@madarco/agentbox 0.11.2 → 0.11.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@madarco/agentbox",
-  "version": "0.11.2",
+  "version": "0.11.3",
   "description": "Launch Claude Code, Codex, and other coding agents in isolated sandboxes",
   "license": "MIT",
   "author": "Marco D'Alia",
@@ -59,15 +59,15 @@
     "typescript": "^5.7.2",
     "vitest": "^2.1.8",
     "@agentbox/config": "0.0.0",
+    "@agentbox/core": "0.0.0",
     "@agentbox/ctl": "0.0.0",
-    "@agentbox/relay": "0.0.0",
     "@agentbox/sandbox-cloud": "0.0.0",
-    "@agentbox/core": "0.0.0",
+    "@agentbox/relay": "0.0.0",
     "@agentbox/sandbox-core": "0.0.0",
+    "@agentbox/sandbox-daytona": "0.0.0",
     "@agentbox/sandbox-docker": "0.0.0",
     "@agentbox/sandbox-hetzner": "0.0.0",
-    "@agentbox/sandbox-vercel": "0.0.0",
-    "@agentbox/sandbox-daytona": "0.0.0"
+    "@agentbox/sandbox-vercel": "0.0.0"
   },
   "scripts": {
     "build": "tsup",

package/share/host-skills/agentbox-info/SKILL.md

@@ -13,7 +13,7 @@ If you find yourself *inside* a box (`/workspace` exists and `AGENTBOX_RELAY_URL
 
 ## What AgentBox is, in one paragraph
 
-AgentBox spins up one isolated sandbox per agent run — a local Docker container (default), a Daytona cloud sandbox (`--provider daytona`), or a Hetzner VPS (`--provider hetzner`). Each box has its own `/workspace`, but the host's `.git/` is shared, so commits made inside the box land on the host immediately. The agent inside the box has **no host credentials** — `git push`, opening URLs in the host browser, capturing checkpoints, and all other host-side operations flow through a small host process called the **relay** that runs alongside the CLI.
+AgentBox spins up one isolated sandbox per agent run — a local Docker container (default), a Hetzner VPS (`--provider hetzner`), a Vercel Sandbox (`--provider vercel`), or a Daytona cloud sandbox (`--provider daytona`, partial support). Each box has its own `/workspace`, but the host's `.git/` is shared, so commits made inside the box land on the host immediately. The agent inside the box has **no host credentials** — `git push`, opening URLs in the host browser, capturing checkpoints, and all other host-side operations flow through a small host process called the **relay** that runs alongside the CLI.
 
 ## The two starting commands
 
@@ -28,7 +28,7 @@ agentbox create --provider hetzner    # cloud VPS (requires `agentbox prepare --
 agentbox create --attach              # drop into a shell inside the box after create
 ```
 
-Useful flags: `-n <name>` (friendly box name), `--provider docker|daytona|hetzner`, `--attach`, `-w <path>` (workspace to mount; defaults to `cwd`), `--snapshot <ref>` (start from a checkpoint).
+Useful flags: `-n <name>` (friendly box name), `--provider docker|daytona|hetzner|vercel`, `--attach`, `-w <path>` (workspace to mount; defaults to `cwd`), `--snapshot <ref>` (start from a checkpoint).
 
 Non-docker providers require a one-time `agentbox prepare --provider <name>` to bake the base image / snapshot.
 
@@ -66,7 +66,7 @@ agentbox dashboard                    # TUI with status + leader-key actions
 agentbox claude attach <name|n>       # reattach to a specific box
 ```
 
-Caveats: `-i` is currently **docker-only** (cloud sessions only start on attach, so background-mode has no place to seed the prompt). The host must have valid Claude Code credentials.
+`-i` works on every provider — pass `--provider daytona|hetzner|vercel` (or set `box.provider`) and the queued job creates a cloud box and pre-starts the seeded agent session detached, same as docker. The host must have valid agent credentials. Extra args after `--` are forwarded to the in-box agent (e.g. `agentbox claude -i "<prompt>" --provider vercel -- --permission-mode=plan`).
 
 ## Forking the current session into a box
 
@@ -78,7 +78,7 @@ When *you* are the host-side agent and want to orchestrate other agents running
 
 ### `agentbox drive <box>` — terminal driving
 
-Targets the running tmux session inside a box (auto-picks the agent session: `claude` → `codex` → `opencode` → the only running session; override with `--session <name>`). Provider-uniform — works the same on docker / daytona / hetzner.
+Targets the running tmux session inside a box (auto-picks the agent session: `claude` → `codex` → `opencode` → the only running session; override with `--session <name>`). Provider-uniform — works the same on docker / daytona / hetzner / vercel.
 
 ```sh
 agentbox drive snapshot 1                          # print rendered TUI as plain text
@@ -182,6 +182,26 @@ Implications for you, the host-side agent:
 - Inside the box you can `git commit … && git push` exactly as normal. No setup needed.
 - Pushes are gated host-side: the relay can require a confirm prompt for destructive operations (the user sees it in the dashboard footer, ~25 s TTL). If a push appears to hang, tell the user to check the dashboard.
 - The relay process is started lazily by the first `agentbox create` / `agentbox claude` and persists across runs (PID at `~/.agentbox/relay.pid`, log at `~/.agentbox/relay.log`). You normally don't need to manage it.
+- For HTTPS origins (`https://github.com/...`), pushing usually needs a credential — recommend the user run `gh auth login` and `gh auth setup-git` once on the host. After that, host `git push` uses gh's OAuth token automatically. SSH origins (`git@github.com:...`) keep using the host's SSH agent as before.
+
+## PRs through the host relay (`agentbox-ctl git pr …`)
+
+In-box agents can drive GitHub PRs from inside a box via the host's `gh` CLI. Same model as `git push`: the box has no GitHub token; the relay shells out to `gh` on the host with the user's authenticated gh identity. Requires `gh` installed on the host and `gh auth login` run once.
+
+The wrapper is `agentbox-ctl git pr <op> [args...]`. Available ops:
+
+| Op | Prompt? | Notes |
+| --- | --- | --- |
+| `view <num>` | no | Read-only. |
+| `list` | no | Read-only. |
+| `create` | yes | Pass-through args (e.g. `--title T --body B --draft`). |
+| `comment <num>` | yes | Visible to others. |
+| `review <num>` | yes | Visible to others. |
+| `close <num>`, `reopen <num>` | yes | |
+| `merge <num>` | yes (+ bypass guard) | `AGENTBOX_PROMPT=off` auto-`y` is refused here unless `AGENTBOX_GH_FORCE=1` is also set. |
+| `checkout <num>` | yes (+ opt-in) | Off by default — switches the host main repo's branch (visible to the box). Enable with `AGENTBOX_GH_PR_CHECKOUT=allow`; a dirty host tree is refused, and a host HEAD on a registered box branch is refused. |
+
+If a PR op appears to hang, tell the user to check the dashboard footer for the host confirmation prompt. If `gh` is missing or unauthenticated, the in-box command exits 127 / 4 with a clear stderr.
 
 ## Other commands worth knowing
 
@@ -192,7 +212,7 @@ Implications for you, the host-side agent:
 | `agentbox url [n\|name]` | Open the box's web app URL (`<box-name>.localhost` via Portless) in the host browser. |
 | `agentbox screen [n\|name]` | Open the box's **own** Chromium via VNC — useful for OAuth flows the agent inside the box initiates. |
 | `agentbox code [n\|name]` | Open VS Code / Cursor pointed at the box. |
-| `agentbox prepare --provider <name>` | One-time base image / snapshot build for `daytona` or `hetzner`. With no `--provider`, prints status across all providers. |
+| `agentbox prepare --provider <name>` | One-time base image / snapshot build for `daytona` or `hetzner` or `vercel`. With no `--provider`, prints status across all providers. |
 | `agentbox prune --provider <name>` | Clean up orphan boxes / images / snapshots for a provider (docker + daytona supported; hetzner pending). |
 
 Per-project numeric index (`1`, `2`, …) and friendly name (`review`, `smoke`) both work wherever `<box>` is accepted. Index `1` is the first box created in the current workspace.
@@ -201,7 +221,7 @@ Per-project numeric index (`1`, `2`, …) and friendly name (`review`, `smoke`)
 
 1. **Never assume the host needs SSH keys forwarded into a box** — git is handled by the relay, by design.
 2. **Use `-i` whenever the user asks for parallel agent work** rather than spawning multiple foreground sessions. Then point them at `agentbox dashboard` to watch progress.
-3. **Pick the provider deliberately.** `docker` is the fast default. `--provider hetzner` gives a real VPS (heavier, isolated, requires `agentbox prepare --provider hetzner` once). `--provider daytona` is the managed cloud option.
+3. **Pick the provider deliberately.** `docker` is the fast default. `--provider hetzner` gives a real VPS (heavier, isolated, requires `agentbox prepare --provider hetzner` once). `--provider vercel` is the managed cloud option.
 4. **Cross-check before recommending a command.** If a flag isn't listed here, run `agentbox <command> --help` (it's safe and read-only) before suggesting it to the user.
 5. **`/agentbox-setup` is a different skill.** It runs *inside* a box to generate `/workspace/agentbox.yaml`. Don't conflate it with `/agentbox` (host-side fork) or this reference skill.