString().trim();
+    if (stdout.includes('"error":"unknown command"')) {
+      return false;
+    }
+    return probe.exitCode === 2 && stderr.includes(trackerCommandUsageProbe);
+  } catch {
+    return false;
+  }
+}
+function nativeBuildManifestPath(outputPath) {
+  return `${outputPath}.build-manifest.json`;
+}
+async function hasMatchingNativeBuildManifest(manifestPath, buildKey) {
+  if (!existsSync2(manifestPath)) {
+    return false;
+  }
+  try {
+    const manifest = await Bun.file(manifestPath).json();
+    return manifest.version === 1 && manifest.buildKey === buildKey;
+  } catch {
+    return false;
+  }
+}
+async function sha256File(path) {
+  const hasher = new Bun.CryptoHasher("sha256");
+  hasher.update(await Bun.file(path).arrayBuffer());
+  return hasher.digest("hex");
+}
+async function ensureRigGitBinaryPath(outputPath = sharedGitNativeOutputPath) {
+  if (process.env.RIG_DISABLE_ZIG_NATIVE === "1") {
+    throw new Error("Zig native git is disabled via RIG_DISABLE_ZIG_NATIVE=1");
+  }
+  const explicitBin = process.env.RIG_NATIVE_GIT_BIN?.trim();
+  if (explicitBin && existsSync2(explicitBin)) {
+    return explicitBin;
+  }
+  const embedded = extractEmbeddedNative("rig-git");
+  if (embedded) {
+    return embedded;
+  }
+  const sourcePath = resolveGitSourcePath();
+  if (!sourcePath) {
+    const binaryPath = resolveGitBinaryPath();
+    if (binaryPath) {
+      return binaryPath;
+    }
+    throw new Error("rig-git.zig source file not found.");
+  }
+  const zigBinary = Bun.which("zig");
+  if (!zigBinary) {
+    throw new Error("zig is required to build native Rig git tools.");
+  }
+  mkdirSync2(dirname(outputPath), { recursive: true });
+  const sourceDigest = await sha256File(sourcePath);
+  const buildKey = JSON.stringify({
+    version: 1,
+    zigBinary,
+    platform: process.platform,
+    arch: process.arch,
+    sourcePath,
+    sourceDigest
+  });
+  const manifestPath = nativeBuildManifestPath(outputPath);
+  const needsBuild = !existsSync2(outputPath) || !await hasMatchingNativeBuildManifest(manifestPath, buildKey) || !binarySupportsTrackerCommandsSync(outputPath);
+  if (!needsBuild) {
+    chmodSync(outputPath, 493);
+    return outputPath;
+  }
+  const materialized = await materializeFromSharedGitBinary(outputPath, buildKey);
+  if (materialized)
+    return materialized;
+  const tempOutputPath = temporaryGitBinaryOutputPath(outputPath);
+  const build = Bun.spawn([
+    zigBinary,
+    "build-exe",
+    sourcePath,
+    "-O",
+    "ReleaseFast",
+    `-femit-bin=${tempOutputPath}`
+  ], {
+    cwd: dirname(sourcePath),
+    stdout: "pipe",
+    stderr: "pipe"
+  });
+  const [exitCode, stdout, stderr] = await Promise.all([
+    build.exited,
+    new Response(build.stdout).text(),
+    new Response(build.stderr).text()
+  ]);
+  if (exitCode !== 0 || !existsSync2(tempOutputPath)) {
+    const details = [stderr.trim(), stdout.trim()].filter(Boolean).join(`
+`);
+    throw new Error(`Failed to build native Rig git tools: ${details || `zig exited with code ${exitCode}`}`);
+  }
+  chmodSync(tempOutputPath, 493);
+  if (existsSync2(outputPath) && await hasMatchingNativeBuildManifest(manifestPath, buildKey)) {
+    rmSync(tempOutputPath, { force: true });
+    chmodSync(outputPath, 493);
+    return outputPath;
+  }
+  publishGitBinary(tempOutputPath, outputPath);
+  if (!binarySupportsTrackerCommandsSync(outputPath)) {
+    rmSync(outputPath, { force: true });
+    throw new Error("Failed to build native Rig git tools: tracker command probe failed");
+  }
+  await Bun.write(manifestPath, `${JSON.stringify({ version: 1, buildKey }, null, 2)}
+`);
+  return outputPath;
+}
+async function materializeRigGitBinary(targetDir) {
+  const sourcePath = await ensureRigGitBinaryPath();
+  const targetPath = resolve2(targetDir, runtimeRigGitFileName());
+  mkdirSync2(targetDir, { recursive: true });
+  const sourceDigest = await sha256File(sourcePath);
+  const buildKey = JSON.stringify({
+    version: 1,
+    sourcePath,
+    sourceDigest
+  });
+  const needsCopy = !existsSync2(targetPath) || !await hasMatchingNativeBuildManifest(nativeBuildManifestPath(targetPath), buildKey);
+  if (needsCopy) {
+    copyFileSync(sourcePath, targetPath);
+    chmodSync(targetPath, 493);
+    await Bun.write(nativeBuildManifestPath(targetPath), `${JSON.stringify({ version: 1, buildKey }, null, 2)}
+`);
+  }
+  return targetPath;
+}
+
+// packages/isolation-plugin/src/isolation/index.ts
+import { defineCapability as defineCapability2 } from "@rig/core/capability";
+import { loadCapabilityForRoot, requireCapabilityForRoot, requireInstalledCapability as requireInstalledCapability2 } from "@rig/core/capability-loaders";
+import { buildPluginHostContext } from "@rig/core/plugin-host-context";
+import { TASK_DATA_SERVICE_CAPABILITY } from "@rig/contracts";
+import { resolveRuntimeWorkspaceLayout as resolveRuntimeWorkspaceLayout3 } from "@rig/core/layout";
+import { ensureRuntimeOverlay } from "@rig/core/runtime-overlay";
+import {
+  DEFAULT_RUNTIME_MEMORY_RETRIEVAL,
+  writeRuntimeContext
+} from "@rig/core/runtime-context";
+import { secretDefinesFromEnv } from "@rig/core/baked-secrets";
+
+// packages/isolation-plugin/src/isolation/home.ts
+import {
+  chmodSync as chmodSync2,
+  copyFileSync as copyFileSync3,
+  cpSync,
+  existsSync as existsSync5,
+  mkdirSync as mkdirSync4,
+  readFileSync as readFileSync4,
+  statSync as statSync3,
+  writeFileSync as writeFileSync3
+} from "fs";
+import { mkdir } from "fs/promises";
+import { basename, delimiter, resolve as resolve5 } from "path";
+import { resolveBunBinaryPath, resolveBunInstallDir, resolveClaudeBinaryPath, resolveClaudeInstallDir, resolveNodeInstallDir } from "@rig/core/runtime-paths";
+import { resolveRuntimeSecrets } from "@rig/core/baked-secrets";
+
+// packages/isolation-plugin/src/runtime-native.ts
+import { dlopen, ptr, suffix, toBuffer } from "bun:ffi";
+import { copyFileSync as copyFileSync2, existsSync as existsSync3, mkdirSync as mkdirSync3, renameSync as renameSync3, rmSync as rmSync2, statSync as statSync2 } from "fs";
+import { tmpdir as tmpdir3 } from "os";
+import { dirname as dirname2, resolve as resolve3 } from "path";
+
+// packages/isolation-plugin/src/sidecar-arg.ts
+var RIG_NATIVE_RUNTIME_SIDECAR_ARG = "__rig_native_runtime_sidecar";
+
+// packages/isolation-plugin/src/runtime-native.ts
+var sharedNativeRuntimeOutputDir = resolve3(tmpdir3(), "rig-native");
+var sharedNativeRuntimeOutputPath = resolve3(sharedNativeRuntimeOutputDir, `runtime-native-${process.platform}-${process.arch}.${suffix}`);
+var colocatedNativeRuntimeFileName = `runtime-native.${suffix}`;
+var nativeRuntimeLibrary = await loadNativeRuntimeLibrary();
+function runtimePrepareTrackedPathsNative(input) {
+  const response = runNativeRuntimeSidecar({
+    op: "prepare-paths",
+    input
+  });
+  if (!response.ok) {
+    throw new Error(response.error);
+  }
+}
+function runtimeLinkDependencyLayerNative(sourceDir, targetDir) {
+  const response = runNativeRuntimeSidecar({
+    op: "link-dependency-layer",
+    input: { sourceDir, targetDir }
+  });
+  if (!response.ok) {
+    throw new Error(response.error);
+  }
+}
+function runtimeScanWorktreesNative(worktreesRoot) {
+  const response = runNativeRuntimeSidecar({
+    op: "scan-worktrees",
+    input: { worktreesRoot }
+  });
+  if (!response.ok) {
+    throw new Error(response.error);
+  }
+  return response.entries ?? [];
+}
+async function ensureNativeRuntimeLibraryPath(outputPath = sharedNativeRuntimeOutputPath, options = {}) {
+  const explicitLib = process.env.RIG_NATIVE_RUNTIME_LIB?.trim();
+  if (explicitLib && existsSync3(explicitLib)) {
+    return explicitLib;
+  }
+  const embeddedPath = extractEmbeddedNative("snapshot");
+  if (embeddedPath) {
+    return embeddedPath;
+  }
+  if (await buildNativeRuntimeLibrary(outputPath, options)) {
+    return outputPath;
+  }
+  return !options.force && existsSync3(outputPath) ? outputPath : null;
+}
+async function materializeNativeRuntimeLibrary(targetDir) {
+  const sourcePath = await ensureNativeRuntimeLibraryPath();
+  if (!sourcePath) {
+    return null;
+  }
+  const targetPath = resolve3(targetDir, colocatedNativeRuntimeFileName);
+  mkdirSync3(targetDir, { recursive: true });
+  const needsCopy = !existsSync3(targetPath) || statSync2(sourcePath).mtimeMs > statSync2(targetPath).mtimeMs;
+  if (needsCopy) {
+    copyFileSync2(sourcePath, targetPath);
+  }
+  return targetPath;
+}
+async function loadNativeRuntimeLibrary() {
+  if (process.env.RIG_DISABLE_ZIG_NATIVE === "1") {
+    return null;
+  }
+  const explicitLib = process.env.RIG_NATIVE_RUNTIME_LIB?.trim();
+  if (explicitLib && existsSync3(explicitLib)) {
+    const loaded = tryDlopenNativeRuntimeLibrary(explicitLib);
+    if (loaded) {
+      return loaded;
+    }
+  }
+  const embeddedPath = extractEmbeddedNative("snapshot");
+  if (embeddedPath) {
+    const loaded = tryDlopenNativeRuntimeLibrary(embeddedPath);
+    if (loaded) {
+      return loaded;
+    }
+  }
+  for (const candidate of nativeRuntimeLibraryCandidates()) {
+    if (!candidate || !existsSync3(candidate)) {
+      continue;
+    }
+    const loaded = tryDlopenNativeRuntimeLibrary(candidate);
+    if (loaded) {
+      return loaded;
+    }
+  }
+  const builtLibraryPath = await ensureNativeRuntimeLibraryPath(sharedNativeRuntimeOutputPath, { force: true });
+  if (!builtLibraryPath) {
+    return null;
+  }
+  return tryDlopenNativeRuntimeLibrary(builtLibraryPath);
+}
+function nativePackageLibraryCandidates(fromDir, names) {
+  const candidates = [];
+  let cursor = resolve3(fromDir);
+  for (let index = 0;index < 8; index += 1) {
+    for (const name of names) {
+      candidates.push(resolve3(cursor, "native", `${process.platform}-${process.arch}`, name), resolve3(cursor, "native", `${process.platform}-${process.arch}`, "lib", name), resolve3(cursor, "native", name), resolve3(cursor, "native", "lib", name));
+    }
+    const parent = dirname2(cursor);
+    if (parent === cursor)
+      break;
+    cursor = parent;
+  }
+  return candidates;
+}
+function nativeRuntimeLibraryCandidates() {
+  const explicit = process.env.RIG_NATIVE_RUNTIME_LIB?.trim() || "";
+  const execDir = process.execPath?.trim() ? dirname2(process.execPath.trim()) : "";
+  const platformSpecific = `runtime-native-${process.platform}-${process.arch}.${suffix}`;
+  return [...new Set([
+    explicit,
+    ...nativePackageLibraryCandidates(import.meta.dir, [colocatedNativeRuntimeFileName, platformSpecific]),
+    execDir ? resolve3(execDir, colocatedNativeRuntimeFileName) : "",
+    execDir ? resolve3(execDir, platformSpecific) : "",
+    execDir ? resolve3(execDir, "..", colocatedNativeRuntimeFileName) : "",
+    execDir ? resolve3(execDir, "..", platformSpecific) : "",
+    execDir ? resolve3(execDir, "lib", colocatedNativeRuntimeFileName) : "",
+    execDir ? resolve3(execDir, "..", "lib", colocatedNativeRuntimeFileName) : "",
+    sharedNativeRuntimeOutputPath
+  ].filter(Boolean))];
+}
+function resolveNativeRuntimeSourcePath() {
+  const explicit = process.env.RIG_NATIVE_RUNTIME_SOURCE?.trim();
+  if (explicit && existsSync3(explicit)) {
+    return explicit;
+  }
+  const bundled = resolve3(import.meta.dir, "../native/snapshot.zig");
+  return existsSync3(bundled) ? bundled : null;
+}
+function resolveNativeRuntimeSidecarSourcePath() {
+  const envRoots = [
+    process.cwd()?.trim(),
+    process.env.RIG_HOST_PROJECT_ROOT?.trim(),
+    process.env.PROJECT_RIG_ROOT?.trim()
+  ].filter(Boolean);
+  for (const root of envRoots) {
+    for (const relative of [
+      "packages/isolation-plugin/src/runtime-native-sidecar.ts",
+      "packages/isolation-plugin/dist/src/runtime-native-sidecar.js"
+    ]) {
+      const candidate = resolve3(root, relative);
+      if (existsSync3(candidate)) {
+        return candidate;
+      }
+    }
+  }
+  for (const localCandidate of [
+    resolve3(import.meta.dir, "runtime-native-sidecar.js"),
+    resolve3(import.meta.dir, "runtime-native-sidecar.ts")
+  ]) {
+    if (existsSync3(localCandidate))
+      return localCandidate;
+  }
+  return null;
+}
+async function buildNativeRuntimeLibrary(outputPath, options = {}) {
+  if (process.env.RIG_DISABLE_ZIG_NATIVE === "1") {
+    return false;
+  }
+  const zigBinary = Bun.which("zig");
+  const sourcePath = resolveNativeRuntimeSourcePath();
+  if (!zigBinary || !sourcePath) {
+    return false;
+  }
+  const tempOutputPath = `${outputPath}.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}.tmp`;
+  try {
+    mkdirSync3(dirname2(outputPath), { recursive: true });
+    const needsBuild = options.force === true || !existsSync3(outputPath) || statSync2(sourcePath).mtimeMs > statSync2(outputPath).mtimeMs;
+    if (!needsBuild) {
+      return true;
+    }
+    const build = Bun.spawn([
+      zigBinary,
+      "build-lib",
+      sourcePath,
+      "-dynamic",
+      "-O",
+      "ReleaseFast",
+      `-femit-bin=${tempOutputPath}`
+    ], {
+      cwd: import.meta.dir,
+      stdout: "pipe",
+      stderr: "pipe"
+    });
+    const exitCode = await build.exited;
+    if (exitCode !== 0 || !existsSync3(tempOutputPath)) {
+      rmSync2(tempOutputPath, { force: true });
+      return false;
+    }
+    renameSync3(tempOutputPath, outputPath);
+    return true;
+  } catch {
+    rmSync2(tempOutputPath, { force: true });
+    return false;
+  }
+}
+function tryDlopenNativeRuntimeLibrary(outputPath) {
+  try {
+    return dlopen(outputPath, {
+      rig_scope_match: {
+        args: ["ptr", "ptr"],
+        returns: "u8"
+      },
+      snapshot_capture: {
+        args: ["ptr", "u64", "ptr", "u64"],
+        returns: "ptr"
+      },
+      snapshot_delta: {
+        args: ["ptr", "ptr"],
+        returns: "ptr"
+      },
+      snapshot_store_delta: {
+        args: ["ptr", "ptr", "ptr", "u64", "ptr", "u64", "ptr", "u64", "ptr", "u64"],
+        returns: "ptr"
+      },
+      snapshot_inspect_delta: {
+        args: ["ptr", "u64"],
+        returns: "ptr"
+      },
+      snapshot_apply_delta: {
+        args: ["ptr", "u64", "ptr", "u64"],
+        returns: "ptr"
+      },
+      snapshot_release: {
+        args: ["ptr"],
+        returns: "void"
+      },
+      runtime_hash_file: {
+        args: ["ptr", "u64"],
+        returns: "ptr"
+      },
+      runtime_hash_tree: {
+        args: ["ptr", "u64"],
+        returns: "ptr"
+      },
+      runtime_prepare_paths: {
+        args: ["ptr", "u64", "ptr", "u64", "ptr", "u64", "ptr", "u64", "ptr", "u64"],
+        returns: "ptr"
+      },
+      runtime_link_dependency_layer: {
+        args: ["ptr", "u64", "ptr", "u64"],
+        returns: "ptr"
+      },
+      runtime_scan_worktrees: {
+        args: ["ptr", "u64"],
+        returns: "ptr"
+      }
+    });
+  } catch {
+    return null;
+  }
+}
+function resolveNativeRuntimeSidecarCommand(request) {
+  if (hasEmbeddedNatives()) {
+    return {
+      argv: [process.execPath, RIG_NATIVE_RUNTIME_SIDECAR_ARG, JSON.stringify(request)],
+      env: {}
+    };
+  }
+  const hostBinary = process.env.RIG_NATIVE_HOST_BINARY?.trim();
+  if (hostBinary) {
+    return {
+      argv: [hostBinary, RIG_NATIVE_RUNTIME_SIDECAR_ARG, JSON.stringify(request)],
+      env: {}
+    };
+  }
+  const sidecarSourcePath = resolveNativeRuntimeSidecarSourcePath();
+  if (!sidecarSourcePath) {
+    throw new Error("runtime-native-sidecar.ts source file not found.");
+  }
+  const bunCli = resolveNativeRuntimeSidecarInvocation();
+  return {
+    argv: [bunCli.command, sidecarSourcePath, JSON.stringify(request)],
+    env: bunCli.env
+  };
+}
+function runNativeRuntimeSidecar(request) {
+  const { argv, env } = resolveNativeRuntimeSidecarCommand(request);
+  const proc = Bun.spawnSync(argv, {
+    cwd: process.env.RIG_HOST_PROJECT_ROOT?.trim() || process.cwd(),
+    stdout: "pipe",
+    stderr: "pipe",
+    env: {
+      ...process.env,
+      ...env,
+      RIG_NATIVE_RUNTIME_SIDECAR: "1"
+    }
+  });
+  if (proc.exitCode !== 0) {
+    throw new Error(proc.stderr.toString() || proc.stdout.toString() || `runtime native sidecar exited ${proc.exitCode}`);
+  }
+  const stdout = proc.stdout.toString().trim();
+  if (!stdout) {
+    throw new Error("runtime native sidecar returned empty output.");
+  }
+  const responseLine = stdout.split(`
+`).map((line) => line.trim()).filter((line) => line.startsWith("{")).at(-1);
+  if (!responseLine) {
+    throw new Error(`runtime native sidecar returned no JSON response: ${stdout}`);
+  }
+  return JSON.parse(responseLine);
+}
+function resolveNativeRuntimeSidecarInvocation() {
+  const bunPath = Bun.which("bun");
+  if (bunPath) {
+    return { command: bunPath, env: {} };
+  }
+  if (process.execPath?.trim()) {
+    return {
+      command: process.execPath,
+      env: { BUN_BE_BUN: "1" }
+    };
+  }
+  throw new Error("bun is required to run the runtime native sidecar.");
+}
+
+// packages/isolation-plugin/src/isolation/home.ts
+import { browserEnvFromContext, loadRuntimeContext, runtimeMemoryEnvFromContext, RUNTIME_CONTEXT_ENV } from "@rig/core/runtime-context";
+
+// packages/isolation-plugin/src/isolation/shared.ts
+import { existsSync as existsSync4, readFileSync as readFileSync3, rmSync as rmSync3 } from "fs";
+import { resolve as resolve4 } from "path";
+import { agentId, safeGitRefComponent, taskRuntimeId } from "@rig/core/safe-identifiers";
+import { resolveCheckoutRoot } from "@rig/core/checkout-root";
+function isRuntimeGatewayGitPath(candidate) {
+  return /\/\.rig\/bin\/git$/.test(candidate.replace(/\\/g, "/"));
+}
+function isRuntimeGatewayGhPath(candidate) {
+  return /\/\.rig\/bin\/gh$/.test(candidate.replace(/\\/g, "/"));
+}
+function resolveHostGitBinary() {
+  const candidates = [
+    process.env.RIG_GIT_BIN?.trim() || "",
+    "/usr/bin/git",
+    "/opt/homebrew/bin/git",
+    "/usr/local/bin/git"
+  ];
+  const bunResolved = Bun.which("git");
+  if (bunResolved && !isRuntimeGatewayGitPath(bunResolved)) {
+    candidates.push(bunResolved);
+  }
+  for (const candidate of candidates) {
+    if (candidate && !isRuntimeGatewayGitPath(candidate) && existsSync4(candidate)) {
+      return candidate;
+    }
+  }
+  return "git";
+}
+function resolveGithubCliBinary(options = {}) {
+  const candidates = new Set;
+  const explicit = process.env.RIG_GH_BIN?.trim();
+  if (explicit) {
+    candidates.add(explicit);
+  }
+  for (const candidate of ["/usr/bin/gh", "/opt/homebrew/bin/gh", "/usr/local/bin/gh"]) {
+    candidates.add(candidate);
+  }
+  if (options.scanPath) {
+    for (const entry of (process.env.PATH || "").split(":").map((value) => value.trim()).filter(Boolean)) {
+      candidates.add(resolve4(entry, "gh"));
+    }
+  }
+  const bunResolved = Bun.which("gh");
+  if (bunResolved) {
+    candidates.add(bunResolved);
+  }
+  for (const candidate of candidates) {
+    if (candidate && existsSync4(candidate) && !isRuntimeGatewayGhPath(candidate)) {
+      return candidate;
+    }
+  }
+  return "";
+}
+var generatedCredentialFiles = new Set;
+var credentialCleanupRegistered = false;
+function resolveMonorepoRoot(projectRoot) {
+  return resolveCheckoutRoot(projectRoot);
+}
+async function runGitCommand(repoRoot, args) {
+  const gitBinary = resolveHostGitBinary();
+  return Bun.$`${gitBinary} -C ${repoRoot} ${args}`.quiet().nothrow();
+}
+async function readGitConfigValue(repoRoot, key, global = false) {
+  const args = ["config", ...global ? ["--global"] : [], "--get", key];
+  const result = await runGitCommand(repoRoot, args);
+  if (result.exitCode !== 0) {
+    return "";
+  }
+  return String(result.stdout).trim();
+}
+async function readGitStdout(repoRoot, args) {
+  const result = await runGitCommand(repoRoot, args);
+  if (result.exitCode !== 0) {
+    throw new Error(`git -C ${repoRoot} ${args.join(" ")} failed: ${result.stderr || result.stdout}`);
+  }
+  return String(result.stdout).trim();
+}
+async function hasGitRemote(repoRoot, remote) {
+  const result = await runGitCommand(repoRoot, ["remote", "get-url", remote]);
+  return result.exitCode === 0;
+}
+async function ensureFullGitHistory(repoRoot) {
+  const shallow = await runGitCommand(repoRoot, ["rev-parse", "--is-shallow-repository"]);
+  if (shallow.exitCode !== 0 || String(shallow.stdout).trim() !== "true") {
+    return;
+  }
+  const unshallow = await runGitCommand(repoRoot, ["fetch", "--unshallow", "--tags", "origin"]);
+  if (unshallow.exitCode === 0) {
+    return;
+  }
+  const output = `${unshallow.stderr}
+${unshallow.stdout}`.trim();
+  if (/--unshallow on a complete repository|does not make sense/i.test(output)) {
+    return;
+  }
+  throw new Error(`Failed to expand git history for ${repoRoot}: ${output}`);
+}
+async function refreshRemoteBranch(repoRoot, remote, branch) {
+  if (!await hasGitRemote(repoRoot, remote)) {
+    return;
+  }
+  try {
+    await ensureFullGitHistory(repoRoot);
+    const fetch = await runGitCommand(repoRoot, [
+      "fetch",
+      "--prune",
+      "--tags",
+      remote,
+      `+refs/heads/${branch}:refs/remotes/${remote}/${branch}`
+    ]);
+    if (fetch.exitCode !== 0) {
+      return;
+    }
+  } catch {
+    return;
+  }
+}
+async function tryReadGitHead(repoRoot) {
+  if (!existsSync4(resolve4(repoRoot, ".git"))) {
+    return;
+  }
+  const result = await runGitCommand(repoRoot, ["rev-parse", "HEAD"]);
+  if (result.exitCode !== 0) {
+    return;
+  }
+  const value = String(result.stdout).trim();
+  return value || undefined;
+}
+async function captureRepoDirtyFiles(repoRoot) {
+  if (!existsSync4(resolve4(repoRoot, ".git"))) {
+    return [];
+  }
+  const files = new Set;
+  for (const args of [
+    ["diff", "--name-only"],
+    ["diff", "--cached", "--name-only"],
+    ["ls-files", "--others", "--exclude-standard"]
+  ]) {
+    const result = await runGitCommand(repoRoot, args);
+    if (result.exitCode !== 0) {
+      continue;
+    }
+    for (const line of String(result.stdout).split(/\r?\n/)) {
+      const trimmed = line.trim();
+      if (trimmed) {
+        files.add(trimmed);
+      }
+    }
+  }
+  return [...files].sort();
+}
+function sha256Hex(input) {
+  const hasher = new Bun.CryptoHasher("sha256");
+  hasher.update(input);
+  return hasher.digest("hex");
+}
+function registerCredentialCleanup(path) {
+  generatedCredentialFiles.add(path);
+  if (credentialCleanupRegistered) {
+    return;
+  }
+  credentialCleanupRegistered = true;
+  const cleanup = () => {
+    for (const filePath of generatedCredentialFiles) {
+      try {
+        rmSync3(filePath, { force: true });
+      } catch {}
+    }
+    generatedCredentialFiles.clear();
+  };
+  process.on("exit", cleanup);
+  process.on("beforeExit", cleanup);
+}
+async function captureStdout(fn) {
+  const chunks = [];
+  const originalWrite = process.stdout.write.bind(process.stdout);
+  const originalLog = console.log;
+  const originalError = console.error;
+  process.stdout.write = (chunk, encoding, cb) => {
+    chunks.push(typeof chunk === "string" ? chunk : Buffer.from(chunk).toString(typeof encoding === "string" ? encoding : undefined));
+    const callback = typeof encoding === "function" ? encoding : cb;
+    callback?.(null);
+    return true;
+  };
+  console.log = (...args) => {
+    chunks.push(`${args.map((value) => String(value)).join(" ")}
+`);
+  };
+  console.error = (...args) => {
+    chunks.push(`${args.map((value) => String(value)).join(" ")}
+`);
+  };
+  try {
+    await fn();
+    return chunks.join("");
+  } finally {
+    process.stdout.write = originalWrite;
+    console.log = originalLog;
+    console.error = originalError;
+  }
+}
+function sanitizeRuntimeRefSegment(value) {
+  return safeGitRefComponent(value, { fallback: "runtime", maxLength: 64 });
+}
+function runtimeBranchBackupName(branch) {
+  const branchId = branch.replace(/^rig\//, "");
+  return `rig-backup/${sanitizeRuntimeRefSegment(branchId)}-${Date.now()}`;
+}
+function hashProjectPath(workspaceDir) {
+  return sha256Hex(workspaceDir).slice(0, 16);
+}
+async function resolveGithubCliAuthToken(ghBinary = "") {
+  const gh = ghBinary || resolveGithubCliBinary();
+  if (!gh) {
+    return "";
+  }
+  const auth = Bun.spawn([gh, "auth", "token"], {
+    stdout: "pipe",
+    stderr: "pipe"
+  });
+  const [exitCode, stdout] = await Promise.all([
+    auth.exited,
+    new Response(auth.stdout).text()
+  ]);
+  if (exitCode !== 0) {
+    return "";
+  }
+  return stdout.trim();
+}
+function resolveSystemCertBundlePath() {
+  const candidates = [
+    process.env.SSL_CERT_FILE?.trim(),
+    "/etc/ssl/cert.pem",
+    "/private/etc/ssl/cert.pem",
+    "/opt/homebrew/etc/openssl@3/cert.pem"
+  ];
+  for (const candidate of candidates) {
+    if (candidate && existsSync4(candidate)) {
+      return resolve4(candidate);
+    }
+  }
+  return "";
+}
+function readKnownHosts(path) {
+  if (!existsSync4(path)) {
+    return new Set;
+  }
+  return new Set(readFileSync3(path, "utf-8").split(/\r?\n/).map((line) => line.trim()).filter(Boolean));
+}
+
+// packages/isolation-plugin/src/isolation/home.ts
+var GITHUB_SSH_KEY_PLACEHOLDER = "<base64 encoded>";
+var GITHUB_KNOWN_HOSTS = [
+  "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl",
+  "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=",
+  "github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk="
+].join(`
+`);
+function authStateToken(env = process.env) {
+  const file = env.RIG_GITHUB_AUTH_STATE_FILE?.trim();
+  if (!file || !existsSync5(file))
+    return null;
+  try {
+    const parsed = JSON.parse(readFileSync4(file, "utf8"));
+    const token = typeof parsed.token === "string" ? parsed.token.trim() : "";
+    return token.length > 0 ? token : null;
+  } catch {
+    return null;
+  }
+}
+function resolveControlPlaneSourceRoot(projectRoot) {
+  const candidates = [
+    process.env.RIG_CONTROL_PLANE_SOURCE_ROOT?.trim(),
+    process.env.RIG_HOST_PROJECT_ROOT?.trim(),
+    resolve5(import.meta.dir, "../../../../.."),
+    projectRoot
+  ].filter((value) => Boolean(value));
+  for (const candidate of candidates) {
+    const root = resolve5(candidate);
+    if (existsSync5(resolve5(root, "packages/cli/bin/rig.ts"))) {
+      return root;
+    }
+  }
+  return "";
+}
+async function runtimeEnv(projectRoot, runtime) {
+  const bunBinaryPath = resolveBunBinaryPath();
+  const bunDir = resolveBunInstallDir(bunBinaryPath);
+  const claudeBinaryPath = process.env.RIG_CLAUDE_PATH?.trim() || (() => {
+    try {
+      return resolveClaudeBinaryPath();
+    } catch {
+      return "";
+    }
+  })();
+  const claudeDir = claudeBinaryPath ? (() => {
+    try {
+      return resolveClaudeInstallDir();
+    } catch {
+      return resolve5(claudeBinaryPath, "..");
+    }
+  })() : "";
+  const nodeDir = resolveNodeInstallDir();
+  const hostGhBinary = resolveGithubCliBinary();
+  const runtimeCertBundlePath = await materializeRuntimeCertBundle(runtime);
+  const monorepoMainRoot = resolveMonorepoRoot(projectRoot);
+  const realHome = process.env.HOME?.trim();
+  const inheritedPath = (process.env.PATH ?? "").split(delimiter).map((entry) => entry.trim()).filter(Boolean).filter((entry) => !entry.endsWith("/.rig/bin") && !entry.endsWith("/rig/tools"));
+  const pathEntries = [
+    runtime.binDir,
+    `${projectRoot}/rig/tools`,
+    `${bunDir}/bin`,
+    claudeDir,
+    nodeDir ? `${nodeDir}/bin` : "",
+    realHome ? resolve5(realHome, ".local/bin") : "",
+    realHome ? resolve5(realHome, ".cargo/bin") : "",
+    ...inheritedPath,
+    "/usr/local/bin",
+    "/usr/local/sbin",
+    "/opt/homebrew/bin",
+    "/opt/homebrew/sbin",
+    "/usr/bin",
+    "/bin",
+    "/usr/sbin",
+    "/sbin"
+  ].filter(Boolean);
+  const runtimeBash = resolve5(runtime.binDir, "bash");
+  const runtimeRigGit = resolve5(runtime.binDir, runtimeRigGitFileName());
+  const preferredShell = existsSync5(runtimeBash) ? runtimeBash : "/bin/bash";
+  const nativeRuntimeLibraryPath = await materializeNativeRuntimeLibrary(runtime.binDir);
+  const controlPlaneSourceRoot = resolveControlPlaneSourceRoot(projectRoot);
+  const env = {
+    PROJECT_RIG_ROOT: projectRoot,
+    RIG_HOST_PROJECT_ROOT: projectRoot,
+    ...controlPlaneSourceRoot ? { RIG_CONTROL_PLANE_SOURCE_ROOT: controlPlaneSourceRoot } : {},
+    HOME: runtime.homeDir,
+    TMPDIR: runtime.tmpDir,
+    XDG_CACHE_HOME: runtime.cacheDir,
+    XDG_STATE_HOME: runtime.stateDir,
+    RIG_AGENT_ID: runtime.id,
+    ...process.env.RIG_RUN_ID?.trim() ? { RIG_RUN_ID: process.env.RIG_RUN_ID.trim() } : {},
+    ...process.env.RIG_SERVER_RUN_ID?.trim() ? { RIG_SERVER_RUN_ID: process.env.RIG_SERVER_RUN_ID.trim() } : {},
+    ...process.env.RIG_SERVER_URL?.trim() ? { RIG_SERVER_URL: process.env.RIG_SERVER_URL.trim() } : {},
+    ...process.env.RIG_AUTH_TOKEN?.trim() ? { RIG_AUTH_TOKEN: process.env.RIG_AUTH_TOKEN.trim() } : {},
+    RIG_TASK_ID: runtime.taskId,
+    RIG_TASK_RUNTIME_ID: runtime.id,
+    RIG_TASK_WORKSPACE: runtime.workspaceDir,
+    RIG_TASK_RUNTIME_MODE: runtime.mode,
+    RIG_RUNTIME_MODE: runtime.mode,
+    RIG_RUNTIME_ADAPTER: "pi",
+    RIG_RUNTIME_HOME: runtime.rootDir,
+    RIG_RUNTIME_BIN_DIR: runtime.binDir,
+    ...existsSync5(runtimeRigGit) ? { RIG_NATIVE_GIT_BIN: runtimeRigGit } : {},
+    RIG_BUN_PATH: bunBinaryPath,
+    ...claudeBinaryPath ? { RIG_CLAUDE_PATH: claudeBinaryPath } : {},
+    RIG_AGENT_BIN: resolve5(runtime.binDir, "rig-agent"),
+    RIG_HOOKS_ACTIVE: "1",
+    RIG_AUTO_PR_ON_COMPLETE: "1",
+    RIG_POLICY_FILE: resolve5(projectRoot, "rig/policy/policy.json"),
+    RIG_STATE_DIR: runtime.stateDir,
+    RIG_LOGS_DIR: runtime.logsDir,
+    RIG_SESSION_FILE: resolve5(runtime.sessionDir, "session.json"),
+    MONOREPO_ROOT: runtime.workspaceDir,
+    MONOREPO_MAIN_ROOT: monorepoMainRoot,
+    TS_API_TESTS_DIR: resolve5(runtime.workspaceDir, "TSAPITests"),
+    BASH: preferredShell,
+    SHELL: preferredShell,
+    PATH: [...new Set(pathEntries)].join(delimiter),
+    LANG: process.env.LANG ?? "en_US.UTF-8",
+    TERM: process.env.TERM ?? "xterm-256color",
+    PYTHONDONTWRITEBYTECODE: "1",
+    PYTHONPYCACHEPREFIX: resolve5(runtime.cacheDir, "python"),
+    ...process.env.RIG_PR_BASE_PROJECT && { RIG_PR_BASE_PROJECT: process.env.RIG_PR_BASE_PROJECT },
+    ...process.env.RIG_PR_BASE_MONOREPO && { RIG_PR_BASE_MONOREPO: process.env.RIG_PR_BASE_MONOREPO },
+    CLAUDE_HOME: runtime.claudeHomeDir,
+    PI_CODING_AGENT_DIR: resolve5(runtime.homeDir, ".pi", "agent"),
+    OMP_SKIP_SETUP: "1",
+    [RUNTIME_CONTEXT_ENV]: runtime.contextFile,
+    ...nativeRuntimeLibraryPath ? { RIG_NATIVE_RUNTIME_LIB: nativeRuntimeLibraryPath } : {},
+    ...hostGhBinary ? { RIG_GH_BIN: hostGhBinary } : {},
+    ...runtimeCertBundlePath ? {
+      SSL_CERT_FILE: runtimeCertBundlePath,
+      CURL_CA_BUNDLE: runtimeCertBundlePath,
+      REQUESTS_CA_BUNDLE: runtimeCertBundlePath,
+      NODE_EXTRA_CA_CERTS: runtimeCertBundlePath
+    } : {}
+  };
+  const knownHostsPath = resolve5(runtime.homeDir, ".ssh", "known_hosts");
+  if (existsSync5(knownHostsPath)) {
+    const agentSshKey = resolve5(runtime.homeDir, ".ssh", "rig-agent-key");
+    const sshParts = [
+      "ssh",
+      `-o UserKnownHostsFile="${knownHostsPath}"`,
+      "-o StrictHostKeyChecking=yes",
+      "-F /dev/null"
+    ];
+    if (existsSync5(agentSshKey)) {
+      sshParts.splice(1, 0, `-i "${agentSshKey}"`, "-o IdentitiesOnly=yes");
+    }
+    env.GIT_SSH_COMMAND = sshParts.join(" ");
+  }
+  const persistedSecretsPath = resolve5(runtime.rootDir, "runtime-secrets.json");
+  if (existsSync5(persistedSecretsPath)) {
+    try {
+      const persisted = JSON.parse(readFileSync4(persistedSecretsPath, "utf8"));
+      if (persisted && typeof persisted === "object") {
+        for (const [key, value] of Object.entries(persisted)) {
+          if (key === "GITHUB_SSH_KEY")
+            continue;
+          if (typeof value === "string" && value && !env[key])
+            env[key] = value;
+        }
+      }
+    } catch {}
+  }
+  for (const [key, value] of Object.entries(resolveRuntimeSecrets(process.env))) {
+    if (key === "GITHUB_SSH_KEY") {
+      continue;
+    }
+    if (value) {
+      env[key] = value;
+    }
+  }
+  const authStateGithubToken = authStateToken(process.env) || "";
+  const explicitRigGithubToken = process.env.RIG_GITHUB_TOKEN?.trim() || "";
+  const rigGithubToken = explicitRigGithubToken || authStateGithubToken;
+  if (rigGithubToken) {
+    env.RIG_GITHUB_TOKEN = rigGithubToken;
+    env.GITHUB_TOKEN = rigGithubToken;
+    env.GH_TOKEN = rigGithubToken;
+  }
+  const fallbackGithubToken = !env.GITHUB_TOKEN && !env.GH_TOKEN ? await resolveGithubCliAuthToken(hostGhBinary) : "";
+  if (fallbackGithubToken) {
+    env.GITHUB_TOKEN = fallbackGithubToken;
+  }
+  if (!env.GITHUB_TOKEN && env.GH_TOKEN) {
+    env.GITHUB_TOKEN = env.GH_TOKEN;
+  }
+  if (!env.GH_TOKEN && env.GITHUB_TOKEN) {
+    env.GH_TOKEN = env.GITHUB_TOKEN;
+  }
+  const gitHubToken = env.GITHUB_TOKEN || env.GH_TOKEN || rigGithubToken;
+  if (gitHubToken) {
+    env.RIG_GITHUB_TOKEN = gitHubToken;
+    env.GITHUB_TOKEN = env.GITHUB_TOKEN || gitHubToken;
+    env.GH_TOKEN = env.GH_TOKEN || gitHubToken;
+    applyGitHubCredentialHelperEnv(env);
+  }
+  if (!env.GREPTILE_GITHUB_TOKEN && env.GITHUB_TOKEN) {
+    env.GREPTILE_GITHUB_TOKEN = env.GITHUB_TOKEN;
+  }
+  if (existsSync5(runtime.contextFile)) {
+    const runtimeContext = loadRuntimeContext(runtime.contextFile);
+    Object.assign(env, runtimeMemoryEnvFromContext(runtimeContext));
+    Object.assign(env, browserEnvFromContext(runtimeContext.browser));
+  }
+  persistRuntimeSecrets(runtime.rootDir, env);
+  return env;
+}
+function runtimeCommandEnv(baseEnv, command) {
+  const env = { ...baseEnv };
+  delete env.ENV;
+  delete env.BASH_ENV;
+  const executable = command[0]?.trim() ?? "";
+  const shellName = basename(executable);
+  const isPosixSh = executable === "/bin/sh" || shellName === "sh" || shellName === "dash";
+  if (isPosixSh) {
+    delete env.BASH;
+    if (executable) {
+      env.SHELL = executable;
+    }
+  }
+  return env;
+}
+async function provisionRuntimeHome(runtime, options = {}) {
+  await mkdir(runtime.homeDir, { recursive: true });
+  await mkdir(runtime.tmpDir, { recursive: true });
+  await mkdir(runtime.cacheDir, { recursive: true });
+  await provisionAgentSshKey(runtime.homeDir);
+  if (options.provider === "pi") {
+    const hasPiAuth = await injectPiAgentConfig(resolve5(runtime.homeDir, ".pi", "agent"));
+    if (!hasPiAuth) {
+      console.warn("[rig] No Pi auth.json found for isolated runtime. " + "Run `pi /login` in your host shell, then retry the agent run.");
+    }
+  }
+}
+async function provisionClaudeHome(config) {
+  mkdirSync4(config.claudeHomeDir, { recursive: true });
+  const workspaceSettings = resolve5(config.workspaceDir, ".claude/settings.json");
+  const hostSettings = resolve5(config.hostProjectRoot, ".claude/settings.json");
+  const projectSettings = existsSync5(workspaceSettings) ? workspaceSettings : hostSettings;
+  const runtimeSettings = await loadRuntimeClaudeSettings(projectSettings);
+  if (existsSync5(projectSettings)) {
+    writeFileSync3(resolve5(config.claudeHomeDir, "settings.local.json"), `${JSON.stringify(runtimeSettings, null, 2)}
+`, "utf-8");
+  }
+  writeClaudeProjectSettings(config.claudeHomeDir, config.workspaceDir, runtimeSettings);
+  writeFileSync3(resolve5(config.claudeHomeDir, "settings.json"), JSON.stringify({
+    permissions: { defaultMode: "bypassPermissions" },
+    autoMemoryEnabled: false
+  }, null, 2));
+  const hasCredentials = await injectClaudeCredentials(config.claudeHomeDir);
+  if (!hasCredentials) {
+    console.warn("[rig] No Claude credentials found for isolated runtime. " + "Run `claude /login` in your host shell, then retry the agent run.");
+  }
+  const realClaudeHome = resolve5(process.env.HOME ?? "", ".claude");
+  if (process.env.HOME && existsSync5(resolve5(realClaudeHome, "CLAUDE.md"))) {
+    cpSync(resolve5(realClaudeHome, "CLAUDE.md"), resolve5(config.claudeHomeDir, "CLAUDE.md"));
+  }
+  if (process.env.HOME && existsSync5(resolve5(realClaudeHome, "agents"))) {
+    cpSync(resolve5(realClaudeHome, "agents"), resolve5(config.claudeHomeDir, "agents"), { recursive: true });
+  }
+  if (process.platform === "darwin" && process.env.HOME) {
+    writeClaudeProjectSettings(realClaudeHome, config.workspaceDir, runtimeSettings);
+  }
+}
+async function materializeRuntimeCertBundle(runtime) {
+  const sourcePath = resolveSystemCertBundlePath();
+  if (!sourcePath) {
+    return "";
+  }
+  const certsDir = resolve5(runtime.rootDir, "certs");
+  const targetPath = resolve5(certsDir, "ca-certificates.pem");
+  await mkdir(certsDir, { recursive: true });
+  let shouldCopy = !existsSync5(targetPath);
+  if (!shouldCopy) {
+    try {
+      shouldCopy = statSync3(sourcePath).mtimeMs > statSync3(targetPath).mtimeMs;
+    } catch {
+      shouldCopy = true;
+    }
+  }
+  if (shouldCopy) {
+    copyFileSync3(sourcePath, targetPath);
+  }
+  return targetPath;
+}
+function applyGitHubCredentialHelperEnv(env) {
+  env.GIT_TERMINAL_PROMPT = "0";
+  env.GIT_CONFIG_COUNT = "2";
+  env.GIT_CONFIG_KEY_0 = "credential.helper";
+  env.GIT_CONFIG_VALUE_0 = "";
+  env.GIT_CONFIG_KEY_1 = "credential.helper";
+  env.GIT_CONFIG_VALUE_1 = '!f() { test "$1" = get || exit 0; token="${GITHUB_TOKEN:-${GH_TOKEN:-${RIG_GITHUB_TOKEN:-}}}"; test -n "$token" || exit 0; echo username=x-access-token; echo password="$token"; }; f';
+}
+var PERSISTED_RUNTIME_SECRET_KEYS = [
+  "ANTHROPIC_API_KEY",
+  "OPENAI_API_KEY",
+  "OPENROUTER_API_KEY",
+  "AI_REVIEW_MODE",
+  "AI_REVIEW_PROVIDER",
+  "GREPTILE_API_BASE",
+  "GREPTILE_REMOTE",
+  "GREPTILE_REPOSITORY",
+  "GREPTILE_CONTEXT_BRANCH",
+  "GREPTILE_DEFAULT_BRANCH",
+  "GREPTILE_API_KEY",
+  "GREPTILE_GITHUB_TOKEN",
+  "GREPTILE_POLL_ATTEMPTS",
+  "GREPTILE_POLL_INTERVAL_MS",
+  "GH_TOKEN",
+  "GITHUB_TOKEN",
+  "AWS_ACCESS_KEY_ID",
+  "AWS_SECRET_ACCESS_KEY",
+  "AWS_REGION",
+  "LINEAR_API_KEY",
+  "LINEAR_WEBHOOK_SECRET",
+  "RIG_GITHUB_TOKEN"
+];
+function persistRuntimeSecrets(runtimeRoot, env) {
+  const secretsPath = resolve5(runtimeRoot, "runtime-secrets.json");
+  const resolvedSecrets = resolveRuntimeSecrets(env);
+  const persisted = {};
+  const secretSource = {
+    ...resolvedSecrets,
+    RIG_GITHUB_TOKEN: env.RIG_GITHUB_TOKEN
+  };
+  for (const key of PERSISTED_RUNTIME_SECRET_KEYS) {
+    const value = secretSource[key]?.trim();
+    if (value) {
+      persisted[key] = value;
+    }
+  }
+  if (Object.keys(persisted).length === 0) {
+    return;
+  }
+  writeFileSync3(secretsPath, `${JSON.stringify(persisted, null, 2)}
+`, { encoding: "utf-8", mode: 384 });
+  chmodSync2(secretsPath, 384);
+}
+async function provisionAgentSshKey(homeDir) {
+  const sshDir = resolve5(homeDir, ".ssh");
+  if (!existsSync5(sshDir)) {
+    await mkdir(sshDir, { recursive: true });
+  }
+  seedKnownHosts(sshDir);
+  const secrets = resolveRuntimeSecrets(process.env);
+  const privateKey = decodeProvisionedSshKey(secrets.GITHUB_SSH_KEY);
+  if (!privateKey) {
+    const hostKeyPath = resolveHostSshKeyPath(process.env.HOME ?? "");
+    if (!process.env.HOME || !existsSync5(hostKeyPath)) {
+      return;
+    }
+    const agentKeyPath2 = resolve5(sshDir, "rig-agent-key");
+    if (!existsSync5(agentKeyPath2)) {
+      copyFileSync3(hostKeyPath, agentKeyPath2);
+      chmodSync2(agentKeyPath2, 384);
+    }
+    const hostPubPath = `${hostKeyPath}.pub`;
+    if (existsSync5(hostPubPath)) {
+      const agentPubPath = `${agentKeyPath2}.pub`;
+      if (!existsSync5(agentPubPath)) {
+        copyFileSync3(hostPubPath, agentPubPath);
+      }
+    }
+    writeSshConfig(sshDir, agentKeyPath2);
+    return;
+  }
+  const agentKeyPath = resolve5(sshDir, "rig-agent-key");
+  if (!existsSync5(agentKeyPath)) {
+    writeFileSync3(agentKeyPath, privateKey, { mode: 384 });
+  }
+  writeSshConfig(sshDir, agentKeyPath);
+}
+function decodeProvisionedSshKey(encodedKey) {
+  const trimmed = encodedKey?.trim();
+  if (!trimmed || trimmed === GITHUB_SSH_KEY_PLACEHOLDER) {
+    return null;
+  }
+  const decoded = Buffer.from(trimmed, "base64").toString("utf-8").trim();
+  if (!decoded.includes("PRIVATE KEY")) {
+    return null;
+  }
+  return `${decoded}
+`;
+}
+function resolveHostSshKeyPath(homeDir) {
+  const sshDir = resolve5(homeDir, ".ssh");
+  const candidates = [
+    "rig-agent-key",
+    "id_ed25519",
+    "id_ecdsa",
+    "id_rsa"
+  ].map((name) => resolve5(sshDir, name));
+  return candidates.find((candidate) => existsSync5(candidate)) ?? resolve5(sshDir, "rig-agent-key");
+}
+function writeSshConfig(sshDir, keyPath) {
+  const configPath = resolve5(sshDir, "config");
+  if (existsSync5(configPath)) {
+    return;
+  }
+  const knownHostsPath = resolve5(sshDir, "known_hosts");
+  const config = [
+    "Host github.com",
+    `  IdentityFile ${keyPath}`,
+    "  IdentitiesOnly yes",
+    `  UserKnownHostsFile ${knownHostsPath}`,
+    "  StrictHostKeyChecking yes",
+    ""
+  ].join(`
+`);
+  writeFileSync3(configPath, config, { mode: 420 });
+}
+function seedKnownHosts(sshDir) {
+  const knownHostsPath = resolve5(sshDir, "known_hosts");
+  const existingLines = readKnownHosts(knownHostsPath);
+  const requiredLines = GITHUB_KNOWN_HOSTS.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+  const missing = requiredLines.filter((line) => !existingLines.has(line));
+  if (missing.length === 0) {
+    return;
+  }
+  try {
+    for (const line of missing) {
+      existingLines.add(line);
+    }
+    writeFileSync3(knownHostsPath, `${Array.from(existingLines).join(`
+`)}
+`, { mode: 420 });
+  } catch (err) {
+    const hint = existsSync5(knownHostsPath) ? "" : " \u2014 known_hosts is missing; git SSH operations may fail";
+    console.warn(`[rig] Could not update ${knownHostsPath}: ${err instanceof Error ? err.message : String(err)}${hint}`);
+  }
+}
+function writeClaudeProjectSettings(claudeHomeDir, workspaceDir, runtimeSettings) {
+  const projectHash = hashProjectPath(workspaceDir);
+  const projectDir = resolve5(claudeHomeDir, "projects", projectHash);
+  mkdirSync4(projectDir, { recursive: true });
+  writeFileSync3(resolve5(projectDir, "settings.json"), `${JSON.stringify(runtimeSettings, null, 2)}
+`, "utf-8");
+}
+async function loadRuntimeClaudeSettings(projectSettingsPath) {
+  if (!existsSync5(projectSettingsPath)) {
+    return {};
+  }
+  let parsed;
+  try {
+    parsed = await Bun.file(projectSettingsPath).json();
+  } catch {
+    return {};
+  }
+  const clone = JSON.parse(JSON.stringify(parsed));
+  const hooks = clone.hooks;
+  if (!hooks || typeof hooks !== "object") {
+    return clone;
+  }
+  for (const key of ["PreToolUse", "PostToolUse", "SessionStart", "Stop"]) {
+    const groups = hooks[key];
+    if (!Array.isArray(groups)) {
+      continue;
+    }
+    for (const group of groups) {
+      if (!group || typeof group !== "object" || Array.isArray(group)) {
+        continue;
+      }
+      const hookGroup = group;
+      if (!Array.isArray(hookGroup.hooks)) {
+        continue;
+      }
+      for (const hook of hookGroup.hooks) {
+        if (!hook || hook.type !== "command" || typeof hook.command !== "string") {
+          continue;
+        }
+        const shMatch = hook.command.match(/rig\/hooks\/([a-z0-9-]+)\.sh$/i);
+        if (shMatch) {
+          hook.command = `.rig/bin/hooks/${shMatch[1]}`;
+          continue;
+        }
+        const splinterMatch = hook.command.match(/\.splinter\/bin\/hooks\/([a-z0-9-]+)$/i);
+        if (splinterMatch) {
+          hook.command = `.rig/bin/hooks/${splinterMatch[1]}`;
+        }
+      }
+    }
+  }
+  return clone;
+}
+async function injectClaudeCredentials(claudeHomeDir, options = {}) {
+  const credentialsPath = resolve5(claudeHomeDir, ".credentials.json");
+  const platform = options.platform ?? process.platform;
+  if (platform === "darwin") {
+    const raw = options.loadKeychainCredentials ? await options.loadKeychainCredentials() : await (async () => {
+      const result = await Bun.$`security find-generic-password -s "Claude Code-credentials" -w`.quiet().nothrow();
+      return result.exitCode === 0 ? result.stdout.toString().trim() : "";
+    })();
+    if (raw) {
+      try {
+        JSON.parse(raw);
+        writeFileSync3(credentialsPath, raw, { mode: 384 });
+        registerCredentialCleanup(credentialsPath);
+        return true;
+      } catch {}
+    }
+  }
+  const hostClaudeHome = options.hostClaudeHome ? resolve5(options.hostClaudeHome) : process.env.CLAUDE_HOME?.trim() ? resolve5(process.env.CLAUDE_HOME) : process.env.HOME ? resolve5(process.env.HOME, ".claude") : "";
+  if (hostClaudeHome) {
+    const realCredentials = resolve5(hostClaudeHome, ".credentials.json");
+    if (existsSync5(realCredentials)) {
+      cpSync(realCredentials, credentialsPath);
+      return true;
+    }
+  }
+  return false;
+}
+async function injectPiAgentConfig(piAgentDir) {
+  mkdirSync4(piAgentDir, { recursive: true });
+  const runtimeConfigPath = resolve5(piAgentDir, "config.yml");
+  if (!existsSync5(runtimeConfigPath)) {
+    writeFileSync3(runtimeConfigPath, `setupVersion: 1000
+startup:
+  setupWizard: false
+  checkUpdate: false
+`, { mode: 384 });
+  }
+  const hostPiAgentDir = process.env.PI_CODING_AGENT_DIR?.trim() ? resolve5(process.env.PI_CODING_AGENT_DIR) : process.env.HOME ? resolve5(process.env.HOME, ".pi", "agent") : "";
+  if (!hostPiAgentDir) {
+    return false;
+  }
+  const hostAuthPath = resolve5(hostPiAgentDir, "auth.json");
+  if (!existsSync5(hostAuthPath)) {
+    return false;
+  }
+  const runtimeAuthPath = resolve5(piAgentDir, "auth.json");
+  copyFileSync3(hostAuthPath, runtimeAuthPath);
+  chmodSync2(runtimeAuthPath, 384);
+  const hostSettingsPath = resolve5(hostPiAgentDir, "settings.json");
+  if (existsSync5(hostSettingsPath)) {
+    const runtimeSettingsPath = resolve5(piAgentDir, "settings.json");
+    copyFileSync3(hostSettingsPath, runtimeSettingsPath);
+    chmodSync2(runtimeSettingsPath, 384);
+  }
+  return true;
+}
+
+// packages/isolation-plugin/src/isolation/discovery.ts
+import { existsSync as existsSync9 } from "fs";
+import { resolve as resolve9 } from "path";
+import { resolveRuntimeWorkspaceLayout } from "@rig/core/layout";
+import { loadRuntimeContext as loadRuntimeContext2 } from "@rig/core/runtime-context";
+
+// packages/isolation-plugin/src/isolation/worktree.ts
+import { existsSync as existsSync6, mkdirSync as mkdirSync5, rmSync as rmSync4 } from "fs";
+import { dirname as dirname3, resolve as resolve6 } from "path";
+import { assertPathInsideRoot, safeGitRefComponent as safeGitRefComponent2, safePathSegment } from "@rig/core/safe-identifiers";
+async function resolveMonorepoBaseRef(monorepoRoot) {
+  const explicit = process.env.RIG_RUNTIME_BASE_REF?.trim();
+  if (explicit) {
+    const exists = await runGitCommand(monorepoRoot, ["rev-parse", "--verify", "--quiet", explicit]);
+    if (exists.exitCode !== 0) {
+      throw new Error(`RIG_RUNTIME_BASE_REF=${explicit} does not resolve at ${monorepoRoot}.`);
+    }
+    return explicit;
+  }
+  for (const remote of await preferredBaseRemotes(monorepoRoot)) {
+    await refreshRemoteBranch(monorepoRoot, remote, "main");
+    const remoteMain = await runGitCommand(monorepoRoot, ["show-ref", "--verify", "--quiet", `refs/remotes/${remote}/main`]);
+    if (remoteMain.exitCode === 0) {
+      return `${remote}/main`;
+    }
+  }
+  const localMain = await runGitCommand(monorepoRoot, ["show-ref", "--verify", "--quiet", "refs/heads/main"]);
+  if (localMain.exitCode === 0) {
+    return "main";
+  }
+  throw new Error(`Failed to resolve a monorepo base ref at ${monorepoRoot}. Expected local main or a remote main ref.`);
+}
+function ensureProvisioningHostProjectRootEnv(projectRoot) {
+  if (!projectRoot.trim()) {
+    return;
+  }
+  if (!process.env.RIG_HOST_PROJECT_ROOT?.trim()) {
+    process.env.RIG_HOST_PROJECT_ROOT = projectRoot;
+  }
+  if (!process.env.PROJECT_RIG_ROOT?.trim()) {
+    process.env.PROJECT_RIG_ROOT = projectRoot;
+  }
+}
+async function provisionRuntimeWorktree(config) {
+  const worktreesRoot = resolve6(config.monorepoRoot, ".worktrees");
+  assertPathInsideRoot(worktreesRoot, config.workspaceDir, "runtime worktree path");
+  const branch = runtimeBranchName(config.taskId, config.runtimeId);
+  let hasValidWorktree = existsSync6(resolve6(config.workspaceDir, ".git")) && (await runGitCommand(config.workspaceDir, ["rev-parse", "--show-toplevel"])).exitCode === 0;
+  if (existsSync6(config.workspaceDir) && !hasValidWorktree) {
+    rmSync4(config.workspaceDir, { recursive: true, force: true });
+  }
+  if (!hasValidWorktree) {
+    mkdirSync5(dirname3(config.workspaceDir), { recursive: true });
+    const branchExists = await runGitCommand(config.monorepoRoot, ["show-ref", "--verify", "--quiet", `refs/heads/${branch}`]);
+    const addArgs = branchExists.exitCode === 0 ? ["worktree", "add", "--force", config.workspaceDir, branch] : ["worktree", "add", "--force", "-b", branch, config.workspaceDir, config.baseRef];
+    const add = await runGitWithLockRetry(config.monorepoRoot, addArgs);
+    if (add.exitCode !== 0) {
+      throw new Error(`Failed to create monorepo worktree for ${config.runtimeId}: ${add.stderr.toString() || add.stdout.toString()}`);
+    }
+    hasValidWorktree = true;
+  }
+  await ensureRuntimeBranch(config.workspaceDir, branch, config.baseRef);
+}
+function isGitLockContention(result) {
+  if (result.exitCode === 0) {
+    return false;
+  }
+  const text = `${result.stderr != null ? String(result.stderr) : ""}
+${result.stdout != null ? String(result.stdout) : ""}`;
+  return /could not lock|cannot lock|unable to create '[^']*\.lock'|index\.lock|is already locked|File exists/i.test(text);
+}
+async function runGitWithLockRetry(repoRoot, args, attempts = 5) {
+  let result = await runGitCommand(repoRoot, args);
+  for (let attempt = 1;attempt < attempts && isGitLockContention(result); attempt++) {
+    await Bun.sleep(50 * attempt);
+    result = await runGitCommand(repoRoot, args);
+  }
+  return result;
+}
+async function cleanupRuntimeWorktree(monorepoRoot, workspaceDir) {
+  assertPathInsideRoot(resolve6(monorepoRoot, ".worktrees"), workspaceDir, "runtime worktree path");
+  await runGitCommand(monorepoRoot, ["worktree", "remove", "--force", workspaceDir]);
+}
+async function configureRuntimeGitIdentity(projectRoot, repoRoot) {
+  const userName = process.env.RIG_GIT_USER_NAME?.trim() || await readGitConfigValue(projectRoot, "user.name") || await readGitConfigValue(projectRoot, "user.name", true) || process.env.GIT_AUTHOR_NAME?.trim() || process.env.GIT_COMMITTER_NAME?.trim() || "rig-agent";
+  const userEmail = process.env.RIG_GIT_USER_EMAIL?.trim() || await readGitConfigValue(projectRoot, "user.email") || await readGitConfigValue(projectRoot, "user.email", true) || process.env.GIT_AUTHOR_EMAIL?.trim() || process.env.GIT_COMMITTER_EMAIL?.trim() || "rig-agent@users.noreply.github.com";
+  for (const [key, value] of [
+    ["user.name", userName],
+    ["user.email", userEmail]
+  ]) {
+    await runGitCommand(repoRoot, ["config", "--local", key, value]);
+  }
+}
+async function resolveMonorepoBaseCommit(monorepoRoot, baseRef) {
+  return readGitStdout(monorepoRoot, ["rev-parse", baseRef]);
+}
+async function ensureRuntimeBranch(repoRoot, branch, baseRef) {
+  const pruneWorktrees = async () => {
+    await runGitCommand(repoRoot, ["worktree", "prune", "--expire", "now"]);
+  };
+  await pruneWorktrees();
+  await clearInterruptedRuntimeGitState(repoRoot, branch);
+  const current = await runGitCommand(repoRoot, ["rev-parse", "--abbrev-ref", "HEAD"]);
+  if (current.exitCode === 0 && current.stdout.toString().trim() === branch) {
+    await repairDisconnectedRuntimeBranch(repoRoot, branch, baseRef);
+    await clearInterruptedRuntimeGitState(repoRoot, branch);
+    return;
+  }
+  let checkout = await runGitCommand(repoRoot, ["checkout", "-B", branch]);
+  const checkoutError = checkout.stderr.toString() || checkout.stdout.toString();
+  if (checkout.exitCode !== 0 && checkoutError.includes("already used by worktree")) {
+    await pruneWorktrees();
+    checkout = await runGitCommand(repoRoot, ["checkout", "-B", branch]);
+  }
+  if (checkout.exitCode !== 0 && /resolve your current index first|would be overwritten by checkout/i.test(checkoutError)) {
+    await discardTrackedRuntimeChanges(repoRoot, branch, checkoutError);
+    checkout = await runGitCommand(repoRoot, ["checkout", "-B", branch]);
+  }
+  if (checkout.exitCode !== 0) {
+    throw new Error(`Failed to prepare runtime branch ${branch} in ${repoRoot}: ${checkout.stderr.toString() || checkout.stdout.toString()}`);
+  }
+  await repairDisconnectedRuntimeBranch(repoRoot, branch, baseRef);
+  await clearInterruptedRuntimeGitState(repoRoot, branch);
+}
+async function repairDisconnectedRuntimeBranch(repoRoot, branch, baseRef) {
+  const mergeBase = await runGitCommand(repoRoot, ["merge-base", "HEAD", baseRef]);
+  if (mergeBase.exitCode === 0) {
+    const counts = await runGitCommand(repoRoot, ["rev-list", "--left-right", "--count", `HEAD...${baseRef}`]);
+    if (counts.exitCode === 0) {
+      const [aheadRaw = "0", behindRaw = "0"] = String(counts.stdout).trim().split(/\s+/);
+      const ahead = Number.parseInt(aheadRaw, 10);
+      const behind = Number.parseInt(behindRaw, 10);
+      if (Number.isFinite(ahead) && Number.isFinite(behind) && ahead === 0 && behind > 0) {
+        const reset = await runGitCommand(repoRoot, ["reset", "--hard", baseRef]);
+        if (reset.exitCode !== 0) {
+          throw new Error(`Failed to reset stale runtime branch ${branch} to ${baseRef} in ${repoRoot}: ${reset.stderr.toString() || reset.stdout.toString()}`);
+        }
+        console.log(`[rig-agent] Reset stale runtime branch ${branch} to ${baseRef} in ${repoRoot}`);
+      }
+    }
+    return;
+  }
+  const backupBranch = runtimeBranchBackupName(branch);
+  const rename = await runGitCommand(repoRoot, ["branch", "-m", backupBranch]);
+  if (rename.exitCode !== 0) {
+    throw new Error(`Failed to archive disconnected runtime branch ${branch} in ${repoRoot}: ${rename.stderr.toString() || rename.stdout.toString()}`);
+  }
+  const recreate = await runGitCommand(repoRoot, ["checkout", "-B", branch, baseRef]);
+  if (recreate.exitCode !== 0) {
+    throw new Error(`Failed to recreate runtime branch ${branch} from ${baseRef} in ${repoRoot}: ${recreate.stderr.toString() || recreate.stdout.toString()}`);
+  }
+  console.log(`[rig-agent] Recreated disconnected runtime branch ${branch} from ${baseRef}; archived as ${backupBranch}`);
+}
+async function clearInterruptedRuntimeGitState(repoRoot, branch) {
+  let cleared = false;
+  for (const [sentinel, abortArgs] of [
+    ["MERGE_HEAD", ["merge", "--abort"]],
+    ["REBASE_HEAD", ["rebase", "--abort"]],
+    ["CHERRY_PICK_HEAD", ["cherry-pick", "--abort"]]
+  ]) {
+    const state = await runGitCommand(repoRoot, ["rev-parse", "--verify", "--quiet", sentinel]);
+    if (state.exitCode !== 0) {
+      continue;
+    }
+    cleared = true;
+    const abort = await runGitCommand(repoRoot, [...abortArgs]);
+    if (abort.exitCode === 0) {
+      continue;
+    }
+    const reset = await runGitCommand(repoRoot, ["reset", "--hard", "HEAD"]);
+    if (reset.exitCode !== 0) {
+      throw new Error(`Failed to recover interrupted git state for runtime branch ${branch} in ${repoRoot}: ${reset.stderr.toString() || reset.stdout.toString()}`);
+    }
+  }
+  const unmerged = await runGitCommand(repoRoot, ["ls-files", "-u"]);
+  if (unmerged.exitCode === 0 && String(unmerged.stdout).trim()) {
+    cleared = true;
+    const reset = await runGitCommand(repoRoot, ["reset", "--hard", "HEAD"]);
+    if (reset.exitCode !== 0) {
+      throw new Error(`Failed to clear unmerged files for runtime branch ${branch} in ${repoRoot}: ${reset.stderr.toString() || reset.stdout.toString()}`);
+    }
+  }
+  if (cleared) {
+    console.log(`[rig-agent] Reset interrupted git state in runtime branch ${branch} at ${repoRoot}`);
+  }
+}
+async function discardTrackedRuntimeChanges(repoRoot, branch, reason) {
+  const status = await runGitCommand(repoRoot, ["status", "--porcelain"]);
+  if (status.exitCode !== 0) {
+    throw new Error(`Failed to inspect runtime worktree state for ${branch} in ${repoRoot}: ${status.stderr.toString() || status.stdout.toString()}`);
+  }
+  const trackedChanges = String(status.stdout).split(/\r?\n/).map((line) => line.trimEnd()).filter(Boolean).filter((line) => !line.startsWith("?? "));
+  if (trackedChanges.length === 0) {
+    return;
+  }
+  const reset = await runGitCommand(repoRoot, ["reset", "--hard", "HEAD"]);
+  if (reset.exitCode !== 0) {
+    throw new Error(`Failed to discard tracked runtime changes for ${branch} in ${repoRoot}: ${reset.stderr.toString() || reset.stdout.toString()}`);
+  }
+  console.log(`[rig-agent] Reset tracked runtime changes in ${branch} at ${repoRoot} after checkout failed: ${reason.trim()}`);
+}
+function runtimeBranchName(taskId, runtimeId) {
+  const taskComponent = safeGitRefComponent2(taskId, { fallback: "task", maxLength: 72 });
+  if (runtimeId === taskRuntimeId(taskId)) {
+    return `rig/${taskComponent}`;
+  }
+  return `rig/${taskComponent}-${safeGitRefComponent2(runtimeId, { fallback: "runtime", maxLength: 48 })}`;
+}
+function runtimeWorktreeName(taskId, runtimeId) {
+  if (runtimeId === taskRuntimeId(taskId)) {
+    return safePathSegment(taskId, { fallback: "task", maxLength: 72 });
+  }
+  return safePathSegment(runtimeId, { fallback: "runtime", maxLength: 72 });
+}
+function runtimeWorktreeNameFromRuntimeId(runtimeId) {
+  return safePathSegment(runtimeId.replace(/^task-/, ""), { fallback: "runtime", maxLength: 72 });
+}
+async function preferredBaseRemotes(repoRoot) {
+  const remotesResult = await runGitCommand(repoRoot, ["remote"]);
+  if (remotesResult.exitCode !== 0) {
+    return [];
+  }
+  const remotes = String(remotesResult.stdout).split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+  if (remotes.length === 0) {
+    return [];
+  }
+  const preferred = [];
+  const pushRemote = (remote) => {
+    if (!preferred.includes(remote)) {
+      preferred.push(remote);
+    }
+  };
+  if (await hasGitRemote(repoRoot, "github")) {
+    pushRemote("github");
+  }
+  for (const remote of remotes) {
+    if (remote === "github") {
+      continue;
+    }
+    const urlResult = await runGitCommand(repoRoot, ["remote", "get-url", remote]);
+    const url = urlResult.exitCode === 0 ? String(urlResult.stdout).trim() : "";
+    if (/github\.com[:/]/i.test(url)) {
+      pushRemote(remote);
+    }
+  }
+  for (const remote of remotes) {
+    pushRemote(remote);
+  }
+  return preferred;
+}
+
+// packages/isolation-plugin/src/isolation/toolchain.ts
+import {
+  existsSync as existsSync8,
+  lstatSync,
+  mkdirSync as mkdirSync7,
+  readdirSync,
+  readFileSync as readFileSync5,
+  rmSync as rmSync6,
+  statSync as statSync4,
+  symlinkSync
+} from "fs";
+import { mkdir as mkdir2, writeFile } from "fs/promises";
+import { dirname as dirname5, resolve as resolve8 } from "path";
+import { assertPathInsideRoot as assertPathInsideRoot2, safePathSegment as safePathSegment2 } from "@rig/core/safe-identifiers";
+
+// packages/isolation-plugin/src/isolation/runtime-binary-build.ts
+import { chmodSync as chmodSync3, copyFileSync as copyFileSync4, cpSync as cpSync2, existsSync as existsSync7, linkSync, mkdirSync as mkdirSync6, renameSync as renameSync4, rmSync as rmSync5, writeFileSync as writeFileSync4 } from "fs";
+import { basename as basename2, dirname as dirname4, resolve as resolve7 } from "path";
+import { fileURLToPath } from "url";
+import { drainMicrotasks, gcAndSweep } from "bun:jsc";
+import { resolveRigLayout } from "@rig/core/layout";
+import { runtimeProvisioningEnv } from "@rig/core/runtime-provisioning-env";
+var runtimeRigCliBinaryExternals = ["mupdf"];
+var runtimeBinaryBuildQueue = Promise.resolve();
+function materializeSelfExecRole(outputPath, define) {
+  const selfPath = process.execPath;
+  mkdirSync6(dirname4(outputPath), { recursive: true });
+  rmSync5(outputPath, { force: true });
+  try {
+    linkSync(selfPath, outputPath);
+  } catch {
+    copyFileSync4(selfPath, outputPath);
+  }
+  chmodSync3(outputPath, 493);
+  const role = basename2(outputPath).replace(/\.exe$/i, "");
+  writeFileSync4(`${outputPath}.rig-runconfig.json`, `${JSON.stringify({ role, define: define ?? {} }, null, 2)}
+`, { mode: 384 });
+}
+async function buildBinary(entrypoint, outputPath, cwd, defines, external) {
+  if (hasEmbeddedNatives()) {
+    materializeSelfExecRole(outputPath, defines);
+    return;
+  }
+  await buildRuntimeBinary({
+    sourcePath: entrypoint,
+    outputPath,
+    cwd,
+    ...defines ? { define: defines } : {},
+    env: runtimeProvisioningEnv(),
+    ...external ? { external } : {}
+  });
+}
+async function buildRuntimeBinary(options) {
+  return runSerializedRuntimeBinaryBuild(async () => {
+    const resolved = resolveRuntimeBinaryBuildOptions(options);
+    runBestEffortBuildGc();
+    const manifestPath = runtimeBinaryCacheManifestPath(resolved.outputPath);
+    const buildKey = createRuntimeBinaryBuildKey({
+      entrypoint: resolved.entrypoint,
+      define: resolved.define,
+      env: resolved.env,
+      external: resolved.external
+    });
+    if (await isRuntimeBinaryBuildFresh({ outputPath: resolved.outputPath, manifestPath, buildKey })) {
+      return;
+    }
+    if (shouldUseRuntimeBinaryBuildWorker()) {
+      await buildRuntimeBinaryViaWorker(resolved);
+    } else {
+      await buildRuntimeBinaryInProcess(resolved, { manifestPath, buildKey });
+    }
+    runBestEffortBuildGc();
+  });
+}
+async function buildRuntimeBinaryInProcess(options, manifest) {
+  const tempBuildDir = resolve7(dirname4(options.outputPath), `.bun-build-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+  const tempOutputPath = resolve7(tempBuildDir, basename2(options.outputPath));
+  mkdirSync6(tempBuildDir, { recursive: true });
+  await withTemporaryEnv({
+    ...options.env,
+    ...options.define ? { RIG_BUILD_CONFIG_JSON: JSON.stringify(options.define) } : {}
+  }, async () => withTemporaryCwd(tempBuildDir, async () => {
+    const buildResult = await Bun.build({
+      entrypoints: [options.entrypoint],
+      compile: {
+        target: currentCompileTarget(),
+        outfile: tempOutputPath
+      },
+      target: "bun",
+      format: "esm",
+      minify: true,
+      bytecode: true,
+      metafile: true,
+      ...options.external ? { external: options.external } : {},
+      ...options.define ? { define: { __RIG_BUILD_CONFIG__: JSON.stringify(options.define) } } : {}
+    });
+    if (!buildResult.success) {
+      const details = buildResult.logs.map((log) => [log.message, log.position?.file ? `${log.position.file}:${log.position.line}:${log.position.column}` : ""].filter(Boolean).join(" ")).filter(Boolean).join(`
+`);
+      throw new Error(`Failed to build ${options.entrypoint}: ${details || "Bun.build() returned errors"}`);
+    }
+    if (!existsSync7(tempOutputPath)) {
+      const emitted = buildResult.outputs.map((output) => output.path).join(", ") || "(none)";
+      throw new Error(`Failed to build ${options.entrypoint}: Bun.build() did not emit ${tempOutputPath}. Emitted: ${emitted}`);
+    }
+    renameSync4(tempOutputPath, options.outputPath);
+    chmodSync3(options.outputPath, 493);
+    if (manifest) {
+      await writeRuntimeBinaryCacheManifest({
+        manifestPath: manifest.manifestPath,
+        buildKey: manifest.buildKey,
+        cwd: tempBuildDir,
+        metafile: buildResult.metafile
+      });
+    }
+  })).finally(() => {
+    rmSync5(tempBuildDir, { recursive: true, force: true });
+  });
+}
+function runBestEffortBuildGc() {
+  try {
+    drainMicrotasks();
+  } catch {}
+  try {
+    gcAndSweep();
+  } catch {}
+}
+function runtimeBinaryCacheManifestPath(outputPath) {
+  return `${outputPath}.build-manifest.json`;
+}
+function resolveRuntimeBinaryBuildOptions(options) {
+  return {
+    ...options,
+    entrypoint: resolve7(options.cwd, options.sourcePath),
+    outputPath: resolve7(options.outputPath)
+  };
+}
+function shouldUseRuntimeBinaryBuildWorker() {
+  if (process.env.RIG_RUNTIME_BUILD_WORKER === "1") {
+    return false;
+  }
+  if (process.env.RIG_RUNTIME_BUILD_IN_PROCESS === "1") {
+    return false;
+  }
+  return true;
+}
+async function buildRuntimeBinaryViaWorker(options) {
+  const workerSourcePath = resolveRuntimeBinaryBuildWorkerSourcePath(options);
+  if (!workerSourcePath || !existsSync7(workerSourcePath)) {
+    await buildRuntimeBinaryInProcess(options, {
+      manifestPath: runtimeBinaryCacheManifestPath(options.outputPath),
+      buildKey: createRuntimeBinaryBuildKey({
+        entrypoint: options.entrypoint,
+        define: options.define,
+        env: options.env,
+        external: options.external
+      })
+    });
+    return;
+  }
+  const payloadPath = createRuntimeBinaryBuildWorkerPayloadPath(options.outputPath);
+  const bunCli = resolveRuntimeBinaryBuildWorkerInvocation();
+  await Bun.write(payloadPath, `${JSON.stringify(options)}
+`);
+  const build = Bun.spawn([bunCli.command, workerSourcePath, payloadPath], {
+    cwd: options.cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+    env: {
+      ...process.env,
+      ...options.env,
+      ...bunCli.env,
+      RIG_RUNTIME_BUILD_WORKER: "1"
+    }
+  });
+  const [exitCode, stdout, stderr] = await Promise.all([
+    build.exited,
+    new Response(build.stdout).text(),
+    new Response(build.stderr).text()
+  ]);
+  rmSync5(payloadPath, { force: true });
+  if (exitCode !== 0) {
+    throw new Error(`Failed to build ${options.entrypoint}: ${(stderr || stdout || `worker exited ${exitCode}`).trim()}`);
+  }
+}
+function createRuntimeBinaryBuildWorkerPayloadPath(outputPath) {
+  return resolve7(dirname4(outputPath), `.bun-build-worker-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}.json`);
+}
+function resolveRuntimeBinaryBuildWorkerSourcePath(options) {
+  const envRoots = [
+    options.cwd?.trim(),
+    process.env.RIG_HOST_PROJECT_ROOT?.trim(),
+    process.env.PROJECT_RIG_ROOT?.trim()
+  ].filter(Boolean);
+  for (const root of envRoots) {
+    const candidate = resolve7(root, "packages/isolation-plugin/src/isolation/binary-build-worker.ts");
+    if (existsSync7(candidate)) {
+      return candidate;
+    }
+  }
+  const localCandidate = resolve7(import.meta.dir, "binary-build-worker.ts");
+  return existsSync7(localCandidate) ? localCandidate : null;
+}
+function resolveRuntimeBinaryBuildWorkerInvocation() {
+  const bunPath = Bun.which("bun");
+  if (bunPath) {
+    return { command: bunPath, env: {} };
+  }
+  if (process.execPath?.trim()) {
+    return {
+      command: process.execPath,
+      env: { BUN_BE_BUN: "1" }
+    };
+  }
+  throw new Error("bun is required to run the runtime binary build worker.");
+}
+function currentCompileTarget() {
+  if (process.platform === "darwin") {
+    return process.arch === "arm64" ? "bun-darwin-arm64" : "bun-darwin-x64";
+  }
+  if (process.platform === "linux") {
+    return process.arch === "arm64" ? "bun-linux-arm64" : "bun-linux-x64";
+  }
+  return "bun-windows-x64";
+}
+function createRuntimeBinaryBuildKey(input) {
+  return JSON.stringify({
+    version: 1,
+    bunVersion: Bun.version,
+    platform: process.platform,
+    arch: process.arch,
+    entrypoint: input.entrypoint,
+    define: sortRecord(input.define),
+    external: input.external ? [...input.external].sort() : undefined,
+    env: sortRecord(input.env)
+  });
+}
+async function isRuntimeBinaryBuildFresh(input) {
+  if (!existsSync7(input.outputPath) || !existsSync7(input.manifestPath)) {
+    return false;
+  }
+  let manifest = null;
+  try {
+    manifest = await Bun.file(input.manifestPath).json();
+  } catch {
+    return false;
+  }
+  if (!manifest || manifest.version !== 1 || manifest.buildKey !== input.buildKey) {
+    return false;
+  }
+  for (const [filePath, expectedDigest] of Object.entries(manifest.inputs || {})) {
+    if (!existsSync7(filePath)) {
+      return false;
+    }
+    if (await sha256File2(filePath) !== expectedDigest) {
+      return false;
+    }
+  }
+  return true;
+}
+async function writeRuntimeBinaryCacheManifest(input) {
+  const inputs = {};
+  for (const inputPath of Object.keys(input.metafile?.inputs || {}).sort()) {
+    const normalized = normalizeBuildInputPath(input.cwd, inputPath);
+    if (!normalized || !existsSync7(normalized)) {
+      continue;
+    }
+    inputs[normalized] = await sha256File2(normalized);
+  }
+  const manifest = {
+    version: 1,
+    buildKey: input.buildKey,
+    inputs
+  };
+  await Bun.write(input.manifestPath, `${JSON.stringify(manifest, null, 2)}
+`);
+}
+function normalizeBuildInputPath(cwd, inputPath) {
+  if (!inputPath) {
+    return null;
+  }
+  if (inputPath.startsWith("file://")) {
+    return fileURLToPath(inputPath);
+  }
+  if (inputPath.startsWith("<")) {
+    return null;
+  }
+  return resolve7(cwd, inputPath);
+}
+async function sha256File2(path) {
+  const hasher = new Bun.CryptoHasher("sha256");
+  hasher.update(await Bun.file(path).arrayBuffer());
+  return hasher.digest("hex");
+}
+function sortRecord(value) {
+  if (!value) {
+    return;
+  }
+  return Object.fromEntries(Object.entries(value).sort(([left], [right]) => left.localeCompare(right)));
+}
+async function runSerializedRuntimeBinaryBuild(action) {
+  const previous = runtimeBinaryBuildQueue;
+  let release;
+  runtimeBinaryBuildQueue = new Promise((resolve8) => {
+    release = resolve8;
+  });
+  await previous;
+  try {
+    return await action();
+  } finally {
+    release();
+  }
+}
+async function withTemporaryEnv(env, action) {
+  if (!env) {
+    return action();
+  }
+  const previousValues = new Map;
+  for (const [key, value] of Object.entries(env)) {
+    previousValues.set(key, process.env[key]);
+    if (value === undefined) {
+      delete process.env[key];
+    } else {
+      process.env[key] = value;
+    }
+  }
+  try {
+    return await action();
+  } finally {
+    for (const [key, value] of previousValues.entries()) {
+      if (value === undefined) {
+        delete process.env[key];
+      } else {
+        process.env[key] = value;
+      }
+    }
+  }
+}
+async function withTemporaryCwd(cwd, action) {
+  const previousCwd = process.cwd();
+  process.chdir(cwd);
+  try {
+    return await action();
+  } finally {
+    process.chdir(previousCwd);
+  }
+}
+
+// packages/isolation-plugin/src/isolation/toolchain.ts
+import {
+  GUARD_TOOLCHAIN_SOURCES,
+  LIFECYCLE_TOOLCHAIN_SOURCES,
+  TOOL_MATERIALIZER
+} from "@rig/contracts";
+import { defineCapability } from "@rig/core/capability";
+import { buildProjectPluginHost, requireInstalledCapability } from "@rig/core/capability-loaders";
+import { resolveBunBinaryPath as resolveBunBinaryPath2 } from "@rig/core/runtime-paths";
+var ToolMaterializerCap = defineCapability(TOOL_MATERIALIZER);
+var GuardToolchainSourcesCap = defineCapability(GUARD_TOOLCHAIN_SOURCES);
+var LifecycleToolchainSourcesCap = defineCapability(LIFECYCLE_TOOLCHAIN_SOURCES);
+var SNAPSHOT_SIDECAR_SOURCE = ["packages", "isolation-plugin", "src", "snapshot-sidecar.ts"].join("/");
+async function resolveContributedToolchainSources(projectRoot) {
+  const host = await buildProjectPluginHost(projectRoot);
+  const contributions = [];
+  if (host) {
+    for (const cap of [GuardToolchainSourcesCap, LifecycleToolchainSourcesCap]) {
+      const contribution = await cap.resolve(host);
+      if (contribution)
+        contributions.push(contribution);
+    }
+  }
+  const hookSources = contributions.flatMap((c) => (c.hookBinaries ?? []).map((hb) => [hb.name, hb.source]));
+  const namedSources = {};
+  for (const c of contributions) {
+    for (const [key, value] of Object.entries(c.namedSources ?? {}))
+      namedSources[key] = value;
+  }
+  return { hookSources, namedSources };
+}
+var toolMaterializer = () => requireInstalledCapability(ToolMaterializerCap, "tool-materializer capability unavailable: load @rig/provider-plugin (default bundle) before provisioning runtimes.");
+var GIT_INDEX_LOCK_MAX_RETRIES = 20;
+var GIT_INDEX_LOCK_RETRY_DELAY_MS = 250;
+var GIT_INDEX_LOCK_STALE_AFTER_MS = 5000;
+function resolveRigSourceRoot(projectRoot) {
+  const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT?.trim();
+  if (hostProjectRoot && existsSync8(resolve8(hostProjectRoot, "packages/cli/bin/rig-agent.ts"))) {
+    return hostProjectRoot;
+  }
+  const fromModule = resolve8(import.meta.dir, "../../../../../..");
+  if (existsSync8(resolve8(fromModule, "packages/cli/bin/rig-agent.ts"))) {
+    return fromModule;
+  }
+  return projectRoot;
+}
+function prepareTrackedRuntimePaths(logsDir, stateDir, sessionDir) {
+  for (const path of [logsDir, stateDir, sessionDir, resolve8(sessionDir, "session.json")]) {
+    removeSymbolicLink(path);
+  }
+  runtimePrepareTrackedPathsNative({
+    logsDir,
+    stateDir,
+    sessionDir,
+    controlledBashLogFile: resolve8(logsDir, "controlled-bash.jsonl"),
+    eventsFile: resolve8(logsDir, "control-plane.events.jsonl")
+  });
+}
+async function initializeRuntimeStateFiles(stateDir, sessionDir, taskId) {
+  await mkdir2(stateDir, { recursive: true });
+  await mkdir2(sessionDir, { recursive: true });
+  const failedApproachesPath = resolve8(stateDir, "failed_approaches.md");
+  if (!existsSync8(failedApproachesPath)) {
+    await writeFile(failedApproachesPath, `# Failed Approaches
+
+`);
+  }
+  const hookTripsPath = resolve8(stateDir, "hook_trips.log");
+  if (!existsSync8(hookTripsPath)) {
+    await writeFile(hookTripsPath, "");
+  }
+  const sessionFile = resolve8(sessionDir, "session.json");
+  if (taskId) {
+    await writeFile(sessionFile, JSON.stringify({ activeTaskIds: [taskId] }));
+  }
+}
+async function resetEphemeralTaskArtifacts(workspaceDir, taskId) {
+  const artifactsRoot = resolve8(workspaceDir, "artifacts");
+  const taskSegment = safePathSegment2(taskId, { fallback: "task", maxLength: 96 });
+  const artifactDir = assertPathInsideRoot2(artifactsRoot, resolve8(artifactsRoot, taskSegment), "task artifact directory");
+  const runtimeSnapshotDir = assertPathInsideRoot2(artifactDir, resolve8(artifactDir, "runtime-snapshots"), "runtime snapshot directory");
+  let preservedTrackedFiles = false;
+  for (const file of [
+    "changed-files.txt",
+    "pr-state.json",
+    "review-state.json",
+    "review-feedback.md",
+    "review-greptile-raw.json",
+    "review-status.txt",
+    "validation-summary.json"
+  ]) {
+    const relativePath = `artifacts/${taskSegment}/${file}`;
+    if (await resetTrackedArtifactPath(workspaceDir, relativePath)) {
+      preservedTrackedFiles = true;
+      continue;
+    }
+    rmSync6(assertPathInsideRoot2(artifactDir, resolve8(artifactDir, file), "task artifact file"), { force: true });
+  }
+  const runtimeSnapshotRelativePath = `artifacts/${taskSegment}/runtime-snapshots`;
+  if (await resetTrackedArtifactPath(workspaceDir, runtimeSnapshotRelativePath)) {
+    preservedTrackedFiles = true;
+  } else {
+    rmSync6(runtimeSnapshotDir, { recursive: true, force: true });
+  }
+  if (preservedTrackedFiles) {
+    console.log(`[rig-agent] Preserved tracked runtime artifact files in ${taskId}; skipped ephemeral cleanup for committed paths.`);
+  }
+}
+function prepareRuntimeWorkspace(projectRoot, workspaceDir) {
+  const monorepoRoot = resolveMonorepoRoot(projectRoot);
+  linkRuntimeDependencyLayers(monorepoRoot, workspaceDir);
+  syncRuntimeWorkspaceSources(projectRoot, workspaceDir);
+}
+async function materializeRuntimeHostToolWrappers(binDir) {
+  const mat = toolMaterializer();
+  await mat.materializeRuntimeToolGateway(binDir);
+  await mat.materializeRuntimeFileTools(binDir);
+}
+async function buildRuntimeToolchain(options) {
+  const { hookSources, namedSources } = await resolveContributedToolchainSources(options.projectRoot);
+  const controlledBashSource = namedSources["controlled-bash"];
+  const runtimeBins = ensureRuntimeBinTrees(options.binDir);
+  const nativeRuntimeLibraryPath = await materializeNativeRuntimeLibrary(options.binDir);
+  if (!nativeRuntimeLibraryPath) {
+    throw new Error("Failed to provision the native Zig runtime library.");
+  }
+  const rigSourceRoot = resolveRigSourceRoot(options.projectRoot);
+  await buildBinary("packages/cli/bin/rig.ts", resolve8(options.binDir, "rig"), rigSourceRoot, undefined, runtimeRigCliBinaryExternals);
+  await buildBinary("packages/cli/bin/rig-agent.ts", resolve8(options.binDir, "rig-agent"), rigSourceRoot, {
+    ...options.runtimeSecretDefines,
+    AGENT_TASK_ID: options.taskId,
+    AGENT_PROJECT_ROOT: options.projectRoot,
+    AGENT_RUNTIME_ID: options.runtimeId,
+    AGENT_SCOPE_HASH: options.bakedScopeHash,
+    AGENT_MANIFEST_PATH: options.manifestPath,
+    AGENT_BINARY_PATH: resolve8(options.binDir, "rig-agent"),
+    AGENT_INFO_OUTPUT: options.bakedInfoOutput,
+    AGENT_DEPS_OUTPUT: options.bakedDepsOutput,
+    AGENT_STATUS_OUTPUT: options.bakedStatusOutput
+  });
+  if (controlledBashSource) {
+    await buildBinary(controlledBashSource, resolve8(options.binDir, "controlled-bash"), rigSourceRoot, {
+      AGENT_PROJECT_ROOT: options.projectRoot,
+      AGENT_LOGS_DIR: options.logsDir,
+      AGENT_MONOREPO_ROOT: resolveMonorepoRoot(options.projectRoot),
+      AGENT_TS_API_TESTS_DIR: resolve8(options.workspaceDir, "TSAPITests"),
+      AGENT_RIG_AGENT_BIN: resolve8(options.binDir, "rig-agent")
+    });
+  }
+  await buildBinary("packages/cli/bin/rig-browser-tool.ts", resolve8(options.binDir, toolMaterializer().runtimeBrowserToolBinaryName()), rigSourceRoot);
+  await buildBinary(SNAPSHOT_SIDECAR_SOURCE, resolve8(options.binDir, "snapshot-sidecar"), rigSourceRoot, {
+    AGENT_PROJECT_ROOT: options.projectRoot,
+    AGENT_BUN_PATH: resolveBunBinaryPath2()
+  });
+  const hookDefines = {
+    AGENT_PROJECT_ROOT: options.projectRoot,
+    AGENT_BUN_PATH: resolveBunBinaryPath2()
+  };
+  for (const [hookName, hookSource] of hookSources) {
+    await buildBinary(hookSource, resolve8(runtimeBins.hooksDir, hookName), rigSourceRoot, hookDefines);
+  }
+  const pluginsDir = resolve8(options.projectRoot, "rig/plugins");
+  if (existsSync8(pluginsDir)) {
+    for (const entry of readdirSync(pluginsDir, { withFileTypes: true })) {
+      const match = entry.name.match(/^(.+)\.plugin\.(ts|js|mjs|cjs)$/);
+      if (!match)
+        continue;
+      await buildBinary(`rig/plugins/${entry.name}`, resolve8(runtimeBins.pluginsDir, match[1]), options.projectRoot);
+    }
+  }
+  await materializeRigGitBinary(options.binDir);
+  const mat = toolMaterializer();
+  await mat.materializeClaudeToolRouterBinary(rigSourceRoot, options.binDir);
+  await materializeRuntimeHostToolWrappers(options.binDir);
+  await mat.materializeRuntimeBrowserTools(options.binDir);
+}
+async function writeRuntimeManifest(config) {
+  const scopeHash = sha256Hex(JSON.stringify(config.scopes));
+  const binarySha256 = sha256Hex(readFileSync5(config.binaryPath));
+  const manifestPath = resolve8(config.runtimeRoot, "manifest.json");
+  const manifest = {
+    runtimeId: config.runtimeId,
+    taskId: config.taskId,
+    scopeHash,
+    builtAt: new Date().toISOString(),
+    workspaceDir: config.workspaceDir,
+    binDir: config.binDir,
+    binary: {
+      path: config.binaryPath,
+      sha256: binarySha256
+    }
+  };
+  await writeFile(manifestPath, `${JSON.stringify(manifest, null, 2)}
+`, "utf-8");
+}
+function syncRuntimeWorkspaceSources(projectRoot, workspaceDir) {}
+function removeSymbolicLink(path) {
+  try {
+    if (!lstatSync(path).isSymbolicLink()) {
+      return;
+    }
+  } catch {
+    return;
+  }
+  rmSync6(path, { force: true, recursive: true });
+}
+async function resetTrackedArtifactPath(workspaceDir, relativePath) {
+  const tracked = await runGitLsFiles(workspaceDir, relativePath);
+  if (!tracked) {
+    return false;
+  }
+  await restoreTrackedArtifactPathWithRetry(workspaceDir, relativePath, async () => {
+    const restore = await Bun.$`git -C ${workspaceDir} checkout -- ${relativePath}`.quiet().nothrow();
+    return {
+      exitCode: restore.exitCode,
+      output: restore.stderr.toString() || restore.stdout.toString()
+    };
+  }, { sleep: Bun.sleep });
+  return true;
+}
+async function runGitLsFiles(workspaceDir, relativePath) {
+  const tracked = await Bun.$`git -C ${workspaceDir} ls-files --error-unmatch -- ${relativePath}`.quiet().nothrow();
+  return tracked.exitCode === 0;
+}
+async function restoreTrackedArtifactPathWithRetry(workspaceDir, relativePath, restorePath, options = {}) {
+  const sleep = options.sleep ?? Bun.sleep;
+  const maxRetries = options.maxRetries ?? GIT_INDEX_LOCK_MAX_RETRIES;
+  const retryDelayMs = options.retryDelayMs ?? GIT_INDEX_LOCK_RETRY_DELAY_MS;
+  const now = options.now ?? Date.now;
+  const statMtimeMs = options.statMtimeMs ?? readFileMtimeMs;
+  const removeFile = options.removeFile ?? ((path) => rmSync6(path, { force: true }));
+  const log = options.log ?? console.warn;
+  let lastOutput = "";
+  for (let attempt = 0;attempt <= maxRetries; attempt += 1) {
+    const restore = await restorePath();
+    if (restore.exitCode === 0) {
+      return;
+    }
+    lastOutput = restore.output;
+    if (!isGitIndexLockError(lastOutput)) {
+      break;
+    }
+    const lockPath = parseGitIndexLockPath(lastOutput);
+    if (attempt === maxRetries) {
+      if (lockPath && tryClearStaleGitIndexLock(lockPath, {
+        now,
+        statMtimeMs,
+        removeFile,
+        log
+      })) {
+        const recovered = await restorePath();
+        if (recovered.exitCode === 0) {
+          return;
+        }
+        lastOutput = recovered.output;
+      }
+      break;
+    }
+    await sleep(retryDelayMs);
+  }
+  throw new Error(`Failed to restore tracked runtime artifact path ${relativePath} in ${workspaceDir}: ${lastOutput}`);
+}
+function isGitIndexLockError(output) {
+  return /index\.lock|Unable to create '.+index\.lock'.*File exists/i.test(output);
+}
+function parseGitIndexLockPath(output) {
+  const match = output.match(/Unable to create '([^']+index\.lock)'/i);
+  return match?.[1] ?? null;
+}
+function tryClearStaleGitIndexLock(lockPath, options) {
+  const mtimeMs = options.statMtimeMs(lockPath);
+  if (mtimeMs === null) {
+    return false;
+  }
+  if (options.now() - mtimeMs < GIT_INDEX_LOCK_STALE_AFTER_MS) {
+    return false;
+  }
+  options.removeFile(lockPath);
+  options.log(`[rig-agent] Cleared stale git index lock during run recovery: ${lockPath}`);
+  return true;
+}
+function readFileMtimeMs(path) {
+  try {
+    return statSync4(path).mtimeMs;
+  } catch {
+    return null;
+  }
+}
+function linkRuntimeDependencyLayers(monorepoRoot, workspaceDir) {
+  linkGenericNodeModulesLayers(monorepoRoot, workspaceDir);
+  const sourceNodeModules = resolve8(monorepoRoot, "humoongate", "node_modules");
+  if (!existsSync8(sourceNodeModules)) {} else {
+    const runtimeHumoongate = resolve8(workspaceDir, "humoongate");
+    if (existsSync8(resolve8(runtimeHumoongate, "package.json"))) {
+      const targetNodeModules = resolve8(runtimeHumoongate, "node_modules");
+      runtimeLinkDependencyLayerNative(sourceNodeModules, targetNodeModules);
+    }
+  }
+  const runtimeHpNext = resolve8(workspaceDir, "microservices", "hp-next-frontend", "app");
+  if (!existsSync8(resolve8(runtimeHpNext, "package.json"))) {
+    return;
+  }
+  const sourceHpNextNodeModules = resolve8(monorepoRoot, "microservices", "hp-next-frontend", "app", "node_modules");
+  const sourceMonorepoNodeModules = resolve8(monorepoRoot, "node_modules");
+  const targetHpNextNodeModules = resolve8(runtimeHpNext, "node_modules");
+  if (existsSync8(sourceHpNextNodeModules)) {
+    runtimeLinkDependencyLayerNative(sourceHpNextNodeModules, targetHpNextNodeModules);
+    return;
+  }
+  if (existsSync8(sourceMonorepoNodeModules)) {
+    runtimeLinkDependencyLayerNative(sourceMonorepoNodeModules, targetHpNextNodeModules);
+  }
+}
+function linkGenericNodeModulesLayers(monorepoRoot, workspaceDir) {
+  linkNodeModulesLayer(resolve8(monorepoRoot, "node_modules"), resolve8(workspaceDir, "node_modules"));
+  for (const relativePackageDir of [
+    "apps/native-app/apps/marketing",
+    "apps/native-app/apps/web",
+    "apps/native-app/apps/browser",
+    "apps/native-app/apps/desktop",
+    "apps/native-app/scripts",
+    "packages/cli",
+    "packages/client",
+    "packages/contracts",
+    "packages/core",
+    "packages/hook-kit",
+    "packages/plugin-testkit",
+    "packages/runtime",
+    "packages/scripts",
+    "packages/shared",
+    "packages/skill-loader",
+    "packages/standard-plugin",
+    "packages/validator-kit"
+  ]) {
+    const workspacePackageDir = resolve8(workspaceDir, relativePackageDir);
+    if (!existsSync8(resolve8(workspacePackageDir, "package.json"))) {
+      continue;
+    }
+    linkNodeModulesLayer(resolve8(monorepoRoot, relativePackageDir, "node_modules"), resolve8(workspacePackageDir, "node_modules"));
+  }
+}
+function linkNodeModulesLayer(sourceDir, targetDir) {
+  if (!existsSync8(sourceDir) || existsSync8(targetDir)) {
+    return;
+  }
+  try {
+    runtimeLinkDependencyLayerNative(sourceDir, targetDir);
+    return;
+  } catch (error) {
+    console.warn(`[rig-agent] Native dependency-layer linking failed for ${targetDir}; using symlink fallback: ${error instanceof Error ? error.message : String(error)}`);
+  }
+  mkdirSync7(dirname5(targetDir), { recursive: true });
+  symlinkSync(sourceDir, targetDir, "dir");
+}
+function ensureRuntimeBinTrees(runtimeBinDir) {
+  const hooksDir = resolve8(runtimeBinDir, "hooks");
+  const pluginsDir = resolve8(runtimeBinDir, "plugins");
+  const validatorsDir = resolve8(runtimeBinDir, "validators");
+  mkdirSync7(hooksDir, { recursive: true });
+  mkdirSync7(pluginsDir, { recursive: true });
+  mkdirSync7(validatorsDir, { recursive: true });
+  return { hooksDir, pluginsDir, validatorsDir };
+}
+function runtimeWorktreeId(workspaceDir) {
+  return workspaceDir.split("/").at(-1) || "runtime";
+}
+
+// packages/isolation-plugin/src/isolation/discovery.ts
+async function readRuntimeMetadata(metadataPath) {
+  if (!existsSync9(metadataPath)) {
+    return null;
+  }
+  try {
+    return await Bun.file(metadataPath).json();
+  } catch {
+    return null;
+  }
+}
+async function listAgentRuntimes(projectRoot) {
+  const runtimes = [];
+  const monorepoRoot = resolveMonorepoRoot(projectRoot);
+  const worktreesRoot = resolve9(monorepoRoot, ".worktrees");
+  if (!existsSync9(worktreesRoot)) {
+    return [];
+  }
+  const workspaces = runtimeScanWorktreesNative(worktreesRoot);
+  for (let scan of workspaces) {
+    let workspacePath = scan.workspaceDir;
+    const workspaceLayout = resolveRuntimeWorkspaceLayout(workspacePath);
+    const rootDir = scan.runtimeDir || workspaceLayout.runtimeDir;
+    const metadataPath = scan.metadataPath || resolve9(rootDir, "runtime.json");
+    const contextFile = scan.contextPath || workspaceLayout.contextPath;
+    let mode = "worktree";
+    let createdAt = new Date().toISOString();
+    let taskId = "";
+    let runtimeId = "";
+    let binDir = workspaceLayout.binDir;
+    let logsDir = workspaceLayout.logsDir;
+    let stateDir = workspaceLayout.stateDir;
+    let sessionDir = workspaceLayout.sessionDir;
+    const metadata = await readRuntimeMetadata(metadataPath);
+    if (metadata) {
+      runtimeId = metadata.id;
+      mode = metadata.mode;
+      createdAt = metadata.createdAt;
+    }
+    if (existsSync9(contextFile)) {
+      try {
+        const ctx = loadRuntimeContext2(contextFile);
+        taskId = ctx.taskId;
+        workspacePath = ctx.workspaceDir;
+        binDir = ctx.binDir;
+        logsDir = ctx.logsDir;
+        stateDir = ctx.stateDir;
+        sessionDir = ctx.sessionDir;
+      } catch {}
+    }
+    if (!runtimeId) {
+      runtimeId = taskRuntimeId(taskId || runtimeWorktreeId(workspacePath));
+    }
+    runtimes.push({
+      id: runtimeId,
+      taskId,
+      mode,
+      rootDir,
+      workspaceDir: workspacePath,
+      homeDir: resolve9(rootDir, "home"),
+      tmpDir: resolve9(rootDir, "tmp"),
+      cacheDir: resolve9(rootDir, "cache"),
+      logsDir,
+      stateDir,
+      sessionDir,
+      claudeHomeDir: resolve9(rootDir, "home", ".claude"),
+      contextFile,
+      binDir,
+      createdAt
+    });
+  }
+  return runtimes;
+}
+function runtimeRootForCleanup(projectRoot, runtimeId) {
+  let monorepoRoot = null;
+  try {
+    monorepoRoot = resolveMonorepoRoot(projectRoot);
+  } catch {}
+  const workspaceRootCandidate = monorepoRoot ?? projectRoot;
+  const initialWorkspaceDir = resolve9(workspaceRootCandidate, ".worktrees", runtimeWorktreeNameFromRuntimeId(runtimeId));
+  const runtimeRoot = resolveRuntimeWorkspaceLayout(initialWorkspaceDir).runtimeDir;
+  return { monorepoRoot, initialWorkspaceDir, runtimeRoot };
+}
+
+// packages/isolation-plugin/src/isolation/runner.ts
+import { existsSync as existsSync13, rmSync as rmSync7, writeFileSync as writeFileSync6 } from "fs";
+import { basename as basename4, resolve as resolve14 } from "path";
+
+// packages/isolation-plugin/src/sandbox/backend.ts
+import { existsSync as existsSync12 } from "fs";
+
+// packages/isolation-plugin/src/runtime-config.ts
+import { existsSync as existsSync10, readFileSync as readFileSync6, statSync as statSync5 } from "fs";
+import { resolve as resolve10 } from "path";
+import {
+  POLICY_VERSION
+} from "@rig/contracts";
+var DEFAULT_SCOPE = {
+  fail_closed: true,
+  harness_paths_exempt: true,
+  runtime_paths_exempt: true
+};
+var DEFAULT_SANDBOX = {
+  mode: "enforce",
+  network: true,
+  read_deny: [],
+  write_allow_from_runtime: true
+};
+var DEFAULT_ISOLATION = {
+  default_mode: "worktree",
+  repo_symlink_fallback: false,
+  strict_provisioning: true,
+  fail_closed_on_provision_error: true
+};
+var DEFAULT_COMPLETION = {
+  derive_checks_from_scope: true,
+  checks: [],
+  typescript_config_probe: ["tsconfig.json"],
+  eslint_config_probe: [".eslintrc.js", ".eslintrc.json", "eslint.config.js"]
+};
+var DEFAULT_RUNTIME_IMAGE = {
+  deps: { monorepo_install: false, hp_next_install: false },
+  plugins_require_binaries: true
+};
+var DEFAULT_RUNTIME_SNAPSHOT = { enabled: true };
+var policyCache = null;
+var policyCachePath = null;
+function loadSandboxConfig(projectRoot) {
+  return loadPolicy(projectRoot).sandbox;
+}
+function defaultPolicy() {
+  return {
+    version: POLICY_VERSION,
+    mode: "enforce",
+    scope: { ...DEFAULT_SCOPE },
+    rules: [],
+    sandbox: { ...DEFAULT_SANDBOX },
+    isolation: { ...DEFAULT_ISOLATION },
+    completion: { ...DEFAULT_COMPLETION },
+    runtime_image: {
+      deps: { ...DEFAULT_RUNTIME_IMAGE.deps },
+      plugins_require_binaries: DEFAULT_RUNTIME_IMAGE.plugins_require_binaries
+    },
+    runtime_snapshot: { ...DEFAULT_RUNTIME_SNAPSHOT }
+  };
+}
+function loadPolicy(projectRoot) {
+  const configPath = resolve10(projectRoot, "rig/policy/policy.json");
+  if (!existsSync10(configPath))
+    return defaultPolicy();
+  let mtimeMs;
+  try {
+    mtimeMs = statSync5(configPath).mtimeMs;
+  } catch {
+    return defaultPolicy();
+  }
+  if (policyCache && policyCachePath === configPath && policyCache.mtimeMs === mtimeMs) {
+    return policyCache.config;
+  }
+  try {
+    const config = mergeWithDefaults(JSON.parse(readFileSync6(configPath, "utf-8")));
+    policyCache = { mtimeMs, config };
+    policyCachePath = configPath;
+    return config;
+  } catch {
+    return defaultPolicy();
+  }
+}
+function mergeWithDefaults(parsed) {
+  const base = defaultPolicy();
+  if (typeof parsed.mode === "string" && isValidMode(parsed.mode))
+    base.mode = parsed.mode;
+  if (parsed.scope && typeof parsed.scope === "object" && !Array.isArray(parsed.scope)) {
+    const scope = parsed.scope;
+    if (typeof scope.fail_closed === "boolean")
+      base.scope.fail_closed = scope.fail_closed;
+    if (typeof scope.harness_paths_exempt === "boolean")
+      base.scope.harness_paths_exempt = scope.harness_paths_exempt;
+    if (typeof scope.runtime_paths_exempt === "boolean")
+      base.scope.runtime_paths_exempt = scope.runtime_paths_exempt;
+  }
+  if (Array.isArray(parsed.rules))
+    base.rules = precompilePolicyRuleRegexes(parsed.rules.filter(isValidRule));
+  if (Array.isArray(parsed.deny) && base.rules.length === 0) {
+    base.rules = precompilePolicyRuleRegexes(migrateLegacyDeny(parsed.deny));
+  }
+  if (parsed.sandbox && typeof parsed.sandbox === "object" && !Array.isArray(parsed.sandbox)) {
+    const sandbox = parsed.sandbox;
+    if (typeof sandbox.mode === "string" && isValidMode(sandbox.mode))
+      base.sandbox.mode = sandbox.mode;
+    if (typeof sandbox.network === "boolean")
+      base.sandbox.network = sandbox.network;
+    if (Array.isArray(sandbox.read_deny))
+      base.sandbox.read_deny = sandbox.read_deny.filter((value) => typeof value === "string");
+    if (typeof sandbox.write_allow_from_runtime === "boolean")
+      base.sandbox.write_allow_from_runtime = sandbox.write_allow_from_runtime;
+  }
+  if (parsed.isolation && typeof parsed.isolation === "object" && !Array.isArray(parsed.isolation)) {
+    const isolation = parsed.isolation;
+    if (isolation.default_mode === "worktree")
+      base.isolation.default_mode = isolation.default_mode;
+    if (typeof isolation.repo_symlink_fallback === "boolean")
+      base.isolation.repo_symlink_fallback = isolation.repo_symlink_fallback;
+    if (typeof isolation.strict_provisioning === "boolean")
+      base.isolation.strict_provisioning = isolation.strict_provisioning;
+    if (typeof isolation.fail_closed_on_provision_error === "boolean")
+      base.isolation.fail_closed_on_provision_error = isolation.fail_closed_on_provision_error;
+  }
+  if (parsed.completion && typeof parsed.completion === "object" && !Array.isArray(parsed.completion)) {
+    const completion = parsed.completion;
+    if (typeof completion.derive_checks_from_scope === "boolean")
+      base.completion.derive_checks_from_scope = completion.derive_checks_from_scope;
+    if (Array.isArray(completion.checks))
+      base.completion.checks = completion.checks.filter((value) => typeof value === "string");
+    if (Array.isArray(completion.typescript_config_probe))
+      base.completion.typescript_config_probe = completion.typescript_config_probe.filter((value) => typeof value === "string");
+    if (Array.isArray(completion.eslint_config_probe))
+      base.completion.eslint_config_probe = completion.eslint_config_probe.filter((value) => typeof value === "string");
+  }
+  if (parsed.runtime_image && typeof parsed.runtime_image === "object" && !Array.isArray(parsed.runtime_image)) {
+    const runtimeImage = parsed.runtime_image;
+    if (runtimeImage.deps && typeof runtimeImage.deps === "object" && !Array.isArray(runtimeImage.deps)) {
+      const deps = runtimeImage.deps;
+      if (typeof deps.monorepo_install === "boolean")
+        base.runtime_image.deps.monorepo_install = deps.monorepo_install;
+      if (typeof deps.hp_next_install === "boolean")
+        base.runtime_image.deps.hp_next_install = deps.hp_next_install;
+    }
+    if (typeof runtimeImage.plugins_require_binaries === "boolean")
+      base.runtime_image.plugins_require_binaries = runtimeImage.plugins_require_binaries;
+  }
+  if (parsed.runtime_snapshot && typeof parsed.runtime_snapshot === "object" && !Array.isArray(parsed.runtime_snapshot)) {
+    const runtimeSnapshot = parsed.runtime_snapshot;
+    if (typeof runtimeSnapshot.enabled === "boolean")
+      base.runtime_snapshot.enabled = runtimeSnapshot.enabled;
+  }
+  return base;
+}
+function isValidMode(value) {
+  return value === "off" || value === "observe" || value === "enforce";
+}
+function isValidRule(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value))
+    return false;
+  const rule = value;
+  return typeof rule.id === "string" && typeof rule.category === "string" && !!rule.match && typeof rule.match === "object";
+}
+function migrateLegacyDeny(deny) {
+  const rules = [];
+  for (const entry of deny) {
+    if (typeof entry.id !== "string")
+      continue;
+    const match = {};
+    if (typeof entry.pattern === "string")
+      match.pattern = entry.pattern;
+    if (typeof entry.regex === "string")
+      match.regex = entry.regex;
+    if (!match.pattern && !match.regex)
+      continue;
+    const rule = {
+      id: entry.id,
+      category: "command",
+      match,
+      action: entry.action === "warn" ? "warn" : "block"
+    };
+    if (typeof entry.reason === "string") {
+      rule.description = entry.reason;
+    }
+    rules.push(rule);
+  }
+  return rules;
+}
+function precompilePolicyRuleRegexes(rules) {
+  return rules.map((rule) => {
+    const compiled = { ...rule };
+    const matchRegex = compileRegex(rule.match?.regex);
+    const unlessRegex = compileRegex(rule.unless?.regex);
+    if (matchRegex) {
+      compiled.compiledRegex = matchRegex;
+    }
+    if (unlessRegex) {
+      compiled.compiledUnlessRegex = unlessRegex;
+    }
+    return compiled;
+  });
+}
+function compileRegex(pattern) {
+  if (!pattern)
+    return;
+  try {
+    return new RegExp(pattern);
+  } catch {
+    return;
+  }
+}
+
+// packages/isolation-plugin/src/sandbox/backend.ts
+init_utils();
+import {
+  resolveBunInstallDir as resolveBunInstallDir2,
+  resolveClaudeInstallDir as resolveClaudeInstallDir2,
+  resolveNodeInstallDir as resolveNodeInstallDir2,
+  resolveRuntimeDependencyRoots
+} from "@rig/core/runtime-paths";
+
+// packages/isolation-plugin/src/sandbox/backend-none.ts
+class NoSandboxBackend {
+  kind = "none";
+  reason;
+  constructor(reason) {
+    this.reason = reason;
+  }
+  wrap(options) {
+    return {
+      command: options.command,
+      enabled: false,
+      backend: "none",
+      ...this.reason !== undefined ? { reason: this.reason } : {}
+    };
+  }
+}
+
+// packages/isolation-plugin/src/sandbox/backend.ts
+class SandboxError extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "SandboxError";
+  }
+}
+function resolveRuntimeSandboxModeWithPolicy(sandboxConfig, envOverride) {
+  if (envOverride) {
+    const normalized = envOverride.trim().toLowerCase();
+    if (normalized === "off" || normalized === "auto" || normalized === "enforce") {
+      if (normalized !== sandboxConfig.mode) {
+        console.warn(`[sandbox] RIG_RUNTIME_SANDBOX=${normalized} overrides policy sandbox.mode=${sandboxConfig.mode}`);
+      }
+      return normalized;
+    }
+  }
+  const policyMode = sandboxConfig.mode;
+  if (policyMode === "off")
+    return "off";
+  if (policyMode === "observe")
+    return "auto";
+  return "enforce";
+}
+var bwrapProbeCache = null;
+async function probeBubblewrap(binary) {
+  if (bwrapProbeCache !== null) {
+    return bwrapProbeCache;
+  }
+  const probe = await Bun.$`${binary} ${["--ro-bind", "/", "/", "--proc", "/proc", "--dev", "/dev", "--", "true"]}`.quiet().nothrow();
+  bwrapProbeCache = probe.exitCode === 0;
+  return bwrapProbeCache;
+}
+async function resolveBackend(projectRoot, options) {
+  const config = loadSandboxConfig(projectRoot);
+  const mode = resolveRuntimeSandboxModeWithPolicy(config, options?.envOverride);
+  const probed = [];
+  if (mode === "off") {
+    return {
+      backend: new NoSandboxBackend,
+      selectedKind: "none",
+      probed,
+      reason: "disabled-by-config"
+    };
+  }
+  const explicitBackend = options?.backendOverride ?? process.env.RIG_SANDBOX_BACKEND?.trim().toLowerCase();
+  const requestedBackend = resolveExplicitBackend(explicitBackend);
+  if (requestedBackend) {
+    if (requestedBackend === "docker") {
+      throw new SandboxError("backend-unavailable", `Backend "docker" is not yet implemented.`);
+    }
+    if (requestedBackend === "none") {
+      return {
+        backend: new NoSandboxBackend("explicit-none"),
+        selectedKind: "none",
+        probed,
+        reason: "explicit-none"
+      };
+    }
+  }
+  const bunDir = resolveBunInstallDir2();
+  const claudeDir = (() => {
+    try {
+      return resolveClaudeInstallDir2();
+    } catch {
+      return null;
+    }
+  })();
+  const nodeDir = resolveNodeInstallDir2();
+  const depRoots = resolveRuntimeDependencyRoots([bunDir, claudeDir, nodeDir].filter(Boolean));
+  const resolvedPaths = {
+    bunDir,
+    claudeDir,
+    nodeDir,
+    depRoots
+  };
+  const fsContext = {
+    pathExists: (p) => existsSync12(p),
+    realPath: toRealPath
+  };
+  if (process.platform === "darwin" && (!requestedBackend || requestedBackend === "macos-seatbelt")) {
+    const seatbelt = Bun.which("sandbox-exec");
+    probed.push("sandbox-exec");
+    if (seatbelt && existsSync12(seatbelt)) {
+      const SeatbeltBackendClass = loadSeatbeltBackend();
+      if (SeatbeltBackendClass) {
+        return {
+          backend: new SeatbeltBackendClass(seatbelt, config, fsContext, resolvedPaths),
+          selectedKind: "macos-seatbelt",
+          probed,
+          reason: "detected-seatbelt"
+        };
+      }
+      return handleUnavailableBackend(mode, probed, "macos-seatbelt", "Seatbelt sandbox backend module failed to load.", "seatbelt-backend-module-unavailable", { explicit: requestedBackend === "macos-seatbelt" });
+    }
+  }
+  if (process.platform === "linux" && (!requestedBackend || requestedBackend === "linux-bwrap")) {
+    const bwrap = Bun.which("bwrap");
+    probed.push("bwrap");
+    if (bwrap && await probeBubblewrap(bwrap)) {
+      const BwrapBackendClass = loadBwrapBackend();
+      if (BwrapBackendClass) {
+        return {
+          backend: new BwrapBackendClass(bwrap, config, fsContext, resolvedPaths),
+          selectedKind: "linux-bwrap",
+          probed,
+          reason: "detected-bwrap"
+        };
+      }
+      return handleUnavailableBackend(mode, probed, "linux-bwrap", "Bubblewrap sandbox backend module failed to load.", "bwrap-backend-module-unavailable", { explicit: requestedBackend === "linux-bwrap" });
+    }
+  }
+  if (requestedBackend) {
+    return handleUnavailableBackend(mode, probed, requestedBackend, `Explicit sandbox backend "${requestedBackend}" is unavailable on ${process.platform}.`, "explicit-backend-unavailable", { explicit: true });
+  }
+  if (mode === "enforce") {
+    throw new SandboxError("backend-unavailable", `Runtime sandbox required (mode=enforce) but no backend available. Probed: ${probed.join(", ")}`);
+  }
+  return {
+    backend: new NoSandboxBackend("sandbox-backend-unavailable"),
+    selectedKind: "none",
+    probed,
+    reason: "sandbox-backend-unavailable"
+  };
+}
+function resolveExplicitBackend(explicitBackend) {
+  if (!explicitBackend) {
+    return null;
+  }
+  switch (explicitBackend) {
+    case "none":
+    case "macos-seatbelt":
+    case "linux-bwrap":
+    case "docker":
+      return explicitBackend;
+    default:
+      throw new SandboxError("backend-unavailable", `Unknown sandbox backend "${explicitBackend}".`);
+  }
+}
+function loadSeatbeltBackend() {
+  try {
+    const mod = (init_backend_seatbelt(), __toCommonJS(exports_backend_seatbelt));
+    return mod.SeatbeltBackend ?? null;
+  } catch {
+    return null;
+  }
+}
+function loadBwrapBackend() {
+  try {
+    const mod = (init_backend_bwrap(), __toCommonJS(exports_backend_bwrap));
+    return mod.BwrapBackend ?? null;
+  } catch {
+    return null;
+  }
+}
+function handleUnavailableBackend(mode, probed, detectedKind, message, reason, options) {
+  if (mode === "enforce" || options?.explicit) {
+    throw new SandboxError("backend-unavailable", `${message} Probed: ${probed.join(", ")}`);
+  }
+  return {
+    backend: new NoSandboxBackend(reason),
+    selectedKind: "none",
+    probed,
+    reason: `${reason}:${detectedKind}`
+  };
+}
+
+// packages/isolation-plugin/src/sandbox/orchestrator.ts
+function shouldSandboxRuntime(_runtime) {
+  return true;
+}
+async function wrapWithRuntimeSandbox(options) {
+  const envOverride = process.env.RIG_RUNTIME_SANDBOX;
+  const resolution = await resolveBackend(options.projectRoot, { ...envOverride !== undefined ? { envOverride } : {} });
+  if (resolution.backend.kind === "none") {
+    const plan = resolution.backend.wrap({
+      projectRoot: options.projectRoot,
+      runtime: options.runtime,
+      command: options.command
+    });
+    return {
+      ...plan,
+      reason: plan.reason ?? resolution.reason
+    };
+  }
+  if (!shouldSandboxRuntime(options.runtime)) {
+    return {
+      command: options.command,
+      enabled: false,
+      backend: "none",
+      reason: "runtime-mode-not-sandboxed"
+    };
+  }
+  return resolution.backend.wrap({
+    projectRoot: options.projectRoot,
+    runtime: options.runtime,
+    command: options.command
+  });
+}
+
+// packages/isolation-plugin/src/isolation/runner.ts
+import { resolveRuntimeWorkspaceLayout as resolveRuntimeWorkspaceLayout2 } from "@rig/core/layout";
+import { resolveBunBinaryPath as resolveBunBinaryPath3 } from "@rig/core/runtime-paths";
+var SNAPSHOT_SIDECAR_READY_TIMEOUT_MS = 1e4;
+async function startRuntimeSnapshotSidecar(runtime, options = {}) {
+  const instanceId = sanitizeRuntimeRefSegment(options.instanceId?.trim() || runtime.id);
+  const readyFile = resolve14(runtime.stateDir, `runtime-snapshot-sidecar-${instanceId}.ready`);
+  const requestFile = resolve14(runtime.stateDir, `runtime-snapshot-sidecar-${instanceId}.request.json`);
+  rmSync7(readyFile, { force: true });
+  rmSync7(requestFile, { force: true });
+  const sidecarBinary = resolveSnapshotSidecarBinaryPath(runtime.binDir);
+  const useCompiledSidecar = shouldUseCompiledSnapshotSidecar(sidecarBinary);
+  const bunCli = useCompiledSidecar ? null : resolveBunCliInvocation();
+  const command = useCompiledSidecar ? [sidecarBinary] : [bunCli.command, resolveSnapshotSidecarScriptPath()];
+  const proc = Bun.spawn([
+    ...command,
+    "--workspace",
+    runtime.workspaceDir,
+    "--task",
+    runtime.taskId,
+    "--runtime-id",
+    runtime.id,
+    "--instance-id",
+    instanceId,
+    "--ready-file",
+    readyFile,
+    "--request-file",
+    requestFile
+  ], {
+    cwd: runtime.workspaceDir,
+    stdin: "ignore",
+    stdout: "pipe",
+    stderr: "pipe",
+    env: {
+      ...process.env,
+      ...bunCli?.env ?? {}
+    }
+  });
+  const stdoutTextPromise = drainStream(proc.stdout);
+  const stderrTextPromise = drainStream(proc.stderr);
+  await waitForSnapshotSidecarReady(readyFile, proc, stdoutTextPromise, stderrTextPromise);
+  return {
+    cancel: async () => {
+      try {
+        proc.kill("SIGTERM");
+      } catch {}
+      await proc.exited;
+      rmSync7(readyFile, { force: true });
+      rmSync7(requestFile, { force: true });
+    },
+    finalize: async (commandParts, exitCode) => {
+      writeFileSync6(requestFile, `${JSON.stringify({ command: commandParts, exitCode })}
+`, "utf-8");
+      const [sidecarExitCode, stdout, stderr] = await Promise.all([
+        proc.exited,
+        stdoutTextPromise,
+        stderrTextPromise
+      ]);
+      rmSync7(readyFile, { force: true });
+      rmSync7(requestFile, { force: true });
+      if (sidecarExitCode !== 0) {
+        throw new Error(`snapshot sidecar failed (${sidecarExitCode}): ${stderr || stdout}`);
+      }
+    }
+  };
+}
+async function drainStream(stream) {
+  if (!stream)
+    return "";
+  try {
+    return await new Response(stream).text();
+  } catch {
+    return "";
+  }
+}
+async function runInAgentRuntime(options) {
+  const snapshotSidecar = await startRuntimeSnapshotSidecar(options.runtime);
+  try {
+    const runtimeCommand = resolveInternalRuntimeCommand(options.command);
+    const sandboxPlan = await wrapWithRuntimeSandbox({
+      projectRoot: options.projectRoot,
+      runtime: {
+        id: options.runtime.id,
+        mode: options.runtime.mode,
+        rootDir: options.runtime.rootDir,
+        workspaceDir: options.runtime.workspaceDir,
+        homeDir: options.runtime.homeDir,
+        tmpDir: options.runtime.tmpDir,
+        cacheDir: options.runtime.cacheDir,
+        stateDir: options.runtime.stateDir,
+        sessionDir: options.runtime.sessionDir,
+        claudeHomeDir: options.runtime.claudeHomeDir,
+        binDir: options.runtime.binDir
+      },
+      command: runtimeCommand
+    });
+    const proc = Bun.spawn(sandboxPlan.command, {
+      cwd: options.runtime.workspaceDir,
+      env: runtimeCommandEnv(await runtimeEnv(options.projectRoot, options.runtime), sandboxPlan.command),
+      stdin: options.inheritStdio ? "inherit" : "pipe",
+      stdout: options.inheritStdio ? "inherit" : "pipe",
+      stderr: options.inheritStdio ? "inherit" : "pipe"
+    });
+    const exitCode = await proc.exited;
+    if (options.inheritStdio) {
+      await snapshotSidecar.finalize(runtimeCommand, exitCode);
+      return {
+        exitCode,
+        sandboxBackend: sandboxPlan.backend,
+        sandboxEnabled: sandboxPlan.enabled
+      };
+    }
+    const stdout = await new Response(proc.stdout).text();
+    const stderr = await new Response(proc.stderr).text();
+    try {
+      await Bun.write(resolve14(options.runtime.logsDir, "agent-stdout.log"), stdout);
+      await Bun.write(resolve14(options.runtime.logsDir, "agent-stderr.log"), stderr);
+    } catch {}
+    await snapshotSidecar.finalize(runtimeCommand, exitCode);
+    return {
+      exitCode,
+      stdout,
+      stderr,
+      sandboxBackend: sandboxPlan.backend,
+      sandboxEnabled: sandboxPlan.enabled
+    };
+  } catch (error) {
+    await snapshotSidecar.cancel();
+    throw error;
+  }
+}
+function resolveInternalRuntimeCommand(command) {
+  if (command.length === 0) {
+    return [];
+  }
+  const executable = command[0]?.trim() ?? "";
+  if (!executable) {
+    return [...command];
+  }
+  if (basename4(executable) === "bun") {
+    return [resolveBunBinaryPath3(), ...command.slice(1)];
+  }
+  return [...command];
+}
+async function cleanupAgentRuntime(options) {
+  const { monorepoRoot, initialWorkspaceDir, runtimeRoot } = runtimeRootForCleanup(options.projectRoot, options.id);
+  const metadataPath = resolve14(runtimeRoot, "runtime.json");
+  if (!existsSync13(runtimeRoot)) {
+    return;
+  }
+  let mode = "worktree";
+  let workspaceDir = "";
+  const metadata = await readRuntimeMetadata2(metadataPath);
+  const metadataMatchesRequestedRuntime = metadata !== null && metadata.id === options.id && resolve14(metadata.workspaceDir) === resolve14(initialWorkspaceDir);
+  if (metadata && metadataMatchesRequestedRuntime) {
+    mode = metadata.mode;
+    workspaceDir = metadata.workspaceDir;
+  } else if (existsSync13(initialWorkspaceDir)) {
+    workspaceDir = initialWorkspaceDir;
+  }
+  const preservesTaskWorktree = metadataMatchesRequestedRuntime && metadata ? options.id === taskRuntimeId(metadata.taskId) : false;
+  if (mode === "worktree" && workspaceDir && monorepoRoot && !preservesTaskWorktree) {
+    await cleanupRuntimeWorktree(monorepoRoot, workspaceDir);
+  } else if (mode === "worktree" && workspaceDir && preservesTaskWorktree) {
+    cleanupTaskRuntimeOverlay(workspaceDir);
+  }
+  rmSync7(runtimeRoot, { recursive: true, force: true });
+}
+function cleanupTaskRuntimeOverlay(workspaceDir) {
+  const layout = resolveRuntimeWorkspaceLayout2(workspaceDir);
+  for (const path of [
+    layout.homeDir,
+    layout.tmpDir,
+    layout.cacheDir,
+    layout.logsDir,
+    layout.stateDir,
+    layout.sessionDir,
+    layout.binDir,
+    layout.distDir,
+    layout.runtimeDir,
+    layout.contextPath
+  ]) {
+    rmSync7(path, { recursive: true, force: true });
+  }
+}
+function resolveSnapshotSidecarScriptPath() {
+  return resolveRuntimeSourceScriptPath("snapshot-sidecar.ts");
+}
+function resolveSnapshotSidecarBinaryPath(binDir) {
+  return resolve14(binDir, "snapshot-sidecar");
+}
+function shouldUseCompiledSnapshotSidecar(binaryPath) {
+  if (!existsSync13(binaryPath)) {
+    return false;
+  }
+  const preference = process.env.RIG_USE_COMPILED_SNAPSHOT_SIDECAR?.trim().toLowerCase();
+  if (!preference) {
+    return false;
+  }
+  return preference === "1" || preference === "true" || preference === "yes";
+}
+function resolveRuntimeSourceScriptPath(fileName) {
+  const hostRoots = [
+    process.env.RIG_HOST_PROJECT_ROOT?.trim(),
+    process.env.PROJECT_RIG_ROOT?.trim()
+  ].filter((value) => Boolean(value));
+  for (const root of hostRoots) {
+    const candidate = resolve14(root, "packages/isolation-plugin/src", fileName);
+    if (existsSync13(candidate)) {
+      return candidate;
+    }
+  }
+  return resolve14(import.meta.dir, "..", fileName);
+}
+function resolveBunCliInvocation() {
+  if (process.env.RIG_BUN_PATH?.trim()) {
+    return {
+      command: process.env.RIG_BUN_PATH.trim(),
+      env: {}
+    };
+  }
+  const systemBun = Bun.which("bun")?.trim();
+  if (systemBun) {
+    return {
+      command: systemBun,
+      env: {}
+    };
+  }
+  if (process.execPath?.trim()) {
+    return {
+      command: process.execPath,
+      env: { BUN_BE_BUN: "1" }
+    };
+  }
+  return { command: "bun", env: {} };
+}
+async function waitForSnapshotSidecarReady(readyFile, proc, stdoutTextPromise, stderrTextPromise) {
+  const deadline = Date.now() + SNAPSHOT_SIDECAR_READY_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    if (existsSync13(readyFile)) {
+      return;
+    }
+    const exitCode = proc.exitCode;
+    if (exitCode !== null) {
+      const [stderr, stdout] = await Promise.all([stderrTextPromise, stdoutTextPromise]);
+      throw new Error(`snapshot sidecar exited before ready (${exitCode}): ${stderr || stdout}`);
+    }
+    await Bun.sleep(25);
+  }
+  throw new Error(`snapshot sidecar did not become ready within ${SNAPSHOT_SIDECAR_READY_TIMEOUT_MS}ms`);
+}
+async function readRuntimeMetadata2(metadataPath) {
+  if (!existsSync13(metadataPath)) {
+    return null;
+  }
+  try {
+    return await Bun.file(metadataPath).json();
+  } catch {
+    return null;
+  }
+}
+
+// packages/isolation-plugin/src/isolation/index.ts
+var TaskDataCap = defineCapability2(TASK_DATA_SERVICE_CAPABILITY);
+var taskData = () => requireInstalledCapability2(TaskDataCap, "task-data capability unavailable: load @rig/task-sources-plugin (default bundle) before provisioning runtimes.");
+var CANONICAL_MEMORY_DB_PATH = "rig/memory/project-memory.db";
+async function hydrateRuntimeMemory(options) {
+  const memoryService = await requireCapabilityForRoot(options.projectRoot, defineCapability2(MEMORY), "Shared memory requires the @rig/memory-plugin plugin in rig.config.");
+  const snapshot = await memoryService.readCanonicalMemoryDb(options.projectRoot);
+  const workspaceLayout = resolveRuntimeWorkspaceLayout3(options.workspaceDir);
+  const hydratedPath = resolve15(workspaceLayout.stateDir, "memory", "project-memory.db");
+  try {
+    await mkdir3(resolve15(workspaceLayout.stateDir, "memory"), { recursive: true });
+    await copyFile(snapshot.dbPath, hydratedPath);
+    return {
+      canonicalPath: CANONICAL_MEMORY_DB_PATH,
+      canonicalRef: "origin/main",
+      ...snapshot.baseOid ? { canonicalBaseOid: snapshot.baseOid } : {},
+      hydratedPath,
+      createdFresh: snapshot.createdFresh,
+      retrieval: DEFAULT_RUNTIME_MEMORY_RETRIEVAL
+    };
+  } finally {
+    await snapshot.cleanup();
+  }
+}
+async function createRuntimeTaskRecordReader(options) {
+  const legacyConfigPath = resolve15(options.projectRoot, ".rig", "task-config.json");
+  let pluginHostContext = null;
+  try {
+    pluginHostContext = await buildPluginHostContext(options.projectRoot);
+  } catch (error) {
+    if (!existsSync14(legacyConfigPath)) {
+      throw error;
+    }
+    const message = `Plugin task source unavailable; using source-aware .rig/task-config.json compatibility path: ${error instanceof Error ? error.message : String(error)}`;
+    options.diagnostics?.(message);
+    console.warn(message);
+    return {
+      reader: taskData().createSourceAwareTaskConfigRecordReader(options.projectRoot, {
+        allowLocalTaskConfigStatusFallback: readConfiguredTaskSourceKindHint(options.projectRoot) !== "github-issues"
+      }),
+      source: "legacy"
+    };
+  }
+  const pluginSources = pluginHostContext?.taskSourceRegistry.list() ?? [];
+  if (pluginHostContext && pluginSources.length > 0) {
+    return {
+      reader: taskData().createPluginTaskRecordReader({ taskSourceRegistry: pluginHostContext.taskSourceRegistry }, { projectRoot: options.projectRoot }),
+      source: "plugin"
+    };
+  }
+  if (existsSync14(legacyConfigPath)) {
+    const message = "Using source-aware .rig/task-config.json task source compatibility path";
+    options.diagnostics?.(message);
+    console.warn(message);
+    return {
+      reader: taskData().createSourceAwareTaskConfigRecordReader(options.projectRoot, {
+        allowLocalTaskConfigStatusFallback: readConfiguredTaskSourceKindHint(options.projectRoot) !== "github-issues"
+      }),
+      source: "legacy"
+    };
+  }
+  return {
+    reader: taskData().createLegacyTaskConfigRecordReader(options.projectRoot),
+    source: "legacy"
+  };
+}
+function readConfiguredTaskSourceKindHint(projectRoot) {
+  const jsonPath = resolve15(projectRoot, "rig.config.json");
+  if (existsSync14(jsonPath)) {
+    try {
+      const parsed = JSON.parse(readFileSync7(jsonPath, "utf8"));
+      if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+        const taskSource = parsed.taskSource;
+        if (taskSource && typeof taskSource === "object" && !Array.isArray(taskSource)) {
+          const kind = taskSource.kind;
+          return typeof kind === "string" ? kind : null;
+        }
+      }
+    } catch {
+      return null;
+    }
+  }
+  const tsPath = resolve15(projectRoot, "rig.config.ts");
+  if (!existsSync14(tsPath)) {
+    return null;
+  }
+  try {
+    const source = readFileSync7(tsPath, "utf8");
+    const taskSourceBlock = source.match(/taskSource\s*:\s*\{[\s\S]*?\}/m)?.[0] ?? "";
+    const kind = taskSourceBlock.match(/kind\s*:\s*["']([^"']+)["']/)?.[1];
+    return kind ?? null;
+  } catch {
+    return null;
+  }
+}
+async function resolveRuntimeTaskRecord(options) {
+  const readerResolution = options.taskRecordReader ? { reader: options.taskRecordReader, source: "injected" } : await createRuntimeTaskRecordReader({
+    projectRoot: options.projectRoot,
+    ...options.diagnostics ? { diagnostics: options.diagnostics } : {}
+  });
+  const task = await readerResolution.reader.getTask(options.taskId);
+  if (!task) {
+    throw new Error(`Task ${options.taskId} not found in configured task source`);
+  }
+  return {
+    task,
+    taskEntry: taskRecordToRuntimeTaskEntry(task),
+    source: readerResolution.source
+  };
+}
+function runtimeSourceTaskContract(task) {
+  const record = task;
+  return {
+    id: task.id,
+    ...copyOptionalString(record, "title"),
+    ...copyOptionalString(record, "description"),
+    ...copyOptionalString(record, "body"),
+    ...copyOptionalString(record, "acceptanceCriteria"),
+    ...copyOptionalString(record, "acceptance_criteria"),
+    ...copyOptionalString(record, "sourceIssueId"),
+    ...copyOptionalString(record, "status"),
+    ...copyOptionalString(record, "issueType"),
+    ...copyOptionalString(record, "role"),
+    ...copyOptionalString(record, "externalRef"),
+    scope: readStringList(record.scope),
+    validation: readStringList(record.validation),
+    validators: readStringList(record.validators),
+    labels: readStringList(record.labels)
+  };
+}
+function copyOptionalString(record, key) {
+  const value = record[String(key)];
+  return typeof value === "string" ? { [key]: value } : {};
+}
+function taskRecordToRuntimeTaskEntry(task) {
+  const role = typeof task.role === "string" ? task.role : undefined;
+  const scope = readStringList(task.scope);
+  const validation = readStringList(task.validation).length > 0 ? readStringList(task.validation) : readStringList(task.validators);
+  const browser = isTaskBrowserConfig(task.browser) ? task.browser : undefined;
+  return {
+    ...role ? { role } : {},
+    ...scope.length > 0 ? { scope } : {},
+    ...validation.length > 0 ? { validation } : {},
+    ...browser ? { browser } : {}
+  };
+}
+async function writeRuntimeTaskConfigProjection(options) {
+  const record = options.task;
+  const entry = {
+    ...copyOptionalString(record, "description"),
+    ...copyOptionalString(record, "acceptance_criteria"),
+    ...typeof record.acceptanceCriteria === "string" ? { acceptance_criteria: record.acceptanceCriteria } : {},
+    ...options.taskEntry.role ? { role: options.taskEntry.role } : {},
+    ...options.taskEntry.scope && options.taskEntry.scope.length > 0 ? { scope: options.taskEntry.scope } : {},
+    ...options.taskEntry.validation && options.taskEntry.validation.length > 0 ? { validation: options.taskEntry.validation } : {},
+    ...options.taskEntry.browser ? { browser: options.taskEntry.browser } : {}
+  };
+  const configPath = resolve15(options.workspaceDir, ".rig", "task-config.json");
+  await mkdir3(resolve15(options.workspaceDir, ".rig"), { recursive: true });
+  await writeFile2(configPath, `${JSON.stringify({ [options.task.id]: entry }, null, 2)}
+`, "utf-8");
+}
+function readStringList(candidate) {
+  return Array.isArray(candidate) ? candidate.filter((value) => typeof value === "string") : [];
+}
+function isTaskBrowserConfig(candidate) {
+  return typeof candidate === "object" && candidate !== null && !Array.isArray(candidate);
+}
+function fallbackTaskInfoOutput(task, taskEntry) {
+  const lines = [
+    `=== Task: ${task.id} ===`,
+    "",
+    `Role:    ${taskEntry.role || "unassigned"}`
+  ];
+  if (typeof task.title === "string" && task.title.trim()) {
+    lines.push(`Title:   ${task.title}`);
+  }
+  if (typeof task.status === "string" && task.status.trim()) {
+    lines.push(`Status:  ${task.status.toUpperCase()}`);
+  }
+  const description = typeof task.description === "string" ? task.description : typeof task.body === "string" ? task.body : "";
+  if (description.trim()) {
+    lines.push("", "Description:", description);
+  }
+  const acceptanceCriteria = typeof task.acceptanceCriteria === "string" ? task.acceptanceCriteria : typeof task.acceptance_criteria === "string" ? task.acceptance_criteria : "";
+  if (acceptanceCriteria.trim()) {
+    lines.push("", "Acceptance Criteria:", acceptanceCriteria);
+  }
+  lines.push("", "Scope globs:");
+  for (const scope of taskEntry.scope ?? []) {
+    lines.push(`  - ${scope}`);
+  }
+  lines.push("", "Validation:");
+  for (const command of taskEntry.validation ?? []) {
+    lines.push(`  $ ${command}`);
+  }
+  return `${lines.join(`
+`)}
+`;
+}
+async function captureTaskInfoOutput(options) {
+  try {
+    return await captureStdout(async () => {
+      await taskData().taskInfo(options.projectRoot, options.taskId, options.provider);
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    if (!message.includes("Task config missing")) {
+      throw error;
+    }
+    return fallbackTaskInfoOutput(options.task, options.taskEntry);
+  }
+}
+async function ensureAgentRuntime(options) {
+  if (!options.taskId.trim()) {
+    throw new Error("Task runtime provisioning requires a non-empty taskId.");
+  }
+  if (options.mode !== "worktree") {
+    throw new Error(`Unsupported runtime isolation mode: ${options.mode}`);
+  }
+  ensureProvisioningHostProjectRootEnv(options.projectRoot);
+  const monorepoRoot = resolveMonorepoRoot(options.projectRoot);
+  const workspaceDir = resolve15(monorepoRoot, ".worktrees", runtimeWorktreeName(options.taskId, options.id));
+  const createdAt = new Date().toISOString();
+  if (!existsSync14(resolve15(monorepoRoot, ".git"))) {
+    throw new Error(`Monorepo root is not a git checkout: ${monorepoRoot}`);
+  }
+  const taskResolution = await resolveRuntimeTaskRecord({
+    projectRoot: options.projectRoot,
+    taskId: options.taskId,
+    ...options.taskRecordReader ? { taskRecordReader: options.taskRecordReader } : {}
+  });
+  const taskEntry = taskResolution.taskEntry;
+  const workspaceLayout = resolveRuntimeWorkspaceLayout3(workspaceDir);
+  const baseRef = await resolveMonorepoBaseRef(monorepoRoot);
+  const monorepoBaseCommit = await resolveMonorepoBaseCommit(monorepoRoot, baseRef);
+  console.log(`[rig-agent] Provisioning worktree runtime ${options.id} for ${options.taskId}`);
+  await provisionRuntimeWorktree({
+    monorepoRoot,
+    taskId: options.taskId,
+    runtimeId: options.id,
+    workspaceDir,
+    baseRef
+  });
+  await configureRuntimeGitIdentity(monorepoRoot, workspaceDir);
+  const runtimeRoot = workspaceLayout.runtimeDir;
+  const overlay = ensureRuntimeOverlay(options.projectRoot, options.id, workspaceDir);
+  const runtime = {
+    id: options.id,
+    taskId: options.taskId,
+    mode: "worktree",
+    rootDir: runtimeRoot,
+    workspaceDir,
+    homeDir: workspaceLayout.homeDir,
+    tmpDir: workspaceLayout.tmpDir,
+    cacheDir: workspaceLayout.cacheDir,
+    logsDir: overlay.logsDir,
+    stateDir: overlay.stateDir,
+    sessionDir: overlay.sessionDir,
+    claudeHomeDir: resolve15(workspaceLayout.homeDir, ".claude"),
+    contextFile: overlay.contextPath,
+    binDir: workspaceLayout.binDir,
+    createdAt
+  };
+  await provisionRuntimeHome(runtime, { ...options.provider !== undefined ? { provider: options.provider } : {} });
+  prepareTrackedRuntimePaths(runtime.logsDir, runtime.stateDir, runtime.sessionDir);
+  await mkdir3(runtime.logsDir, { recursive: true });
+  await initializeRuntimeStateFiles(runtime.stateDir, runtime.sessionDir, options.taskId);
+  const memory = await hydrateRuntimeMemory({
+    projectRoot: options.projectRoot,
+    workspaceDir
+  });
+  mkdirSync10(runtime.binDir, { recursive: true });
+  mkdirSync10(workspaceLayout.distDir, { recursive: true });
+  prepareRuntimeWorkspace(options.projectRoot, workspaceDir);
+  if (options.preserveTaskArtifacts) {
+    console.log(`[rig-agent] Preserving runtime task artifacts for resume of ${options.taskId}.`);
+  } else {
+    await resetEphemeralTaskArtifacts(workspaceDir, options.taskId);
+  }
+  const browserContractService = await loadCapabilityForRoot(options.projectRoot, defineCapability2(BROWSER_CONTRACT_SERVICE_CAPABILITY));
+  const browserContext = browserContractService?.resolveTaskBrowserContext(taskEntry.browser, {
+    hostProjectRoot: options.projectRoot,
+    runtimeId: options.id
+  });
+  const projectHeadCommit = await tryReadGitHead(options.projectRoot);
+  const monorepoHeadCommit = await tryReadGitHead(workspaceDir);
+  const ctx = {
+    runtimeId: options.id,
+    taskId: options.taskId,
+    role: taskEntry.role || "extractor",
+    scopes: taskEntry.scope || [],
+    validation: taskEntry.validation || [],
+    sourceTask: runtimeSourceTaskContract(taskResolution.task),
+    ...browserContext !== undefined ? { browser: browserContext } : {},
+    workspaceDir,
+    artifactRoot: resolve15(workspaceDir, "artifacts", safePathSegment3(options.taskId, { fallback: "task", maxLength: 96 })),
+    hostProjectRoot: options.projectRoot,
+    monorepoMainRoot: monorepoRoot,
+    monorepoBaseRef: baseRef,
+    monorepoBaseCommit,
+    initialHeadCommits: {
+      ...projectHeadCommit !== undefined ? { project: projectHeadCommit } : {},
+      ...monorepoHeadCommit !== undefined ? { monorepo: monorepoHeadCommit } : {}
+    },
+    initialDirtyFiles: {
+      project: await captureRepoDirtyFiles(options.projectRoot),
+      monorepo: await captureRepoDirtyFiles(workspaceDir)
+    },
+    stateDir: overlay.stateDir,
+    logsDir: overlay.logsDir,
+    sessionDir: overlay.sessionDir,
+    sessionFile: resolve15(overlay.sessionDir, "session.json"),
+    policyFile: resolve15(options.projectRoot, "rig/policy/policy.json"),
+    binDir: runtime.binDir,
+    createdAt,
+    memory
+  };
+  writeRuntimeContext(overlay.contextPath, ctx);
+  await writeRuntimeTaskConfigProjection({
+    workspaceDir,
+    task: taskResolution.task,
+    taskEntry
+  });
+  const manifestPath = resolve15(runtimeRoot, "manifest.json");
+  const bakedScopeHash = sha256Hex(JSON.stringify(taskEntry.scope || []));
+  const runtimeAgentBinary = resolve15(runtime.binDir, "rig-agent");
+  await ensureRigGitBinaryPath();
+  const bakedInfoOutput = await captureTaskInfoOutput({
+    projectRoot: options.projectRoot,
+    taskId: options.taskId,
+    ...options.provider !== undefined ? { provider: options.provider } : {},
+    task: taskResolution.task,
+    taskEntry
+  });
+  const bakedDepsOutput = await captureStdout(async () => {
+    await taskData().taskDeps(options.projectRoot, options.taskId);
+  });
+  const bakedStatusOutput = await captureStdout(async () => {
+    taskData().taskStatus(options.projectRoot);
+  });
+  rmSync8(runtime.binDir, { recursive: true, force: true });
+  rmSync8(workspaceLayout.distDir, { recursive: true, force: true });
+  mkdirSync10(runtime.binDir, { recursive: true });
+  mkdirSync10(workspaceLayout.distDir, { recursive: true });
+  await buildRuntimeToolchain({
+    projectRoot: options.projectRoot,
+    workspaceDir,
+    binDir: runtime.binDir,
+    distDir: workspaceLayout.distDir,
+    taskId: options.taskId,
+    runtimeId: options.id,
+    manifestPath,
+    taskEntry,
+    bakedScopeHash,
+    bakedInfoOutput,
+    bakedDepsOutput,
+    bakedStatusOutput,
+    runtimeSecretDefines: secretDefinesFromEnv(process.env, options.projectRoot),
+    logsDir: runtime.logsDir
+  });
+  await writeRuntimeManifest({
+    runtimeRoot,
+    workspaceDir,
+    runtimeId: options.id,
+    taskId: options.taskId,
+    scopes: taskEntry.scope || [],
+    binaryPath: runtimeAgentBinary,
+    binDir: runtime.binDir
+  });
+  await provisionClaudeHome({
+    claudeHomeDir: runtime.claudeHomeDir,
+    hostProjectRoot: options.projectRoot,
+    workspaceDir,
+    taskEntry
+  });
+  const sandboxDir = resolve15(runtimeRoot, "sandbox");
+  await mkdir3(sandboxDir, { recursive: true });
+  await writeFile2(resolve15(runtimeRoot, "runtime.json"), JSON.stringify({
+    id: options.id,
+    taskId: options.taskId,
+    mode: "worktree",
+    workspaceDir,
+    createdAt
+  }, null, 2), "utf-8");
+  return runtime;
+}
+export {
+  taskRuntimeId,
+  startRuntimeSnapshotSidecar,
+  runtimeWorktreeNameFromRuntimeId,
+  runtimeWorktreeName,
+  runtimeEnv,
+  runtimeCommandEnv,
+  runtimeBranchName,
+  runInAgentRuntime,
+  resolveRuntimeTaskRecord,
+  resolveMonorepoRoot,
+  resolveMonorepoBaseRef,
+  resolveContributedToolchainSources,
+  prepareTrackedRuntimePaths,
+  persistRuntimeSecrets,
+  materializeRuntimeHostToolWrappers,
+  listAgentRuntimes,
+  hydrateRuntimeMemory,
+  ensureAgentRuntime,
+  createRuntimeTaskRecordReader,
+  configureRuntimeGitIdentity,
+  cleanupAgentRuntime,
+  buildBinary,
+  agentId
+};