@madarco/agentbox 0.11.2 → 0.12.0

package/dist/{chunk-ZJXTIH6C.js → chunk-IZXPJPPV.js}

@@ -22,10 +22,10 @@ import {
 } from "./chunk-SNTHHWKY.js";
 
 // ../../packages/sandbox-docker/dist/index.js
-import { mkdir as mkdir7, stat as stat6 } from "fs/promises";
-import { homedir as homedir9 } from "os";
-import { basename as basename3, join as join10, resolve as resolve3 } from "path";
-import { execa as execa13 } from "execa";
+import { mkdir as mkdir7, stat as stat8 } from "fs/promises";
+import { homedir as homedir10 } from "os";
+import { basename as basename4, join as join11, resolve as resolve3 } from "path";
+import { execa as execa14 } from "execa";
 
 // ../../packages/ctl/dist/index.js
 import { readFile } from "fs/promises";
@@ -704,15 +704,16 @@ async function loadCarrySection(path) {
 
 // ../../packages/sandbox-docker/dist/index.js
 import { spawnSync } from "child_process";
-import { mkdir as mkdir22, mkdtemp, readdir as readdir3, readFile as readFile24, rm as rm2, stat as stat3, writeFile as writeFile3 } from "fs/promises";
-import { homedir as homedir2, tmpdir } from "os";
-import { join as join22, relative } from "path";
+import { mkdir as mkdir3, mkdtemp as mkdtemp2, readdir as readdir3, readFile as readFile4, realpath as realpath2, rm as rm2, stat as stat3, writeFile as writeFile22 } from "fs/promises";
+import { homedir as homedir3, tmpdir as tmpdir2 } from "os";
+import { isAbsolute as isAbsolute2, join as join4, relative as relative2 } from "path";
 import { setTimeout as delay } from "timers/promises";
-import { execa as execa3 } from "execa";
+import { execa as execa5 } from "execa";
 import { execa as execa2 } from "execa";
-import { mkdir as mkdir3, readFile as readFile4 } from "fs/promises";
-import { homedir as homedir3 } from "os";
-import { join as join4 } from "path";
+import { mkdir as mkdir4, readFile as readFile5, readdir as readdir4, stat as stat4 } from "fs/promises";
+import { createHash as createHash3 } from "crypto";
+import { homedir as homedir2 } from "os";
+import { join as join5 } from "path";
 import { execa as execa22 } from "execa";
 
 // ../../packages/config/dist/index.js
@@ -736,13 +737,23 @@ var BUILT_IN_DEFAULTS = {
     defaultCheckpointDaytona: "",
     defaultCheckpointHetzner: "",
     defaultCheckpointVercel: "",
+    size: "",
+    sizeDocker: "",
+    sizeDaytona: "",
+    sizeHetzner: "",
+    sizeVercel: "",
     withPlaywright: false,
     withEnv: false,
+    resyncOnStart: true,
     vnc: true,
     isolateClaudeConfig: false,
     isolateCodexConfig: false,
     isolateOpencodeConfig: false,
     image: "agentbox/box:dev",
+    imageDocker: "",
+    imageDaytona: "",
+    imageHetzner: "",
+    imageVercel: "",
     // Mirrors BOX_IMAGE_REGISTRY in @agentbox/sandbox-docker. Empty disables the
     // registry pull (always build the docker base image locally).
     imageRegistry: "ghcr.io/madarco/agentbox/box",
@@ -860,6 +871,35 @@ var KEY_REGISTRY = [
     description: "Per-provider override of `box.defaultCheckpoint` for vercel. Wins over the global when set; set via `agentbox checkpoint set-default --provider vercel`.",
     advanced: true
   },
+  {
+    key: "box.size",
+    type: "string",
+    description: "Default VM size for cloud providers. Provider-interpreted: hetzner = server type (e.g. `cx33`); daytona = `cpu-memory-disk` GB (e.g. `4-8-20`). Used as fallback when no per-provider override is set. Docker/Vercel ignore it."
+  },
+  {
+    key: "box.sizeDocker",
+    type: "string",
+    description: "Per-provider override of `box.size` for docker. Reserved \u2014 docker sizing is controlled via `box.memory` / `box.cpus` / `box.disk`.",
+    advanced: true
+  },
+  {
+    key: "box.sizeDaytona",
+    type: "string",
+    description: "Per-provider override of `box.size` for daytona. `cpu-memory-disk` GB spec (e.g. `4-8-20`). Only honored on the image/Dockerfile create path; Daytona rejects custom resources on snapshot-resume.",
+    advanced: true
+  },
+  {
+    key: "box.sizeHetzner",
+    type: "string",
+    description: "Per-provider override of `box.size` for hetzner. Server type string (e.g. `cx23`, `cx33`, `cx43`).",
+    advanced: true
+  },
+  {
+    key: "box.sizeVercel",
+    type: "string",
+    description: "Per-provider override of `box.size` for vercel. Reserved \u2014 vercel sizing is controlled via `box.vercelVcpus`.",
+    advanced: true
+  },
   {
     key: "checkpoint.maxLayers",
     type: "int",
@@ -876,6 +916,11 @@ var KEY_REGISTRY = [
     type: "bool",
     description: "Copy host env/config files (.env*, secrets.toml, agentbox.yaml, ...) into /workspace at box create time (gitignore-bypassing)."
   },
+  {
+    key: "box.resyncOnStart",
+    type: "bool",
+    description: "Merge the host's current branch into the box and overlay the host's uncommitted/untracked changes when starting an agent session (keeps the box's version on conflict and warns the agent)."
+  },
   {
     key: "box.vnc",
     type: "bool",
@@ -899,7 +944,31 @@ var KEY_REGISTRY = [
   {
     key: "box.image",
     type: "string",
-    description: "Box image ref (advanced).",
+    description: "Generic box image ref (fallback). Used as fallback when no per-provider override is set; the default `agentbox/box:dev` is treated as a sentinel by cloud backends (boot from their prepared base snapshot instead).",
+    advanced: true
+  },
+  {
+    key: "box.imageDocker",
+    type: "string",
+    description: "Per-provider override of `box.image` for docker (local docker image ref, e.g. `agentbox/box:dev`). Wins over the generic when set.",
+    advanced: true
+  },
+  {
+    key: "box.imageDaytona",
+    type: "string",
+    description: "Per-provider override of `box.image` for daytona (named snapshot, e.g. `agentbox-base-<fingerprint>`). Written by `agentbox prepare --provider daytona`.",
+    advanced: true
+  },
+  {
+    key: "box.imageHetzner",
+    type: "string",
+    description: "Per-provider override of `box.image` for hetzner (image description, e.g. `agentbox-base-<fingerprint>`). Written by `agentbox prepare --provider hetzner`.",
+    advanced: true
+  },
+  {
+    key: "box.imageVercel",
+    type: "string",
+    description: "Per-provider override of `box.image` for vercel (snapshot id, e.g. `snap_\u2026`). Written by `agentbox prepare --provider vercel`.",
     advanced: true
   },
   {
@@ -1462,6 +1531,23 @@ function defaultCheckpointConfigKey(provider) {
   if (provider === "vercel") return "box.defaultCheckpointVercel";
   return "box.defaultCheckpoint";
 }
+function resolveBoxSize(cfg, provider) {
+  const perProvider = provider === "daytona" ? cfg.box.sizeDaytona : provider === "hetzner" ? cfg.box.sizeHetzner : provider === "vercel" ? cfg.box.sizeVercel : cfg.box.sizeDocker;
+  if (perProvider && perProvider.length > 0) return perProvider;
+  return cfg.box.size;
+}
+function resolveBoxImage(cfg, provider) {
+  const perProvider = provider === "daytona" ? cfg.box.imageDaytona : provider === "hetzner" ? cfg.box.imageHetzner : provider === "vercel" ? cfg.box.imageVercel : cfg.box.imageDocker;
+  if (perProvider && perProvider.length > 0) return perProvider;
+  return cfg.box.image;
+}
+function boxImageConfigKey(provider) {
+  if (provider === "docker") return "box.imageDocker";
+  if (provider === "daytona") return "box.imageDaytona";
+  if (provider === "hetzner") return "box.imageHetzner";
+  if (provider === "vercel") return "box.imageVercel";
+  return "box.image";
+}
 async function setConfigValue(scope, key, value, cwd, opts = {}) {
   if (!lookupKey(key)) {
     throw new UserConfigError(`unknown key "${key}"`);
@@ -1656,26 +1742,30 @@ async function touchProjectMeta(absPath) {
 }
 
 // ../../packages/sandbox-docker/dist/index.js
-import { chmod, mkdir as mkdir32, readFile as readFile32 } from "fs/promises";
-import { basename as basename2, join as join32 } from "path";
+import { copyFile, mkdtemp, readdir as readdir22, readFile as readFile32, rm as rm3, stat as stat22, writeFile as writeFile3 } from "fs/promises";
+import { homedir as homedir22, tmpdir } from "os";
+import { basename as basename2, join as join32, relative } from "path";
 import { execa as execa4 } from "execa";
+import { chmod, mkdir as mkdir22, readFile as readFile24 } from "fs/promises";
+import { basename as basename3, join as join22 } from "path";
+import { execa as execa3 } from "execa";
 import { spawnSync as spawnSync2 } from "child_process";
-import { stat as stat22 } from "fs/promises";
-import { homedir as homedir32 } from "os";
-import { join as join42 } from "path";
-import { execa as execa5 } from "execa";
-import { spawnSync as spawnSync3 } from "child_process";
-import { stat as stat32 } from "fs/promises";
+import { stat as stat42 } from "fs/promises";
 import { homedir as homedir4 } from "os";
-import { join as join5 } from "path";
+import { join as join52 } from "path";
 import { execa as execa6 } from "execa";
-import { randomBytes as randomBytes3 } from "crypto";
-import { execa as execa7 } from "execa";
-import { existsSync } from "fs";
-import { readFile as readFile42 } from "fs/promises";
+import { spawnSync as spawnSync3 } from "child_process";
+import { stat as stat5 } from "fs/promises";
 import { homedir as homedir5 } from "os";
 import { join as join6 } from "path";
+import { execa as execa7 } from "execa";
+import { randomBytes as randomBytes3 } from "crypto";
 import { execa as execa8 } from "execa";
+import { existsSync } from "fs";
+import { readFile as readFile52 } from "fs/promises";
+import { homedir as homedir6 } from "os";
+import { join as join7 } from "path";
+import { execa as execa9 } from "execa";
 
 // ../../packages/core/dist/index.js
 import { randomBytes } from "crypto";
@@ -1734,25 +1824,25 @@ function generateBoxId() {
 }
 
 // ../../packages/sandbox-docker/dist/index.js
-import { execa as execa9 } from "execa";
-import { mkdir as mkdir4, readdir as readdir22, rm as rm22, stat as stat4 } from "fs/promises";
-import { homedir as homedir6, platform } from "os";
-import { join as join7, resolve as resolve2 } from "path";
-import { mkdir as mkdir5, mkdtemp as mkdtemp2, readFile as readFile5, readdir as readdir32, rm as rm3, writeFile as writeFile22 } from "fs/promises";
-import { homedir as homedir7, tmpdir as tmpdir2 } from "os";
-import { basename as basename22, join as join8 } from "path";
 import { execa as execa10 } from "execa";
-import { stat as stat5 } from "fs/promises";
+import { mkdir as mkdir42, readdir as readdir42, rm as rm32, stat as stat6 } from "fs/promises";
+import { homedir as homedir7, platform } from "os";
+import { join as join8, resolve as resolve2 } from "path";
+import { mkdir as mkdir5, mkdtemp as mkdtemp3, readFile as readFile6, readdir as readdir5, rm as rm4, writeFile as writeFile32 } from "fs/promises";
+import { homedir as homedir8, tmpdir as tmpdir3 } from "os";
+import { basename as basename32, join as join9 } from "path";
 import { execa as execa11 } from "execa";
+import { stat as stat7 } from "fs/promises";
 import { execa as execa12 } from "execa";
+import { execa as execa13 } from "execa";
 import { spawn } from "child_process";
 import { randomBytes as randomBytes22 } from "crypto";
 import { existsSync as existsSync2, openSync } from "fs";
-import { cp, mkdir as mkdir6, readFile as readFile6, readdir as readdir4, rename as rename3, rm as rm4, unlink as unlink2, writeFile as writeFile32 } from "fs/promises";
+import { cp, mkdir as mkdir6, readFile as readFile7, readdir as readdir6, rename as rename3, rm as rm5, unlink as unlink2, writeFile as writeFile4 } from "fs/promises";
 import { request as httpRequest } from "http";
 import { createRequire } from "module";
-import { homedir as homedir8 } from "os";
-import { dirname as dirname3, join as join9, resolve as resolve22, sep } from "path";
+import { homedir as homedir9 } from "os";
+import { dirname as dirname3, join as join10, resolve as resolve22, sep } from "path";
 import { setTimeout as delay2 } from "timers/promises";
 import { fileURLToPath } from "url";
 
@@ -1794,6 +1884,8 @@ var GH_PR_OPS = [
   "create",
   "view",
   "list",
+  "diff",
+  "checks",
   "comment",
   "review",
   "merge",
@@ -1801,6 +1893,13 @@ var GH_PR_OPS = [
   "close",
   "reopen"
 ];
+var PR_REVIEW_COMMENT = /^repos\/[^/]+\/[^/]+\/pulls\/\d+\/comments(\?.*)?$/;
+var PR_REVIEW_COMMENT_REPLY = /^repos\/[^/]+\/[^/]+\/pulls\/\d+\/comments\/\d+\/replies(\?.*)?$/;
+var GH_API_WRITE_ALLOWED_ENDPOINTS = [
+  PR_REVIEW_COMMENT,
+  PR_REVIEW_COMMENT_REPLY
+];
+var GH_API_ALLOWED_ENDPOINTS = [...GH_API_WRITE_ALLOWED_ENDPOINTS];
 function injectPrCreateHead(op, branch, args) {
   if (op !== "create") return args;
   if (!branch || branch === "HEAD") return args;
@@ -1971,21 +2070,22 @@ function queueLogPath(id) {
 }
 
 // ../../packages/sandbox-docker/dist/index.js
+import { execa as execa16 } from "execa";
+import { readdir as readdir7, rm as rm6, stat as stat9 } from "fs/promises";
+import { join as join13 } from "path";
 import { execa as execa15 } from "execa";
-import { readdir as readdir5, rm as rm5, stat as stat7 } from "fs/promises";
 import { join as join12 } from "path";
-import { execa as execa14 } from "execa";
-import { join as join11 } from "path";
-import { homedir as homedir10 } from "os";
-import { join as join13 } from "path";
-import { execa as execa16 } from "execa";
-import { existsSync as existsSync3, mkdirSync, renameSync, statSync } from "fs";
-import { basename as basename4, dirname as dirname22, posix, resolve as resolve4 } from "path";
+import { homedir as homedir11 } from "os";
+import { join as join14 } from "path";
 import { execa as execa17 } from "execa";
-import { copyFile, mkdtemp as mkdtemp3, readdir as readdir6, readFile as readFile7, rm as rm6, stat as stat8, writeFile as writeFile4 } from "fs/promises";
-import { homedir as homedir11, tmpdir as tmpdir3 } from "os";
-import { basename as basename5, join as join14, relative as relative2 } from "path";
+import { existsSync as existsSync3, mkdirSync, renameSync, statSync } from "fs";
+import { basename as basename5, dirname as dirname22, posix, resolve as resolve4 } from "path";
 import { execa as execa18 } from "execa";
+import { createHash as createHash22 } from "crypto";
+import { copyFile as copyFile2, mkdir as mkdir8, mkdtemp as mkdtemp4, readdir as readdir8, readFile as readFile8, rm as rm7, stat as stat10 } from "fs/promises";
+import { homedir as homedir12, tmpdir as tmpdir4 } from "os";
+import { basename as basename6, dirname as dirname32, join as join15 } from "path";
+import { execa as execa19 } from "execa";
 function isHostPathHookCommand(command, hostHome) {
   if (typeof command !== "string" || command.length === 0) return false;
   if (hostHome.length === 0) return false;
@@ -2402,7 +2502,7 @@ async function getDockerContext() {
   const ctx = (result.stdout ?? "").trim();
   return ctx.length > 0 ? ctx : void 0;
 }
-var BOXES_ROOT = join4(homedir3(), ".agentbox", "boxes");
+var BOXES_ROOT = join5(homedir2(), ".agentbox", "boxes");
 function boxDirSegment(box) {
   const mnemonic = sanitizeMnemonic(box.name);
   const n = box.projectIndex;
@@ -2412,14 +2512,14 @@ function boxDirSegment(box) {
   return `${box.id}-${mnemonic}`;
 }
 function boxRunDirFor(box) {
-  return join4(BOXES_ROOT, boxDirSegment(box));
+  return join5(BOXES_ROOT, boxDirSegment(box));
 }
 function boxStatusPathFor(box) {
-  return join4(boxRunDirFor(box), "status.json");
+  return join5(boxRunDirFor(box), "status.json");
 }
 async function readBoxStatus(box) {
   try {
-    const raw = await readFile4(boxStatusPathFor(box), "utf8");
+    const raw = await readFile5(boxStatusPathFor(box), "utf8");
     const parsed = JSON.parse(raw);
     if (parsed.schema !== 1) return null;
     return parsed;
@@ -2428,13 +2528,13 @@ async function readBoxStatus(box) {
   }
 }
 function orbstackVolumePath(volume, ...sub) {
-  return join4(homedir3(), "OrbStack", "docker", "volumes", volume, ...sub);
+  return join5(homedir2(), "OrbStack", "docker", "volumes", volume, ...sub);
 }
 async function getHostPaths(record) {
   const boxDir = boxRunDirFor(record);
   return {
     boxDir,
-    mergedExport: join4(boxDir, "workspace")
+    mergedExport: join5(boxDir, "workspace")
   };
 }
 async function hasContainerPath(container, path) {
@@ -2444,7 +2544,7 @@ async function hasContainerPath(container, path) {
 async function refreshExport(record, opts = {}) {
   const paths = await getHostPaths(record);
   const excludeNodeModules = !opts.includeNodeModules;
-  await mkdir3(paths.mergedExport, { recursive: true });
+  await mkdir4(paths.mergedExport, { recursive: true });
   const bindAvailable = await hasContainerPath(record.container, CONTAINER_EXPORT_MERGED);
   if (bindAvailable) {
     const args = ["rsync", "-a", "--delete"];
@@ -2640,7 +2740,7 @@ async function pullToHost(record, opts = {}) {
   let scratchDir;
   if (opts.noRefresh) {
     scratchDir = paths.mergedExport;
-    await mkdir3(scratchDir, { recursive: true });
+    await mkdir4(scratchDir, { recursive: true });
   } else {
     const refreshed = await refreshExport(record, {
       includeNodeModules: opts.includeNodeModules
@@ -2719,7 +2819,7 @@ async function openInFinder(record, opts) {
   if (opts.noRefresh) {
     const paths = await getHostPaths(record);
     hostPath = paths.mergedExport;
-    await mkdir3(hostPath, { recursive: true });
+    await mkdir4(hostPath, { recursive: true });
   } else {
     const refreshed = await refreshExport(record, opts);
     hostPath = refreshed.hostPath;
@@ -2744,6 +2844,36 @@ var ExportError = class extends Error {
   stdout;
   stderr;
 };
+async function carrySourceHash(entry) {
+  if (entry.kind === "missing") return void 0;
+  try {
+    if (entry.kind === "file") {
+      return createHash3("sha256").update(await readFile5(entry.absSrc)).digest("hex");
+    }
+    const h = createHash3("sha256");
+    const walk = async (dir, rel) => {
+      const names = (await readdir4(dir)).sort();
+      for (const name of names) {
+        const abs = join5(dir, name);
+        const relPath = rel ? `${rel}/${name}` : name;
+        const st = await stat4(abs);
+        if (st.isDirectory()) {
+          h.update(`d\0${relPath}
+`);
+          await walk(abs, relPath);
+        } else {
+          h.update(`f\0${relPath}\0`);
+          h.update(await readFile5(abs));
+          h.update("\n");
+        }
+      }
+    };
+    await walk(entry.absSrc, "");
+    return h.digest("hex");
+  } catch {
+    return void 0;
+  }
+}
 async function copyCarryPathsToBox(opts) {
   const log = opts.onLog ?? (() => {
   });
@@ -2759,7 +2889,12 @@ async function copyCarryPathsToBox(opts) {
     try {
       await copyOneEntry(opts.container, entry);
       copied += 1;
-      applied.push({ src: entry.absSrc, dest: entry.absDest, bytes: entry.bytes ?? 0 });
+      applied.push({
+        src: entry.absSrc,
+        dest: entry.absDest,
+        bytes: entry.bytes ?? 0,
+        hash: await carrySourceHash(entry)
+      });
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       errors.push(`${where}: ${msg}`);
@@ -2774,13 +2909,13 @@ async function copyOneEntry(container, entry) {
   const boxDest = entry.absDest.startsWith("~/") ? `${BOX_HOME}/${entry.absDest.slice(2)}` : entry.absDest;
   const boxDestParent = boxDest.endsWith("/") ? boxDest.slice(0, -1) : boxDest;
   const parentDir = entry.kind === "dir" ? boxDestParent : dirnameUnix(boxDestParent);
-  const mkdir8 = await execa22(
+  const mkdir9 = await execa22(
     "docker",
     ["exec", "--user", "0:0", container, "mkdir", "-p", parentDir],
     { reject: false }
   );
-  if (mkdir8.exitCode !== 0) {
-    throw new Error(`mkdir -p ${parentDir} failed: ${String(mkdir8.stderr).slice(0, 300)}`);
+  if (mkdir9.exitCode !== 0) {
+    throw new Error(`mkdir -p ${parentDir} failed: ${String(mkdir9.stderr).slice(0, 300)}`);
   }
   if (entry.kind === "file") {
     const cp2 = await execa22(
@@ -2861,49 +2996,152 @@ function dirnameUnix(p) {
   if (i <= 0) return "/";
   return p.slice(0, i);
 }
-var SHARED_CLAUDE_VOLUME = "agentbox-claude-config";
-var DEFAULT_CLAUDE_SESSION = "claude";
-var CONTAINER_CLAUDE_DIR = "/home/vscode/.claude";
-var CONTAINER_USER = "vscode";
-var CONTAINER_WORKSPACE = "/workspace";
-var IN_BOX_SETUP_GUIDE_PATH = "/usr/local/share/agentbox/setup-guide.md";
-var SETUP_SKILL_DST = "/dst/skills/agentbox-setup/SKILL.md";
-function resolveClaudeVolume(opts) {
-  if (opts.isolate) {
-    return { volume: `${SHARED_CLAUDE_VOLUME}-${opts.boxId}` };
+var CREDENTIALS_BACKUP_FILE = join22(STATE_DIR, "claude-credentials.json");
+var CODEX_CREDENTIALS_BACKUP_FILE = join22(STATE_DIR, "codex-credentials.json");
+var OPENCODE_CREDENTIALS_BACKUP_FILE = join22(STATE_DIR, "opencode-credentials.json");
+function isRealAgentCredential(agent, text) {
+  let parsed;
+  try {
+    parsed = JSON.parse(text);
+  } catch {
+    return false;
+  }
+  if (typeof parsed !== "object" || parsed === null) return false;
+  if (agent === "claude") {
+    const rt = parsed.claudeAiOauth?.refreshToken;
+    return typeof rt === "string" && rt.length > 0;
+  }
+  return Object.keys(parsed).length > 0;
+}
+async function hostClaudeBackupExpired(path = CREDENTIALS_BACKUP_FILE, now = Date.now()) {
+  try {
+    const parsed = JSON.parse(await readFile24(path, "utf8"));
+    const exp = parsed?.claudeAiOauth?.expiresAt;
+    return typeof exp === "number" && Number.isFinite(exp) && exp < now;
+  } catch {
+    return false;
+  }
+}
+function parseExtractResult(stdout) {
+  return { copied: /\bCOPIED=yes\b/.test(stdout) };
+}
+async function extractVolumeAuthToBackup(opts) {
+  try {
+    await mkdir22(STATE_DIR, { recursive: true });
+    const script = 'COPIED=no; if [ -s /dst/auth.json ]; then cp -a /dst/auth.json "/host-state/$DEST" && COPIED=yes; fi; echo "COPIED=$COPIED"';
+    const { stdout } = await execa3("docker", [
+      "run",
+      "--rm",
+      "--user",
+      "0",
+      "-v",
+      `${opts.volume}:/dst`,
+      "-v",
+      `${STATE_DIR}:/host-state`,
+      "-e",
+      // Pass the destination filename via env so the path isn't interpolated
+      // into the script string (keeps the docker arg list static + injection-safe).
+      `DEST=${basename3(opts.backupFile)}`,
+      opts.image,
+      "sh",
+      "-c",
+      script
+    ]);
+    const result = parseExtractResult(stdout);
+    if (result.copied) await chmod(opts.backupFile, 384).catch(() => {
+    });
+    return result;
+  } catch {
+    return { copied: false };
+  }
+}
+function extractCodexCredentials(volume, image) {
+  return extractVolumeAuthToBackup({ volume, image, backupFile: CODEX_CREDENTIALS_BACKUP_FILE });
+}
+function extractOpencodeCredentials(volume, image) {
+  return extractVolumeAuthToBackup({ volume, image, backupFile: OPENCODE_CREDENTIALS_BACKUP_FILE });
+}
+async function hostBackupHasCredentials(path = CREDENTIALS_BACKUP_FILE) {
+  try {
+    const parsed = JSON.parse(await readFile24(path, "utf8"));
+    const rt = parsed?.claudeAiOauth?.refreshToken;
+    return typeof rt === "string" && rt.length > 0;
+  } catch {
+    return false;
+  }
+}
+function parseSyncResult(stdout) {
+  const volumeHasCredentials = /\bVOLREAL=yes\b/.test(stdout);
+  if (/\bEXTRACTED=yes\b/.test(stdout)) return { direction: "extracted", volumeHasCredentials };
+  if (/\bSEEDED=yes\b/.test(stdout)) return { direction: "seeded", volumeHasCredentials };
+  return { direction: "noop", volumeHasCredentials };
+}
+var SYNC_SCRIPT = `
+EXTRACTED=no
+SEEDED=no
+VOL=/dst/.credentials.json
+HOST=/host-state/claude-credentials.json
+if [ -f "$VOL" ] && jq -e '(.claudeAiOauth.refreshToken // "") | length > 0' "$VOL" >/dev/null 2>&1; then VOL_REAL=yes; else VOL_REAL=no; fi
+if [ -f "$HOST" ] && jq -e '(.claudeAiOauth.refreshToken // "") | length > 0' "$HOST" >/dev/null 2>&1; then HOST_REAL=yes; else HOST_REAL=no; fi
+if [ "$VOL_REAL" = yes ] && [ "$ISOLATE" != yes ]; then
+  cp -a "$VOL" "$HOST" && chmod 600 "$HOST" && EXTRACTED=yes
+elif [ "$VOL_REAL" = no ] && [ "$HOST_REAL" = yes ]; then
+  cp -a "$HOST" "$VOL" && chown 1000:1000 "$VOL" && chmod 600 "$VOL" && SEEDED=yes && VOL_REAL=yes
+fi
+echo "EXTRACTED=$EXTRACTED SEEDED=$SEEDED VOLREAL=$VOL_REAL"
+`;
+async function syncClaudeCredentials(spec, opts) {
+  try {
+    await mkdir22(STATE_DIR, { recursive: true });
+    const { stdout } = await execa3("docker", [
+      "run",
+      "--rm",
+      "--user",
+      "0",
+      "-v",
+      `${spec.volume}:/dst`,
+      "-v",
+      `${STATE_DIR}:/host-state`,
+      "-e",
+      `ISOLATE=${opts.isolate ? "yes" : "no"}`,
+      opts.image,
+      "sh",
+      "-c",
+      SYNC_SCRIPT
+    ]);
+    const result = parseSyncResult(stdout);
+    if (result.direction === "extracted") {
+      await chmod(CREDENTIALS_BACKUP_FILE, 384).catch(() => {
+      });
+    }
+    return result;
+  } catch {
+    return { direction: "noop", volumeHasCredentials: false };
   }
-  return { volume: SHARED_CLAUDE_VOLUME };
 }
+var CLOUD_WORKSPACE = "/workspace";
 async function pathExists(p) {
   try {
-    await stat3(p);
+    await stat22(p);
     return true;
   } catch {
     return false;
   }
 }
-async function volumeHasClaudeJson(volume, image) {
-  const res = await execa3(
-    "docker",
-    ["run", "--rm", "-v", `${volume}:/dst`, image, "sh", "-c", "test -e /dst/_claude.json"],
-    { reject: false }
-  );
-  return res.exitCode === 0;
-}
 async function findBrokenSymlinks(root) {
   const broken = [];
   async function walk(dir) {
     let entries;
     try {
-      entries = await readdir3(dir, { withFileTypes: true });
+      entries = await readdir22(dir, { withFileTypes: true });
     } catch {
       return;
     }
     for (const ent of entries) {
-      const full = join22(dir, ent.name);
+      const full = join32(dir, ent.name);
       if (ent.isSymbolicLink()) {
         try {
-          await stat3(full);
+          await stat22(full);
         } catch {
           broken.push(relative(root, full));
         }
@@ -2915,52 +3153,434 @@ async function findBrokenSymlinks(root) {
   await walk(root);
   return broken;
 }
-async function ensureClaudeVolume(spec, opts) {
-  const existed = await volumeExists(spec.volume);
-  await ensureVolume(spec.volume);
-  const created = !existed;
-  if (!opts.syncFromHost) return { created, synced: false };
-  const hostClaude = join22(homedir2(), ".claude");
-  if (!await pathExists(hostClaude)) return { created, synced: false };
-  const hostClaudeJson = join22(homedir2(), ".claude.json");
-  const hasJson = await pathExists(hostClaudeJson);
-  const seedClaudeJson = !await volumeHasClaudeJson(spec.volume, opts.image);
-  const hostHome = homedir2();
-  const hostAgents = join22(homedir2(), ".agents");
-  const hasAgents = await pathExists(hostAgents);
-  const args = [
-    "run",
-    "--rm",
-    "--user",
-    "0",
-    // HOST_HOME used inside the shell script to rewrite host-absolute
-    // installPath values in plugins/installed_plugins.json.
-    "-e",
-    `HOST_HOME=${hostHome}`,
-    "-v",
-    `${spec.volume}:/dst`,
-    "-v",
-    `${hostClaude}:/src-claude:ro`
-  ];
-  if (hasJson && seedClaudeJson) args.push("-v", `${hostClaudeJson}:/src-claude-json:ro`);
-  if (hasAgents) args.push("-v", `${hostAgents}:/.agents:ro`);
-  const filterDir = await mkdtemp(join22(tmpdir(), "agentbox-claude-filter-"));
-  let filteredHookCount = 0;
-  let installMethodFixed = false;
-  let aliasedProjectKey = false;
-  let workspaceTrusted = false;
-  try {
-    const settingsResult = await maybeFilterTo(
-      join22(hostClaude, "settings.json"),
-      join22(filterDir, "settings.json"),
-      hostHome
-    );
-    filteredHookCount += settingsResult.removedHooks;
-    if (!seedClaudeJson) {
-    } else if (hasJson) {
-      const jsonResult = await maybeFilterTo(
+async function mkStageDir(prefix) {
+  return mkdtemp(join32(tmpdir(), `agentbox-${prefix}-stage-`));
+}
+function emptyResult(warnings = []) {
+  return { tarballPath: null, cleanup: async () => {
+  }, warnings };
+}
+async function tarballFromDir(stageDir, agent) {
+  const tarballPath = join32(tmpdir(), `agentbox-${agent}-${basename2(stageDir)}.tar.gz`);
+  await execa4("tar", ["-czf", tarballPath, "-C", stageDir, "."], {
+    env: { ...process.env, COPYFILE_DISABLE: "1" }
+  });
+  return tarballPath;
+}
+function makeCleanup(paths) {
+  return async () => {
+    for (const p of paths) {
+      await rm3(p, { recursive: true, force: true });
+    }
+  };
+}
+async function stageSingleFileTarball(agent, sourcePath, tarballEntryName) {
+  const stageDir = await mkStageDir(agent);
+  let tarballPath = null;
+  try {
+    await copyFile(sourcePath, join32(stageDir, tarballEntryName));
+    tarballPath = await tarballFromDir(stageDir, agent);
+    return {
+      tarballPath,
+      cleanup: makeCleanup([stageDir, tarballPath]),
+      warnings: []
+    };
+  } catch (err) {
+    await rm3(stageDir, { recursive: true, force: true });
+    if (tarballPath) await rm3(tarballPath, { force: true });
+    throw err;
+  }
+}
+var CLAUDE_RUNTIME_EXCLUDES = [
+  "projects",
+  // workflows/ are seeded per-box at create time (incremental, like memory),
+  // not frozen into the prepare-time snapshot — see seedDynamicConfig.
+  "workflows",
+  "sessions",
+  "history.jsonl",
+  "file-history",
+  "shell-snapshots",
+  "backups",
+  "session-env",
+  "paste-cache",
+  "cache",
+  "telemetry",
+  "tasks",
+  "downloads",
+  "chrome",
+  "ide",
+  "debug",
+  "mcp-needs-auth-cache.json",
+  "stats-cache.json"
+];
+function encodeClaudeProjectsKey(absPath) {
+  return absPath.replace(/[^a-zA-Z0-9]/g, "-");
+}
+var BOX_CLAUDE_PROJECT_DIR = "/home/vscode/.claude/projects/-workspace";
+async function resolveClaudeMemoryDir(hostWorkspace, hostHome = homedir22()) {
+  if (hostWorkspace.length === 0) return null;
+  const memDir = join32(
+    hostHome,
+    ".claude",
+    "projects",
+    encodeClaudeProjectsKey(hostWorkspace),
+    "memory"
+  );
+  if (!await pathExists(memDir)) return null;
+  try {
+    const entries = await readdir22(memDir);
+    if (entries.length === 0) return null;
+  } catch {
+    return null;
+  }
+  return memDir;
+}
+async function stageClaudeStaticForUpload(opts = {}) {
+  const hostHome = opts.hostHome ?? homedir22();
+  const hostClaude = join32(hostHome, ".claude");
+  if (!await pathExists(hostClaude)) return emptyResult();
+  const stageDir = await mkStageDir("claude-static");
+  let tarballPath = null;
+  try {
+    const broken = await findBrokenSymlinks(hostClaude);
+    const excludes = [
+      "--exclude=node_modules",
+      "--exclude=.credentials.json",
+      ...CLAUDE_RUNTIME_EXCLUDES.map((p) => `--exclude=${p}`),
+      ...broken.map((r) => `--exclude=/${r}`)
+    ];
+    await execa4("rsync", [
+      "-a",
+      "--copy-unsafe-links",
+      ...excludes,
+      `${hostClaude}/`,
+      `${stageDir}/`
+    ]);
+    const settingsPath = join32(stageDir, "settings.json");
+    if (await pathExists(settingsPath)) {
+      try {
+        const parsed = JSON.parse(await readFile32(settingsPath, "utf8"));
+        const filtered = filterHostHooks(parsed, hostHome);
+        if (filtered.removedCommands.length > 0) {
+          await writeFile3(settingsPath, JSON.stringify(filtered.data, null, 2));
+        }
+      } catch {
+      }
+    }
+    const hostClaudeJson = join32(hostHome, ".claude.json");
+    let working;
+    if (await pathExists(hostClaudeJson)) {
+      try {
+        working = JSON.parse(await readFile32(hostClaudeJson, "utf8"));
+      } catch {
+        working = null;
+      }
+    }
+    if (working === void 0 || working === null) {
+      working = {
+        installMethod: "native",
+        autoUpdates: false,
+        autoUpdatesProtectedForNative: true,
+        projects: { [CLOUD_WORKSPACE]: { hasTrustDialogAccepted: true } }
+      };
+    } else {
+      working = filterHostHooks(working, hostHome).data;
+      working = setInstallMethodNative(working).data;
+      if (opts.hostWorkspace) {
+        working = addProjectAlias(working, opts.hostWorkspace, CLOUD_WORKSPACE).data;
+      }
+      working = trustWorkspace(working, CLOUD_WORKSPACE).data;
+    }
+    await writeFile3(join32(stageDir, "_claude.json"), JSON.stringify(working, null, 2));
+    const pluginsDir = join32(stageDir, "plugins");
+    if (await pathExists(pluginsDir)) {
+      try {
+        const entries = await readdir22(pluginsDir, { withFileTypes: true });
+        for (const ent of entries) {
+          if (!ent.isFile() || !ent.name.endsWith(".json")) continue;
+          const file = join32(pluginsDir, ent.name);
+          const raw = await readFile32(file, "utf8");
+          const replaced = raw.split(`${hostHome}/.claude/plugins/`).join("/home/vscode/.claude/plugins/");
+          if (replaced !== raw) await writeFile3(file, replaced);
+        }
+      } catch {
+      }
+    }
+    tarballPath = await tarballFromDir(stageDir, "claude-static");
+    return {
+      tarballPath,
+      cleanup: makeCleanup([stageDir, tarballPath]),
+      warnings: []
+    };
+  } catch (err) {
+    await rm3(stageDir, { recursive: true, force: true });
+    if (tarballPath) await rm3(tarballPath, { force: true });
+    throw err;
+  }
+}
+async function stageClaudeCredentialsForUpload() {
+  if (!await pathExists(CREDENTIALS_BACKUP_FILE)) return emptyResult();
+  return stageSingleFileTarball("claude-creds", CREDENTIALS_BACKUP_FILE, ".credentials.json");
+}
+var CODEX_RSYNC_EXCLUDES = [
+  "--exclude=sessions",
+  "--exclude=log",
+  "--exclude=history.jsonl",
+  "--exclude=hooks.json",
+  "--exclude=logs_2.sqlite",
+  "--exclude=logs_2.sqlite-shm",
+  "--exclude=logs_2.sqlite-wal",
+  "--exclude=state_5.sqlite",
+  "--exclude=state_5.sqlite-shm",
+  "--exclude=state_5.sqlite-wal",
+  "--exclude=sqlite",
+  "--exclude=cache",
+  "--exclude=vendor_imports",
+  "--exclude=tmp",
+  // .tmp holds codex plugin sync state — ~100 MB of marketplace cache. Not
+  // the same as `tmp/`; both can exist side by side on a long-running host.
+  "--exclude=.tmp",
+  "--exclude=.codex-global-state.json",
+  "--exclude=.codex-global-state.json.bak",
+  "--exclude=.personality_migration",
+  "--exclude=shell_snapshots",
+  "--exclude=session_index.jsonl",
+  "--exclude=models_cache.json",
+  "--exclude=installation_id",
+  "--exclude=version.json"
+];
+var CODEX_KEYCHAIN_WARNING = 'codex: ~/.codex/auth.json missing. On macOS the codex CLI defaults to storing the OAuth token in the system Keychain, which isn\'t reachable from a remote sandbox. To share creds with cloud boxes either:\n  - add `cli_auth_credentials_store = "file"` to ~/.codex/config.toml then re-run `codex login`, or\n  - set OPENAI_API_KEY in your environment, or\n  - run `codex login --with-api-key` for a file-backed login.\nSkipping codex seed; in-box codex will prompt for sign-in.';
+async function stageCodexStaticForUpload(opts = {}) {
+  const hostHome = opts.hostHome ?? homedir22();
+  const hostCodex = join32(hostHome, ".codex");
+  if (!await pathExists(hostCodex)) return emptyResult();
+  const stageDir = await mkStageDir("codex-static");
+  let tarballPath = null;
+  try {
+    const codexBroken = await findBrokenSymlinks(hostCodex);
+    await execa4("rsync", [
+      "-a",
+      "-L",
+      ...codexBroken.map((r) => `--exclude=/${r}`),
+      "--exclude=auth.json",
+      ...CODEX_RSYNC_EXCLUDES,
+      `${hostCodex}/`,
+      `${stageDir}/`
+    ]);
+    tarballPath = await tarballFromDir(stageDir, "codex-static");
+    return {
+      tarballPath,
+      cleanup: makeCleanup([stageDir, tarballPath]),
+      warnings: []
+    };
+  } catch (err) {
+    await rm3(stageDir, { recursive: true, force: true });
+    if (tarballPath) await rm3(tarballPath, { force: true });
+    throw err;
+  }
+}
+async function stageCodexCredentialsForUpload(opts = {}) {
+  const hostHome = opts.hostHome ?? homedir22();
+  const cloudBackup = join32(hostHome, ".agentbox", "codex-credentials.json");
+  if (await pathExists(cloudBackup)) {
+    return stageSingleFileTarball("codex-creds", cloudBackup, "auth.json");
+  }
+  const hostAuth = join32(hostHome, ".codex", "auth.json");
+  if (!await pathExists(hostAuth)) return emptyResult([CODEX_KEYCHAIN_WARNING]);
+  return stageSingleFileTarball("codex-creds", hostAuth, "auth.json");
+}
+var OPENCODE_DATA_EXCLUDES = [
+  "--exclude=storage",
+  "--exclude=log",
+  "--exclude=project",
+  "--exclude=cache",
+  "--exclude=bin",
+  "--exclude=repos",
+  "--exclude=snapshot",
+  "--exclude=config",
+  "--exclude=opencode.db",
+  "--exclude=opencode.db-shm",
+  "--exclude=opencode.db-wal"
+];
+async function stageOpencodeStaticForUpload(opts = {}) {
+  const hostHome = opts.hostHome ?? homedir22();
+  const hostData = join32(hostHome, ".local", "share", "opencode");
+  const hostConfig = join32(hostHome, ".config", "opencode");
+  const hasData = await pathExists(hostData);
+  const hasConfig = await pathExists(hostConfig);
+  if (!hasData && !hasConfig) return emptyResult();
+  const stageDir = await mkStageDir("opencode-static");
+  let tarballPath = null;
+  try {
+    if (hasData) {
+      const dataBroken = await findBrokenSymlinks(hostData);
+      await execa4("rsync", [
+        "-a",
+        "-L",
+        ...dataBroken.map((r) => `--exclude=/${r}`),
+        "--exclude=auth.json",
+        ...OPENCODE_DATA_EXCLUDES,
+        `${hostData}/`,
+        `${stageDir}/`
+      ]);
+    }
+    if (hasConfig) {
+      const configStage = join32(stageDir, "config");
+      const cfgBroken = await findBrokenSymlinks(hostConfig);
+      await execa4("rsync", [
+        "-a",
+        "-L",
+        ...cfgBroken.map((r) => `--exclude=/${r}`),
+        `${hostConfig}/`,
+        `${configStage}/`
+      ]);
+    }
+    tarballPath = await tarballFromDir(stageDir, "opencode-static");
+    return {
+      tarballPath,
+      cleanup: makeCleanup([stageDir, tarballPath]),
+      warnings: []
+    };
+  } catch (err) {
+    await rm3(stageDir, { recursive: true, force: true });
+    if (tarballPath) await rm3(tarballPath, { force: true });
+    throw err;
+  }
+}
+async function stageOpencodeCredentialsForUpload(opts = {}) {
+  const hostHome = opts.hostHome ?? homedir22();
+  const cloudBackup = join32(hostHome, ".agentbox", "opencode-credentials.json");
+  if (await pathExists(cloudBackup)) {
+    return stageSingleFileTarball("opencode-creds", cloudBackup, "auth.json");
+  }
+  const hostAuth = join32(hostHome, ".local", "share", "opencode", "auth.json");
+  if (!await pathExists(hostAuth)) return emptyResult();
+  return stageSingleFileTarball("opencode-creds", hostAuth, "auth.json");
+}
+async function stageOpencodeStateForUpload(opts = {}) {
+  const hostHome = opts.hostHome ?? homedir22();
+  const hostModel = join32(hostHome, ".local", "state", "opencode", "model.json");
+  if (!await pathExists(hostModel)) return emptyResult();
+  return stageSingleFileTarball("opencode-state", hostModel, "model.json");
+}
+var SHARED_CLAUDE_VOLUME = "agentbox-claude-config";
+var DEFAULT_CLAUDE_SESSION = "claude";
+var CONTAINER_CLAUDE_DIR = "/home/vscode/.claude";
+var CONTAINER_USER = "vscode";
+var CONTAINER_WORKSPACE = "/workspace";
+var IN_BOX_SETUP_GUIDE_PATH = "/usr/local/share/agentbox/setup-guide.md";
+var SETUP_SKILL_DST = "/dst/skills/agentbox-setup/SKILL.md";
+function resolveClaudeVolume(opts) {
+  if (opts.isolate) {
+    return { volume: `${SHARED_CLAUDE_VOLUME}-${opts.boxId}` };
+  }
+  return { volume: SHARED_CLAUDE_VOLUME };
+}
+async function pathExists2(p) {
+  try {
+    await stat3(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function volumeHasClaudeJson(volume, image) {
+  const res = await execa5(
+    "docker",
+    ["run", "--rm", "-v", `${volume}:/dst`, image, "sh", "-c", "test -e /dst/_claude.json"],
+    { reject: false }
+  );
+  return res.exitCode === 0;
+}
+function isUnder(parent, child) {
+  const rel = relative2(parent, child);
+  return rel === "" || !rel.startsWith("..") && !isAbsolute2(rel);
+}
+async function findUnsyncableSymlinks(root, reachableRoots) {
+  const reachable = await Promise.all(
+    reachableRoots.map(async (r) => {
+      try {
+        return await realpath2(r);
+      } catch {
+        return r;
+      }
+    })
+  );
+  const unsyncable = [];
+  async function walk(dir) {
+    let entries;
+    try {
+      entries = await readdir3(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const ent of entries) {
+      const full = join4(dir, ent.name);
+      if (ent.isSymbolicLink()) {
+        let real;
+        try {
+          real = await realpath2(full);
+        } catch {
+          unsyncable.push(relative2(root, full));
+          continue;
+        }
+        if (!reachable.some((r) => isUnder(r, real))) {
+          unsyncable.push(relative2(root, full));
+        }
+      } else if (ent.isDirectory()) {
+        await walk(full);
+      }
+    }
+  }
+  await walk(root);
+  return unsyncable;
+}
+async function ensureClaudeVolume(spec, opts) {
+  const existed = await volumeExists(spec.volume);
+  await ensureVolume(spec.volume);
+  const created = !existed;
+  if (!opts.syncFromHost) return { created, synced: false };
+  const hostClaude = join4(homedir3(), ".claude");
+  if (!await pathExists2(hostClaude)) return { created, synced: false };
+  const hostClaudeJson = join4(homedir3(), ".claude.json");
+  const hasJson = await pathExists2(hostClaudeJson);
+  const seedClaudeJson = !await volumeHasClaudeJson(spec.volume, opts.image);
+  const hostHome = homedir3();
+  const hostAgents = join4(homedir3(), ".agents");
+  const hasAgents = await pathExists2(hostAgents);
+  const args = [
+    "run",
+    "--rm",
+    "--user",
+    "0",
+    // HOST_HOME used inside the shell script to rewrite host-absolute
+    // installPath values in plugins/installed_plugins.json.
+    "-e",
+    `HOST_HOME=${hostHome}`,
+    "-v",
+    `${spec.volume}:/dst`,
+    "-v",
+    `${hostClaude}:/src-claude:ro`
+  ];
+  if (hasJson && seedClaudeJson) args.push("-v", `${hostClaudeJson}:/src-claude-json:ro`);
+  if (hasAgents) args.push("-v", `${hostAgents}:/.agents:ro`);
+  const filterDir = await mkdtemp2(join4(tmpdir2(), "agentbox-claude-filter-"));
+  let filteredHookCount = 0;
+  let installMethodFixed = false;
+  let aliasedProjectKey = false;
+  let workspaceTrusted = false;
+  try {
+    const settingsResult = await maybeFilterTo(
+      join4(hostClaude, "settings.json"),
+      join4(filterDir, "settings.json"),
+      hostHome
+    );
+    filteredHookCount += settingsResult.removedHooks;
+    if (!seedClaudeJson) {
+    } else if (hasJson) {
+      const jsonResult = await maybeFilterTo(
         hostClaudeJson,
-        join22(filterDir, "_claude.json"),
+        join4(filterDir, "_claude.json"),
         hostHome,
         {
           setInstallMethodNative: true,
@@ -2973,8 +3593,8 @@ async function ensureClaudeVolume(spec, opts) {
       aliasedProjectKey = jsonResult.aliasedProjectKey;
       workspaceTrusted = jsonResult.workspaceTrusted;
     } else {
-      await writeFile3(
-        join22(filterDir, "_claude.json"),
+      await writeFile22(
+        join4(filterDir, "_claude.json"),
         JSON.stringify(
           {
             installMethod: "native",
@@ -2992,10 +3612,13 @@ async function ensureClaudeVolume(spec, opts) {
     if (filteredHookCount > 0 || installMethodFixed || aliasedProjectKey || workspaceTrusted) {
       args.push("-v", `${filterDir}:/src-filter:ro`);
     }
-    const brokenSymlinks = await findBrokenSymlinks(hostClaude);
-    const rsyncExcludes = ["--exclude=node_modules"];
+    const reachableRoots = hasAgents ? [hostClaude, hostAgents] : [hostClaude];
+    const brokenSymlinks = await findUnsyncableSymlinks(hostClaude, reachableRoots);
+    const rsyncExcludes = ["--exclude=node_modules", "--exclude=/projects"];
     for (const rel of brokenSymlinks) rsyncExcludes.push(`--exclude=/${rel}`);
     const rsyncFlags = `-a --copy-unsafe-links ${rsyncExcludes.join(" ")}`;
+    const memoryKey = opts.hostWorkspace ? encodeClaudeProjectsKey(opts.hostWorkspace) : null;
+    const memoryRekeyStep = memoryKey ? ` && { [ -d "/src-claude/projects/${memoryKey}/memory" ] && mkdir -p /dst/projects/-workspace && rm -rf /dst/projects/-workspace/memory && cp -a "/src-claude/projects/${memoryKey}/memory" /dst/projects/-workspace/memory; true; }` : "";
     args.push(
       opts.image,
       "sh",
@@ -3030,9 +3653,9 @@ async function ensureClaudeVolume(spec, opts) {
       // remove them). The `.agentbox-cleaned-nm-v1` sentinel makes the wipe
       // a no-op after the first run; rebuildPluginNativeDeps repopulates
       // linux/amd64 node_modules on the next `agentbox claude`.
-      `{ [ ! -f /dst/.agentbox-cleaned-nm-v1 ] && find /dst -name node_modules -type d -prune -exec rm -rf {} + && touch /dst/.agentbox-cleaned-nm-v1; true; } && rsync ${rsyncFlags} /src-claude/ /dst/ && { [ -f /src-claude-json ] && cp -a /src-claude-json /dst/_claude.json; true; } && { [ -f /src-filter/settings.json ] && cp -a /src-filter/settings.json /dst/settings.json; true; } && { [ -f /src-filter/_claude.json ] && cp -a /src-filter/_claude.json /dst/_claude.json; true; } && { [ -d /dst/plugins ] && [ -n "$HOST_HOME" ] && find /dst/plugins -maxdepth 1 -type f -name "*.json" -exec sed -i "s|$HOST_HOME/.claude/plugins/|/home/vscode/.claude/plugins/|g" {} +; true; } && chown -R 1000:1000 /dst`
+      `{ [ ! -f /dst/.agentbox-cleaned-nm-v1 ] && find /dst -name node_modules -type d -prune -exec rm -rf {} + && touch /dst/.agentbox-cleaned-nm-v1; true; } && rsync ${rsyncFlags} /src-claude/ /dst/ && { [ -f /src-claude-json ] && cp -a /src-claude-json /dst/_claude.json; true; } && { [ -f /src-filter/settings.json ] && cp -a /src-filter/settings.json /dst/settings.json; true; } && { [ -f /src-filter/_claude.json ] && cp -a /src-filter/_claude.json /dst/_claude.json; true; } && { [ -d /dst/plugins ] && [ -n "$HOST_HOME" ] && find /dst/plugins -maxdepth 1 -type f -name "*.json" -exec sed -i "s|$HOST_HOME/.claude/plugins/|/home/vscode/.claude/plugins/|g" {} +; true; }` + memoryRekeyStep + " && chown -R 1000:1000 /dst"
     );
-    await execa3("docker", args);
+    await execa5("docker", args);
   } finally {
     await rm2(filterDir, { recursive: true, force: true });
   }
@@ -3047,7 +3670,7 @@ async function ensureClaudeVolume(spec, opts) {
 }
 async function seedSetupSkillIntoVolume(volume, image) {
   try {
-    const { stdout } = await execa3("docker", [
+    const { stdout } = await execa5("docker", [
       "run",
       "--rm",
       "--user",
@@ -3076,7 +3699,7 @@ async function maybeFilterTo(src, dest, hostHome, opts = {}) {
   };
   let parsed;
   try {
-    parsed = JSON.parse(await readFile24(src, "utf8"));
+    parsed = JSON.parse(await readFile4(src, "utf8"));
   } catch {
     return zero;
   }
@@ -3103,7 +3726,7 @@ async function maybeFilterTo(src, dest, hostHome, opts = {}) {
   if (filtered.removedCommands.length === 0 && !installFixed && !aliased && !trusted) {
     return zero;
   }
-  await writeFile3(dest, JSON.stringify(working, null, 2));
+  await writeFile22(dest, JSON.stringify(working, null, 2));
   return {
     removedHooks: filtered.removedCommands.length,
     installMethodFixed: installFixed,
@@ -3159,7 +3782,7 @@ async function isDir(p) {
 }
 async function readReferencedPluginKeys(installedPluginsJsonPath) {
   try {
-    const raw = await readFile24(installedPluginsJsonPath, "utf8");
+    const raw = await readFile4(installedPluginsJsonPath, "utf8");
     return referencedPluginVersionKeys(JSON.parse(raw));
   } catch {
     return /* @__PURE__ */ new Set();
@@ -3167,7 +3790,7 @@ async function readReferencedPluginKeys(installedPluginsJsonPath) {
 }
 async function scanPluginCacheForRebuild(cacheRoot) {
   const referenced = await readReferencedPluginKeys(
-    join22(cacheRoot, "..", "installed_plugins.json")
+    join4(cacheRoot, "..", "installed_plugins.json")
   );
   let marketplaces;
   try {
@@ -3177,7 +3800,7 @@ async function scanPluginCacheForRebuild(cacheRoot) {
   }
   for (const m of marketplaces) {
     if (!m.isDirectory()) continue;
-    const mPath = join22(cacheRoot, m.name);
+    const mPath = join4(cacheRoot, m.name);
     let plugins;
     try {
       plugins = await readdir3(mPath, { withFileTypes: true });
@@ -3186,7 +3809,7 @@ async function scanPluginCacheForRebuild(cacheRoot) {
     }
     for (const p of plugins) {
       if (!p.isDirectory()) continue;
-      const pPath = join22(mPath, p.name);
+      const pPath = join4(mPath, p.name);
       let versions;
       try {
         versions = await readdir3(pPath, { withFileTypes: true });
@@ -3196,10 +3819,10 @@ async function scanPluginCacheForRebuild(cacheRoot) {
       for (const v of versions) {
         if (!v.isDirectory()) continue;
         if (referenced.size > 0 && !referenced.has(`${m.name}/${p.name}/${v.name}`)) continue;
-        const vPath = join22(pPath, v.name);
-        if (!await isFile(join22(vPath, "package.json"))) continue;
-        if (await isFile(join22(vPath, PLUGIN_INSTALLED_MARKER))) continue;
-        if (await isRecentFailMarker(join22(vPath, PLUGIN_FAILED_MARKER))) continue;
+        const vPath = join4(pPath, v.name);
+        if (!await isFile(join4(vPath, "package.json"))) continue;
+        if (await isFile(join4(vPath, PLUGIN_INSTALLED_MARKER))) continue;
+        if (await isRecentFailMarker(join4(vPath, PLUGIN_FAILED_MARKER))) continue;
         return true;
       }
     }
@@ -3212,7 +3835,7 @@ async function resolveClaudeCacheLiveOnHost(volume) {
   return orbstackVolumePath(volume, "plugins", "cache");
 }
 async function readBoxReferencedPluginKeys(container) {
-  const res = await execa3(
+  const res = await execa5(
     "docker",
     [
       "exec",
@@ -3330,7 +3953,7 @@ while IFS= read -r dir; do
 done < "$WORK/dirs"
 rm -rf "$WORK"
 `;
-  const result = await execa3(
+  const result = await execa5(
     "docker",
     ["exec", "--user", CONTAINER_USER, container, "sh", "-c", script],
     { reject: false }
@@ -3391,7 +4014,7 @@ async function startClaudeSession(opts) {
     const v = process.env[k];
     if (typeof v === "string" && v.length > 0) envFlags.push("-e", `${k}=${v}`);
   }
-  const result = await execa3(
+  const result = await execa5(
     "docker",
     [
       "exec",
@@ -3482,7 +4105,7 @@ function buildDashboardAttachArgv(container, sessionName) {
 async function waitForTmuxPaneContent(container, sessionName, timeoutMs = 2e4) {
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
-    const res = await execa3(
+    const res = await execa5(
       "docker",
       ["exec", "--user", CONTAINER_USER, container, "tmux", "capture-pane", "-p", "-t", sessionName],
       { reject: false }
@@ -3550,7 +4173,7 @@ async function warmUpClaudeCredentials(volume, image, opts = {}) {
   const SLEEP_MS = 5e3;
   for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
     opts.onProgress?.(`checking credentials... ${attempt}/${MAX_ATTEMPTS}`);
-    const res = await execa3(
+    const res = await execa5(
       "docker",
       [
         "run",
@@ -3592,7 +4215,7 @@ function attachClaudeSession(container, sessionName, reattachRef) {
 }
 async function claudeSessionInfo(container, sessionName) {
   const name = sessionName ?? DEFAULT_CLAUDE_SESSION;
-  const has = await execa3(
+  const has = await execa5(
     "docker",
     ["exec", "--user", CONTAINER_USER, container, "tmux", "has-session", "-t", name],
     { reject: false }
@@ -3600,7 +4223,7 @@ async function claudeSessionInfo(container, sessionName) {
   if (has.exitCode !== 0) {
     return { running: false, sessionName: name, startedAt: null };
   }
-  const ts = await execa3(
+  const ts = await execa5(
     "docker",
     [
       "exec",
@@ -3634,14 +4257,14 @@ async function listChildDirs(dir) {
 }
 async function readJsonFile(path) {
   try {
-    return JSON.parse(await readFile24(path, "utf8"));
+    return JSON.parse(await readFile4(path, "utf8"));
   } catch {
     return void 0;
   }
 }
 async function pullClaudeExtras(spec, opts) {
-  const hostHome = homedir2();
-  const hostClaude = join22(hostHome, ".claude");
+  const hostHome = homedir3();
+  const hostClaude = join4(hostHome, ".claude");
   const inventoryScript = [
     "for cat in skills agents commands; do",
     '  [ -d "/src/$cat" ] || continue;',
@@ -3666,7 +4289,7 @@ async function pullClaudeExtras(spec, opts) {
     '  printf "\\n";',
     "done"
   ].join(" ");
-  const inv = await execa3(
+  const inv = await execa5(
     "docker",
     ["run", "--rm", "--user", "0", "-v", `${spec.volume}:/src:ro`, opts.image, "sh", "-c", inventoryScript],
     { reject: false }
@@ -3703,7 +4326,7 @@ async function pullClaudeExtras(spec, opts) {
   const newItems = [];
   const applyPaths = [];
   for (const cat of PULL_DIR_CATEGORIES) {
-    const hostNames = await listChildDirs(join22(hostClaude, cat));
+    const hostNames = await listChildDirs(join4(hostClaude, cat));
     const excludes = cat === "skills" ? SKILL_EXCLUDE_PREFIXES : [];
     for (const name of pickNewItems(boxDirs[cat] ?? [], hostNames, excludes)) {
       newItems.push({ category: cat, name });
@@ -3711,8 +4334,8 @@ async function pullClaudeExtras(spec, opts) {
     }
   }
   const hostPluginKeys = [];
-  for (const m of await listChildDirs(join22(hostClaude, "plugins", "cache"))) {
-    for (const p of await listChildDirs(join22(hostClaude, "plugins", "cache", m))) {
+  for (const m of await listChildDirs(join4(hostClaude, "plugins", "cache"))) {
+    for (const p of await listChildDirs(join4(hostClaude, "plugins", "cache", m))) {
       hostPluginKeys.push(`${m}/${p}`);
     }
   }
@@ -3720,190 +4343,67 @@ async function pullClaudeExtras(spec, opts) {
     newItems.push({ category: "plugins", name: key });
     applyPaths.push({ src: `/src/plugins/cache/${key}`, dest: `/dst/plugins/cache/${key}` });
   }
-  const hostInstalled = await readJsonFile(join22(hostClaude, "plugins", "installed_plugins.json"));
-  const hostMarkets = await readJsonFile(join22(hostClaude, "plugins", "known_marketplaces.json"));
+  const hostInstalled = await readJsonFile(join4(hostClaude, "plugins", "installed_plugins.json"));
+  const hostMarkets = await readJsonFile(join4(hostClaude, "plugins", "known_marketplaces.json"));
   const mergedInstalled = mergeInstalledPlugins(hostInstalled, boxJson["installed_plugins"], {
     hostHome
   });
-  const mergedMarkets = mergeKnownMarketplaces(hostMarkets, boxJson["known_marketplaces"], {
-    hostHome
-  });
-  const mergedRegistries = [];
-  if (mergedInstalled.changed) mergedRegistries.push("installed_plugins.json");
-  if (mergedMarkets.changed) mergedRegistries.push("known_marketplaces.json");
-  if (opts.dryRun || newItems.length === 0 && mergedRegistries.length === 0) {
-    return { newItems, mergedRegistries };
-  }
-  if (applyPaths.length > 0) {
-    const cmds = applyPaths.map(({ src, dest }) => {
-      const parent = dest.slice(0, dest.lastIndexOf("/"));
-      return `mkdir -p '${parent}' && rsync -a --ignore-existing --exclude=node_modules '${src}/' '${dest}/'`;
-    });
-    const apply = await execa3(
-      "docker",
-      [
-        "run",
-        "--rm",
-        "--user",
-        "0",
-        "-v",
-        `${spec.volume}:/src:ro`,
-        "-v",
-        `${hostClaude}:/dst`,
-        opts.image,
-        "sh",
-        "-c",
-        cmds.join(" && ")
-      ],
-      { reject: false }
-    );
-    if (apply.exitCode !== 0) {
-      throw new ClaudeSessionError(
-        `failed to copy extensions from ${spec.volume}: ${(apply.stderr ?? "").toString().trim() || `exit ${String(apply.exitCode)}`}`
-      );
-    }
-  }
-  if (mergedMarkets.changed || mergedInstalled.changed) {
-    await mkdir22(join22(hostClaude, "plugins"), { recursive: true });
-    if (mergedMarkets.changed) {
-      await writeFile3(
-        join22(hostClaude, "plugins", "known_marketplaces.json"),
-        `${JSON.stringify(mergedMarkets.data, null, 2)}
-`
-      );
-    }
-    if (mergedInstalled.changed) {
-      await writeFile3(
-        join22(hostClaude, "plugins", "installed_plugins.json"),
-        `${JSON.stringify(mergedInstalled.data, null, 2)}
-`
-      );
-    }
-  }
-  return { newItems, mergedRegistries };
-}
-var CREDENTIALS_BACKUP_FILE = join32(STATE_DIR, "claude-credentials.json");
-var CODEX_CREDENTIALS_BACKUP_FILE = join32(STATE_DIR, "codex-credentials.json");
-var OPENCODE_CREDENTIALS_BACKUP_FILE = join32(STATE_DIR, "opencode-credentials.json");
-function isRealAgentCredential(agent, text) {
-  let parsed;
-  try {
-    parsed = JSON.parse(text);
-  } catch {
-    return false;
-  }
-  if (typeof parsed !== "object" || parsed === null) return false;
-  if (agent === "claude") {
-    const rt = parsed.claudeAiOauth?.refreshToken;
-    return typeof rt === "string" && rt.length > 0;
-  }
-  return Object.keys(parsed).length > 0;
-}
-async function hostClaudeBackupExpired(path = CREDENTIALS_BACKUP_FILE, now = Date.now()) {
-  try {
-    const parsed = JSON.parse(await readFile32(path, "utf8"));
-    const exp = parsed?.claudeAiOauth?.expiresAt;
-    return typeof exp === "number" && Number.isFinite(exp) && exp < now;
-  } catch {
-    return false;
-  }
-}
-function parseExtractResult(stdout) {
-  return { copied: /\bCOPIED=yes\b/.test(stdout) };
-}
-async function extractVolumeAuthToBackup(opts) {
-  try {
-    await mkdir32(STATE_DIR, { recursive: true });
-    const script = 'COPIED=no; if [ -s /dst/auth.json ]; then cp -a /dst/auth.json "/host-state/$DEST" && COPIED=yes; fi; echo "COPIED=$COPIED"';
-    const { stdout } = await execa4("docker", [
-      "run",
-      "--rm",
-      "--user",
-      "0",
-      "-v",
-      `${opts.volume}:/dst`,
-      "-v",
-      `${STATE_DIR}:/host-state`,
-      "-e",
-      // Pass the destination filename via env so the path isn't interpolated
-      // into the script string (keeps the docker arg list static + injection-safe).
-      `DEST=${basename2(opts.backupFile)}`,
-      opts.image,
-      "sh",
-      "-c",
-      script
-    ]);
-    const result = parseExtractResult(stdout);
-    if (result.copied) await chmod(opts.backupFile, 384).catch(() => {
-    });
-    return result;
-  } catch {
-    return { copied: false };
-  }
-}
-function extractCodexCredentials(volume, image) {
-  return extractVolumeAuthToBackup({ volume, image, backupFile: CODEX_CREDENTIALS_BACKUP_FILE });
-}
-function extractOpencodeCredentials(volume, image) {
-  return extractVolumeAuthToBackup({ volume, image, backupFile: OPENCODE_CREDENTIALS_BACKUP_FILE });
-}
-async function hostBackupHasCredentials(path = CREDENTIALS_BACKUP_FILE) {
-  try {
-    const parsed = JSON.parse(await readFile32(path, "utf8"));
-    const rt = parsed?.claudeAiOauth?.refreshToken;
-    return typeof rt === "string" && rt.length > 0;
-  } catch {
-    return false;
+  const mergedMarkets = mergeKnownMarketplaces(hostMarkets, boxJson["known_marketplaces"], {
+    hostHome
+  });
+  const mergedRegistries = [];
+  if (mergedInstalled.changed) mergedRegistries.push("installed_plugins.json");
+  if (mergedMarkets.changed) mergedRegistries.push("known_marketplaces.json");
+  if (opts.dryRun || newItems.length === 0 && mergedRegistries.length === 0) {
+    return { newItems, mergedRegistries };
   }
-}
-function parseSyncResult(stdout) {
-  const volumeHasCredentials = /\bVOLREAL=yes\b/.test(stdout);
-  if (/\bEXTRACTED=yes\b/.test(stdout)) return { direction: "extracted", volumeHasCredentials };
-  if (/\bSEEDED=yes\b/.test(stdout)) return { direction: "seeded", volumeHasCredentials };
-  return { direction: "noop", volumeHasCredentials };
-}
-var SYNC_SCRIPT = `
-EXTRACTED=no
-SEEDED=no
-VOL=/dst/.credentials.json
-HOST=/host-state/claude-credentials.json
-if [ -f "$VOL" ] && jq -e '(.claudeAiOauth.refreshToken // "") | length > 0' "$VOL" >/dev/null 2>&1; then VOL_REAL=yes; else VOL_REAL=no; fi
-if [ -f "$HOST" ] && jq -e '(.claudeAiOauth.refreshToken // "") | length > 0' "$HOST" >/dev/null 2>&1; then HOST_REAL=yes; else HOST_REAL=no; fi
-if [ "$VOL_REAL" = yes ] && [ "$ISOLATE" != yes ]; then
-  cp -a "$VOL" "$HOST" && chmod 600 "$HOST" && EXTRACTED=yes
-elif [ "$VOL_REAL" = no ] && [ "$HOST_REAL" = yes ]; then
-  cp -a "$HOST" "$VOL" && chown 1000:1000 "$VOL" && chmod 600 "$VOL" && SEEDED=yes && VOL_REAL=yes
-fi
-echo "EXTRACTED=$EXTRACTED SEEDED=$SEEDED VOLREAL=$VOL_REAL"
-`;
-async function syncClaudeCredentials(spec, opts) {
-  try {
-    await mkdir32(STATE_DIR, { recursive: true });
-    const { stdout } = await execa4("docker", [
-      "run",
-      "--rm",
-      "--user",
-      "0",
-      "-v",
-      `${spec.volume}:/dst`,
-      "-v",
-      `${STATE_DIR}:/host-state`,
-      "-e",
-      `ISOLATE=${opts.isolate ? "yes" : "no"}`,
-      opts.image,
-      "sh",
-      "-c",
-      SYNC_SCRIPT
-    ]);
-    const result = parseSyncResult(stdout);
-    if (result.direction === "extracted") {
-      await chmod(CREDENTIALS_BACKUP_FILE, 384).catch(() => {
-      });
+  if (applyPaths.length > 0) {
+    const cmds = applyPaths.map(({ src, dest }) => {
+      const parent = dest.slice(0, dest.lastIndexOf("/"));
+      return `mkdir -p '${parent}' && rsync -a --ignore-existing --exclude=node_modules '${src}/' '${dest}/'`;
+    });
+    const apply = await execa5(
+      "docker",
+      [
+        "run",
+        "--rm",
+        "--user",
+        "0",
+        "-v",
+        `${spec.volume}:/src:ro`,
+        "-v",
+        `${hostClaude}:/dst`,
+        opts.image,
+        "sh",
+        "-c",
+        cmds.join(" && ")
+      ],
+      { reject: false }
+    );
+    if (apply.exitCode !== 0) {
+      throw new ClaudeSessionError(
+        `failed to copy extensions from ${spec.volume}: ${(apply.stderr ?? "").toString().trim() || `exit ${String(apply.exitCode)}`}`
+      );
+    }
+  }
+  if (mergedMarkets.changed || mergedInstalled.changed) {
+    await mkdir3(join4(hostClaude, "plugins"), { recursive: true });
+    if (mergedMarkets.changed) {
+      await writeFile22(
+        join4(hostClaude, "plugins", "known_marketplaces.json"),
+        `${JSON.stringify(mergedMarkets.data, null, 2)}
+`
+      );
+    }
+    if (mergedInstalled.changed) {
+      await writeFile22(
+        join4(hostClaude, "plugins", "installed_plugins.json"),
+        `${JSON.stringify(mergedInstalled.data, null, 2)}
+`
+      );
     }
-    return result;
-  } catch {
-    return { direction: "noop", volumeHasCredentials: false };
   }
+  return { newItems, mergedRegistries };
 }
 var SHARED_CODEX_VOLUME = "agentbox-codex-config";
 var DEFAULT_CODEX_SESSION = "codex";
@@ -3915,9 +4415,9 @@ function resolveCodexVolume(opts) {
   }
   return { volume: SHARED_CODEX_VOLUME };
 }
-async function pathExists2(p) {
+async function pathExists3(p) {
   try {
-    await stat22(p);
+    await stat42(p);
     return true;
   } catch {
     return false;
@@ -3932,10 +4432,10 @@ async function ensureCodexVolume(spec, opts) {
   const existed = await volumeExists(spec.volume);
   await ensureVolume(spec.volume);
   const created = !existed;
-  const hostCodex = join42(homedir32(), ".codex");
-  const willSync = opts.syncFromHost && await pathExists2(hostCodex);
+  const hostCodex = join52(homedir4(), ".codex");
+  const willSync = opts.syncFromHost && await pathExists3(hostCodex);
   if (willSync) {
-    await execa5("docker", [
+    await execa6("docker", [
       "run",
       "--rm",
       "--user",
@@ -3953,7 +4453,7 @@ async function ensureCodexVolume(spec, opts) {
     ]);
     return { created, synced: true };
   }
-  await execa5(
+  await execa6(
     "docker",
     [
       "run",
@@ -3973,7 +4473,7 @@ async function ensureCodexVolume(spec, opts) {
 }
 async function seedCodexHooks(volume, image) {
   try {
-    const { stdout } = await execa5("docker", [
+    const { stdout } = await execa6("docker", [
       "run",
       "--rm",
       "--user",
@@ -4010,14 +4510,14 @@ var CodexSessionError = class extends Error {
   }
 };
 async function ensureCodexInstalled(container, opts = {}) {
-  const probe = await execa5(
+  const probe = await execa6(
     "docker",
     ["exec", "--user", CONTAINER_USER, container, "sh", "-c", "command -v codex"],
     { reject: false }
   );
   if (probe.exitCode === 0) return { installed: false };
   opts.onProgress?.("installing codex (absent from this box image)");
-  const install = await execa5(
+  const install = await execa6(
     "docker",
     ["exec", "--user", "root", container, "bash", "-lc", "npm install -g @openai/codex 2>&1"],
     { reject: false }
@@ -4040,7 +4540,7 @@ async function startCodexSession(opts) {
     const v = process.env[k];
     if (typeof v === "string" && v.length > 0) envFlags.push("-e", `${k}=${v}`);
   }
-  const result = await execa5(
+  const result = await execa6(
     "docker",
     [
       "exec",
@@ -4122,7 +4622,7 @@ function runInteractiveCodexLogin(dockerArgv) {
   return { exitCode: child.status ?? 1 };
 }
 async function volumeHasCodexAuth(volume, image) {
-  const res = await execa5(
+  const res = await execa6(
     "docker",
     ["run", "--rm", "-v", `${volume}:/dst`, image, "sh", "-c", "test -e /dst/auth.json"],
     { reject: false }
@@ -4131,7 +4631,7 @@ async function volumeHasCodexAuth(volume, image) {
 }
 async function codexSessionInfo(container, sessionName) {
   const name = sessionName ?? DEFAULT_CODEX_SESSION;
-  const has = await execa5(
+  const has = await execa6(
     "docker",
     ["exec", "--user", CONTAINER_USER, container, "tmux", "has-session", "-t", name],
     { reject: false }
@@ -4139,7 +4639,7 @@ async function codexSessionInfo(container, sessionName) {
   if (has.exitCode !== 0) {
     return { running: false, sessionName: name, startedAt: null };
   }
-  const ts = await execa5(
+  const ts = await execa6(
     "docker",
     [
       "exec",
@@ -4164,8 +4664,8 @@ async function codexSessionInfo(container, sessionName) {
 }
 var CODEX_PULL_ITEMS = ["config.toml", "auth.json", "prompts"];
 async function pullCodexConfig(spec, opts) {
-  const hostCodex = join42(homedir32(), ".codex");
-  const inv = await execa5(
+  const hostCodex = join52(homedir4(), ".codex");
+  const inv = await execa6(
     "docker",
     [
       "run",
@@ -4192,14 +4692,14 @@ async function pullCodexConfig(spec, opts) {
   const newItems = [];
   for (const item of CODEX_PULL_ITEMS) {
     if (!present.has(item)) continue;
-    if (await pathExists2(join42(hostCodex, item))) continue;
+    if (await pathExists3(join52(hostCodex, item))) continue;
     newItems.push(item);
   }
   if (opts.dryRun || newItems.length === 0) return { newItems };
   const uid = process.getuid?.() ?? 0;
   const gid = process.getgid?.() ?? 0;
   const cmds = newItems.map((it) => `cp -a '/src/${it}' '/dst/${it}'`);
-  const apply = await execa5(
+  const apply = await execa6(
     "docker",
     [
       "run",
@@ -4236,9 +4736,9 @@ function resolveOpencodeVolume(opts) {
   }
   return { volume: SHARED_OPENCODE_VOLUME };
 }
-async function pathExists3(p) {
+async function pathExists4(p) {
   try {
-    await stat32(p);
+    await stat5(p);
     return true;
   } catch {
     return false;
@@ -4253,12 +4753,12 @@ async function ensureOpencodeVolume(spec, opts) {
   const existed = await volumeExists(spec.volume);
   await ensureVolume(spec.volume);
   const created = !existed;
-  const hostData = join5(homedir4(), ".local", "share", "opencode");
-  const hostConfig = join5(homedir4(), ".config", "opencode");
-  const hostState = join5(homedir4(), ".local", "state", "opencode");
-  const hasData = await pathExists3(hostData);
-  const hasConfig = await pathExists3(hostConfig);
-  const hasState = await pathExists3(hostState);
+  const hostData = join6(homedir5(), ".local", "share", "opencode");
+  const hostConfig = join6(homedir5(), ".config", "opencode");
+  const hostState = join6(homedir5(), ".local", "state", "opencode");
+  const hasData = await pathExists4(hostData);
+  const hasConfig = await pathExists4(hostConfig);
+  const hasState = await pathExists4(hostState);
   const willSync = opts.syncFromHost && (hasData || hasConfig || hasState);
   if (willSync) {
     const args = ["run", "--rm", "--user", "0", "-v", `${spec.volume}:/dst`];
@@ -4281,10 +4781,10 @@ async function ensureOpencodeVolume(spec, opts) {
     }
     steps.push("chown -R 1000:1000 /dst");
     args.push(opts.image, "sh", "-c", steps.join(" && "));
-    await execa6("docker", args);
+    await execa7("docker", args);
     return { created, synced: true };
   }
-  await execa6(
+  await execa7(
     "docker",
     [
       "run",
@@ -4304,7 +4804,7 @@ async function ensureOpencodeVolume(spec, opts) {
 }
 async function seedOpencodePlugin(volume, image) {
   try {
-    const { stdout } = await execa6("docker", [
+    const { stdout } = await execa7("docker", [
       "run",
       "--rm",
       "--user",
@@ -4352,14 +4852,14 @@ var OpencodeSessionError = class extends Error {
   }
 };
 async function ensureOpencodeInstalled(container, opts = {}) {
-  const probe = await execa6(
+  const probe = await execa7(
     "docker",
     ["exec", "--user", CONTAINER_USER, container, "sh", "-c", "command -v opencode"],
     { reject: false }
   );
   if (probe.exitCode === 0) return { installed: false };
   opts.onProgress?.("installing opencode (absent from this box image)");
-  const install = await execa6(
+  const install = await execa7(
     "docker",
     ["exec", "--user", "root", container, "bash", "-lc", "npm install -g opencode-ai 2>&1"],
     { reject: false }
@@ -4381,7 +4881,7 @@ async function startOpencodeSession(opts) {
     const v = process.env[k];
     if (typeof v === "string" && v.length > 0) envFlags.push("-e", `${k}=${v}`);
   }
-  const result = await execa6(
+  const result = await execa7(
     "docker",
     [
       "exec",
@@ -4467,7 +4967,7 @@ function runInteractiveOpencodeLogin(dockerArgv) {
   return { exitCode: child.status ?? 1 };
 }
 async function volumeHasOpencodeAuth(volume, image) {
-  const res = await execa6(
+  const res = await execa7(
     "docker",
     ["run", "--rm", "-v", `${volume}:/dst`, image, "sh", "-c", "test -e /dst/auth.json"],
     { reject: false }
@@ -4476,7 +4976,7 @@ async function volumeHasOpencodeAuth(volume, image) {
 }
 async function opencodeSessionInfo(container, sessionName) {
   const name = sessionName ?? DEFAULT_OPENCODE_SESSION;
-  const has = await execa6(
+  const has = await execa7(
     "docker",
     ["exec", "--user", CONTAINER_USER, container, "tmux", "has-session", "-t", name],
     { reject: false }
@@ -4484,7 +4984,7 @@ async function opencodeSessionInfo(container, sessionName) {
   if (has.exitCode !== 0) {
     return { running: false, sessionName: name, startedAt: null };
   }
-  const ts = await execa6(
+  const ts = await execa7(
     "docker",
     [
       "exec",
@@ -4520,9 +5020,9 @@ var OPENCODE_PULL_CONFIG_ITEMS = [
   "themes"
 ];
 async function pullOpencodeConfig(spec, opts) {
-  const hostData = join5(homedir4(), ".local", "share", "opencode");
-  const hostConfig = join5(homedir4(), ".config", "opencode");
-  const inv = await execa6(
+  const hostData = join6(homedir5(), ".local", "share", "opencode");
+  const hostConfig = join6(homedir5(), ".config", "opencode");
+  const inv = await execa7(
     "docker",
     [
       "run",
@@ -4548,7 +5048,7 @@ async function pullOpencodeConfig(spec, opts) {
     const [group, name] = line.trim().split(/\s+/, 2);
     if (!name || group !== "data" && group !== "config") continue;
     const hostBase = group === "data" ? hostData : hostConfig;
-    if (await pathExists3(join5(hostBase, name))) continue;
+    if (await pathExists4(join6(hostBase, name))) continue;
     newItems.push({
       label: group === "data" ? name : `config/${name}`,
       src: group === "data" ? `/src/${name}` : `/src/config/${name}`,
@@ -4564,7 +5064,7 @@ async function pullOpencodeConfig(spec, opts) {
   const cmds = newItems.map(
     (i) => `cp -a '${i.src}' '${i.hostDst === "data" ? "/dst-data" : "/dst-config"}/${i.name}'`
   );
-  const apply = await execa6(
+  const apply = await execa7(
     "docker",
     [
       "run",
@@ -4675,9 +5175,9 @@ function gitWorktreePathFor(branch) {
   return `${WORKTREE_ROOT}/${fsSafeBranch(branch)}`;
 }
 async function collectRepoCarryOver(repo, branch, containerPath, gitWorktreePath) {
-  const stash = await execa7("git", ["-C", repo.hostMainRepo, "stash", "create"], { reject: false });
+  const stash = await execa8("git", ["-C", repo.hostMainRepo, "stash", "create"], { reject: false });
   const stashSha = stash.exitCode === 0 ? stash.stdout.trim() || null : null;
-  const untracked = await execa7(
+  const untracked = await execa8(
     "git",
     ["-C", repo.hostMainRepo, "ls-files", "--others", "--exclude-standard", "-z"],
     { reject: false }
@@ -4694,7 +5194,7 @@ async function collectRepoCarryOver(repo, branch, containerPath, gitWorktreePath
   };
 }
 async function dexec(container, argv, user = "vscode", cwd = "/") {
-  const r = await execa7(
+  const r = await execa8(
     "docker",
     ["exec", "-w", cwd, "--user", user, container, ...argv],
     { reject: false }
@@ -4726,7 +5226,7 @@ async function bindWorktrees(container, binds, onLog) {
     (a, b) => a.kind === "root" && b.kind !== "root" ? -1 : a.kind !== "root" && b.kind === "root" ? 1 : 0
   );
   for (const b of ordered) {
-    await execa7(
+    await execa8(
       "docker",
       ["exec", "-w", "/", "--user", "root", container, "sh", "-c", `mountpoint -q ${b.containerPath} && umount ${b.containerPath} || true`],
       { reject: false }
@@ -4748,7 +5248,7 @@ async function seedWorkspace(opts) {
     const wt = r.gitWorktreePath;
     const baseRef = r.repo.kind === "root" ? opts.fromBranch ?? "HEAD" : "HEAD";
     const addArgs = r.reuseBranch ? ["worktree", "add", wt, r.branch] : ["worktree", "add", "-b", r.branch, wt, baseRef];
-    const add = await execa7(
+    const add = await execa8(
       "docker",
       ["exec", "--user", "vscode", opts.container, "git", "-C", main, ...addArgs],
       { reject: false }
@@ -4759,7 +5259,7 @@ async function seedWorkspace(opts) {
       );
     }
     log(`worktree ${wt} on branch ${r.branch} (host main ${main})`);
-    await execa7(
+    await execa8(
       "docker",
       [
         "exec",
@@ -4775,7 +5275,7 @@ async function seedWorkspace(opts) {
       ],
       { reject: false }
     );
-    await execa7(
+    await execa8(
       "docker",
       [
         "exec",
@@ -4805,7 +5305,7 @@ async function seedWorkspace(opts) {
   for (const r of opts.repos) {
     const ct = r.containerPath;
     if (r.stashSha) {
-      const withIndex = await execa7(
+      const withIndex = await execa8(
         "docker",
         [
           "exec",
@@ -4823,7 +5323,7 @@ async function seedWorkspace(opts) {
         { reject: false }
       );
       if (withIndex.exitCode !== 0) {
-        const noIndex = await execa7(
+        const noIndex = await execa8(
           "docker",
           [
             "exec",
@@ -4851,7 +5351,7 @@ async function seedWorkspace(opts) {
       }
     }
     if (r.untrackedNul.length > 0) {
-      const tarOut = await execa7("tar", ["-C", r.hostSource, "--null", "-T", "-", "-cf", "-"], {
+      const tarOut = await execa8("tar", ["-C", r.hostSource, "--null", "-T", "-", "-cf", "-"], {
         input: r.untrackedNul.replace(/\0$/, ""),
         encoding: "buffer",
         reject: false
@@ -4860,7 +5360,7 @@ async function seedWorkspace(opts) {
         log(`warning: tar of untracked files for ${r.repo.hostMainRepo} failed: ${tarOut.stderr}`);
         continue;
       }
-      const tarIn = await execa7(
+      const tarIn = await execa8(
         "docker",
         ["exec", "-i", "--user", "vscode", opts.container, "tar", "-C", ct, "-xf", "-"],
         { input: tarOut.stdout, reject: false }
@@ -4877,14 +5377,14 @@ async function seedWorkspace(opts) {
 async function seedWorkspaceFromDir(opts) {
   const log = opts.onLog ?? (() => {
   });
-  const tarOut = await execa7("tar", ["-C", opts.hostSource, "-cf", "-", "."], {
+  const tarOut = await execa8("tar", ["-C", opts.hostSource, "-cf", "-", "."], {
     encoding: "buffer",
     reject: false
   });
   if (tarOut.exitCode !== 0) {
     throw new GitWorktreeError(`tar of ${opts.hostSource} failed: ${tarOut.stderr}`);
   }
-  const tarIn = await execa7(
+  const tarIn = await execa8(
     "docker",
     ["exec", "-i", "--user", "1000:1000", opts.container, "tar", "-C", "/workspace", "-xf", "-"],
     { input: tarOut.stdout, reject: false }
@@ -4895,18 +5395,159 @@ async function seedWorkspaceFromDir(opts) {
   log(`seeded /workspace from ${opts.hostSource}`);
 }
 async function removeInBoxWorktree(args) {
-  const remove = await execa7(
+  const remove = await execa8(
     "git",
     ["-C", args.hostMainRepo, "worktree", "remove", "--force", args.gitWorktreePath],
     { reject: false }
   );
   if (remove.exitCode === 0) return;
-  await execa7("git", ["-C", args.hostMainRepo, "worktree", "prune"], { reject: false });
+  await execa8("git", ["-C", args.hostMainRepo, "worktree", "prune"], { reject: false });
 }
 function ctParent(p) {
   const i = p.lastIndexOf("/");
   return i <= 0 ? "/" : p.slice(0, i);
 }
+async function gitIn(container, ct, args) {
+  return execInBox(container, ["git", "-C", ct, ...args], { user: "vscode" });
+}
+function splitNul(s) {
+  return s.split("\0").filter((p) => p.length > 0);
+}
+async function unmergedPaths(container, ct) {
+  const r = await gitIn(container, ct, ["diff", "--name-only", "--diff-filter=U", "-z"]);
+  return r.exitCode === 0 ? splitNul(r.stdout) : [];
+}
+async function resyncWorkspaceFromHost(opts) {
+  const log = opts.onLog ?? (() => {
+  });
+  const results = [];
+  for (const w of opts.worktrees) {
+    const ct = w.containerPath;
+    const hostMain = w.hostMainRepo;
+    const boxBranch = w.branch;
+    const res = { containerPath: ct, mergeConflicts: [], overlaySkipped: [] };
+    const hostBranchProbe = await execa8(
+      "git",
+      ["-C", hostMain, "symbolic-ref", "--short", "-q", "HEAD"],
+      { reject: false }
+    );
+    const hostRef = hostBranchProbe.exitCode === 0 && hostBranchProbe.stdout.trim() ? hostBranchProbe.stdout.trim() : (await execa8("git", ["-C", hostMain, "rev-parse", "HEAD"], { reject: false })).stdout.trim();
+    if (!hostRef) {
+      log(`resync: ${ct}: could not resolve host ref; skipping`);
+      results.push(res);
+      continue;
+    }
+    const stash = await execa8("git", ["-C", hostMain, "stash", "create"], { reject: false });
+    const hostStashSha = stash.exitCode === 0 ? stash.stdout.trim() || null : null;
+    const untracked = await execa8(
+      "git",
+      ["-C", hostMain, "ls-files", "--others", "--exclude-standard", "-z"],
+      { reject: false }
+    );
+    const hostUntracked = untracked.exitCode === 0 ? splitNul(untracked.stdout) : [];
+    if (hostRef !== boxBranch) {
+      const status = await gitIn(opts.container, ct, ["status", "--porcelain"]);
+      const boxDirty = status.stdout.split("\n").some((line) => line.length > 0 && !line.startsWith("??"));
+      let boxStashed = false;
+      if (boxDirty) {
+        const push = await gitIn(opts.container, ct, ["stash", "push", "-m", "agentbox-resync"]);
+        boxStashed = push.exitCode === 0;
+      }
+      const newCommits = await gitIn(opts.container, ct, [
+        "rev-list",
+        "--count",
+        `${boxBranch}..${hostRef}`
+      ]);
+      const n = newCommits.exitCode === 0 ? newCommits.stdout.trim() : "?";
+      const merge = await gitIn(opts.container, ct, ["merge", "--no-commit", hostRef]);
+      const mergeInProgress = (await gitIn(opts.container, ct, ["rev-parse", "-q", "--verify", "MERGE_HEAD"])).exitCode === 0;
+      const conflicts = await unmergedPaths(opts.container, ct);
+      if (conflicts.length > 0) {
+        await gitIn(opts.container, ct, ["checkout", "--ours", "--", ...conflicts]);
+        await gitIn(opts.container, ct, ["add", "--", ...conflicts]);
+        res.mergeConflicts.push(...conflicts);
+      }
+      if (mergeInProgress) {
+        await gitIn(opts.container, ct, [
+          "-c",
+          "user.name=agentbox",
+          "-c",
+          "user.email=agentbox@users.noreply.github.com",
+          "commit",
+          "--no-edit"
+        ]);
+        log(
+          `resync: ${ct}: merged ${n} new host commit(s) from ${hostRef}` + (conflicts.length > 0 ? ` (${String(conflicts.length)} conflict(s) kept box version)` : "")
+        );
+      } else if (merge.exitCode === 0) {
+        log(`resync: ${ct}: ${n === "0" ? "already up to date" : `fast-forwarded to ${hostRef}`}`);
+      } else {
+        await gitIn(opts.container, ct, ["merge", "--abort"]);
+        log(`resync: ${ct}: merge skipped (${(merge.stderr || merge.stdout).trim().split("\n")[0]})`);
+      }
+      if (boxStashed) {
+        const pop = await gitIn(opts.container, ct, ["stash", "pop"]);
+        if (pop.exitCode !== 0) {
+          const popConflicts = await unmergedPaths(opts.container, ct);
+          for (const p of popConflicts) {
+            await gitIn(opts.container, ct, ["checkout", "--theirs", "--", p]);
+            await gitIn(opts.container, ct, ["reset", "-q", "--", p]);
+          }
+          await gitIn(opts.container, ct, ["stash", "drop"]);
+        }
+      }
+    }
+    if (hostStashSha) {
+      const apply = await gitIn(opts.container, ct, ["stash", "apply", hostStashSha]);
+      if (apply.exitCode !== 0) {
+        const conflicts = await unmergedPaths(opts.container, ct);
+        for (const p of conflicts) {
+          await gitIn(opts.container, ct, ["checkout", "--ours", "--", p]);
+          await gitIn(opts.container, ct, ["reset", "-q", "--", p]);
+        }
+        if (conflicts.length > 0) res.overlaySkipped.push(...conflicts);
+      }
+    }
+    if (hostUntracked.length > 0) {
+      const filter = await execa8(
+        "docker",
+        [
+          "exec",
+          "-i",
+          "--user",
+          "vscode",
+          opts.container,
+          "bash",
+          "-c",
+          'cd "$1" && while IFS= read -r -d "" f; do [ -e "$f" ] && printf "%s\\0" "$f"; done',
+          "bash",
+          ct
+        ],
+        { input: hostUntracked.join("\0"), reject: false }
+      );
+      const existing = new Set(filter.exitCode === 0 ? splitNul(filter.stdout) : []);
+      const toCopy = hostUntracked.filter((p) => !existing.has(p));
+      for (const p of hostUntracked) if (existing.has(p)) res.overlaySkipped.push(p);
+      if (toCopy.length > 0) {
+        const tarOut = await execa8("tar", ["-C", hostMain, "--null", "-T", "-", "-cf", "-"], {
+          input: toCopy.join("\0"),
+          encoding: "buffer",
+          reject: false
+        });
+        if (tarOut.exitCode === 0) {
+          await execa8(
+            "docker",
+            ["exec", "-i", "--user", "vscode", opts.container, "tar", "-C", ct, "-xf", "-"],
+            { input: tarOut.stdout, reject: false }
+          );
+          log(`resync: ${ct}: copied ${String(toCopy.length)} untracked host file(s)`);
+        }
+      }
+    }
+    results.push(res);
+  }
+  return results;
+}
 var PORTLESS_BIN = "portless";
 var SUB_VERSION = ["--version"];
 var SUB_ALIAS = "alias";
@@ -4917,7 +5558,7 @@ var cached = null;
 async function detectPortless() {
   if (cached !== null) return cached;
   try {
-    const ver = await execa8(PORTLESS_BIN, SUB_VERSION, { reject: false });
+    const ver = await execa9(PORTLESS_BIN, SUB_VERSION, { reject: false });
     if (ver.exitCode !== 0) {
       cached = { installed: false, proxyRunning: false };
       return cached;
@@ -4937,7 +5578,7 @@ function resetPortlessCache() {
 }
 async function portlessAlias(name, port) {
   try {
-    const r = await execa8(PORTLESS_BIN, [SUB_ALIAS, name, String(port)], { reject: false });
+    const r = await execa9(PORTLESS_BIN, [SUB_ALIAS, name, String(port)], { reject: false });
     return r.exitCode === 0;
   } catch {
     return false;
@@ -4945,7 +5586,7 @@ async function portlessAlias(name, port) {
 }
 async function portlessUnalias(name) {
   try {
-    const r = await execa8(PORTLESS_BIN, [SUB_ALIAS, SUB_ALIAS_REMOVE, name], { reject: false });
+    const r = await execa9(PORTLESS_BIN, [SUB_ALIAS, SUB_ALIAS_REMOVE, name], { reject: false });
     return r.exitCode === 0;
   } catch {
     return false;
@@ -4954,7 +5595,7 @@ async function portlessUnalias(name) {
 async function portlessGetUrl(name) {
   const fallback = `https://${name}.localhost`;
   try {
-    const r = await execa8(PORTLESS_BIN, [SUB_GET, name], { reject: false });
+    const r = await execa9(PORTLESS_BIN, [SUB_GET, name], { reject: false });
     const out = (r.stdout ?? "").trim();
     if (r.exitCode === 0 && /^https?:\/\//.test(out)) return out;
   } catch {
@@ -4975,7 +5616,7 @@ function portlessBrowserEnv(boxName, opts) {
 }
 async function installPortless() {
   try {
-    const r = await execa8("npm", ["install", "-g", "portless"], { reject: false });
+    const r = await execa9("npm", ["install", "-g", "portless"], { reject: false });
     return r.exitCode === 0;
   } catch {
     return false;
@@ -4983,7 +5624,7 @@ async function installPortless() {
 }
 async function startPortlessProxy() {
   try {
-    const r = await execa8(
+    const r = await execa9(
       PORTLESS_BIN,
       ["proxy", "start", "--no-tls", "-p", String(PORTLESS_PROXY_PORT)],
       { reject: false }
@@ -4996,7 +5637,7 @@ async function startPortlessProxy() {
 function portlessStateDirCandidates() {
   const env = process.env["PORTLESS_STATE_DIR"];
   if (env && env.trim().length > 0) return [env.trim()];
-  return ["/tmp/portless", join6(homedir5(), ".portless")];
+  return ["/tmp/portless", join7(homedir6(), ".portless")];
 }
 function pidAlive(pid) {
   if (!Number.isFinite(pid) || pid <= 0) return false;
@@ -5009,7 +5650,7 @@ function pidAlive(pid) {
 }
 async function readProxyPid(dir) {
   try {
-    const raw = await readFile42(join6(dir, "proxy.pid"), "utf8");
+    const raw = await readFile52(join7(dir, "proxy.pid"), "utf8");
     const pid = Number.parseInt(raw.trim(), 10);
     return Number.isFinite(pid) && pid > 0 ? pid : null;
   } catch {
@@ -5029,7 +5670,7 @@ async function resolvePortlessHostStateDir(override) {
   if (env && env.trim().length > 0) return env.trim();
   const live = await findLivePortlessStateDir();
   if (live) return live;
-  const home = join6(homedir5(), ".portless");
+  const home = join7(homedir6(), ".portless");
   if (existsSync(home)) return home;
   if (existsSync("/tmp/portless")) return "/tmp/portless";
   return home;
@@ -5037,7 +5678,7 @@ async function resolvePortlessHostStateDir(override) {
 async function isProxyRunning() {
   if (await findLivePortlessStateDir() !== null) return true;
   try {
-    const r = await execa8("pgrep", ["-f", "portless proxy"], { reject: false });
+    const r = await execa9("pgrep", ["-f", "portless proxy"], { reject: false });
     return r.exitCode === 0 && (r.stdout ?? "").trim().length > 0;
   } catch {
     return false;
@@ -5058,25 +5699,25 @@ var EXCLUDE_DIRS = /* @__PURE__ */ new Set([
   ".cache",
   ".parcel-cache"
 ]);
-var SNAPSHOTS_ROOT = join7(homedir6(), ".agentbox", "snapshots");
+var SNAPSHOTS_ROOT = join8(homedir7(), ".agentbox", "snapshots");
 function snapshotPathFor(box) {
   const mnemonic = sanitizeMnemonic(box.name);
   const n = box.projectIndex;
   const segment = typeof n === "number" && Number.isFinite(n) && n > 0 ? `${box.id}-${String(n)}-${mnemonic}` : `${box.id}-${mnemonic}`;
-  return join7(SNAPSHOTS_ROOT, segment);
+  return join8(SNAPSHOTS_ROOT, segment);
 }
 async function findExcludedDirs(root, excluded = EXCLUDE_DIRS) {
   const matches = [];
   const walk = async (dir) => {
     let entries;
     try {
-      entries = await readdir22(dir, { withFileTypes: true });
+      entries = await readdir42(dir, { withFileTypes: true });
     } catch {
       return;
     }
     for (const entry of entries) {
       if (!entry.isDirectory()) continue;
-      const abs = join7(dir, entry.name);
+      const abs = join8(dir, entry.name);
       if (excluded.has(entry.name)) {
         matches.push(abs);
         continue;
@@ -5091,28 +5732,28 @@ async function createSnapshot(opts) {
   const source = resolve2(opts.source);
   const destination = resolve2(opts.destination);
   const excluded = opts.excluded ?? EXCLUDE_DIRS;
-  await mkdir4(SNAPSHOTS_ROOT, { recursive: true });
+  await mkdir42(SNAPSHOTS_ROOT, { recursive: true });
   const cpArgs = platform() === "darwin" ? ["-cR"] : ["-R"];
-  await execa9("cp", [...cpArgs, `${source}/`, destination]);
+  await execa10("cp", [...cpArgs, `${source}/`, destination]);
   const toPrune = await findExcludedDirs(destination, excluded);
-  await Promise.all(toPrune.map((p) => rm22(p, { recursive: true, force: true })));
+  await Promise.all(toPrune.map((p) => rm32(p, { recursive: true, force: true })));
   return { destination, prunedPaths: toPrune };
 }
-var CHECKPOINTS_ROOT = join8(homedir7(), ".agentbox", "checkpoints");
+var CHECKPOINTS_ROOT = join9(homedir8(), ".agentbox", "checkpoints");
 var CHECKPOINT_IMAGE_PREFIX = "agentbox-ckpt-";
 function checkpointImageTag(projectRoot, name) {
-  const mnemonic = sanitizeMnemonic(basename22(projectRoot));
+  const mnemonic = sanitizeMnemonic(basename32(projectRoot));
   return `${CHECKPOINT_IMAGE_PREFIX}${hashProjectPath(projectRoot)}_${mnemonic}:${name}`;
 }
 function projectCheckpointsDir(projectRoot) {
-  return join8(CHECKPOINTS_ROOT, projectDirSegment(projectRoot));
+  return join9(CHECKPOINTS_ROOT, projectDirSegment(projectRoot));
 }
 function checkpointDir(projectRoot, name) {
-  return join8(projectCheckpointsDir(projectRoot), name);
+  return join9(projectCheckpointsDir(projectRoot), name);
 }
 async function readManifest(dir) {
   try {
-    const raw = await readFile5(join8(dir, "manifest.json"), "utf8");
+    const raw = await readFile6(join9(dir, "manifest.json"), "utf8");
     const m = JSON.parse(raw);
     if (m.schema !== 2 && m.schema !== 3) return null;
     return m;
@@ -5120,23 +5761,39 @@ async function readManifest(dir) {
     return null;
   }
 }
-async function listCheckpoints(projectRoot) {
-  const root = projectCheckpointsDir(projectRoot);
+async function listCheckpointsInDir(root) {
   let entries;
   try {
-    entries = (await readdir32(root, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
+    entries = (await readdir5(root, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
   } catch {
     return [];
   }
   const out = [];
   for (const name of entries) {
-    const dir = join8(root, name);
+    const dir = join9(root, name);
     const manifest = await readManifest(dir);
     if (manifest) out.push({ name, dir, manifest });
   }
   out.sort((a, b) => a.manifest.createdAt.localeCompare(b.manifest.createdAt));
   return out;
 }
+async function listCheckpoints(projectRoot) {
+  return listCheckpointsInDir(projectCheckpointsDir(projectRoot));
+}
+async function listAllCheckpoints() {
+  let segments;
+  try {
+    segments = (await readdir5(CHECKPOINTS_ROOT, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const segment of segments) {
+    const items = await listCheckpointsInDir(join9(CHECKPOINTS_ROOT, segment));
+    if (items.length > 0) out.push({ segment, items });
+  }
+  return out;
+}
 async function resolveCheckpoint(projectRoot, ref) {
   const dir = checkpointDir(projectRoot, ref);
   const manifest = await readManifest(dir);
@@ -5146,21 +5803,21 @@ async function resolveCheckpoint(projectRoot, ref) {
 async function listAllCheckpointImages() {
   let projectDirs;
   try {
-    projectDirs = (await readdir32(CHECKPOINTS_ROOT, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
+    projectDirs = (await readdir5(CHECKPOINTS_ROOT, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
   } catch {
     return [];
   }
   const out = /* @__PURE__ */ new Set();
   for (const proj of projectDirs) {
-    const projPath = join8(CHECKPOINTS_ROOT, proj);
+    const projPath = join9(CHECKPOINTS_ROOT, proj);
     let names;
     try {
-      names = (await readdir32(projPath, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
+      names = (await readdir5(projPath, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
     } catch {
       continue;
     }
     for (const name of names) {
-      const manifest = await readManifest(join8(projPath, name));
+      const manifest = await readManifest(join9(projPath, name));
       if (manifest) out.add(manifest.image);
     }
   }
@@ -5170,7 +5827,7 @@ async function removeCheckpoint(projectRoot, ref) {
   const dir = checkpointDir(projectRoot, ref);
   const manifest = await readManifest(dir);
   if (!manifest) return false;
-  await rm3(dir, { recursive: true, force: true });
+  await rm4(dir, { recursive: true, force: true });
   await removeImage(manifest.image, { force: true });
   return true;
 }
@@ -5202,7 +5859,7 @@ async function runCleanup(container, log) {
   }
 }
 async function inspectImageConfig(imageRef) {
-  const r = await execa10("docker", ["image", "inspect", imageRef], { reject: false });
+  const r = await execa11("docker", ["image", "inspect", imageRef], { reject: false });
   if (r.exitCode !== 0) {
     throw new CheckpointError(`docker image inspect ${imageRef} failed`, r.stdout, r.stderr);
   }
@@ -5278,14 +5935,14 @@ async function createCheckpoint(opts) {
   await runCleanup(box.container, log);
   if (type === "layered") {
     log(`docker commit ${box.container} -> ${tag} (layered)`);
-    const r = await execa10("docker", ["commit", box.container, tag], { reject: false });
+    const r = await execa11("docker", ["commit", box.container, tag], { reject: false });
     if (r.exitCode !== 0) {
       throw new CheckpointError(`docker commit failed for ${box.container}`, r.stdout, r.stderr);
     }
   } else {
     log(`docker commit ${box.container} -> <intermediate> (flattened path)`);
     const intermediate = `${tag}-intermediate`;
-    const commit = await execa10("docker", ["commit", box.container, intermediate], {
+    const commit = await execa11("docker", ["commit", box.container, intermediate], {
       reject: false
     });
     if (commit.exitCode !== 0) {
@@ -5321,7 +5978,7 @@ async function createCheckpoint(opts) {
     cliVersion: stamp.cliVersion,
     createdAt: (/* @__PURE__ */ new Date()).toISOString()
   };
-  await writeFile22(join8(dir, "manifest.json"), JSON.stringify(manifest, null, 2) + "\n", "utf8");
+  await writeFile32(join9(dir, "manifest.json"), JSON.stringify(manifest, null, 2) + "\n", "utf8");
   if (opts.setDefault) {
     await setConfigValue("project", "box.defaultCheckpointDocker", name, opts.projectRoot);
     log(`set project default checkpoint (box.defaultCheckpointDocker) -> ${name}`);
@@ -5330,7 +5987,7 @@ async function createCheckpoint(opts) {
 }
 async function flattenImage(sourceTag, destTag, log) {
   const tmpName = `agentbox-flatten-${Date.now().toString(36)}`;
-  const create = await execa10(
+  const create = await execa11(
     "docker",
     ["create", "--name", tmpName, sourceTag, "sleep", "0"],
     { reject: false }
@@ -5338,11 +5995,11 @@ async function flattenImage(sourceTag, destTag, log) {
   if (create.exitCode !== 0) {
     throw new CheckpointError(`docker create for flatten failed`, create.stdout, create.stderr);
   }
-  const scratch = await mkdtemp2(join8(tmpdir2(), "agentbox-flatten-"));
+  const scratch = await mkdtemp3(join9(tmpdir3(), "agentbox-flatten-"));
   try {
-    const rootfsPath = join8(scratch, "rootfs.tar");
+    const rootfsPath = join9(scratch, "rootfs.tar");
     log(`exporting rootfs of ${sourceTag} to ${rootfsPath}`);
-    const exp = await execa10("docker", ["export", "-o", rootfsPath, tmpName], { reject: false });
+    const exp = await execa11("docker", ["export", "-o", rootfsPath, tmpName], { reject: false });
     if (exp.exitCode !== 0) {
       throw new CheckpointError(`docker export failed`, exp.stdout, exp.stderr);
     }
@@ -5353,19 +6010,19 @@ async function flattenImage(sourceTag, destTag, log) {
       "ADD rootfs.tar /",
       ...renderConfigDirectives(cfg)
     ];
-    await writeFile22(join8(scratch, "Dockerfile"), lines.join("\n") + "\n", "utf8");
+    await writeFile32(join9(scratch, "Dockerfile"), lines.join("\n") + "\n", "utf8");
     log(`building flattened ${destTag} from rootfs.tar (FROM scratch)`);
-    const build = await execa10(
+    const build = await execa11(
       "docker",
-      ["build", "-t", destTag, "-f", join8(scratch, "Dockerfile"), scratch],
+      ["build", "-t", destTag, "-f", join9(scratch, "Dockerfile"), scratch],
       { reject: false }
     );
     if (build.exitCode !== 0) {
       throw new CheckpointError(`flatten docker build failed`, build.stdout, build.stderr);
     }
   } finally {
-    await execa10("docker", ["rm", "-f", tmpName], { reject: false });
-    await rm3(scratch, { recursive: true, force: true });
+    await execa11("docker", ["rm", "-f", tmpName], { reject: false });
+    await rm4(scratch, { recursive: true, force: true });
   }
 }
 var CheckpointError = class extends Error {
@@ -5390,7 +6047,7 @@ async function launchCtlDaemon(container, hostSocketPath, timeoutMs = 3e3) {
   }
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
-    if (await pathExists4(hostSocketPath)) return { up: true };
+    if (await pathExists5(hostSocketPath)) return { up: true };
     await new Promise((r) => setTimeout(r, 100));
   }
   return {
@@ -5398,9 +6055,9 @@ async function launchCtlDaemon(container, hostSocketPath, timeoutMs = 3e3) {
     reason: `socket ${hostSocketPath} did not appear within ${String(timeoutMs)}ms`
   };
 }
-async function pathExists4(p) {
+async function pathExists5(p) {
   try {
-    await stat5(p);
+    await stat7(p);
     return true;
   } catch {
     return false;
@@ -5408,7 +6065,7 @@ async function pathExists4(p) {
 }
 async function writeBoxEnvFile(container, env) {
   const body = formatBoxEnvBody(env);
-  const result = await execa11(
+  const result = await execa12(
     "docker",
     ["exec", "--user", "root", "-i", container, "sh", "-c", "umask 022 && cat > /etc/agentbox/box.env"],
     { input: body, reject: false }
@@ -5432,7 +6089,7 @@ function shellSingleQuote(s) {
   return `'${s.replace(/'/g, `'\\''`)}'`;
 }
 async function ensureHomeOwnedByVscode(container) {
-  await execa12(
+  await execa13(
     "docker",
     [
       "exec",
@@ -5448,10 +6105,10 @@ async function ensureHomeOwnedByVscode(container) {
     { reject: false }
   );
 }
-var STATE_DIR22 = join9(homedir8(), ".agentbox");
-var PID_FILE = join9(STATE_DIR22, "relay.pid");
-var LOG_FILE = join9(STATE_DIR22, "relay.log");
-var RELAY_HOME_DIR = join9(STATE_DIR22, "relay");
+var STATE_DIR22 = join10(homedir9(), ".agentbox");
+var PID_FILE = join10(STATE_DIR22, "relay.pid");
+var LOG_FILE = join10(STATE_DIR22, "relay.log");
+var RELAY_HOME_DIR = join10(STATE_DIR22, "relay");
 var PORT = DEFAULT_RELAY_PORT;
 var ENDPOINT = {
   // host.docker.internal is the Docker Desktop / OrbStack-supplied alias for
@@ -5565,7 +6222,7 @@ async function spawnRelay(relayBin, cliEntry, log) {
   );
   child.unref();
   if (typeof child.pid === "number") {
-    await writeFile32(PID_FILE, String(child.pid), "utf8");
+    await writeFile4(PID_FILE, String(child.pid), "utf8");
     log(`spawned relay host process (pid ${String(child.pid)}, port ${String(PORT)})`);
   }
   for (let i = 0; i < 25; i++) {
@@ -5618,28 +6275,28 @@ async function stageRelayHome(version, log) {
   if (process.env.AGENTBOX_RELAY_BIN || process.env.AGENTBOX_CLI_ENTRY) return null;
   const cliRoot = findCliRoot(dirname3(fileURLToPath(import.meta.url)));
   if (cliRoot === null) return null;
-  const homeDir = join9(RELAY_HOME_DIR, version);
-  const stagedEntry = join9(homeDir, "dist", "index.js");
-  const stagedBin = join9(homeDir, "runtime", "relay", "bin.cjs");
+  const homeDir = join10(RELAY_HOME_DIR, version);
+  const stagedEntry = join10(homeDir, "dist", "index.js");
+  const stagedBin = join10(homeDir, "runtime", "relay", "bin.cjs");
   if (existsSync2(stagedEntry) && existsSync2(stagedBin)) {
     return { relayBin: stagedBin, cliEntry: stagedEntry };
   }
-  const nodeModules = resolveDepRoot(join9(cliRoot, "dist", "index.js"));
+  const nodeModules = resolveDepRoot(join10(cliRoot, "dist", "index.js"));
   if (nodeModules === null) return null;
   const tmpDir = `${homeDir}.tmp-${String(process.pid)}`;
   try {
     await mkdir6(RELAY_HOME_DIR, { recursive: true });
-    await rm4(tmpDir, { recursive: true, force: true });
+    await rm5(tmpDir, { recursive: true, force: true });
     await mkdir6(tmpDir, { recursive: true });
     for (const sub of ["dist", "runtime", "share"]) {
-      const src = join9(cliRoot, sub);
-      if (existsSync2(src)) await cp(src, join9(tmpDir, sub), { recursive: true });
+      const src = join10(cliRoot, sub);
+      if (existsSync2(src)) await cp(src, join10(tmpDir, sub), { recursive: true });
     }
-    await cp(nodeModules, join9(tmpDir, "node_modules"), { recursive: true, dereference: true });
-    await rm4(homeDir, { recursive: true, force: true });
+    await cp(nodeModules, join10(tmpDir, "node_modules"), { recursive: true, dereference: true });
+    await rm5(homeDir, { recursive: true, force: true });
     await rename3(tmpDir, homeDir);
   } catch (err) {
-    await rm4(tmpDir, { recursive: true, force: true }).catch(() => {
+    await rm5(tmpDir, { recursive: true, force: true }).catch(() => {
     });
     if (existsSync2(stagedEntry) && existsSync2(stagedBin)) {
       return { relayBin: stagedBin, cliEntry: stagedEntry };
@@ -5654,7 +6311,7 @@ async function stageRelayHome(version, log) {
 }
 function findCliRoot(moduleDir) {
   for (const root of [resolve22(moduleDir, ".."), resolve22(moduleDir, "..", "..")]) {
-    if (existsSync2(join9(root, "dist", "index.js")) && existsSync2(join9(root, "runtime", "relay", "bin.cjs"))) {
+    if (existsSync2(join10(root, "dist", "index.js")) && existsSync2(join10(root, "runtime", "relay", "bin.cjs"))) {
       return root;
     }
   }
@@ -5669,7 +6326,7 @@ function resolveDepRoot(fromFile) {
     const idx = main.lastIndexOf(marker);
     if (idx === -1) return null;
     const nm = main.slice(0, idx + marker.length - 1);
-    return existsSync2(join9(nm, "commander")) ? nm : null;
+    return existsSync2(join10(nm, "commander")) ? nm : null;
   } catch {
     return null;
   }
@@ -5677,13 +6334,13 @@ function resolveDepRoot(fromFile) {
 async function gcOldRelayHomes(keepVersion) {
   let entries;
   try {
-    entries = await readdir4(RELAY_HOME_DIR);
+    entries = await readdir6(RELAY_HOME_DIR);
   } catch {
     return;
   }
   for (const name of entries) {
     if (name === keepVersion) continue;
-    await rm4(join9(RELAY_HOME_DIR, name), { recursive: true, force: true }).catch(() => {
+    await rm5(join10(RELAY_HOME_DIR, name), { recursive: true, force: true }).catch(() => {
     });
   }
 }
@@ -5794,7 +6451,7 @@ function fetchHealthz(timeoutMs) {
 }
 async function readPidFile() {
   try {
-    const text = await readFile6(PID_FILE, "utf8");
+    const text = await readFile7(PID_FILE, "utf8");
     const pid = Number.parseInt(text.trim(), 10);
     return Number.isFinite(pid) && pid > 0 ? pid : null;
   } catch {
@@ -6097,8 +6754,8 @@ async function ensureAgentboxTasksFile(container, services, opts = {}) {
   return { status: "wrote" };
 }
 async function writeFileInBox(container, path, content) {
-  const { execa: execa19 } = await import("execa");
-  const result = await execa19(
+  const { execa: execa20 } = await import("execa");
+  const result = await execa20(
     "docker",
     ["exec", "-i", "--user", "vscode", container, "sh", "-c", `cat > ${shellQuote(path)}`],
     { input: content, reject: false }
@@ -6122,29 +6779,29 @@ function persistableLimits(lim) {
   return Object.keys(out).length > 0 ? out : void 0;
 }
 function sanitizeBasename(workspacePath) {
-  const raw = basename3(resolve3(workspacePath));
+  const raw = basename4(resolve3(workspacePath));
   return raw.toLowerCase().replace(/[^a-z0-9._-]+/g, "-").replace(/-+/g, "-").replace(/^[-._]+|[-._]+$/g, "").slice(0, 30).replace(/[-._]+$/, "");
 }
 function defaultBoxName(workspacePath, id) {
   const base = sanitizeBasename(workspacePath);
   return base.length > 0 ? `${base}-${id}` : id;
 }
-async function pathExists5(p) {
+async function pathExists6(p) {
   try {
-    await stat6(p);
+    await stat8(p);
     return true;
   } catch {
     return false;
   }
 }
 async function buildIdentityMounts() {
-  const home = homedir9();
+  const home = homedir10();
   const candidates = [
-    { src: join10(home, ".gitconfig"), dst: "/home/vscode/.gitconfig", readOnly: true }
+    { src: join11(home, ".gitconfig"), dst: "/home/vscode/.gitconfig", readOnly: true }
   ];
   const out = [];
   for (const c of candidates) {
-    if (await pathExists5(c.src)) {
+    if (await pathExists6(c.src)) {
       out.push(`${c.src}:${c.dst}${c.readOnly ? ":ro" : ""}`);
     }
   }
@@ -6154,11 +6811,11 @@ async function createBox(opts) {
   const log = opts.onLog ?? (() => {
   });
   const workspace = resolve3(opts.workspacePath);
-  if (!await pathExists5(workspace)) {
+  if (!await pathExists6(workspace)) {
     throw new Error(`workspace does not exist: ${workspace}`);
   }
-  const cfgPath = join10(workspace, "agentbox.yaml");
-  if (await pathExists5(cfgPath)) {
+  const cfgPath = join11(workspace, "agentbox.yaml");
+  if (await pathExists6(cfgPath)) {
     try {
       const cfg = await loadConfig(cfgPath);
       log(`agentbox.yaml validated (${String(cfg.services.length)} service(s))`);
@@ -6175,6 +6832,7 @@ async function createBox(opts) {
   let checkpointImage;
   let checkpointSource;
   let restoredWorktrees;
+  let resyncResult;
   if (opts.checkpointRef) {
     const projectRootForCkpt = opts.projectRoot ?? workspace;
     const head = await resolveCheckpoint(projectRootForCkpt, opts.checkpointRef);
@@ -6349,7 +7007,7 @@ async function createBox(opts) {
     log(`seeded claude credentials into ${claudeSpec.volume} from host backup`);
   }
   const claudeMounts = buildClaudeMounts(claudeSpec, process.env);
-  const wantCodex = opts.codexConfig !== void 0 || await pathExists5(join10(homedir9(), ".codex"));
+  const wantCodex = opts.codexConfig !== void 0 || await pathExists6(join11(homedir10(), ".codex"));
   let codexMounts;
   let codexConfigVolume;
   if (wantCodex) {
@@ -6369,7 +7027,7 @@ async function createBox(opts) {
     codexMounts = buildCodexMounts(codexSpec, process.env);
     codexConfigVolume = codexSpec.volume;
   }
-  const wantOpencode = opts.opencodeConfig !== void 0 || await pathExists5(join10(homedir9(), ".config", "opencode")) || await pathExists5(join10(homedir9(), ".local", "share", "opencode"));
+  const wantOpencode = opts.opencodeConfig !== void 0 || await pathExists6(join11(homedir10(), ".config", "opencode")) || await pathExists6(join11(homedir10(), ".local", "share", "opencode"));
   let opencodeMounts;
   let opencodeConfigVolume;
   if (wantOpencode) {
@@ -6390,9 +7048,9 @@ async function createBox(opts) {
     opencodeConfigVolume = opencodeSpec.volume;
   }
   const boxDir = boxRunDirFor({ id, name, projectIndex });
-  const socketDir = join10(boxDir, "run");
-  const socketPath = join10(socketDir, "ctl.sock");
-  const mergedExportDir = join10(boxDir, "workspace");
+  const socketDir = join11(boxDir, "run");
+  const socketPath = join11(socketDir, "ctl.sock");
+  const mergedExportDir = join11(boxDir, "workspace");
   await mkdir7(socketDir, { recursive: true });
   await mkdir7(mergedExportDir, { recursive: true });
   const extraVolumes = await buildIdentityMounts();
@@ -6524,7 +7182,7 @@ async function createBox(opts) {
       } catch (err) {
         if (opts.useBranch !== void 0) {
           log(`seedWorkspace failed for --use-branch ${opts.useBranch}; cleaning up the box`);
-          await execa13("docker", ["rm", "-f", containerName], { reject: false });
+          await execa14("docker", ["rm", "-f", containerName], { reject: false });
           for (const w of gitWorktreeRecords) {
             await removeInBoxWorktree({
               hostMainRepo: w.hostMainRepo,
@@ -6551,6 +7209,19 @@ async function createBox(opts) {
       log
     );
     log("re-bound /workspace from checkpoint image");
+    if (opts.resyncOnStart !== false) {
+      const repos = await resyncWorkspaceFromHost({
+        container: containerName,
+        worktrees: restoredWorktrees,
+        onLog: log
+      });
+      resyncResult = {
+        repos,
+        hadConflicts: repos.some(
+          (r) => r.mergeConflicts.length > 0 || r.overlaySkipped.length > 0
+        )
+      };
+    }
   } else {
     log("using /workspace from checkpoint image (no worktrees recorded; no rebind)");
   }
@@ -6567,7 +7238,7 @@ async function createBox(opts) {
   }
   if (opts.withPlaywright) {
     log("installing @playwright/cli@latest (--with-playwright)");
-    const result = await execa13(
+    const result = await execa14(
       "docker",
       [
         "exec",
@@ -6720,7 +7391,7 @@ async function createBox(opts) {
     createdAt
   };
   await recordBox(record);
-  return { record, imageBuilt: built };
+  return { record, imageBuilt: built, resync: resyncResult };
 }
 var DEFAULT_SHELL_SESSION = "shell";
 var SHELL_SESSION_PREFIX = `${DEFAULT_SHELL_SESSION}-`;
@@ -6768,7 +7439,7 @@ function parseShellSessionList(stdout) {
   return out;
 }
 async function listShellSessions(container, user) {
-  const res = await execa14(
+  const res = await execa15(
     "docker",
     [
       "exec",
@@ -6792,7 +7463,7 @@ async function startShellSession(opts) {
   const login = opts.login !== false;
   const term = process.env["TERM"] ?? "xterm-256color";
   const cmd = login ? "bash -l" : "bash";
-  const result = await execa14(
+  const result = await execa15(
     "docker",
     [
       "exec",
@@ -6841,7 +7512,7 @@ function buildShellSessionAttachArgv(container, sessionName, user) {
 }
 async function shellSessionInfo(container, sessionName, user) {
   const name = sessionName ?? DEFAULT_SHELL_SESSION;
-  const has = await execa14(
+  const has = await execa15(
     "docker",
     ["exec", "--user", user ?? CONTAINER_USER, container, "tmux", "has-session", "-t", name],
     { reject: false }
@@ -6849,7 +7520,7 @@ async function shellSessionInfo(container, sessionName, user) {
   return { running: has.exitCode === 0, sessionName: name };
 }
 async function killShellSession(container, sessionName, user) {
-  const res = await execa14(
+  const res = await execa15(
     "docker",
     [
       "exec",
@@ -6903,7 +7574,7 @@ async function getBoxEndpoints(record, engine, persisted) {
     for (const svc of persistedServices) pushService(svc.name, svc.port);
   } else {
     try {
-      const cfg = await loadConfig(join11(record.workspacePath, "agentbox.yaml"));
+      const cfg = await loadConfig(join12(record.workspacePath, "agentbox.yaml"));
       if (!webServiceName) {
         webServiceName = cfg.services.find((s) => s.expose)?.name ?? null;
       }
@@ -7008,9 +7679,9 @@ function safeHost(url) {
     return "";
   }
 }
-async function pathExists6(p) {
+async function pathExists7(p) {
   try {
-    await stat7(p);
+    await stat9(p);
     return true;
   } catch {
     return false;
@@ -7043,12 +7714,20 @@ async function stopBox(idOrName) {
   await stopContainer(box.container);
   return box;
 }
+async function resyncBox(idOrName, onLog) {
+  const box = await resolveBox(idOrName);
+  const worktrees = box.gitWorktrees ?? [];
+  if (worktrees.length === 0) return { repos: [], hadConflicts: false };
+  const repos = await resyncWorkspaceFromHost({ container: box.container, worktrees, onLog });
+  const hadConflicts = repos.some((r) => r.mergeConflicts.length > 0 || r.overlaySkipped.length > 0);
+  return { repos, hadConflicts };
+}
 async function startBox(idOrName) {
   const box = await resolveBox(idOrName);
   for (const w of box.gitWorktrees ?? []) {
-    if (!await pathExists6(join12(w.hostMainRepo, ".git"))) {
+    if (!await pathExists7(join13(w.hostMainRepo, ".git"))) {
       throw new Error(
-        `main repo for box worktree missing: ${join12(w.hostMainRepo, ".git")} (recreate the box)`
+        `main repo for box worktree missing: ${join13(w.hostMainRepo, ".git")} (recreate the box)`
       );
     }
   }
@@ -7143,7 +7822,7 @@ async function getBoxHostPaths(idOrName) {
 }
 async function dirSizeBytes(path) {
   try {
-    const result = await execa15("du", ["-sk", path], { reject: false });
+    const result = await execa16("du", ["-sk", path], { reject: false });
     if (result.exitCode !== 0) return null;
     const sizeKb = Number.parseInt((result.stdout ?? "").split(/\s+/)[0] ?? "", 10);
     if (Number.isNaN(sizeKb)) return null;
@@ -7261,14 +7940,14 @@ async function destroyBox(idOrName, opts = {}) {
   let removedSnapshot = null;
   if (box.snapshotDir && !opts.keepSnapshot) {
     try {
-      await rm5(box.snapshotDir, { recursive: true, force: true });
+      await rm6(box.snapshotDir, { recursive: true, force: true });
       removedSnapshot = box.snapshotDir;
     } catch {
       removedSnapshot = null;
     }
   }
   try {
-    await rm5(boxRunDirFor(box), { recursive: true, force: true });
+    await rm6(boxRunDirFor(box), { recursive: true, force: true });
   } catch {
   }
   await removeBoxRecord(box.id);
@@ -7276,22 +7955,22 @@ async function destroyBox(idOrName, opts = {}) {
 }
 async function listSnapshotDirs() {
   try {
-    const entries = await readdir5(SNAPSHOTS_ROOT, { withFileTypes: true });
-    return entries.filter((e) => e.isDirectory()).map((e) => join12(SNAPSHOTS_ROOT, e.name));
+    const entries = await readdir7(SNAPSHOTS_ROOT, { withFileTypes: true });
+    return entries.filter((e) => e.isDirectory()).map((e) => join13(SNAPSHOTS_ROOT, e.name));
   } catch {
     return [];
   }
 }
 async function listBoxDirs() {
   try {
-    const entries = await readdir5(BOXES_ROOT, { withFileTypes: true });
-    return entries.filter((e) => e.isDirectory()).map((e) => join12(BOXES_ROOT, e.name));
+    const entries = await readdir7(BOXES_ROOT, { withFileTypes: true });
+    return entries.filter((e) => e.isDirectory()).map((e) => join13(BOXES_ROOT, e.name));
   } catch {
     return [];
   }
 }
 async function listCheckpointImageTags() {
-  const r = await execa15(
+  const r = await execa16(
     "docker",
     ["image", "ls", "--format", "{{.Repository}}:{{.Tag}}", `${CHECKPOINT_IMAGE_PREFIX}*`],
     { reject: false }
@@ -7380,13 +8059,13 @@ async function pruneBoxes(opts = {}) {
   for (const v of orphanVolumes) await removeVolume(v);
   for (const d of orphanSnapshots) {
     try {
-      await rm5(d, { recursive: true, force: true });
+      await rm6(d, { recursive: true, force: true });
     } catch {
     }
   }
   for (const d of orphanBoxDirs) {
     try {
-      await rm5(d, { recursive: true, force: true });
+      await rm6(d, { recursive: true, force: true });
     } catch {
     }
   }
@@ -7399,7 +8078,7 @@ async function pruneBoxes(opts = {}) {
     } catch {
     }
     try {
-      await execa15("docker", ["image", "rm", RELAY_IMAGE_REF], { reject: false });
+      await execa16("docker", ["image", "rm", RELAY_IMAGE_REF], { reject: false });
     } catch {
     }
     try {
@@ -7420,7 +8099,7 @@ async function pruneBoxes(opts = {}) {
 async function snapshotPresent(path) {
   if (!path) return false;
   try {
-    const s = await stat7(path);
+    const s = await stat9(path);
     return s.isDirectory();
   } catch {
     return false;
@@ -7461,7 +8140,7 @@ function splitPair(raw) {
   return [parts[0].trim(), parts[1].trim()];
 }
 async function duBytes(path) {
-  const result = await execa16("du", ["-sk", path], { reject: false });
+  const result = await execa17("du", ["-sk", path], { reject: false });
   if (result.exitCode !== 0) return null;
   const kb = Number.parseInt((result.stdout ?? "").split(/\s+/)[0] ?? "", 10);
   return Number.isNaN(kb) ? null : kb * 1024;
@@ -7470,11 +8149,11 @@ async function volumeSizeBytes(name) {
   if (!name) return null;
   const engine = await detectEngine();
   if (engine === "orbstack") {
-    const live = join13(homedir10(), "OrbStack", "docker", "volumes", name);
+    const live = join14(homedir11(), "OrbStack", "docker", "volumes", name);
     const sz = await duBytes(live);
     if (sz !== null) return sz;
   }
-  const df = await execa16(
+  const df = await execa17(
     "docker",
     ["system", "df", "-v", "--format", "{{json .Volumes}}"],
     { reject: false }
@@ -7495,7 +8174,7 @@ async function volumeSizeBytes(name) {
   return null;
 }
 async function imageBytes(tag) {
-  const r = await execa16("docker", ["image", "inspect", tag, "--format", "{{.Size}}"], {
+  const r = await execa17("docker", ["image", "inspect", tag, "--format", "{{.Size}}"], {
     reject: false
   });
   if (r.exitCode !== 0) return null;
@@ -7506,7 +8185,7 @@ async function projectCheckpointImageBytes(projectRoot, name) {
   return imageBytes(checkpointImageTag(projectRoot, name));
 }
 async function allCheckpointImagesBytes() {
-  const r = await execa16(
+  const r = await execa17(
     "docker",
     [
       "image",
@@ -7533,7 +8212,7 @@ async function allCheckpointImagesBytes() {
   return any ? total : null;
 }
 async function agentboxHomeBytes() {
-  return duBytes(join13(homedir10(), ".agentbox"));
+  return duBytes(join14(homedir11(), ".agentbox"));
 }
 function limitsFromRecord(record) {
   const r = record.resourceLimits;
@@ -7558,7 +8237,7 @@ function reconcileLimits(persisted, dockerJson) {
   };
 }
 async function containerWritableBytes(container) {
-  const r = await execa16(
+  const r = await execa17(
     "docker",
     ["ps", "-a", "--filter", `name=^${container}$`, "--format", "{{.Size}}", "--size"],
     { reject: false }
@@ -7605,7 +8284,7 @@ async function boxResourceStats(record) {
   if (await inspectContainerStatus(record.container) !== "running") {
     return base;
   }
-  const proc = await execa16(
+  const proc = await execa17(
     "docker",
     ["stats", "--no-stream", "--format", "{{json .}}", record.container],
     { reject: false }
@@ -7651,7 +8330,7 @@ function asText(s) {
 async function uploadToBox(box, hostSrc, boxDst) {
   const srcAbs = resolve4(hostSrc);
   if (!existsSync3(srcAbs)) throw new Error(`source not found: ${hostSrc}`);
-  const srcBasename = basename4(srcAbs);
+  const srcBasename = basename5(srcAbs);
   const srcParent = dirname22(srcAbs);
   let boxParent;
   let finalName;
@@ -7659,7 +8338,7 @@ async function uploadToBox(box, hostSrc, boxDst) {
     boxParent = boxDst.replace(/\/+$/, "") || "/";
     finalName = srcBasename;
   } else {
-    const isDir2 = await execa17(
+    const isDir2 = await execa18(
       "docker",
       ["exec", box.container, "test", "-d", boxDst],
       { reject: false }
@@ -7673,7 +8352,7 @@ async function uploadToBox(box, hostSrc, boxDst) {
     }
   }
   const finalPath = boxParent === "/" ? `/${finalName}` : `${boxParent}/${finalName}`;
-  const mk = await execa17(
+  const mk = await execa18(
     "docker",
     ["exec", "--user", "root", box.container, "mkdir", "-p", boxParent],
     { reject: false }
@@ -7681,7 +8360,7 @@ async function uploadToBox(box, hostSrc, boxDst) {
   if (mk.exitCode !== 0) {
     throw new Error(`mkdir -p ${boxParent} in box failed: ${asText(mk.stderr).slice(0, 300)}`);
   }
-  const packed = await execa17("tar", ["-C", srcParent, "-cf", "-", srcBasename], {
+  const packed = await execa18("tar", ["-C", srcParent, "-cf", "-", srcBasename], {
     encoding: "buffer",
     reject: false,
     env: { ...process.env, COPYFILE_DISABLE: "1" }
@@ -7689,7 +8368,7 @@ async function uploadToBox(box, hostSrc, boxDst) {
   if (packed.exitCode !== 0) {
     throw new Error(`tar pack failed: ${asText(packed.stderr).slice(0, 300)}`);
   }
-  const extract = await execa17(
+  const extract = await execa18(
     "docker",
     ["exec", "-i", "--user", "root", box.container, "tar", "-xf", "-", "-C", boxParent],
     { input: packed.stdout, reject: false }
@@ -7699,7 +8378,7 @@ async function uploadToBox(box, hostSrc, boxDst) {
   }
   if (finalName !== srcBasename) {
     const initial = boxParent === "/" ? `/${srcBasename}` : `${boxParent}/${srcBasename}`;
-    const mv = await execa17(
+    const mv = await execa18(
       "docker",
       ["exec", "--user", "root", box.container, "mv", initial, finalPath],
       { reject: false }
@@ -7710,7 +8389,7 @@ async function uploadToBox(box, hostSrc, boxDst) {
       );
     }
   }
-  const chown = await execa17(
+  const chown = await execa18(
     "docker",
     ["exec", "--user", "root", box.container, "chown", "-R", "1000:1000", finalPath],
     { reject: false }
@@ -7735,11 +8414,11 @@ async function downloadFromBox(box, boxSrc, hostDst) {
     finalName = srcBasename;
   } else {
     hostParent = dirname22(dstAbs);
-    finalName = basename4(dstAbs);
+    finalName = basename5(dstAbs);
   }
   mkdirSync(hostParent, { recursive: true });
   const finalPath = posix.join(hostParent, finalName);
-  const packed = await execa17(
+  const packed = await execa18(
     "docker",
     ["exec", box.container, "tar", "-C", srcParent, "-cf", "-", srcBasename],
     { encoding: "buffer", reject: false }
@@ -7747,7 +8426,7 @@ async function downloadFromBox(box, boxSrc, hostDst) {
   if (packed.exitCode !== 0) {
     throw new Error(`tar pack in box failed: ${asText(packed.stderr).slice(0, 300)}`);
   }
-  const extract = await execa17("tar", ["-xf", "-", "-C", hostParent], {
+  const extract = await execa18("tar", ["-xf", "-", "-C", hostParent], {
     input: packed.stdout,
     reject: false
   });
@@ -7770,6 +8449,7 @@ var dockerProvider = {
       checkpointRef: req.checkpointRef,
       fromBranch: req.fromBranch,
       useBranch: req.useBranch,
+      resyncOnStart: req.resyncOnStart,
       image: req.image,
       allowPull: req.allowPull,
       imageRegistry: req.imageRegistry,
@@ -7792,7 +8472,8 @@ var dockerProvider = {
     const result = await createBox(opts);
     return {
       record: { ...result.record, provider: "docker" },
-      imageBuilt: result.imageBuilt
+      imageBuilt: result.imageBuilt,
+      resync: result.resync
     };
   },
   async start(box) {
@@ -7879,342 +8560,140 @@ var dockerProvider = {
         return {};
       }
     }
-    const { source } = await pullOrBuild(ref, fingerprint, {
-      onProgress: opts.onLog,
-      allowPull: opts.force ? false : opts.allowPull,
-      registry: opts.registry
-    });
-    if (fingerprint) {
-      opts.onLog?.(
-        `docker image ${ref} ${source}; recorded fingerprint ${fingerprint.contextSha256.slice(0, 12)}`
-      );
-    } else {
-      opts.onLog?.(
-        `docker image ${ref} ${source} (fingerprint unavailable, prepared state not written)`
-      );
-    }
-    return {};
-  }
-};
-var CLOUD_WORKSPACE = "/workspace";
-async function pathExists7(p) {
-  try {
-    await stat8(p);
-    return true;
-  } catch {
-    return false;
-  }
-}
-async function findBrokenSymlinks2(root) {
-  const broken = [];
-  async function walk(dir) {
-    let entries;
-    try {
-      entries = await readdir6(dir, { withFileTypes: true });
-    } catch {
-      return;
-    }
-    for (const ent of entries) {
-      const full = join14(dir, ent.name);
-      if (ent.isSymbolicLink()) {
-        try {
-          await stat8(full);
-        } catch {
-          broken.push(relative2(root, full));
-        }
-      } else if (ent.isDirectory()) {
-        await walk(full);
-      }
-    }
-  }
-  await walk(root);
-  return broken;
-}
-async function mkStageDir(prefix) {
-  return mkdtemp3(join14(tmpdir3(), `agentbox-${prefix}-stage-`));
-}
-function emptyResult(warnings = []) {
-  return { tarballPath: null, cleanup: async () => {
-  }, warnings };
-}
-async function tarballFromDir(stageDir, agent) {
-  const tarballPath = join14(tmpdir3(), `agentbox-${agent}-${basename5(stageDir)}.tar.gz`);
-  await execa18("tar", ["-czf", tarballPath, "-C", stageDir, "."], {
-    env: { ...process.env, COPYFILE_DISABLE: "1" }
-  });
-  return tarballPath;
-}
-function makeCleanup(paths) {
-  return async () => {
-    for (const p of paths) {
-      await rm6(p, { recursive: true, force: true });
-    }
-  };
-}
-async function stageSingleFileTarball(agent, sourcePath, tarballEntryName) {
-  const stageDir = await mkStageDir(agent);
-  let tarballPath = null;
+    const { source } = await pullOrBuild(ref, fingerprint, {
+      onProgress: opts.onLog,
+      allowPull: opts.force ? false : opts.allowPull,
+      registry: opts.registry
+    });
+    if (fingerprint) {
+      opts.onLog?.(
+        `docker image ${ref} ${source}; recorded fingerprint ${fingerprint.contextSha256.slice(0, 12)}`
+      );
+    } else {
+      opts.onLog?.(
+        `docker image ${ref} ${source} (fingerprint unavailable, prepared state not written)`
+      );
+    }
+    return {};
+  }
+};
+var BOX_WORKFLOWS_DIR = "/home/vscode/.claude/workflows";
+var BOX_DYNAMIC_SYNC_MANIFEST = "/home/vscode/.agentbox/dynamic-sync.json";
+var BOX_MEMORY_DIR = `${BOX_CLAUDE_PROJECT_DIR}/memory`;
+async function pathExists8(p) {
   try {
-    await copyFile(sourcePath, join14(stageDir, tarballEntryName));
-    tarballPath = await tarballFromDir(stageDir, agent);
-    return {
-      tarballPath,
-      cleanup: makeCleanup([stageDir, tarballPath]),
-      warnings: []
-    };
-  } catch (err) {
-    await rm6(stageDir, { recursive: true, force: true });
-    if (tarballPath) await rm6(tarballPath, { force: true });
-    throw err;
+    await stat10(p);
+    return true;
+  } catch {
+    return false;
   }
 }
-var CLAUDE_RUNTIME_EXCLUDES = [
-  "projects",
-  "sessions",
-  "history.jsonl",
-  "file-history",
-  "shell-snapshots",
-  "backups",
-  "session-env",
-  "paste-cache",
-  "cache",
-  "telemetry",
-  "tasks",
-  "downloads",
-  "chrome",
-  "ide",
-  "debug",
-  "mcp-needs-auth-cache.json",
-  "stats-cache.json"
-];
-async function stageClaudeStaticForUpload(opts = {}) {
-  const hostHome = opts.hostHome ?? homedir11();
-  const hostClaude = join14(hostHome, ".claude");
-  if (!await pathExists7(hostClaude)) return emptyResult();
-  const stageDir = await mkStageDir("claude-static");
-  let tarballPath = null;
+async function walkFiles(root, prefix = "") {
+  let entries;
   try {
-    const broken = await findBrokenSymlinks2(hostClaude);
-    const excludes = [
-      "--exclude=node_modules",
-      "--exclude=.credentials.json",
-      ...CLAUDE_RUNTIME_EXCLUDES.map((p) => `--exclude=${p}`),
-      ...broken.map((r) => `--exclude=/${r}`)
-    ];
-    await execa18("rsync", [
-      "-a",
-      "--copy-unsafe-links",
-      ...excludes,
-      `${hostClaude}/`,
-      `${stageDir}/`
-    ]);
-    const settingsPath = join14(stageDir, "settings.json");
-    if (await pathExists7(settingsPath)) {
-      try {
-        const parsed = JSON.parse(await readFile7(settingsPath, "utf8"));
-        const filtered = filterHostHooks(parsed, hostHome);
-        if (filtered.removedCommands.length > 0) {
-          await writeFile4(settingsPath, JSON.stringify(filtered.data, null, 2));
-        }
-      } catch {
-      }
-    }
-    const hostClaudeJson = join14(hostHome, ".claude.json");
-    let working;
-    if (await pathExists7(hostClaudeJson)) {
+    entries = await readdir8(root, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const ent of entries) {
+    const rel = prefix ? `${prefix}/${ent.name}` : ent.name;
+    const full = join15(root, ent.name);
+    if (ent.isDirectory()) {
+      out.push(...await walkFiles(full, rel));
+    } else if (ent.isFile()) {
+      out.push(rel);
+    } else if (ent.isSymbolicLink()) {
       try {
-        working = JSON.parse(await readFile7(hostClaudeJson, "utf8"));
+        const s = await stat10(full);
+        if (s.isFile()) out.push(rel);
       } catch {
-        working = null;
       }
     }
-    if (working === void 0 || working === null) {
-      working = {
-        installMethod: "native",
-        autoUpdates: false,
-        autoUpdatesProtectedForNative: true,
-        projects: { [CLOUD_WORKSPACE]: { hasTrustDialogAccepted: true } }
-      };
-    } else {
-      working = filterHostHooks(working, hostHome).data;
-      working = setInstallMethodNative(working).data;
-      if (opts.hostWorkspace) {
-        working = addProjectAlias(working, opts.hostWorkspace, CLOUD_WORKSPACE).data;
+  }
+  return out;
+}
+async function hashFile(absPath) {
+  const buf = await readFile8(absPath);
+  return createHash22("sha256").update(buf).digest("hex");
+}
+async function buildHostSet(name, hostDir, boxDst) {
+  if (hostDir === null) return { dst: boxDst, files: {}, hostDir: null };
+  const rels = await walkFiles(hostDir);
+  const files = {};
+  for (const rel of rels) {
+    files[rel] = await hashFile(join15(hostDir, rel));
+  }
+  return { dst: boxDst, files, hostDir };
+}
+async function buildHostSyncManifest(workspacePath, hostHome = homedir12()) {
+  const workflowsDir = join15(hostHome, ".claude", "workflows");
+  const workflowsHost = await pathExists8(workflowsDir) ? workflowsDir : null;
+  const memoryHost = await resolveClaudeMemoryDir(workspacePath, hostHome);
+  const [workflows, memory] = await Promise.all([
+    buildHostSet("workflows", workflowsHost, BOX_WORKFLOWS_DIR),
+    buildHostSet("memory", memoryHost, BOX_MEMORY_DIR)
+  ]);
+  return { sets: { workflows, memory } };
+}
+var SET_NAMES = ["workflows", "memory"];
+function computeSyncDelta(host, box) {
+  const uploads = [];
+  const deletions = [];
+  const nextSets = {};
+  for (const name of SET_NAMES) {
+    const hostSet = host.sets[name];
+    const boxFiles = box?.sets?.[name]?.files ?? {};
+    for (const [rel, hash] of Object.entries(hostSet.files)) {
+      if (boxFiles[rel] !== hash) {
+        uploads.push({
+          set: name,
+          rel,
+          absSrc: join15(hostSet.hostDir, rel),
+          dst: `${hostSet.dst}/${rel}`
+        });
       }
-      working = trustWorkspace(working, CLOUD_WORKSPACE).data;
     }
-    await writeFile4(join14(stageDir, "_claude.json"), JSON.stringify(working, null, 2));
-    const pluginsDir = join14(stageDir, "plugins");
-    if (await pathExists7(pluginsDir)) {
-      try {
-        const entries = await readdir6(pluginsDir, { withFileTypes: true });
-        for (const ent of entries) {
-          if (!ent.isFile() || !ent.name.endsWith(".json")) continue;
-          const file = join14(pluginsDir, ent.name);
-          const raw = await readFile7(file, "utf8");
-          const replaced = raw.split(`${hostHome}/.claude/plugins/`).join("/home/vscode/.claude/plugins/");
-          if (replaced !== raw) await writeFile4(file, replaced);
-        }
-      } catch {
+    for (const rel of Object.keys(boxFiles)) {
+      if (!(rel in hostSet.files)) {
+        deletions.push({ set: name, rel, dst: `${hostSet.dst}/${rel}` });
       }
     }
-    tarballPath = await tarballFromDir(stageDir, "claude-static");
-    return {
-      tarballPath,
-      cleanup: makeCleanup([stageDir, tarballPath]),
-      warnings: []
-    };
-  } catch (err) {
-    await rm6(stageDir, { recursive: true, force: true });
-    if (tarballPath) await rm6(tarballPath, { force: true });
-    throw err;
-  }
-}
-async function stageClaudeCredentialsForUpload() {
-  if (!await pathExists7(CREDENTIALS_BACKUP_FILE)) return emptyResult();
-  return stageSingleFileTarball("claude-creds", CREDENTIALS_BACKUP_FILE, ".credentials.json");
-}
-var CODEX_RSYNC_EXCLUDES = [
-  "--exclude=sessions",
-  "--exclude=log",
-  "--exclude=history.jsonl",
-  "--exclude=hooks.json",
-  "--exclude=logs_2.sqlite",
-  "--exclude=logs_2.sqlite-shm",
-  "--exclude=logs_2.sqlite-wal",
-  "--exclude=state_5.sqlite",
-  "--exclude=state_5.sqlite-shm",
-  "--exclude=state_5.sqlite-wal",
-  "--exclude=sqlite",
-  "--exclude=cache",
-  "--exclude=vendor_imports",
-  "--exclude=tmp",
-  // .tmp holds codex plugin sync state — ~100 MB of marketplace cache. Not
-  // the same as `tmp/`; both can exist side by side on a long-running host.
-  "--exclude=.tmp",
-  "--exclude=.codex-global-state.json",
-  "--exclude=.codex-global-state.json.bak",
-  "--exclude=.personality_migration",
-  "--exclude=shell_snapshots",
-  "--exclude=session_index.jsonl",
-  "--exclude=models_cache.json",
-  "--exclude=installation_id",
-  "--exclude=version.json"
-];
-var CODEX_KEYCHAIN_WARNING = 'codex: ~/.codex/auth.json missing. On macOS the codex CLI defaults to storing the OAuth token in the system Keychain, which isn\'t reachable from a remote sandbox. To share creds with cloud boxes either:\n  - add `cli_auth_credentials_store = "file"` to ~/.codex/config.toml then re-run `codex login`, or\n  - set OPENAI_API_KEY in your environment, or\n  - run `codex login --with-api-key` for a file-backed login.\nSkipping codex seed; in-box codex will prompt for sign-in.';
-async function stageCodexStaticForUpload(opts = {}) {
-  const hostHome = opts.hostHome ?? homedir11();
-  const hostCodex = join14(hostHome, ".codex");
-  if (!await pathExists7(hostCodex)) return emptyResult();
-  const stageDir = await mkStageDir("codex-static");
-  let tarballPath = null;
-  try {
-    const codexBroken = await findBrokenSymlinks2(hostCodex);
-    await execa18("rsync", [
-      "-a",
-      "-L",
-      ...codexBroken.map((r) => `--exclude=/${r}`),
-      "--exclude=auth.json",
-      ...CODEX_RSYNC_EXCLUDES,
-      `${hostCodex}/`,
-      `${stageDir}/`
-    ]);
-    tarballPath = await tarballFromDir(stageDir, "codex-static");
-    return {
-      tarballPath,
-      cleanup: makeCleanup([stageDir, tarballPath]),
-      warnings: []
-    };
-  } catch (err) {
-    await rm6(stageDir, { recursive: true, force: true });
-    if (tarballPath) await rm6(tarballPath, { force: true });
-    throw err;
+    nextSets[name] = { dst: hostSet.dst, files: hostSet.files };
   }
+  return { uploads, deletions, nextManifest: { version: 1, sets: nextSets } };
 }
-async function stageCodexCredentialsForUpload(opts = {}) {
-  const hostHome = opts.hostHome ?? homedir11();
-  const cloudBackup = join14(hostHome, ".agentbox", "codex-credentials.json");
-  if (await pathExists7(cloudBackup)) {
-    return stageSingleFileTarball("codex-creds", cloudBackup, "auth.json");
+async function stageDynamicSyncTarball(uploads) {
+  if (uploads.length === 0) {
+    return { tarballPath: null, cleanup: async () => {
+    } };
   }
-  const hostAuth = join14(hostHome, ".codex", "auth.json");
-  if (!await pathExists7(hostAuth)) return emptyResult([CODEX_KEYCHAIN_WARNING]);
-  return stageSingleFileTarball("codex-creds", hostAuth, "auth.json");
-}
-var OPENCODE_DATA_EXCLUDES = [
-  "--exclude=storage",
-  "--exclude=log",
-  "--exclude=project",
-  "--exclude=cache",
-  "--exclude=bin",
-  "--exclude=repos",
-  "--exclude=snapshot",
-  "--exclude=config",
-  "--exclude=opencode.db",
-  "--exclude=opencode.db-shm",
-  "--exclude=opencode.db-wal"
-];
-async function stageOpencodeStaticForUpload(opts = {}) {
-  const hostHome = opts.hostHome ?? homedir11();
-  const hostData = join14(hostHome, ".local", "share", "opencode");
-  const hostConfig = join14(hostHome, ".config", "opencode");
-  const hasData = await pathExists7(hostData);
-  const hasConfig = await pathExists7(hostConfig);
-  if (!hasData && !hasConfig) return emptyResult();
-  const stageDir = await mkStageDir("opencode-static");
+  const stageDir = await mkdtemp4(join15(tmpdir4(), "agentbox-dynsync-stage-"));
   let tarballPath = null;
   try {
-    if (hasData) {
-      const dataBroken = await findBrokenSymlinks2(hostData);
-      await execa18("rsync", [
-        "-a",
-        "-L",
-        ...dataBroken.map((r) => `--exclude=/${r}`),
-        "--exclude=auth.json",
-        ...OPENCODE_DATA_EXCLUDES,
-        `${hostData}/`,
-        `${stageDir}/`
-      ]);
-    }
-    if (hasConfig) {
-      const configStage = join14(stageDir, "config");
-      const cfgBroken = await findBrokenSymlinks2(hostConfig);
-      await execa18("rsync", [
-        "-a",
-        "-L",
-        ...cfgBroken.map((r) => `--exclude=/${r}`),
-        `${hostConfig}/`,
-        `${configStage}/`
-      ]);
-    }
-    tarballPath = await tarballFromDir(stageDir, "opencode-static");
+    for (const up of uploads) {
+      const target = join15(stageDir, up.set, up.rel);
+      await mkdir8(dirname32(target), { recursive: true });
+      await copyFile2(up.absSrc, target);
+    }
+    tarballPath = join15(tmpdir4(), `agentbox-dynsync-${basename6(stageDir)}.tar.gz`);
+    await execa19("tar", ["-czf", tarballPath, "-C", stageDir, "."], {
+      env: { ...process.env, COPYFILE_DISABLE: "1" }
+    });
+    const tp = tarballPath;
     return {
-      tarballPath,
-      cleanup: makeCleanup([stageDir, tarballPath]),
-      warnings: []
+      tarballPath: tp,
+      cleanup: async () => {
+        await rm7(stageDir, { recursive: true, force: true });
+        await rm7(tp, { force: true });
+      }
     };
   } catch (err) {
-    await rm6(stageDir, { recursive: true, force: true });
-    if (tarballPath) await rm6(tarballPath, { force: true });
+    await rm7(stageDir, { recursive: true, force: true });
+    if (tarballPath) await rm7(tarballPath, { force: true });
     throw err;
   }
 }
-async function stageOpencodeCredentialsForUpload(opts = {}) {
-  const hostHome = opts.hostHome ?? homedir11();
-  const cloudBackup = join14(hostHome, ".agentbox", "opencode-credentials.json");
-  if (await pathExists7(cloudBackup)) {
-    return stageSingleFileTarball("opencode-creds", cloudBackup, "auth.json");
-  }
-  const hostAuth = join14(hostHome, ".local", "share", "opencode", "auth.json");
-  if (!await pathExists7(hostAuth)) return emptyResult();
-  return stageSingleFileTarball("opencode-creds", hostAuth, "auth.json");
-}
-async function stageOpencodeStateForUpload(opts = {}) {
-  const hostHome = opts.hostHome ?? homedir11();
-  const hostModel = join14(hostHome, ".local", "state", "opencode", "model.json");
-  if (!await pathExists7(hostModel)) return emptyResult();
-  return stageSingleFileTarball("opencode-state", hostModel, "model.json");
-}
 function browserSessionActive(stdout, exitCode) {
   return exitCode === 0 && !/no active sessions/i.test(stdout);
 }
@@ -8249,6 +8728,9 @@ export {
   loadEffectiveConfig,
   resolveDefaultCheckpoint,
   defaultCheckpointConfigKey,
+  resolveBoxSize,
+  resolveBoxImage,
+  boxImageConfigKey,
   setConfigValue,
   unsetConfigValue,
   listProjectsConfigured,
@@ -8299,6 +8781,30 @@ export {
   pullToHost,
   openInFinder,
   ExportError,
+  carrySourceHash,
+  copyCarryPathsToBox,
+  CREDENTIALS_BACKUP_FILE,
+  CODEX_CREDENTIALS_BACKUP_FILE,
+  OPENCODE_CREDENTIALS_BACKUP_FILE,
+  isRealAgentCredential,
+  hostClaudeBackupExpired,
+  parseExtractResult,
+  extractVolumeAuthToBackup,
+  extractCodexCredentials,
+  extractOpencodeCredentials,
+  hostBackupHasCredentials,
+  parseSyncResult,
+  syncClaudeCredentials,
+  encodeClaudeProjectsKey,
+  BOX_CLAUDE_PROJECT_DIR,
+  resolveClaudeMemoryDir,
+  stageClaudeStaticForUpload,
+  stageClaudeCredentialsForUpload,
+  stageCodexStaticForUpload,
+  stageCodexCredentialsForUpload,
+  stageOpencodeStaticForUpload,
+  stageOpencodeCredentialsForUpload,
+  stageOpencodeStateForUpload,
   SHARED_CLAUDE_VOLUME,
   DEFAULT_CLAUDE_SESSION,
   CONTAINER_USER,
@@ -8324,18 +8830,6 @@ export {
   attachClaudeSession,
   claudeSessionInfo,
   pullClaudeExtras,
-  CREDENTIALS_BACKUP_FILE,
-  CODEX_CREDENTIALS_BACKUP_FILE,
-  OPENCODE_CREDENTIALS_BACKUP_FILE,
-  isRealAgentCredential,
-  hostClaudeBackupExpired,
-  parseExtractResult,
-  extractVolumeAuthToBackup,
-  extractCodexCredentials,
-  extractOpencodeCredentials,
-  hostBackupHasCredentials,
-  parseSyncResult,
-  syncClaudeCredentials,
   SHARED_CODEX_VOLUME,
   DEFAULT_CODEX_SESSION,
   resolveCodexVolume,
@@ -8402,6 +8896,7 @@ export {
   checkpointImageTag,
   projectCheckpointsDir,
   listCheckpoints,
+  listAllCheckpoints,
   resolveCheckpoint,
   listAllCheckpointImages,
   removeCheckpoint,
@@ -8452,6 +8947,7 @@ export {
   pauseBox,
   unpauseBox,
   stopBox,
+  resyncBox,
   startBox,
   openBoxInFinder,
   getBoxHostPaths,
@@ -8468,14 +8964,13 @@ export {
   uploadToBox,
   downloadFromBox,
   dockerProvider,
-  stageClaudeStaticForUpload,
-  stageClaudeCredentialsForUpload,
-  stageCodexStaticForUpload,
-  stageCodexCredentialsForUpload,
-  stageOpencodeStaticForUpload,
-  stageOpencodeCredentialsForUpload,
-  stageOpencodeStateForUpload,
+  BOX_WORKFLOWS_DIR,
+  BOX_DYNAMIC_SYNC_MANIFEST,
+  BOX_MEMORY_DIR,
+  buildHostSyncManifest,
+  computeSyncDelta,
+  stageDynamicSyncTarball,
   browserSessionActive,
   ensureBoxBrowser
 };
-//# sourceMappingURL=chunk-ZJXTIH6C.js.map
+//# sourceMappingURL=chunk-IZXPJPPV.js.map