npm - @madarco/agentbox - Versions diffs - 0.12.0 → 0.14.0 - Mend

@madarco/agentbox 0.12.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

package/CHANGELOG.md +96 -0
package/README.md +21 -7
package/dist/{_cloud-attach-XKO4SHR3.js → _cloud-attach-GUBB5RH2.js} +4 -4
package/dist/{chunk-R5XIDQFR.js → chunk-BKU34KYY.js} +170 -6
package/dist/chunk-BKU34KYY.js.map +1 -0
package/dist/{chunk-HFV6THYG.js → chunk-BYCLD6D6.js} +308 -36
package/dist/chunk-BYCLD6D6.js.map +1 -0
package/dist/chunk-LDMYHWUS.js +346 -0
package/dist/chunk-LDMYHWUS.js.map +1 -0
package/dist/{chunk-2LF5YILI.js → chunk-RSKG7AFU.js} +80 -6
package/dist/chunk-RSKG7AFU.js.map +1 -0
package/dist/{chunk-DHJ7OMIP.js → chunk-TBSIJVSN.js} +149 -47
package/dist/chunk-TBSIJVSN.js.map +1 -0
package/dist/{chunk-IZXPJPPV.js → chunk-TCS5HXJX.js} +389 -176
package/dist/chunk-TCS5HXJX.js.map +1 -0
package/dist/{chunk-ECLLV5JH.js → chunk-VATTS2MR.js} +156 -5
package/dist/chunk-VATTS2MR.js.map +1 -0
package/dist/{chunk-SNTHHWKY.js → chunk-XKH7NTT7.js} +80 -22
package/dist/chunk-XKH7NTT7.js.map +1 -0
package/dist/dist-34RKQ74M.js +662 -0
package/dist/dist-34RKQ74M.js.map +1 -0
package/dist/{dist-47LVLYUV.js → dist-3IMQNTTV.js} +14 -69
package/dist/dist-3IMQNTTV.js.map +1 -0
package/dist/{dist-RZZSSUNB.js → dist-4DPOL5A7.js} +5 -3
package/dist/{dist-24PY2ZMO.js → dist-57M6ZA7H.js} +25 -177
package/dist/dist-57M6ZA7H.js.map +1 -0
package/dist/{dist-SWUOU34W.js → dist-J2IHD5T7.js} +37 -226
package/dist/dist-J2IHD5T7.js.map +1 -0
package/dist/index.js +1524 -921
package/dist/index.js.map +1 -1
package/dist/{prepared-state-MQHD3M5F-KE4DT3GX.js → prepared-state-MQHD3M5F-Q27AZU53.js} +2 -2
package/package.json +9 -7
package/runtime/docker/Dockerfile.box +21 -26
package/runtime/docker/apps/cli/share/agentbox-setup/SKILL.md +37 -1
package/runtime/docker/packages/ctl/dist/bin.cjs +46 -17
package/runtime/docker/packages/sandbox-docker/scripts/agentbox-vnc-start +17 -6
package/runtime/docker/packages/sandbox-docker/scripts/chromium-resolver +57 -0
package/runtime/docker/packages/sandbox-docker/scripts/claude-managed-settings.json +2 -1
package/runtime/e2b/agentbox-checkpoint-cleanup +52 -0
package/runtime/e2b/agentbox-codex-hooks.json +68 -0
package/runtime/e2b/agentbox-open +28 -0
package/runtime/e2b/agentbox-setup-skill.md +233 -0
package/runtime/e2b/agentbox-vnc-start +102 -0
package/runtime/e2b/attach-helper.cjs +167 -0
package/runtime/e2b/claude-managed-settings.json +116 -0
package/runtime/e2b/ctl.cjs +23864 -0
package/runtime/e2b/custom-system-CLAUDE.md +46 -0
package/runtime/e2b/gh-shim +344 -0
package/runtime/e2b/git-shim +131 -0
package/runtime/e2b/scripts/build-template.sh +295 -0
package/runtime/hetzner/agentbox-setup-skill.md +37 -1
package/runtime/hetzner/agentbox-vnc-start +17 -6
package/runtime/hetzner/claude-managed-settings.json +2 -1
package/runtime/hetzner/ctl.cjs +46 -17
package/runtime/relay/bin.cjs +305 -230
package/runtime/vercel/agentbox-setup-skill.md +37 -1
package/runtime/vercel/agentbox-vnc-start +17 -6
package/runtime/vercel/claude-managed-settings.json +2 -1
package/runtime/vercel/ctl.cjs +46 -17
package/share/agentbox-setup/SKILL.md +37 -1
package/share/host-skills/agentbox-info/SKILL.md +26 -34
package/dist/chunk-2LF5YILI.js.map +0 -1
package/dist/chunk-DHJ7OMIP.js.map +0 -1
package/dist/chunk-ECLLV5JH.js.map +0 -1
package/dist/chunk-HFV6THYG.js.map +0 -1
package/dist/chunk-IZXPJPPV.js.map +0 -1
package/dist/chunk-R5XIDQFR.js.map +0 -1
package/dist/chunk-SNTHHWKY.js.map +0 -1
package/dist/dist-24PY2ZMO.js.map +0 -1
package/dist/dist-47LVLYUV.js.map +0 -1
package/dist/dist-SWUOU34W.js.map +0 -1
/package/dist/{_cloud-attach-XKO4SHR3.js.map → _cloud-attach-GUBB5RH2.js.map} +0 -0
/package/dist/{dist-RZZSSUNB.js.map → dist-4DPOL5A7.js.map} +0 -0
/package/dist/{prepared-state-MQHD3M5F-KE4DT3GX.js.map → prepared-state-MQHD3M5F-Q27AZU53.js.map} +0 -0

package/dist/dist-57M6ZA7H.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../packages/sandbox-vercel/src/index.ts","../../../packages/sandbox-vercel/src/backend.ts","../../../packages/sandbox-vercel/src/retry.ts","../../../packages/sandbox-vercel/src/prepare.ts","../../../packages/sandbox-vercel/src/build-attach.ts"],"sourcesContent":["/**\n * The Vercel Sandbox provider. A thin `CloudBackend` over `@vercel/sandbox`,\n * composed via `@agentbox/sandbox-cloud`'s `createCloudProvider` for everything\n * provider-agnostic (workspace seeding, ctl/VNC launch, state, relay polling).\n *\n * Three capabilities are overridden on top of the cloud scaffold:\n * - `prepare` — bake the base snapshot (Vercel can't build from a Dockerfile).\n * - `buildAttach` — SDK-streaming tmux bridge (Vercel has no SSH).\n * - `checkpoint` — store the Vercel snapshot *id* in the manifest so restore\n * boots from it (Vercel snapshots are id-addressed, not name-addressed).\n *\n * `launchDockerd: false` because Vercel Sandbox can't run nested containers.\n */\n\nimport type { BoxRecord, Provider, ProviderCheckpoint } from '@agentbox/core';\nimport {\n createCloudProvider,\n currentCloudBaseFingerprint,\n listCloudCheckpoints,\n removeCloudCheckpointDir,\n resolveCloudCheckpoint,\n writeCloudCheckpointManifest,\n} from '@agentbox/sandbox-cloud';\nimport {\n vercelBackend,\n snapshotVercelSandbox,\n deleteVercelSnapshot,\n DEFAULT_BOX_IMAGE_REF,\n} from './backend.js';\nimport { readCliStamp, recordBox } from '@agentbox/sandbox-core';\nimport { prepareVercelProvider } from './prepare.js';\nimport { buildVercelAttach } from './build-attach.js';\nimport { currentVercelBaseFingerprintLive } from './prepared-state.js';\n\nconst BACKEND_NAME = 'vercel';\n\nconst cloudProvider = createCloudProvider(vercelBackend, {\n // Vercel couples RAM to vCPU at 2048 MB/vCPU; disk is a fixed 32 GB NVMe.\n defaultResources: { cpu: 2, memory: 4, disk: 32 },\n launchDockerd: false,\n});\n\n/**\n * Vercel-specific checkpoint capability. Unlike the scaffold's default (which\n * stores a caller-chosen snapshot *name*), we capture the opaque Vercel\n * snapshot id and store THAT in the manifest's `snapshotName` field — the cloud\n * create flow passes `manifest.snapshotName` straight to\n * `provision({ snapshot })`, and the Vercel backend boots from it as a snapshot\n * id. (The scaffold's `cloudSnapshotName` project-scoping isn't needed — Vercel\n * snapshot ids are already globally unique.)\n */\nconst vercelCheckpoint: ProviderCheckpoint = {\n async create(box: BoxRecord, name: string) {\n if (!box.projectRoot) {\n throw new Error(\n 'cloud checkpoint requires the box to have a project root (run `agentbox checkpoint` from inside the project)',\n );\n }\n if (!box.cloud?.sandboxId) {\n throw new Error(`vercel box ${box.name} has no sandboxId — record is malformed`);\n }\n // NOTE: snapshotting stops the source sandbox; persistent mode resumes it\n // on the next call. Surfaced to the user in `agentbox checkpoint` docs.\n const snapshotId = await snapshotVercelSandbox(box.cloud.sandboxId);\n // The box is now stopped — persist it so the fast `agentbox list` path\n // doesn't show a stale `running` after a checkpoint. Best-effort.\n try {\n await recordBox({ ...box, cloud: { ...box.cloud, lastState: 'paused' } });\n } catch {\n // not worth failing the checkpoint over a state-record write\n }\n const info = await writeCloudCheckpointManifest(box.projectRoot, BACKEND_NAME, name, {\n snapshotName: snapshotId,\n sourceBoxId: box.id,\n sourceBoxName: box.name,\n baseProvider: BACKEND_NAME,\n baseFingerprint: currentCloudBaseFingerprint(BACKEND_NAME),\n cliVersion: readCliStamp().cliVersion,\n });\n return { ref: info.name };\n },\n async list(projectRoot: string) {\n const entries = await listCloudCheckpoints(projectRoot, BACKEND_NAME);\n return entries.map((e) => ({ ref: e.name, createdAt: e.manifest.createdAt }));\n },\n async remove(projectRoot: string, ref: string) {\n const entry = await resolveCloudCheckpoint(projectRoot, BACKEND_NAME, ref);\n if (!entry) return;\n try {\n await deleteVercelSnapshot(entry.manifest.snapshotName);\n } catch {\n // best-effort: drop the local manifest even if the remote delete failed\n // (network/perms/already-gone) so the user isn't left with a dead pointer.\n }\n await removeCloudCheckpointDir(projectRoot, BACKEND_NAME, ref);\n },\n};\n\nexport const vercelProvider: Provider = {\n ...cloudProvider,\n prepare: prepareVercelProvider,\n buildAttach: buildVercelAttach,\n checkpoint: vercelCheckpoint,\n baseFingerprint: () => currentVercelBaseFingerprintLive(),\n};\n\nexport { vercelBackend, DEFAULT_BOX_IMAGE_REF };\nexport { ensureVercelEnvLoaded, reloadVercelEnv } from './env-loader.js';\nexport { ensureVercelCredentials } from './credentials.js';\nexport type { EnsureVercelCredentialsOptions } from './credentials.js';\nexport {\n readVercelCredStatus,\n secretsPath,\n maskKey,\n type VercelCredStatus,\n} from './credentials.js';\nexport {\n prepareVercel,\n prepareVercelProvider,\n type PrepareVercelOptions,\n type PrepareVercelResult,\n} from './prepare.js';\nexport {\n currentVercelBaseFingerprintLive,\n ensureVercelBaseSnapshot,\n preparedStatePath,\n readPreparedState,\n writePreparedState,\n updatePreparedState,\n type PreparedVercelState,\n type PreparedVercelBase,\n} from './prepared-state.js';\nexport {\n RUNTIME_ASSETS,\n candidatesFor,\n resolveRuntimeAssets,\n findStagedCliRuntimeRoot,\n type RuntimeAsset,\n type ResolvedAsset,\n} from './runtime-assets.js';\nexport { buildVercelAttach } from './build-attach.js';\n","/**\n * Vercel `CloudBackend` — maps the provider-neutral cloud primitives onto\n * `@vercel/sandbox` v2 (Firecracker microVMs + snapshots). Composed into a full\n * `Provider` by `@agentbox/sandbox-cloud`'s `createCloudProvider`.\n *\n * Platform shape this backend is built around (see docs/cloud-providers.md):\n * - No custom image — sandboxes boot from a Vercel snapshot baked once by\n * `agentbox prepare --provider vercel`. `provision` always needs a snapshot\n * id (the prepared base, or a cloud-checkpoint snapshot).\n * - No SSH — `attachArgv` is intentionally omitted; the provider overrides\n * `buildAttach` with a Vercel-SDK-streaming helper instead.\n * - No nested containers — dockerd is disabled at the provider level.\n * - Persistent sandboxes auto-snapshot on stop and auto-resume on the next\n * `Sandbox.get({ resume: true })`, which is how pause/resume map cleanly.\n * - The sandbox's native user is `vercel-sandbox`; agentbox standardizes on\n * `vscode` (uid 1000), created by provision.sh. So `exec` drops privileges\n * to `vscode` (root → `sudo -u vscode`) unless the caller asks for root,\n * and `uploadFile` chowns to uid 1000 after the SDK writes as\n * `vercel-sandbox`.\n * - Max 4 exposed ports: we use 80 (WebProxy), 6080 (noVNC), 8788 (relay/ctl\n * bridge). One slot is left free for a future per-service expose.\n */\n\nimport { readFile } from 'node:fs/promises';\nimport type {\n CloudBackend,\n CloudExecOptions,\n CloudExecResult,\n CloudFileEntry,\n CloudHandle,\n CloudPreviewUrl,\n CloudProvisionRequest,\n CloudSandboxSummary,\n CloudState,\n} from '@agentbox/core';\nimport type { NetworkPolicy } from '@vercel/sandbox';\nimport {\n ensureFreshCredentials,\n resolveCredentials,\n Sandbox,\n Snapshot,\n type SandboxType,\n} from './sdk.js';\nimport { withVercelRetry } from './retry.js';\nimport { readPreparedState } from './prepared-state.js';\n\n/** Sentinel image ref the cloud-provider hands us when no --image was passed. */\nexport const DEFAULT_BOX_IMAGE_REF = 'agentbox/box:dev';\n\n/** Box user agentbox standardizes on. provision.sh creates it (uid auto-assigned —\n * the Vercel default user may already hold 1000, and there are no bind mounts so\n * the exact uid is irrelevant). chown targets it by name, not number. */\nconst BOX_USER = 'vscode';\nconst BOX_OWNER = 'vscode:vscode';\n\n/**\n * Base ports exposed at create. Vercel REJECTS privileged ports (<1024) with a\n * 400, so we cannot expose the scaffold's WebProxy on :80. Instead the in-box\n * WebProxy binds 8080 (set via `webProxyPort` → AGENTBOX_WEB_PROXY_PORT) and we\n * expose 8080 here so `sandbox.domain(8080)` routes to it → the in-box `expose:`\n * service. Ports are fixed at create (update can't add a routable port to a\n * running sandbox — verified), so 8080 must be in this base set. The other two\n * base ports are 6080 (noVNC) and 8788 (the relay/ctl bridge the host poller\n * reaches via `sandbox.domain(8788)`). Remaining slots (up to VERCEL_MAX_PORTS)\n * are filled at create from `agentbox.yaml` `expose:` ports (see buildExposedPorts).\n */\nexport const VERCEL_EXPOSED_PORTS = [8080, 6080, 8788] as const;\n\n/** Vercel's hard per-sandbox exposed-port cap. */\nexport const VERCEL_MAX_PORTS = 4;\n\n/**\n * Merge requested `expose:` service ports into the base set: drop privileged\n * (<1024 — Vercel 400s) and out-of-range ports + dupes, preserve order, and cap\n * at Vercel's 4-port limit. A preview URL only routes to a port declared here at\n * create time, so this is what makes `services.*.expose` reachable on Vercel.\n */\nexport function buildExposedPorts(extra: readonly number[] | undefined): number[] {\n const ports = [...VERCEL_EXPOSED_PORTS] as number[];\n const seen = new Set<number>(ports);\n for (const p of extra ?? []) {\n if (ports.length >= VERCEL_MAX_PORTS) break;\n if (Number.isInteger(p) && p >= 1024 && p < 65_536 && !seen.has(p)) {\n ports.push(p);\n seen.add(p);\n }\n }\n return ports;\n}\n\n/**\n * Parse the `box.vercelNetworkPolicy` config string into a Vercel\n * `NetworkPolicy`. `''`/unset → undefined (SDK default = allow-all). The\n * literals `allow-all` / `deny-all` pass through; anything else is treated as a\n * comma-separated domain allowlist `{ allow: [...] }` (everything else denied).\n */\nexport function parseNetworkPolicy(raw: string | undefined): NetworkPolicy | undefined {\n const v = (raw ?? '').trim();\n if (v === '') return undefined;\n if (v === 'allow-all' || v === 'deny-all') return v;\n const allow = v\n .split(',')\n .map((s) => s.trim())\n .filter((s) => s.length > 0);\n return allow.length > 0 ? { allow } : undefined;\n}\n\n/**\n * Default per-session timeout. 45 min is the Hobby ceiling, so it's safe across\n * all plans; persistent mode makes a hit transparent (the VM auto-snapshots and\n * auto-resumes on the next SDK call). Pro/Enterprise users who want a longer\n * single session can rely on `extendTimeout` / future config.\n */\nconst DEFAULT_TIMEOUT_MS = 45 * 60_000;\n\n/**\n * Per-box snapshot retention. Keep one auto-snapshot, never expiring, so a\n * paused box can always resume; `destroy` purges a box's own snapshot explicitly.\n *\n * `deleteEvicted: false` is load-bearing, NOT a tweak. A box boots from a shared\n * snapshot (the prepared base, or a `setup` checkpoint), and Vercel reports that\n * source as the box's `currentSnapshotId` until it takes its first auto-snapshot\n * — i.e. the source is the first member of this box's retention window. With\n * `deleteEvicted: true`, the box's first stop/snapshot evicts the source and\n * DELETES it, nuking the shared base/checkpoint every other box depends on, so\n * every later `create` 410s with \"Snapshot expired or deleted.\" (Same hazard the\n * `destroy` guard already dodges, but eviction is automatic and bypasses it.)\n * `false` keeps evicted snapshots around (they fall back to `snapshotExpiration`,\n * which we pin to 0 = never at create) — trading a little snapshot accumulation\n * for never deleting a snapshot another box boots from.\n */\nconst KEEP_LAST_SNAPSHOTS = { count: 1, expiration: 0, deleteEvicted: false } as const;\n\nfunction creds(): Partial<{ token: string; teamId: string; projectId: string }> {\n return resolveCredentials();\n}\n\n/** Single-quote a string for safe embedding inside a `bash -lc '<…>'`. */\nfunction shq(s: string): string {\n return \"'\" + s.replace(/'/g, \"'\\\\''\") + \"'\";\n}\n\nasync function getSandbox(id: string): Promise<SandboxType> {\n // resume:false — plain handle resolution; lifecycle methods opt into resume.\n return Sandbox.get({ name: id, resume: false, ...creds() });\n}\n\nasync function maybeGetSandbox(id: string): Promise<SandboxType | null> {\n try {\n return await getSandbox(id);\n } catch {\n return null;\n }\n}\n\n/**\n * Map Vercel's session status onto our 4-value `CloudState`. Transitional\n * states report as 'running' so callers don't ping-pong; 'stopped' maps to\n * 'paused' because a persistent sandbox keeps an auto-snapshot and resumes on\n * the next call (our pause semantics). 'aborted'/'failed' → 'missing'.\n */\nfunction mapState(s: string | undefined): CloudState {\n switch (s) {\n case 'running':\n return 'running';\n case 'pending':\n case 'stopping':\n case 'snapshotting':\n return 'running';\n case 'stopped':\n return 'paused';\n case 'aborted':\n case 'failed':\n default:\n return 'missing';\n }\n}\n\n/**\n * Build a `runCommand` invocation that runs `cmd` (already a shell string) as\n * the box user (`vscode`) by default, or as root when requested. Always starts\n * the SDK command as root (`sudo: true`) so the inner `sudo -u vscode` is\n * reliably passwordless, then drops privileges. cwd + env are applied inside\n * the dropped shell so they land in the right user/home context.\n */\nfunction buildRunCommand(\n cmd: string,\n opts?: CloudExecOptions,\n): { cmd: string; args: string[]; sudo: boolean } {\n const prelude: string[] = [];\n if (opts?.cwd) prelude.push(`cd ${shq(opts.cwd)}`);\n for (const [k, v] of Object.entries(opts?.env ?? {})) {\n // The value is shell-quoted, but the key is interpolated bare into a\n // `bash -lc` string that runs as root — reject anything that isn't a POSIX\n // env-var name so a key like `x;rm -rf /` can't inject a command.\n if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(k)) {\n throw new Error(`vercel exec: invalid env var name ${JSON.stringify(k)}`);\n }\n prelude.push(`export ${k}=${shq(v)}`);\n }\n const inner = [...prelude, cmd].join('\\n');\n const user = opts?.user ?? BOX_USER;\n if (user === 'root') {\n return { cmd: 'bash', args: ['-lc', inner], sudo: true };\n }\n return {\n cmd: 'bash',\n args: ['-lc', `sudo -u ${user} -H bash -lc ${shq(inner)}`],\n sudo: true,\n };\n}\n\nexport const vercelBackend: CloudBackend = {\n name: 'vercel',\n\n // Vercel rejects privileged ports (<1024) and can't add a routable port to a\n // running sandbox (update registers a route that 502s — verified). So the\n // in-box WebProxy binds 8080 (exposed at create via VERCEL_EXPOSED_PORTS) and\n // `agentbox url` resolves sandbox.domain(8080) → WebProxy → the in-box service.\n webProxyPort: 8080,\n\n async provision(req: CloudProvisionRequest): Promise<CloudHandle> {\n await ensureFreshCredentials();\n // Resolve the snapshot to boot from: an explicit cloud-checkpoint snapshot\n // (req.snapshot) wins, else the prepared base. Vercel can't build from a\n // Dockerfile, so there is no image fallback — fail loud with the fix.\n const snapshotId = req.snapshot ?? readPreparedState().base?.snapshotId;\n if (!snapshotId) {\n throw new Error(\n 'no Vercel base snapshot found.\\n' +\n 'Run `agentbox prepare --provider vercel` first — Vercel cannot build images ' +\n 'from a Dockerfile, so the base snapshot is a one-time prerequisite.',\n );\n }\n const networkPolicy = parseNetworkPolicy(req.networkPolicy);\n // No-retry: Sandbox.create is billable and non-idempotent — a timeout after\n // the request reached the origin could leave a duplicate sandbox we can't\n // reference for cleanup.\n const handle = await withVercelRetry(\n { method: 'provision', retryOnAmbiguous: false, attemptTimeoutMs: 900_000, backoffMs: [] },\n async () => {\n const sb = await Sandbox.create({\n name: req.name,\n source: { type: 'snapshot', snapshotId },\n resources: { vcpus: req.resources?.cpu ?? 2 },\n ports: buildExposedPorts(req.exposePorts),\n timeout: req.timeoutMs ?? DEFAULT_TIMEOUT_MS,\n env: req.env,\n tags: { agentbox: 'true', 'agentbox.name': req.name },\n persistent: true,\n // Pin the sandbox-default expiration to never. Evicted snapshots (see\n // KEEP_LAST_SNAPSHOTS) fall back to this, so the shared base/checkpoint\n // a box boots from is never re-stamped with a finite expiry on eviction.\n snapshotExpiration: 0,\n keepLastSnapshots: { ...KEEP_LAST_SNAPSHOTS },\n ...(networkPolicy ? { networkPolicy } : {}),\n ...creds(),\n });\n return { sandboxId: sb.name };\n },\n );\n // Agent credentials are seeded by `createCloudProvider`'s unified\n // post-provision step (`seedAgentVolumesIfFresh`) via `uploadFile` + `exec`\n // — the symlinks baked into provision.sh route ~/.claude/.credentials.json\n // etc. through to `~/.agentbox-creds/<agent>/`.\n return handle;\n },\n\n async get(sandboxId: string): Promise<CloudHandle | null> {\n await ensureFreshCredentials();\n return withVercelRetry({ method: 'get', retryOnAmbiguous: true }, async () => {\n const sb = await maybeGetSandbox(sandboxId);\n return sb ? { sandboxId: sb.name } : null;\n });\n },\n\n async list(): Promise<CloudSandboxSummary[]> {\n await ensureFreshCredentials();\n return withVercelRetry({ method: 'list', retryOnAmbiguous: true }, async () => {\n const page = await Sandbox.list({ ...creds() });\n const items = await page.toArray();\n return items\n .filter((sb) => sb.tags?.['agentbox'] === 'true')\n .map((sb): CloudSandboxSummary => {\n const summary: CloudSandboxSummary = { sandboxId: sb.name };\n const friendly = sb.tags?.['agentbox.name'] ?? sb.name;\n if (friendly) summary.name = friendly;\n if (typeof sb.createdAt === 'number') {\n summary.createdAt = new Date(sb.createdAt).toISOString();\n }\n summary.state = mapState(sb.status);\n return summary;\n });\n });\n },\n\n async start(h: CloudHandle): Promise<void> {\n await ensureFreshCredentials();\n await withVercelRetry(\n { method: 'start', retryOnAmbiguous: true, attemptTimeoutMs: 120_000 },\n async () => {\n // resume:true auto-resumes a persistent sandbox from its current snapshot.\n await Sandbox.get({ name: h.sandboxId, resume: true, ...creds() });\n },\n );\n },\n\n async stop(h: CloudHandle): Promise<void> {\n await ensureFreshCredentials();\n await withVercelRetry(\n { method: 'stop', retryOnAmbiguous: true, attemptTimeoutMs: 120_000 },\n async () => {\n const sb = await getSandbox(h.sandboxId);\n // For a persistent sandbox this captures an auto-snapshot and shuts the\n // VM down — resume happens lazily on the next Sandbox.get.\n await sb.stop();\n },\n );\n },\n\n // pause == stop on Vercel (the auto-snapshot IS the cold-storage state).\n async pause(h: CloudHandle): Promise<void> {\n await this.stop(h);\n },\n\n async resume(h: CloudHandle): Promise<void> {\n await this.start(h);\n },\n\n async destroy(h: CloudHandle): Promise<void> {\n await ensureFreshCredentials();\n await withVercelRetry(\n { method: 'destroy', retryOnAmbiguous: true, attemptTimeoutMs: 120_000 },\n async () => {\n const sb = await maybeGetSandbox(h.sandboxId);\n if (!sb) return; // already gone — destroy is idempotent\n // Purge only a snapshot THIS box created (its own stop-time auto-\n // snapshot), never the shared base/source it booted from. A fresh box\n // has currentSnapshotId === sourceSnapshotId === the prepared base, and\n // deleting that would nuke the base snapshot every other box depends on.\n const snapId = sb.currentSnapshotId;\n const source = sb.sourceSnapshotId;\n const base = readPreparedState().base?.snapshotId;\n const ownSnapshot =\n snapId !== undefined && snapId !== source && snapId !== base;\n await sb.delete();\n if (ownSnapshot) {\n try {\n const snap = await Snapshot.get({ snapshotId: snapId, ...creds() });\n await snap.delete();\n } catch {\n // best-effort: a snapshot already gone is fine; the user can clean\n // stragglers from the Vercel dashboard.\n }\n }\n },\n );\n },\n\n async state(h: CloudHandle): Promise<CloudState> {\n await ensureFreshCredentials();\n return withVercelRetry({ method: 'state', retryOnAmbiguous: true }, async () => {\n const sb = await maybeGetSandbox(h.sandboxId);\n if (!sb) return 'missing';\n return mapState(sb.status);\n });\n },\n\n async exec(h: CloudHandle, cmd: string, opts?: CloudExecOptions): Promise<CloudExecResult> {\n await ensureFreshCredentials();\n return withVercelRetry(\n {\n method: 'exec',\n retryOnAmbiguous: opts?.noRetry ? false : true,\n attemptTimeoutMs: opts?.attemptTimeoutMs ?? 120_000,\n backoffMs: opts?.noRetry ? [] : undefined,\n },\n async () => {\n const sb = await getSandbox(h.sandboxId);\n const r = await sb.runCommand(buildRunCommand(cmd, opts));\n const [stdout, stderr] = await Promise.all([r.stdout(), r.stderr()]);\n return { exitCode: r.exitCode, stdout, stderr };\n },\n );\n },\n\n async uploadFile(h: CloudHandle, localPath: string, remotePath: string): Promise<void> {\n await ensureFreshCredentials();\n await withVercelRetry(\n { method: 'uploadFile', retryOnAmbiguous: true, attemptTimeoutMs: 300_000 },\n async () => {\n const content = await readFile(localPath);\n const sb = await getSandbox(h.sandboxId);\n await sb.writeFiles([{ path: remotePath, content }]);\n // writeFiles writes as `vercel-sandbox`; chown to the box user so the\n // scaffold's vscode-context reads/extractions succeed. Best-effort —\n // a chown failure on a world-readable /tmp staging file is harmless.\n try {\n await sb.runCommand({ cmd: 'chown', args: [BOX_OWNER, remotePath], sudo: true });\n } catch {\n // ignore — file is at least present and readable\n }\n },\n );\n },\n\n async downloadFile(h: CloudHandle, remotePath: string, localPath: string): Promise<void> {\n await ensureFreshCredentials();\n await withVercelRetry(\n { method: 'downloadFile', retryOnAmbiguous: true, attemptTimeoutMs: 300_000 },\n async () => {\n const sb = await getSandbox(h.sandboxId);\n const written = await sb.downloadFile(\n { path: remotePath },\n { path: localPath },\n { mkdirRecursive: true },\n );\n if (written === null) {\n throw new Error(`vercel downloadFile: source not found: ${remotePath}`);\n }\n },\n );\n },\n\n async listFiles(h: CloudHandle, remoteDir: string): Promise<CloudFileEntry[]> {\n await ensureFreshCredentials();\n return withVercelRetry({ method: 'listFiles', retryOnAmbiguous: true }, async () => {\n const sb = await getSandbox(h.sandboxId);\n const entries = await sb.fs.readdir(remoteDir, { withFileTypes: true });\n return entries.map((e) => ({ name: e.name, isDir: e.isDirectory() }));\n });\n },\n\n async previewUrl(h: CloudHandle, port: number): Promise<CloudPreviewUrl> {\n await ensureFreshCredentials();\n return withVercelRetry({ method: 'previewUrl', retryOnAmbiguous: true }, async () => {\n const sb = await getSandbox(h.sandboxId);\n // sb.domain(port) is a public HTTPS URL (no header token needed).\n return { url: sb.domain(port), token: undefined };\n });\n },\n\n // Fewer params than the interface's (h, port, expiresInSeconds) is fine —\n // Vercel sandbox domains are already public + browser-usable, so the signed\n // URL is just the standard one (the TTL is governed by the sandbox session\n // lifetime, not a per-URL signature, so the expiry arg is irrelevant here).\n async signedPreviewUrl(h: CloudHandle, port: number): Promise<CloudPreviewUrl> {\n return this.previewUrl(h, port);\n },\n\n async snapshotExists(snapshotName: string): Promise<boolean> {\n await ensureFreshCredentials();\n return withVercelRetry({ method: 'snapshotExists', retryOnAmbiguous: true }, async () => {\n try {\n const snap = await Snapshot.get({ snapshotId: snapshotName, ...creds() });\n // `Snapshot.get` resolves deleted/failed tombstones (status field) rather\n // than throwing, so \"didn't throw\" wrongly passes a dead snapshot. Only a\n // 'created' snapshot can actually boot a sandbox.\n return snap.status === 'created';\n } catch {\n return false;\n }\n });\n },\n\n // NOTE: no `createSnapshot`/`deleteSnapshot` here. Vercel snapshots are\n // addressed by an opaque id (not a caller-chosen name), which doesn't fit the\n // CloudBackend `createSnapshot(handle, name): void` contract — the provider\n // needs the id back to store it in the checkpoint manifest. The Vercel\n // provider therefore overrides the whole `checkpoint` capability in index.ts\n // using `snapshotVercelSandbox` / `deleteVercelSnapshot` below.\n};\n\n/**\n * Snapshot a running sandbox and return the resulting Vercel snapshot id.\n * `sb.snapshot()` stops the source sandbox as part of capture; persistent mode\n * resumes it on the next SDK call, so the box comes back automatically.\n */\nexport async function snapshotVercelSandbox(sandboxId: string): Promise<string> {\n await ensureFreshCredentials();\n return withVercelRetry(\n { method: 'createSnapshot', retryOnAmbiguous: false, attemptTimeoutMs: 900_000, backoffMs: [] },\n async () => {\n const sb = await getSandbox(sandboxId);\n const snap = await sb.snapshot({ expiration: 0 });\n return snap.snapshotId;\n },\n );\n}\n\n/** Delete a Vercel snapshot by id. Idempotent — a missing snapshot is success. */\nexport async function deleteVercelSnapshot(snapshotId: string): Promise<void> {\n await ensureFreshCredentials();\n await withVercelRetry({ method: 'deleteSnapshot', retryOnAmbiguous: true }, async () => {\n try {\n const snap = await Snapshot.get({ snapshotId, ...creds() });\n await snap.delete();\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n if (/not.?found|404/i.test(msg)) return; // idempotent\n throw err;\n }\n });\n}\n","/**\n * Bounded retry wrapper for Vercel Sandbox SDK calls — mirrors\n * `withDaytonaRetry` / `withHetznerRetry` in shape and intent. The Vercel\n * control plane rate-limits (429) and can return transient 5xx during\n * incidents; without bounded retries those propagate as wedges in the calling\n * lifecycle code.\n *\n * Non-idempotent ops (`provision`/`Sandbox.create`, `createSnapshot`) pass\n * `retryOnAmbiguous: false` so a timeout after the request reached the origin\n * doesn't create a duplicate billable sandbox/snapshot.\n */\n\nexport interface WithRetryOptions {\n method: string;\n /** Per-attempt timeout (ms). Default 30_000. */\n attemptTimeoutMs?: number;\n /** Backoff before attempts 2, 3, … (ms). Default [1000, 2000, 4000]. */\n backoffMs?: readonly number[];\n /**\n * Retry on errors where we can't be sure the server applied the request\n * (connection failures, per-attempt timeouts, 5xx). Set false for\n * non-idempotent operations where a retry could create a duplicate resource.\n */\n retryOnAmbiguous: boolean;\n /** Override the default stderr retry sink (used by tests). */\n onRetry?: (line: string) => void;\n}\n\nconst DEFAULT_BACKOFF: readonly number[] = [1000, 2000, 4000];\nconst DEFAULT_ATTEMPT_TIMEOUT_MS = 30_000;\n\nclass AttemptTimeoutError extends Error {\n constructor(method: string, ms: number) {\n super(`vercel ${method}: per-attempt timeout after ${String(ms)}ms`);\n this.name = 'AttemptTimeoutError';\n }\n}\n\nexport function isAttemptTimeout(err: unknown): err is AttemptTimeoutError {\n return err instanceof AttemptTimeoutError;\n}\n\n/** HTTP status code dug out of whatever error shape the SDK throws. */\nfunction statusCodeOf(err: unknown): number | undefined {\n if (!err || typeof err !== 'object') return undefined;\n for (const key of ['statusCode', 'status', 'code'] as const) {\n const v = (err as Record<string, unknown>)[key];\n if (typeof v === 'number') return v;\n }\n const resp = (err as { response?: { status?: unknown } }).response;\n if (resp && typeof resp.status === 'number') return resp.status;\n return undefined;\n}\n\nexport function isRetriable(err: unknown, allowAmbiguous: boolean): boolean {\n if (err instanceof AttemptTimeoutError) return allowAmbiguous;\n\n const status = statusCodeOf(err);\n if (status !== undefined) {\n if (status === 429) return true; // rate limited — the server told us to wait\n if (status >= 500 && status <= 599) return allowAmbiguous;\n return false; // 4xx (auth, validation, not_found) — permanent\n }\n\n // Raw fetch / undici errors. Node wraps low-level errors in `{ cause }`.\n if (err && typeof err === 'object') {\n const candidates: unknown[] = [err, (err as { cause?: unknown }).cause];\n for (const c of candidates) {\n if (!c || typeof c !== 'object') continue;\n const code = (c as { code?: unknown }).code;\n if (\n code === 'ECONNRESET' ||\n code === 'ETIMEDOUT' ||\n code === 'ECONNABORTED' ||\n code === 'EAI_AGAIN' ||\n code === 'ECONNREFUSED' ||\n code === 'ENOTFOUND' ||\n code === 'UND_ERR_SOCKET' ||\n code === 'UND_ERR_CONNECT_TIMEOUT'\n ) {\n return allowAmbiguous;\n }\n }\n }\n return false;\n}\n\nexport async function withVercelRetry<T>(\n opts: WithRetryOptions,\n fn: () => Promise<T>,\n): Promise<T> {\n const backoff = opts.backoffMs ?? DEFAULT_BACKOFF;\n const maxAttempts = backoff.length + 1;\n const timeoutMs = opts.attemptTimeoutMs ?? DEFAULT_ATTEMPT_TIMEOUT_MS;\n const log = opts.onRetry ?? defaultRetryLog;\n\n for (let attempt = 1; attempt <= maxAttempts; attempt++) {\n try {\n return await raceTimeout(fn(), timeoutMs, opts.method);\n } catch (err) {\n const last = attempt === maxAttempts;\n if (last || !isRetriable(err, opts.retryOnAmbiguous)) throw err;\n const delay = backoff[attempt - 1] ?? backoff[backoff.length - 1] ?? 4000;\n log(\n `vercel ${opts.method}: attempt ${String(attempt)} failed (${errorSummary(err)}); retrying in ${String(delay)}ms`,\n );\n await sleep(delay);\n }\n }\n throw new Error(`withVercelRetry: exhausted attempts for ${opts.method}`);\n}\n\nfunction defaultRetryLog(line: string): void {\n process.stderr.write(`\\n[vercel-retry] ${line}\\n`);\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nasync function raceTimeout<T>(p: Promise<T>, ms: number, method: string): Promise<T> {\n let timer: ReturnType<typeof setTimeout> | undefined;\n try {\n return await Promise.race([\n p,\n new Promise<never>((_resolve, reject) => {\n timer = setTimeout(() => reject(new AttemptTimeoutError(method, ms)), ms);\n }),\n ]);\n } finally {\n if (timer !== undefined) clearTimeout(timer);\n }\n}\n\nfunction errorSummary(err: unknown): string {\n if (err instanceof Error) {\n const status = statusCodeOf(err);\n return status !== undefined\n ? `${err.name}(${String(status)}): ${truncate(err.message)}`\n : `${err.name}: ${truncate(err.message)}`;\n }\n return truncate(String(err));\n}\n\nfunction truncate(s: string, max = 160): string {\n return s.length > max ? `${s.slice(0, max)}…` : s;\n}\n","/**\n * `agentbox prepare --provider vercel` — bake the per-team Vercel base\n * snapshot. Vercel can't build an image from a Dockerfile, so (like hetzner)\n * we boot a fresh sandbox, run an installer, and snapshot the result. That\n * snapshot id is what every per-box `create` boots from.\n *\n * Flow:\n * 1. Resolve runtime assets + fingerprint the build context. Skip the bake\n * when an up-to-date base snapshot already exists (unless --force).\n * 2. `Sandbox.create({ runtime: 'node24', persistent: false })` — fresh AL2023.\n * 3. `writeFiles` the assets (ctl bundle, helpers, baked configs, provision.sh).\n * 4. Run provision.sh as root, streaming output to the prepare log.\n * 5. Stage host agent static config (claude/codex/opencode) into the snapshot.\n * 6. `sandbox.snapshot({ expiration: 0 })` → the never-expiring base snapshot.\n * 7. Persist the snapshot id into ~/.agentbox/vercel-prepared.json.\n * 8. Delete the builder sandbox.\n *\n * Step 8 is safe: a Vercel snapshot is an independent, id-addressed resource\n * that survives its source sandbox's deletion (verified live — snapshot stays\n * `status: 'created'` and boots a fresh sandbox after the builder is deleted).\n * We delete it best-effort *after* the snapshot id is persisted, so a delete\n * failure only leaves a lingering sandbox for Vercel's reaper, never a broken\n * bake.\n */\n\nimport { readFile } from 'node:fs/promises';\nimport { Writable } from 'node:stream';\nimport type { Provider } from '@agentbox/core';\nimport { computeContextSha256, readCliStamp } from '@agentbox/sandbox-core';\nimport {\n stageClaudeStaticForUpload,\n stageCodexStaticForUpload,\n stageOpencodeStaticForUpload,\n type StageResult,\n} from '@agentbox/sandbox-cloud';\nimport { ensureVercelCredentials } from './credentials.js';\nimport {\n ensureFreshCredentials,\n resolveCredentials,\n Sandbox,\n Snapshot,\n type SandboxType,\n} from './sdk.js';\nimport {\n preparedStatePath,\n readPreparedState,\n writePreparedState,\n} from './prepared-state.js';\nimport {\n findStagedCliRuntimeRoot,\n resolveRuntimeAssets,\n type ResolvedAsset,\n} from './runtime-assets.js';\n\nexport interface PrepareVercelOptions {\n name?: string;\n hostWorkspace?: string;\n /** Force re-bake even when an up-to-date base snapshot is recorded. */\n force?: boolean;\n /** vCPUs for the builder sandbox (default 4 for a fast bake). */\n vcpus?: number;\n /** CLI runtime tree (set by the CLI to its dist neighbor). */\n cliRuntimeRoot?: string;\n /** Repo root for the dev fallback (defaults to a cwd-walk). */\n repoRoot?: string;\n onLog?: (line: string) => void;\n}\n\nexport interface PrepareVercelResult {\n snapshotName?: string;\n}\n\nconst BUILDER_TIMEOUT_MS = 25 * 60_000;\nconst SHELL = '/bin/bash';\n\nexport async function prepareVercel(\n opts: PrepareVercelOptions = {},\n): Promise<PrepareVercelResult> {\n await ensureVercelCredentials();\n await ensureFreshCredentials();\n const creds = resolveCredentials();\n const log = opts.onLog ?? (() => {});\n const progress = (s: string) => log(`prepare-vercel: ${s}`);\n\n const assets = resolveRuntimeAssets({\n cliRuntimeRoot: opts.cliRuntimeRoot ?? findStagedCliRuntimeRoot(),\n repoRoot: opts.repoRoot,\n });\n const contextSha = await computeContextSha256(\n assets.map((a) => ({ rel: a.name, abs: a.localPath })),\n );\n\n // Skip-fast: existing base snapshot still on Vercel + matching fingerprint.\n const existing = readPreparedState();\n if (!opts.force && existing.base) {\n const stillThere = await snapshotExists(existing.base.snapshotId, creds);\n if (stillThere && existing.base.contextSha256 === contextSha) {\n progress(\n `base snapshot ${existing.base.snapshotId} already exists (fingerprint ${contextSha.slice(0, 12)} matches); skipping (pass --force to rebuild)`,\n );\n return { snapshotName: existing.base.snapshotId };\n }\n if (!stillThere) {\n progress(`recorded base snapshot ${existing.base.snapshotId} is gone on Vercel; rebuilding`);\n } else {\n progress(\n `build context changed (was ${existing.base.contextSha256?.slice(0, 12) ?? '<none>'}, now ${contextSha.slice(0, 12)}); rebuilding`,\n );\n }\n }\n\n progress(`creating builder sandbox (node24, ${String(opts.vcpus ?? 4)} vcpus)`);\n const sb = await Sandbox.create({\n runtime: 'node24',\n resources: { vcpus: opts.vcpus ?? 4 },\n timeout: BUILDER_TIMEOUT_MS,\n tags: { agentbox: 'true', 'agentbox.role': 'prepare' },\n persistent: false,\n ...creds,\n });\n progress(`builder sandbox ${sb.name} up`);\n\n // 3. Upload assets.\n progress(`uploading ${String(assets.length)} runtime asset(s)`);\n await sb.writeFiles(\n await Promise.all(\n assets.map(async (a: ResolvedAsset) => ({\n path: a.remotePath,\n content: await readFile(a.localPath),\n mode: a.remoteMode,\n })),\n ),\n );\n\n // 4. Run provision.sh as root, streaming output.\n progress('running provision.sh (this takes a few minutes)');\n const install = await sb.runCommand({\n cmd: SHELL,\n args: ['-lc', 'bash /tmp/agentbox-provision.sh 2>&1'],\n sudo: true,\n stdout: lineSink((l) => log(`[provision] ${l}`)),\n stderr: lineSink((l) => log(`[provision] ${l}`)),\n });\n if (install.exitCode !== 0) {\n throw new Error(`provision.sh failed on the builder sandbox (exit ${String(install.exitCode)})`);\n }\n progress('provision.sh complete');\n\n // 5. Stage host agent static config into the snapshot (best-effort).\n await stageAgentConfig(sb, opts.hostWorkspace, log);\n\n // 6. Snapshot (never expires). NOTE: this stops the builder sandbox.\n progress('creating base snapshot (expiration: never)');\n const snap = await sb.snapshot({ expiration: 0 });\n progress(`snapshot created: ${snap.snapshotId}`);\n\n // 7. Persist.\n const cliStamp = readCliStamp();\n writePreparedState({\n schema: 1,\n base: {\n snapshotId: snap.snapshotId,\n contextSha256: contextSha,\n cliVersion: cliStamp.cliVersion,\n cliCommit: cliStamp.cliCommit,\n createdAt: new Date().toISOString(),\n },\n });\n progress(`wrote ${preparedStatePath()}`);\n\n // 8. Delete the builder. The snapshot is an independent resource that\n // survives this (verified live), and its id is already persisted above, so\n // this is best-effort: a failure just leaves the sandbox for Vercel's reaper.\n progress('deleting builder sandbox');\n try {\n await sb.delete();\n progress('builder sandbox deleted');\n } catch (err) {\n progress(\n `builder delete failed (left for Vercel reaper): ${err instanceof Error ? err.message : String(err)}`,\n );\n }\n\n progress(`prepare complete — base snapshot ${snap.snapshotId}`);\n return { snapshotName: snap.snapshotId };\n}\n\nasync function snapshotExists(\n snapshotId: string,\n creds: Partial<{ token: string; teamId: string; projectId: string }>,\n): Promise<boolean> {\n try {\n const snap = await Snapshot.get({ snapshotId, ...creds });\n // `Snapshot.get` resolves even for a deleted/failed snapshot (status field),\n // so a bare \"didn't throw\" wrongly skip-passes a tombstone. Only a 'created'\n // snapshot is bootable — anything else means rebuild.\n return snap.status === 'created';\n } catch {\n return false;\n }\n}\n\nasync function stageAgentConfig(\n sb: SandboxType,\n hostWorkspace: string | undefined,\n log: (line: string) => void,\n): Promise<void> {\n const progress = (s: string) => log(`prepare-vercel: ${s}`);\n progress('staging host agent static config');\n const stagings: Array<{ kind: 'claude' | 'codex' | 'opencode'; tar: StageResult; dest: string }> = [];\n try {\n const claudeTar = await stageClaudeStaticForUpload({ hostWorkspace });\n for (const w of claudeTar.warnings) progress(w);\n if (claudeTar.tarballPath) stagings.push({ kind: 'claude', tar: claudeTar, dest: '/home/vscode/.claude' });\n else await claudeTar.cleanup();\n\n const codexTar = await stageCodexStaticForUpload();\n for (const w of codexTar.warnings) progress(w);\n if (codexTar.tarballPath) stagings.push({ kind: 'codex', tar: codexTar, dest: '/home/vscode/.codex' });\n else await codexTar.cleanup();\n\n const opencodeTar = await stageOpencodeStaticForUpload();\n for (const w of opencodeTar.warnings) progress(w);\n if (opencodeTar.tarballPath) stagings.push({ kind: 'opencode', tar: opencodeTar, dest: '/home/vscode/.local/share/opencode' });\n else await opencodeTar.cleanup();\n\n for (const s of stagings) {\n const remote = `/tmp/agentbox-${s.kind}-static.tar.gz`;\n progress(`uploading ${s.kind} static config`);\n await sb.writeFiles([{ path: remote, content: await readFile(s.tar.tarballPath as string) }]);\n // Extract as vscode so files land owned by the box user. The dest dir\n // already exists (provision.sh's credential-pivot step) — extract into it.\n const extract =\n `sudo -u vscode mkdir -p ${s.dest} && ` +\n `sudo -u vscode tar -xzf ${remote} -C ${s.dest} --no-same-permissions --no-same-owner -m && ` +\n `rm -f ${remote}`;\n const r = await sb.runCommand({ cmd: SHELL, args: ['-lc', extract], sudo: true });\n if (r.exitCode !== 0) {\n progress(`WARN: ${s.kind} static extract failed (exit ${String(r.exitCode)}) — continuing`);\n } else {\n progress(`baked ${s.kind} static config into snapshot`);\n }\n }\n } finally {\n for (const s of stagings) await s.tar.cleanup();\n }\n}\n\n/**\n * Adapt a line-callback to the `Writable` the SDK's `runCommand` streams into.\n * Buffers partial lines so each `onLine` gets a complete line.\n */\nfunction lineSink(onLine: (line: string) => void): Writable {\n let buf = '';\n return new Writable({\n write(chunk: Buffer, _enc: BufferEncoding, cb: () => void) {\n buf += chunk.toString('utf8');\n let nl: number;\n while ((nl = buf.indexOf('\\n')) !== -1) {\n onLine(buf.slice(0, nl));\n buf = buf.slice(nl + 1);\n }\n cb();\n },\n final(cb: () => void) {\n if (buf.length > 0) onLine(buf);\n cb();\n },\n });\n}\n\n/** Provider-level binding used by the CLI's `prepare` command. */\nexport const prepareVercelProvider: NonNullable<Provider['prepare']> = (req) =>\n prepareVercel({\n name: req.name,\n hostWorkspace: req.hostWorkspace ?? process.cwd(),\n force: req.force,\n onLog: req.onLog,\n });\n","/**\n * `buildVercelAttach` — the Vercel provider's override of `Provider.buildAttach`.\n *\n * Vercel has no SSH, so the cloud scaffold's `ssh … -t '<cmd>'` argv is unusable.\n * Instead we drive the official Vercel Sandbox CLI (`sbx`/`sandbox`), which has a\n * real interactive PTY (`sbx exec -i`) and streams non-interactive output live —\n * giving a proper terminal with none of the old send-keys/capture-pane polling.\n *\n * Argv shape (validated against sbx 3.0.1):\n * sbx exec --sudo [-i] --project <p> --scope <team> <name>\n * -- sudo -u vscode -H bash -lc '<inner>'\n *\n * Notes:\n * - The sandbox's default exec user is `vercel-sandbox`; we pass `--sudo` (runs\n * as root) and then `sudo -u vscode -H` so tmux/agents run as the box user in\n * /workspace. Passing `sudo -u vscode …` directly as sbx's argv (not wrapped\n * in an outer `bash -lc`) avoids a double-`bash -lc` re-parse.\n * - `-i` only for interactive shell/agent attaches; detached pre-start and logs\n * run non-interactively (live stdout stream).\n * - The access token is passed via the child env (`VERCEL_AUTH_TOKEN`), never in\n * argv, so it can't leak through `ps`. project/scope are not secret → flags.\n * - `<inner>` is the shared cloud `renderInnerCommand` (same tmux ensure +\n * footer-aware config + `exec tmux attach` used by hetzner/daytona).\n */\n\nimport {\n type AttachKind,\n type AttachSpec,\n type BoxRecord,\n type BuildAttachOptions,\n} from '@agentbox/core';\nimport { renderInnerCommand } from '@agentbox/sandbox-cloud';\nimport { detectSbx } from './sbx-cli.js';\nimport { ensureFreshCredentials, resolveCredentials } from './sdk.js';\n\nexport async function buildVercelAttach(\n box: BoxRecord,\n kind: AttachKind,\n opts?: BuildAttachOptions,\n): Promise<AttachSpec> {\n const sandboxId = box.cloud?.sandboxId;\n if (!sandboxId) {\n throw new Error(`vercel box ${box.name} has no sandboxId — record is malformed`);\n }\n\n const det = await detectSbx();\n if (!det.installed || !det.bin) {\n throw new Error(\n 'Vercel interactive attach needs the Vercel `sandbox` CLI — run ' +\n '`agentbox vercel login` (it installs it) or `npm install -g sandbox`.',\n );\n }\n\n await ensureFreshCredentials();\n const { token, teamId, projectId } = resolveCredentials();\n\n // Interactive (real PTY) only for live shell/agent attaches. Detached\n // pre-start and logs stream non-interactively.\n const interactive = (kind === 'shell' || kind === 'agent') && !opts?.detached;\n\n // `sbx exec` (unlike `ssh -t`) forwards neither TERM nor the locale, so the\n // box session lands in TERM=unknown + an ASCII (POSIX) locale — tmux then\n // collapses Claude Code's Unicode glyphs (logo, spinner, box-drawing) to `_`.\n // Force a UTF-8 locale + a 256color TERM (matching the host PTY wrapper) so\n // the tmux server + the agent it spawns render correctly.\n const envPrelude = 'export LANG=C.UTF-8 LC_ALL=C.UTF-8 TERM=xterm-256color; ';\n const inner = envPrelude + renderInnerCommand(kind, opts);\n\n const argv = [\n det.bin,\n 'exec',\n '--sudo',\n ...(interactive ? ['-i'] : []),\n '--project',\n projectId,\n '--scope',\n teamId,\n sandboxId,\n '--',\n 'sudo',\n '-u',\n 'vscode',\n '-H',\n 'bash',\n '-lc',\n inner,\n ];\n\n return { argv, env: { VERCEL_AUTH_TOKEN: token } };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACuBA,SAAS,gBAAgB;AEEzB,SAAS,YAAAA,iBAAgB;AACzB,SAAS,gBAAgB;ADEzB,IAAM,kBAAqC,CAAC,KAAM,KAAM,GAAI;AAC5D,IAAM,6BAA6B;AAEnC,IAAM,sBAAN,cAAkC,MAAM;EACtC,YAAY,QAAgB,IAAY;AACtC,UAAM,UAAU,MAAM,+BAA+B,OAAO,EAAE,CAAC,IAAI;AACnE,SAAK,OAAO;EACd;AACF;AAOA,SAAS,aAAa,KAAkC;AACtD,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,aAAW,OAAO,CAAC,cAAc,UAAU,MAAM,GAAY;AAC3D,UAAM,IAAK,IAAgC,GAAG;AAC9C,QAAI,OAAO,MAAM,SAAU,QAAO;EACpC;AACA,QAAM,OAAQ,IAA4C;AAC1D,MAAI,QAAQ,OAAO,KAAK,WAAW,SAAU,QAAO,KAAK;AACzD,SAAO;AACT;AAEO,SAAS,YAAY,KAAc,gBAAkC;AAC1E,MAAI,eAAe,oBAAqB,QAAO;AAE/C,QAAM,SAAS,aAAa,GAAG;AAC/B,MAAI,WAAW,QAAW;AACxB,QAAI,WAAW,IAAK,QAAO;AAC3B,QAAI,UAAU,OAAO,UAAU,IAAK,QAAO;AAC3C,WAAO;EACT;AAGA,MAAI,OAAO,OAAO,QAAQ,UAAU;AAClC,UAAM,aAAwB,CAAC,KAAM,IAA4B,KAAK;AACtE,eAAW,KAAK,YAAY;AAC1B,UAAI,CAAC,KAAK,OAAO,MAAM,SAAU;AACjC,YAAM,OAAQ,EAAyB;AACvC,UACE,SAAS,gBACT,SAAS,eACT,SAAS,kBACT,SAAS,eACT,SAAS,kBACT,SAAS,eACT,SAAS,oBACT,SAAS,2BACT;AACA,eAAO;MACT;IACF;EACF;AACA,SAAO;AACT;AAEA,eAAsB,gBACpB,MACA,IACY;AACZ,QAAM,UAAU,KAAK,aAAa;AAClC,QAAM,cAAc,QAAQ,SAAS;AACrC,QAAM,YAAY,KAAK,oBAAoB;AAC3C,QAAM,MAAM,KAAK,WAAW;AAE5B,WAAS,UAAU,GAAG,WAAW,aAAa,WAAW;AACvD,QAAI;AACF,aAAO,MAAM,YAAY,GAAG,GAAG,WAAW,KAAK,MAAM;IACvD,SAAS,KAAK;AACZ,YAAM,OAAO,YAAY;AACzB,UAAI,QAAQ,CAAC,YAAY,KAAK,KAAK,gBAAgB,EAAG,OAAM;AAC5D,YAAM,QAAQ,QAAQ,UAAU,CAAC,KAAK,QAAQ,QAAQ,SAAS,CAAC,KAAK;AACrE;QACE,UAAU,KAAK,MAAM,aAAa,OAAO,OAAO,CAAC,YAAY,aAAa,GAAG,CAAC,kBAAkB,OAAO,KAAK,CAAC;MAC/G;AACA,YAAM,MAAM,KAAK;IACnB;EACF;AACA,QAAM,IAAI,MAAM,2CAA2C,KAAK,MAAM,EAAE;AAC1E;AAEA,SAAS,gBAAgB,MAAoB;AAC3C,UAAQ,OAAO,MAAM;iBAAoB,IAAI;CAAI;AACnD;AAEA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEA,eAAe,YAAe,GAAe,IAAY,QAA4B;AACnF,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,QAAQ,KAAK;MACxB;MACA,IAAI,QAAe,CAAC,UAAU,WAAW;AACvC,gBAAQ,WAAW,MAAM,OAAO,IAAI,oBAAoB,QAAQ,EAAE,CAAC,GAAG,EAAE;MAC1E,CAAC;IACH,CAAC;EACH,UAAA;AACE,QAAI,UAAU,OAAW,cAAa,KAAK;EAC7C;AACF;AAEA,SAAS,aAAa,KAAsB;AAC1C,MAAI,eAAe,OAAO;AACxB,UAAM,SAAS,aAAa,GAAG;AAC/B,WAAO,WAAW,SACd,GAAG,IAAI,IAAI,IAAI,OAAO,MAAM,CAAC,MAAM,SAAS,IAAI,OAAO,CAAC,KACxD,GAAG,IAAI,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC;EAC3C;AACA,SAAO,SAAS,OAAO,GAAG,CAAC;AAC7B;AAEA,SAAS,SAAS,GAAW,MAAM,KAAa;AAC9C,SAAO,EAAE,SAAS,MAAM,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC,WAAM;AAClD;ADnGO,IAAM,wBAAwB;AAKrC,IAAM,WAAW;AACjB,IAAM,YAAY;AAaX,IAAM,uBAAuB,CAAC,MAAM,MAAM,IAAI;AAG9C,IAAM,mBAAmB;AAQzB,SAAS,kBAAkB,OAAgD;AAChF,QAAM,QAAQ,CAAC,GAAG,oBAAoB;AACtC,QAAM,OAAO,IAAI,IAAY,KAAK;AAClC,aAAW,KAAK,SAAS,CAAC,GAAG;AAC3B,QAAI,MAAM,UAAU,iBAAkB;AACtC,QAAI,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,IAAI,SAAU,CAAC,KAAK,IAAI,CAAC,GAAG;AAClE,YAAM,KAAK,CAAC;AACZ,WAAK,IAAI,CAAC;IACZ;EACF;AACA,SAAO;AACT;AAQO,SAAS,mBAAmB,KAAoD;AACrF,QAAM,KAAK,OAAO,IAAI,KAAK;AAC3B,MAAI,MAAM,GAAI,QAAO;AACrB,MAAI,MAAM,eAAe,MAAM,WAAY,QAAO;AAClD,QAAM,QAAQ,EACX,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;AAC7B,SAAO,MAAM,SAAS,IAAI,EAAE,MAAM,IAAI;AACxC;AAQA,IAAM,qBAAqB,KAAK;AAkBhC,IAAM,sBAAsB,EAAE,OAAO,GAAG,YAAY,GAAG,eAAe,MAAM;AAE5E,SAAS,QAAuE;AAC9E,SAAO,mBAAmB;AAC5B;AAGA,SAAS,IAAI,GAAmB;AAC9B,SAAO,MAAM,EAAE,QAAQ,MAAM,OAAO,IAAI;AAC1C;AAEA,eAAe,WAAW,IAAkC;AAE1D,SAAO,QAAQ,IAAI,EAAE,MAAM,IAAI,QAAQ,OAAO,GAAG,MAAM,EAAE,CAAC;AAC5D;AAEA,eAAe,gBAAgB,IAAyC;AACtE,MAAI;AACF,WAAO,MAAM,WAAW,EAAE;EAC5B,QAAQ;AACN,WAAO;EACT;AACF;AAQA,SAAS,SAAS,GAAmC;AACnD,UAAQ,GAAG;IACT,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL;AACE,aAAO;EACX;AACF;AASA,SAAS,gBACP,KACA,MACgD;AAChD,QAAM,UAAoB,CAAC;AAC3B,MAAI,MAAM,IAAK,SAAQ,KAAK,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE;AACjD,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,MAAM,OAAO,CAAC,CAAC,GAAG;AAIpD,QAAI,CAAC,2BAA2B,KAAK,CAAC,GAAG;AACvC,YAAM,IAAI,MAAM,qCAAqC,KAAK,UAAU,CAAC,CAAC,EAAE;IAC1E;AACA,YAAQ,KAAK,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE;EACtC;AACA,QAAM,QAAQ,CAAC,GAAG,SAAS,GAAG,EAAE,KAAK,IAAI;AACzC,QAAM,OAAO,MAAM,QAAQ;AAC3B,MAAI,SAAS,QAAQ;AACnB,WAAO,EAAE,KAAK,QAAQ,MAAM,CAAC,OAAO,KAAK,GAAG,MAAM,KAAK;EACzD;AACA,SAAO;IACL,KAAK;IACL,MAAM,CAAC,OAAO,WAAW,IAAI,gBAAgB,IAAI,KAAK,CAAC,EAAE;IACzD,MAAM;EACR;AACF;AAEO,IAAM,gBAA8B;EACzC,MAAM;;;;;EAMN,cAAc;EAEd,MAAM,UAAU,KAAkD;AAChE,UAAM,uBAAuB;AAI7B,UAAM,aAAa,IAAI,YAAY,kBAAkB,EAAE,MAAM;AAC7D,QAAI,CAAC,YAAY;AACf,YAAM,IAAI;QACR;MAGF;IACF;AACA,UAAM,gBAAgB,mBAAmB,IAAI,aAAa;AAI1D,UAAM,SAAS,MAAM;MACnB,EAAE,QAAQ,aAAa,kBAAkB,OAAO,kBAAkB,KAAS,WAAW,CAAC,EAAE;MACzF,YAAY;AACV,cAAM,KAAK,MAAM,QAAQ,OAAO;UAC9B,MAAM,IAAI;UACV,QAAQ,EAAE,MAAM,YAAY,WAAW;UACvC,WAAW,EAAE,OAAO,IAAI,WAAW,OAAO,EAAE;UAC5C,OAAO,kBAAkB,IAAI,WAAW;UACxC,SAAS,IAAI,aAAa;UAC1B,KAAK,IAAI;UACT,MAAM,EAAE,UAAU,QAAQ,iBAAiB,IAAI,KAAK;UACpD,YAAY;;;;UAIZ,oBAAoB;UACpB,mBAAmB,EAAE,GAAG,oBAAoB;UAC5C,GAAI,gBAAgB,EAAE,cAAc,IAAI,CAAC;UACzC,GAAG,MAAM;QACX,CAAC;AACD,eAAO,EAAE,WAAW,GAAG,KAAK;MAC9B;IACF;AAKA,WAAO;EACT;EAEA,MAAM,IAAI,WAAgD;AACxD,UAAM,uBAAuB;AAC7B,WAAO,gBAAgB,EAAE,QAAQ,OAAO,kBAAkB,KAAK,GAAG,YAAY;AAC5E,YAAM,KAAK,MAAM,gBAAgB,SAAS;AAC1C,aAAO,KAAK,EAAE,WAAW,GAAG,KAAK,IAAI;IACvC,CAAC;EACH;EAEA,MAAM,OAAuC;AAC3C,UAAM,uBAAuB;AAC7B,WAAO,gBAAgB,EAAE,QAAQ,QAAQ,kBAAkB,KAAK,GAAG,YAAY;AAC7E,YAAM,OAAO,MAAM,QAAQ,KAAK,EAAE,GAAG,MAAM,EAAE,CAAC;AAC9C,YAAM,QAAQ,MAAM,KAAK,QAAQ;AACjC,aAAO,MACJ,OAAO,CAAC,OAAO,GAAG,OAAO,UAAU,MAAM,MAAM,EAC/C,IAAI,CAAC,OAA4B;AAChC,cAAM,UAA+B,EAAE,WAAW,GAAG,KAAK;AAC1D,cAAM,WAAW,GAAG,OAAO,eAAe,KAAK,GAAG;AAClD,YAAI,SAAU,SAAQ,OAAO;AAC7B,YAAI,OAAO,GAAG,cAAc,UAAU;AACpC,kBAAQ,YAAY,IAAI,KAAK,GAAG,SAAS,EAAE,YAAY;QACzD;AACA,gBAAQ,QAAQ,SAAS,GAAG,MAAM;AAClC,eAAO;MACT,CAAC;IACL,CAAC;EACH;EAEA,MAAM,MAAM,GAA+B;AACzC,UAAM,uBAAuB;AAC7B,UAAM;MACJ,EAAE,QAAQ,SAAS,kBAAkB,MAAM,kBAAkB,KAAQ;MACrE,YAAY;AAEV,cAAM,QAAQ,IAAI,EAAE,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG,MAAM,EAAE,CAAC;MACnE;IACF;EACF;EAEA,MAAM,KAAK,GAA+B;AACxC,UAAM,uBAAuB;AAC7B,UAAM;MACJ,EAAE,QAAQ,QAAQ,kBAAkB,MAAM,kBAAkB,KAAQ;MACpE,YAAY;AACV,cAAM,KAAK,MAAM,WAAW,EAAE,SAAS;AAGvC,cAAM,GAAG,KAAK;MAChB;IACF;EACF;;EAGA,MAAM,MAAM,GAA+B;AACzC,UAAM,KAAK,KAAK,CAAC;EACnB;EAEA,MAAM,OAAO,GAA+B;AAC1C,UAAM,KAAK,MAAM,CAAC;EACpB;EAEA,MAAM,QAAQ,GAA+B;AAC3C,UAAM,uBAAuB;AAC7B,UAAM;MACJ,EAAE,QAAQ,WAAW,kBAAkB,MAAM,kBAAkB,KAAQ;MACvE,YAAY;AACV,cAAM,KAAK,MAAM,gBAAgB,EAAE,SAAS;AAC5C,YAAI,CAAC,GAAI;AAKT,cAAM,SAAS,GAAG;AAClB,cAAM,SAAS,GAAG;AAClB,cAAM,OAAO,kBAAkB,EAAE,MAAM;AACvC,cAAM,cACJ,WAAW,UAAa,WAAW,UAAU,WAAW;AAC1D,cAAM,GAAG,OAAO;AAChB,YAAI,aAAa;AACf,cAAI;AACF,kBAAM,OAAO,MAAM,SAAS,IAAI,EAAE,YAAY,QAAQ,GAAG,MAAM,EAAE,CAAC;AAClE,kBAAM,KAAK,OAAO;UACpB,QAAQ;UAGR;QACF;MACF;IACF;EACF;EAEA,MAAM,MAAM,GAAqC;AAC/C,UAAM,uBAAuB;AAC7B,WAAO,gBAAgB,EAAE,QAAQ,SAAS,kBAAkB,KAAK,GAAG,YAAY;AAC9E,YAAM,KAAK,MAAM,gBAAgB,EAAE,SAAS;AAC5C,UAAI,CAAC,GAAI,QAAO;AAChB,aAAO,SAAS,GAAG,MAAM;IAC3B,CAAC;EACH;EAEA,MAAM,KAAK,GAAgB,KAAa,MAAmD;AACzF,UAAM,uBAAuB;AAC7B,WAAO;MACL;QACE,QAAQ;QACR,kBAAkB,MAAM,UAAU,QAAQ;QAC1C,kBAAkB,MAAM,oBAAoB;QAC5C,WAAW,MAAM,UAAU,CAAC,IAAI;MAClC;MACA,YAAY;AACV,cAAM,KAAK,MAAM,WAAW,EAAE,SAAS;AACvC,cAAM,IAAI,MAAM,GAAG,WAAW,gBAAgB,KAAK,IAAI,CAAC;AACxD,cAAM,CAAC,QAAQ,MAAM,IAAI,MAAM,QAAQ,IAAI,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC;AACnE,eAAO,EAAE,UAAU,EAAE,UAAU,QAAQ,OAAO;MAChD;IACF;EACF;EAEA,MAAM,WAAW,GAAgB,WAAmB,YAAmC;AACrF,UAAM,uBAAuB;AAC7B,UAAM;MACJ,EAAE,QAAQ,cAAc,kBAAkB,MAAM,kBAAkB,IAAQ;MAC1E,YAAY;AACV,cAAM,UAAU,MAAM,SAAS,SAAS;AACxC,cAAM,KAAK,MAAM,WAAW,EAAE,SAAS;AACvC,cAAM,GAAG,WAAW,CAAC,EAAE,MAAM,YAAY,QAAQ,CAAC,CAAC;AAInD,YAAI;AACF,gBAAM,GAAG,WAAW,EAAE,KAAK,SAAS,MAAM,CAAC,WAAW,UAAU,GAAG,MAAM,KAAK,CAAC;QACjF,QAAQ;QAER;MACF;IACF;EACF;EAEA,MAAM,aAAa,GAAgB,YAAoB,WAAkC;AACvF,UAAM,uBAAuB;AAC7B,UAAM;MACJ,EAAE,QAAQ,gBAAgB,kBAAkB,MAAM,kBAAkB,IAAQ;MAC5E,YAAY;AACV,cAAM,KAAK,MAAM,WAAW,EAAE,SAAS;AACvC,cAAM,UAAU,MAAM,GAAG;UACvB,EAAE,MAAM,WAAW;UACnB,EAAE,MAAM,UAAU;UAClB,EAAE,gBAAgB,KAAK;QACzB;AACA,YAAI,YAAY,MAAM;AACpB,gBAAM,IAAI,MAAM,0CAA0C,UAAU,EAAE;QACxE;MACF;IACF;EACF;EAEA,MAAM,UAAU,GAAgB,WAA8C;AAC5E,UAAM,uBAAuB;AAC7B,WAAO,gBAAgB,EAAE,QAAQ,aAAa,kBAAkB,KAAK,GAAG,YAAY;AAClF,YAAM,KAAK,MAAM,WAAW,EAAE,SAAS;AACvC,YAAM,UAAU,MAAM,GAAG,GAAG,QAAQ,WAAW,EAAE,eAAe,KAAK,CAAC;AACtE,aAAO,QAAQ,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,EAAE,YAAY,EAAE,EAAE;IACtE,CAAC;EACH;EAEA,MAAM,WAAW,GAAgB,MAAwC;AACvE,UAAM,uBAAuB;AAC7B,WAAO,gBAAgB,EAAE,QAAQ,cAAc,kBAAkB,KAAK,GAAG,YAAY;AACnF,YAAM,KAAK,MAAM,WAAW,EAAE,SAAS;AAEvC,aAAO,EAAE,KAAK,GAAG,OAAO,IAAI,GAAG,OAAO,OAAU;IAClD,CAAC;EACH;;;;;EAMA,MAAM,iBAAiB,GAAgB,MAAwC;AAC7E,WAAO,KAAK,WAAW,GAAG,IAAI;EAChC;EAEA,MAAM,eAAe,cAAwC;AAC3D,UAAM,uBAAuB;AAC7B,WAAO,gBAAgB,EAAE,QAAQ,kBAAkB,kBAAkB,KAAK,GAAG,YAAY;AACvF,UAAI;AACF,cAAM,OAAO,MAAM,SAAS,IAAI,EAAE,YAAY,cAAc,GAAG,MAAM,EAAE,CAAC;AAIxE,eAAO,KAAK,WAAW;MACzB,QAAQ;AACN,eAAO;MACT;IACF,CAAC;EACH;;;;;;;AAQF;AAOA,eAAsB,sBAAsB,WAAoC;AAC9E,QAAM,uBAAuB;AAC7B,SAAO;IACL,EAAE,QAAQ,kBAAkB,kBAAkB,OAAO,kBAAkB,KAAS,WAAW,CAAC,EAAE;IAC9F,YAAY;AACV,YAAM,KAAK,MAAM,WAAW,SAAS;AACrC,YAAM,OAAO,MAAM,GAAG,SAAS,EAAE,YAAY,EAAE,CAAC;AAChD,aAAO,KAAK;IACd;EACF;AACF;AAGA,eAAsB,qBAAqB,YAAmC;AAC5E,QAAM,uBAAuB;AAC7B,QAAM,gBAAgB,EAAE,QAAQ,kBAAkB,kBAAkB,KAAK,GAAG,YAAY;AACtF,QAAI;AACF,YAAM,OAAO,MAAM,SAAS,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,CAAC;AAC1D,YAAM,KAAK,OAAO;IACpB,SAAS,KAAK;AACZ,YAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,UAAI,kBAAkB,KAAK,GAAG,EAAG;AACjC,YAAM;IACR;EACF,CAAC;AACH;AE/aA,IAAM,qBAAqB,KAAK;AAChC,IAAM,QAAQ;AAEd,eAAsB,cACpB,OAA6B,CAAC,GACA;AAC9B,QAAM,wBAAwB;AAC9B,QAAM,uBAAuB;AAC7B,QAAMC,SAAQ,mBAAmB;AACjC,QAAM,MAAM,KAAK,UAAU,MAAM;EAAC;AAClC,QAAM,WAAW,CAAC,MAAc,IAAI,mBAAmB,CAAC,EAAE;AAE1D,QAAM,SAAS,qBAAqB;IAClC,gBAAgB,KAAK,kBAAkB,yBAAyB;IAChE,UAAU,KAAK;EACjB,CAAC;AACD,QAAM,aAAa,MAAM;IACvB,OAAO,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,KAAK,EAAE,UAAU,EAAE;EACvD;AAGA,QAAM,WAAW,kBAAkB;AACnC,MAAI,CAAC,KAAK,SAAS,SAAS,MAAM;AAChC,UAAM,aAAa,MAAM,eAAe,SAAS,KAAK,YAAYA,MAAK;AACvE,QAAI,cAAc,SAAS,KAAK,kBAAkB,YAAY;AAC5D;QACE,iBAAiB,SAAS,KAAK,UAAU,gCAAgC,WAAW,MAAM,GAAG,EAAE,CAAC;MAClG;AACA,aAAO,EAAE,cAAc,SAAS,KAAK,WAAW;IAClD;AACA,QAAI,CAAC,YAAY;AACf,eAAS,0BAA0B,SAAS,KAAK,UAAU,gCAAgC;IAC7F,OAAO;AACL;QACE,8BAA8B,SAAS,KAAK,eAAe,MAAM,GAAG,EAAE,KAAK,QAAQ,SAAS,WAAW,MAAM,GAAG,EAAE,CAAC;MACrH;IACF;EACF;AAEA,WAAS,qCAAqC,OAAO,KAAK,SAAS,CAAC,CAAC,SAAS;AAC9E,QAAM,KAAK,MAAM,QAAQ,OAAO;IAC9B,SAAS;IACT,WAAW,EAAE,OAAO,KAAK,SAAS,EAAE;IACpC,SAAS;IACT,MAAM,EAAE,UAAU,QAAQ,iBAAiB,UAAU;IACrD,YAAY;IACZ,GAAGA;EACL,CAAC;AACD,WAAS,mBAAmB,GAAG,IAAI,KAAK;AAGxC,WAAS,aAAa,OAAO,OAAO,MAAM,CAAC,mBAAmB;AAC9D,QAAM,GAAG;IACP,MAAM,QAAQ;MACZ,OAAO,IAAI,OAAO,OAAsB;QACtC,MAAM,EAAE;QACR,SAAS,MAAMC,UAAS,EAAE,SAAS;QACnC,MAAM,EAAE;MACV,EAAE;IACJ;EACF;AAGA,WAAS,iDAAiD;AAC1D,QAAM,UAAU,MAAM,GAAG,WAAW;IAClC,KAAK;IACL,MAAM,CAAC,OAAO,sCAAsC;IACpD,MAAM;IACN,QAAQ,SAAS,CAAC,MAAM,IAAI,eAAe,CAAC,EAAE,CAAC;IAC/C,QAAQ,SAAS,CAAC,MAAM,IAAI,eAAe,CAAC,EAAE,CAAC;EACjD,CAAC;AACD,MAAI,QAAQ,aAAa,GAAG;AAC1B,UAAM,IAAI,MAAM,oDAAoD,OAAO,QAAQ,QAAQ,CAAC,GAAG;EACjG;AACA,WAAS,uBAAuB;AAGhC,QAAM,iBAAiB,IAAI,KAAK,eAAe,GAAG;AAGlD,WAAS,4CAA4C;AACrD,QAAM,OAAO,MAAM,GAAG,SAAS,EAAE,YAAY,EAAE,CAAC;AAChD,WAAS,qBAAqB,KAAK,UAAU,EAAE;AAG/C,QAAM,WAAW,aAAa;AAC9B,qBAAmB;IACjB,QAAQ;IACR,MAAM;MACJ,YAAY,KAAK;MACjB,eAAe;MACf,YAAY,SAAS;MACrB,WAAW,SAAS;MACpB,YAAW,oBAAI,KAAK,GAAE,YAAY;IACpC;EACF,CAAC;AACD,WAAS,SAAS,kBAAkB,CAAC,EAAE;AAKvC,WAAS,0BAA0B;AACnC,MAAI;AACF,UAAM,GAAG,OAAO;AAChB,aAAS,yBAAyB;EACpC,SAAS,KAAK;AACZ;MACE,mDAAmD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;IACrG;EACF;AAEA,WAAS,yCAAoC,KAAK,UAAU,EAAE;AAC9D,SAAO,EAAE,cAAc,KAAK,WAAW;AACzC;AAEA,eAAe,eACb,YACAD,QACkB;AAClB,MAAI;AACF,UAAM,OAAO,MAAM,SAAS,IAAI,EAAE,YAAY,GAAGA,OAAM,CAAC;AAIxD,WAAO,KAAK,WAAW;EACzB,QAAQ;AACN,WAAO;EACT;AACF;AAEA,eAAe,iBACb,IACA,eACA,KACe;AACf,QAAM,WAAW,CAAC,MAAc,IAAI,mBAAmB,CAAC,EAAE;AAC1D,WAAS,kCAAkC;AAC3C,QAAM,WAA6F,CAAC;AACpG,MAAI;AACF,UAAM,YAAY,MAAM,2BAA2B,EAAE,cAAc,CAAC;AACpE,eAAW,KAAK,UAAU,SAAU,UAAS,CAAC;AAC9C,QAAI,UAAU,YAAa,UAAS,KAAK,EAAE,MAAM,UAAU,KAAK,WAAW,MAAM,uBAAuB,CAAC;QACpG,OAAM,UAAU,QAAQ;AAE7B,UAAM,WAAW,MAAM,0BAA0B;AACjD,eAAW,KAAK,SAAS,SAAU,UAAS,CAAC;AAC7C,QAAI,SAAS,YAAa,UAAS,KAAK,EAAE,MAAM,SAAS,KAAK,UAAU,MAAM,sBAAsB,CAAC;QAChG,OAAM,SAAS,QAAQ;AAE5B,UAAM,cAAc,MAAM,6BAA6B;AACvD,eAAW,KAAK,YAAY,SAAU,UAAS,CAAC;AAChD,QAAI,YAAY,YAAa,UAAS,KAAK,EAAE,MAAM,YAAY,KAAK,aAAa,MAAM,qCAAqC,CAAC;QACxH,OAAM,YAAY,QAAQ;AAE/B,eAAW,KAAK,UAAU;AACxB,YAAM,SAAS,iBAAiB,EAAE,IAAI;AACtC,eAAS,aAAa,EAAE,IAAI,gBAAgB;AAC5C,YAAM,GAAG,WAAW,CAAC,EAAE,MAAM,QAAQ,SAAS,MAAMC,UAAS,EAAE,IAAI,WAAqB,EAAE,CAAC,CAAC;AAG5F,YAAM,UACJ,2BAA2B,EAAE,IAAI,+BACN,MAAM,OAAO,EAAE,IAAI,sDACrC,MAAM;AACjB,YAAM,IAAI,MAAM,GAAG,WAAW,EAAE,KAAK,OAAO,MAAM,CAAC,OAAO,OAAO,GAAG,MAAM,KAAK,CAAC;AAChF,UAAI,EAAE,aAAa,GAAG;AACpB,iBAAS,SAAS,EAAE,IAAI,gCAAgC,OAAO,EAAE,QAAQ,CAAC,qBAAgB;MAC5F,OAAO;AACL,iBAAS,SAAS,EAAE,IAAI,8BAA8B;MACxD;IACF;EACF,UAAA;AACE,eAAW,KAAK,SAAU,OAAM,EAAE,IAAI,QAAQ;EAChD;AACF;AAMA,SAAS,SAAS,QAA0C;AAC1D,MAAI,MAAM;AACV,SAAO,IAAI,SAAS;IAClB,MAAM,OAAe,MAAsB,IAAgB;AACzD,aAAO,MAAM,SAAS,MAAM;AAC5B,UAAI;AACJ,cAAQ,KAAK,IAAI,QAAQ,IAAI,OAAO,IAAI;AACtC,eAAO,IAAI,MAAM,GAAG,EAAE,CAAC;AACvB,cAAM,IAAI,MAAM,KAAK,CAAC;MACxB;AACA,SAAG;IACL;IACA,MAAM,IAAgB;AACpB,UAAI,IAAI,SAAS,EAAG,QAAO,GAAG;AAC9B,SAAG;IACL;EACF,CAAC;AACH;AAGO,IAAM,wBAA0D,CAAC,QACtE,cAAc;EACZ,MAAM,IAAI;EACV,eAAe,IAAI,iBAAiB,QAAQ,IAAI;EAChD,OAAO,IAAI;EACX,OAAO,IAAI;AACb,CAAC;ACnPH,eAAsB,kBACpB,KACA,MACA,MACqB;AACrB,QAAM,YAAY,IAAI,OAAO;AAC7B,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,cAAc,IAAI,IAAI,8CAAyC;EACjF;AAEA,QAAM,MAAM,MAAM,UAAU;AAC5B,MAAI,CAAC,IAAI,aAAa,CAAC,IAAI,KAAK;AAC9B,UAAM,IAAI;MACR;IAEF;EACF;AAEA,QAAM,uBAAuB;AAC7B,QAAM,EAAE,OAAO,QAAQ,UAAU,IAAI,mBAAmB;AAIxD,QAAM,eAAe,SAAS,WAAW,SAAS,YAAY,CAAC,MAAM;AAOrE,QAAM,aAAa;AACnB,QAAM,QAAQ,aAAa,mBAAmB,MAAM,IAAI;AAExD,QAAM,OAAO;IACX,IAAI;IACJ;IACA;IACA,GAAI,cAAc,CAAC,IAAI,IAAI,CAAC;IAC5B;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;EACF;AAEA,SAAO,EAAE,MAAM,KAAK,EAAE,mBAAmB,MAAM,EAAE;AACnD;AJvDA,IAAM,eAAe;AAErB,IAAM,gBAAgB,oBAAoB,eAAe;;EAEvD,kBAAkB,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG;EAChD,eAAe;AACjB,CAAC;AAWD,IAAM,mBAAuC;EAC3C,MAAM,OAAO,KAAgB,MAAc;AACzC,QAAI,CAAC,IAAI,aAAa;AACpB,YAAM,IAAI;QACR;MACF;IACF;AACA,QAAI,CAAC,IAAI,OAAO,WAAW;AACzB,YAAM,IAAI,MAAM,cAAc,IAAI,IAAI,8CAAyC;IACjF;AAGA,UAAM,aAAa,MAAM,sBAAsB,IAAI,MAAM,SAAS;AAGlE,QAAI;AACF,YAAM,UAAU,EAAE,GAAG,KAAK,OAAO,EAAE,GAAG,IAAI,OAAO,WAAW,SAAS,EAAE,CAAC;IAC1E,QAAQ;IAER;AACA,UAAM,OAAO,MAAM,6BAA6B,IAAI,aAAa,cAAc,MAAM;MACnF,cAAc;MACd,aAAa,IAAI;MACjB,eAAe,IAAI;MACnB,cAAc;MACd,iBAAiB,4BAA4B,YAAY;MACzD,YAAYC,aAAa,EAAE;IAC7B,CAAC;AACD,WAAO,EAAE,KAAK,KAAK,KAAK;EAC1B;EACA,MAAM,KAAK,aAAqB;AAC9B,UAAM,UAAU,MAAM,qBAAqB,aAAa,YAAY;AACpE,WAAO,QAAQ,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,EAAE,SAAS,UAAU,EAAE;EAC9E;EACA,MAAM,OAAO,aAAqB,KAAa;AAC7C,UAAM,QAAQ,MAAM,uBAAuB,aAAa,cAAc,GAAG;AACzE,QAAI,CAAC,MAAO;AACZ,QAAI;AACF,YAAM,qBAAqB,MAAM,SAAS,YAAY;IACxD,QAAQ;IAGR;AACA,UAAM,yBAAyB,aAAa,cAAc,GAAG;EAC/D;AACF;AAEO,IAAM,iBAA2B;EACtC,GAAG;EACH,SAAS;EACT,aAAa;EACb,YAAY;EACZ,iBAAiB,MAAM,iCAAiC;AAC1D;","names":["readFile","creds","readFile","readCliStamp"]}

package/dist/{dist-SWUOU34W.js → dist-J2IHD5T7.js} RENAMED Viewed

@@ -2,61 +2,62 @@
 import {
   DEFAULT_HCLOUD_ENDPOINT,
   HetznerApiError,
+  RUNTIME_ASSETS,
+  candidatesFor,
   createPerBoxFirewall,
+  currentHetznerBaseFingerprintLive,
   deletePerBoxFirewall,
   detectEgressIp,
   ensureHetznerCredentials,
   ensureHetznerEnvLoaded,
+  findStagedCliRuntimeRoot,
   isAttemptTimeout,
   isRetriable,
   makeHetznerClient,
   maskKey,
   normalizeSourceCidr,
+  preparedStatePath,
   readHetznerCredStatus,
+  readPreparedState,
+  resolveRuntimeAssets,
   secretsPath,
   sshOnlyInboundRule,
   syncFirewallSource,
-  withHetznerRetry
-} from "./chunk-R5XIDQFR.js";
+  updatePreparedState,
+  withHetznerRetry,
+  writePreparedState
+} from "./chunk-BKU34KYY.js";
 import {
   createCloudProvider
-} from "./chunk-DHJ7OMIP.js";
+} from "./chunk-TBSIJVSN.js";
 import {
-  stageClaudeCredentialsForUpload,
+  UserFacingError,
   stageClaudeStaticForUpload,
-  stageCodexCredentialsForUpload,
   stageCodexStaticForUpload,
-  stageOpencodeCredentialsForUpload,
   stageOpencodeStaticForUpload
-} from "./chunk-IZXPJPPV.js";
+} from "./chunk-TCS5HXJX.js";
 import {
   computeContextSha256,
-  preparedStatePathFor,
-  readCliStamp,
-  readPreparedStateRaw,
-  writePreparedStateRaw
-} from "./chunk-SNTHHWKY.js";
+  readCliStamp
+} from "./chunk-XKH7NTT7.js";
 import "./chunk-G3H2L3O2.js";
 // ../../packages/sandbox-hetzner/dist/index.js
-import { existsSync as existsSync3 } from "fs";
+import { existsSync as existsSync2 } from "fs";
 import { rm as rm2, rename, mkdir as mkdir3 } from "fs/promises";
 import { join as join4 } from "path";
 import { execa as execa4 } from "execa";
 import { resolve as resolvePath } from "path";
 import { join as join2 } from "path";
-import { existsSync } from "fs";
-import { dirname, resolve } from "path";
-import { fileURLToPath } from "url";
 import { mkdir, readFile } from "fs/promises";
-import { dirname as dirname2, join, resolve as resolve2 } from "path";
+import { dirname, join, resolve } from "path";
 import { execa } from "execa";
 import { execa as execa2 } from "execa";
-import { existsSync as existsSync2 } from "fs";
+import { existsSync } from "fs";
 import { mkdir as mkdir2, rm } from "fs/promises";
 import { createServer } from "net";
 import { homedir } from "os";
-import { dirname as dirname3, join as join3, resolve as resolve3 } from "path";
+import { dirname as dirname2, join as join3, resolve as resolve2 } from "path";
 import { execa as execa3 } from "execa";
 function generatePrepareCloudInit(opts) {
   const pubkey = opts.sshPubkey.trim();
@@ -147,146 +148,8 @@ async function pollUntil(label, check, opts = {}) {
     interval = Math.min(interval * 2, max);
   }
 }
-var SCHEMA = 2;
-function preparedStatePath() {
-  return preparedStatePathFor("hetzner");
-}
-function readPreparedState() {
-  const raw = readPreparedStateRaw("hetzner");
-  if (raw === null || typeof raw !== "object") return { schema: SCHEMA };
-  const parsed = raw;
-  if (parsed.schema === 1) {
-    const v1 = parsed;
-    return migrateFromV1(v1);
-  }
-  if (parsed.schema !== SCHEMA) {
-    return { schema: SCHEMA };
-  }
-  return {
-    schema: SCHEMA,
-    base: parsed.base
-  };
-}
-function migrateFromV1(v1) {
-  const base = v1.base ? {
-    imageId: v1.base.imageId,
-    description: v1.base.description,
-    createdAt: v1.base.createdAt,
-    contextSha256: v1.base.installScriptSha256
-  } : void 0;
-  return {
-    schema: SCHEMA,
-    base
-  };
-}
-function writePreparedState(state) {
-  writePreparedStateRaw("hetzner", state);
-}
-function updatePreparedState(mutate) {
-  const s = readPreparedState();
-  mutate(s);
-  writePreparedState(s);
-}
-var SELF = dirname(fileURLToPath(import.meta.url));
-function findStagedCliRuntimeRoot() {
-  const candidates = [
-    resolve(SELF, "..", "runtime"),
-    // <cliRoot>/dist/.. → <cliRoot> then /runtime
-    resolve(SELF, "..", "..", "runtime")
-    // chunk-NNNN.js at <cliRoot>/dist/<sub>/.. → <cliRoot>/runtime
-  ];
-  for (const c of candidates) {
-    if (existsSync(resolve(c, "hetzner", "scripts", "install-box.sh"))) return c;
-  }
-  return void 0;
-}
-var RUNTIME_ASSETS = [
-  { name: "install-box.sh", remoteBasename: "agentbox-install.sh", remoteMode: 493 },
-  { name: "agentbox-ctl", remoteBasename: "agentbox-ctl", remoteMode: 493 },
-  { name: "agentbox-vnc-start", remoteBasename: "agentbox-vnc-start", remoteMode: 493 },
-  { name: "agentbox-dockerd-start", remoteBasename: "agentbox-dockerd-start", remoteMode: 493 },
-  { name: "agentbox-checkpoint-cleanup", remoteBasename: "agentbox-checkpoint-cleanup", remoteMode: 493 },
-  { name: "agentbox-open", remoteBasename: "agentbox-open", remoteMode: 493 },
-  { name: "gh-shim", remoteBasename: "agentbox-gh-shim", remoteMode: 493 },
-  { name: "git-shim", remoteBasename: "agentbox-git-shim", remoteMode: 493 },
-  { name: "custom-system-CLAUDE.md", remoteBasename: "agentbox-custom-CLAUDE.md", remoteMode: 420 },
-  { name: "claude-managed-settings.json", remoteBasename: "agentbox-managed-settings.json", remoteMode: 420 },
-  { name: "agentbox-codex-hooks.json", remoteBasename: "agentbox-codex-hooks.json", remoteMode: 420 },
-  { name: "agentbox-setup-skill.md", remoteBasename: "agentbox-setup-skill.md", remoteMode: 420 }
-];
-function candidatesFor(name, opts = {}) {
-  const cliRoot = opts.cliRuntimeRoot;
-  const monorepo = opts.repoRoot ?? guessRepoRoot();
-  const monorepoRelative = {
-    "install-box.sh": ["packages/sandbox-hetzner/scripts/install-box.sh"],
-    "agentbox-ctl": ["packages/ctl/dist/bin.cjs"],
-    "agentbox-vnc-start": ["packages/sandbox-docker/scripts/agentbox-vnc-start"],
-    "agentbox-dockerd-start": ["packages/sandbox-docker/scripts/agentbox-dockerd-start"],
-    "agentbox-checkpoint-cleanup": ["packages/sandbox-docker/scripts/agentbox-checkpoint-cleanup"],
-    "agentbox-open": ["packages/sandbox-docker/scripts/agentbox-open"],
-    "gh-shim": ["packages/sandbox-docker/scripts/gh-shim"],
-    "git-shim": ["packages/sandbox-docker/scripts/git-shim"],
-    "custom-system-CLAUDE.md": ["packages/sandbox-hetzner/scripts/custom-system-CLAUDE.md"],
-    "claude-managed-settings.json": ["packages/sandbox-docker/scripts/claude-managed-settings.json"],
-    "agentbox-codex-hooks.json": ["packages/sandbox-docker/scripts/agentbox-codex-hooks.json"],
-    "agentbox-setup-skill.md": ["apps/cli/share/agentbox-setup/SKILL.md"]
-  };
-  const cliRelative = {
-    "install-box.sh": ["hetzner/scripts/install-box.sh"],
-    "agentbox-ctl": ["hetzner/ctl.cjs"],
-    "agentbox-vnc-start": ["hetzner/agentbox-vnc-start", "docker/packages/sandbox-docker/scripts/agentbox-vnc-start"],
-    "agentbox-dockerd-start": ["hetzner/agentbox-dockerd-start", "docker/packages/sandbox-docker/scripts/agentbox-dockerd-start"],
-    "agentbox-checkpoint-cleanup": ["hetzner/agentbox-checkpoint-cleanup", "docker/packages/sandbox-docker/scripts/agentbox-checkpoint-cleanup"],
-    "agentbox-open": ["hetzner/agentbox-open", "docker/packages/sandbox-docker/scripts/agentbox-open"],
-    "gh-shim": ["hetzner/gh-shim", "docker/packages/sandbox-docker/scripts/gh-shim"],
-    "git-shim": ["hetzner/git-shim", "docker/packages/sandbox-docker/scripts/git-shim"],
-    "custom-system-CLAUDE.md": ["hetzner/custom-system-CLAUDE.md"],
-    "claude-managed-settings.json": ["hetzner/claude-managed-settings.json", "docker/packages/sandbox-docker/scripts/claude-managed-settings.json"],
-    "agentbox-codex-hooks.json": ["hetzner/agentbox-codex-hooks.json", "docker/packages/sandbox-docker/scripts/agentbox-codex-hooks.json"],
-    "agentbox-setup-skill.md": ["hetzner/agentbox-setup-skill.md", "docker/apps/cli/share/agentbox-setup/SKILL.md"]
-  };
-  const out = [];
-  if (cliRoot) {
-    for (const rel of cliRelative[name] ?? []) out.push(resolve(cliRoot, rel));
-  }
-  for (const rel of monorepoRelative[name] ?? []) out.push(resolve(monorepo, rel));
-  return out;
-}
-function resolveRuntimeAssets(opts = {}) {
-  const out = [];
-  const missing = [];
-  for (const asset of RUNTIME_ASSETS) {
-    const cands = candidatesFor(asset.name, opts);
-    const hit = cands.find((p) => existsSync(p));
-    if (!hit) {
-      missing.push({ name: asset.name, tried: cands });
-      continue;
-    }
-    out.push({ ...asset, localPath: hit });
-  }
-  if (missing.length > 0) {
-    const lines = missing.flatMap((m) => [`  - ${m.name}: tried`, ...m.tried.map((p) => `      ${p}`)]);
-    throw new Error(
-      `hetzner: could not resolve runtime assets \u2014 these files are needed to install on the prepare VPS:
-` + lines.join("\n") + `
-If you are running from the monorepo, ensure \`pnpm -w build\` has run so packages/ctl/dist/bin.cjs exists. If you are running from a published CLI bundle, the runtime/hetzner tree should be staged automatically.`
-    );
-  }
-  return out;
-}
-function guessRepoRoot() {
-  let cur = SELF;
-  for (let i = 0; i < 8; i++) {
-    if (existsSync(resolve(cur, "pnpm-workspace.yaml"))) return cur;
-    const parent = dirname(cur);
-    if (parent === cur) break;
-    cur = parent;
-  }
-  return SELF;
-}
 async function mintSshKey(targetDir, comment) {
-  const dir = resolve2(targetDir);
+  const dir = resolve(targetDir);
   const priv = join(dir, "id_ed25519");
   const pub = `${priv}.pub`;
   await mkdir(dir, { recursive: true, mode: 448 });
@@ -299,14 +162,14 @@ async function mintSshKey(targetDir, comment) {
   return { dir, privatePath: priv, publicPath: pub, publicKey };
 }
 async function mintPrepareKey() {
-  const root = resolve2(homedirOrCwd(), ".agentbox", "hetzner", `prepare-${Date.now().toString(36)}`);
+  const root = resolve(homedirOrCwd(), ".agentbox", "hetzner", `prepare-${Date.now().toString(36)}`);
   const key = await mintSshKey(root, `agentbox-prepare-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-")}`);
   return {
     ...key,
     cleanup: async () => {
       try {
         const { rm: rm3 } = await import("fs/promises");
-        await rm3(dirname2(key.privatePath), { recursive: true, force: true });
+        await rm3(dirname(key.privatePath), { recursive: true, force: true });
       } catch {
       }
     }
@@ -633,7 +496,7 @@ var prepareHetznerProvider = (req) => prepareHetzner({
 async function ensureHetznerBaseSnapshot() {
   const state = readPreparedState();
   if (state.base !== void 0) return;
-  throw new Error(
+  throw new UserFacingError(
     "no Hetzner base snapshot found.\nRun `agentbox prepare --provider hetzner` first (Hetzner cannot build images from a Dockerfile,\nso the base snapshot is a one-time prerequisite for cloud boxes on this backend)."
   );
 }
@@ -661,11 +524,11 @@ var SshTunnelManager = class {
       boxSshDir,
       forwards: /* @__PURE__ */ new Map()
     };
-    if (existsSync2(controlPath) && await this.isAlive(controlPath)) {
+    if (existsSync(controlPath) && await this.isAlive(controlPath)) {
       this.boxes.set(opts.boxId, tunnel);
       return;
     }
-    if (existsSync2(controlPath)) {
+    if (existsSync(controlPath)) {
       await rm(controlPath, { force: true });
     }
     const connectTimeout = opts.connectTimeoutSeconds ?? 10;
@@ -697,7 +560,7 @@ var SshTunnelManager = class {
       `${user}@${opts.vpsHost}`
     ];
     const res = await execa3("ssh", argv, { reject: false });
-    if (res.exitCode !== 0 || !existsSync2(controlPath)) {
+    if (res.exitCode !== 0 || !existsSync(controlPath)) {
       throw new Error(
         `ssh ControlMaster failed for ${opts.boxId} (exit ${String(res.exitCode)}): ${res.stderr || res.stdout || "(no output)"}`
       );
@@ -759,7 +622,7 @@ var SshTunnelManager = class {
     const existing = this.boxes.get(opts.boxId);
     if (existing) {
       const alive = await this.isAlive(existing.controlPath);
-      if (!alive && existsSync2(existing.controlPath)) {
+      if (!alive && existsSync(existing.controlPath)) {
         try {
           await execa3(
             "ssh",
@@ -798,7 +661,7 @@ var SshTunnelManager = class {
   async close(boxId) {
     const tunnel = this.boxes.get(boxId);
     if (!tunnel) return;
-    if (existsSync2(tunnel.controlPath)) {
+    if (existsSync(tunnel.controlPath)) {
       await execa3("ssh", ["-O", "exit", "-S", tunnel.controlPath, "dummy"], { reject: false });
       await rm(tunnel.controlPath, { force: true });
     }
@@ -844,7 +707,7 @@ var SshTunnelManager = class {
   }
 };
 function defaultBoxSshDir(boxId) {
-  return resolve3(homedir(), ".agentbox", "boxes", boxId, "ssh");
+  return resolve2(homedir(), ".agentbox", "boxes", boxId, "ssh");
 }
 async function pickFreePort() {
   return new Promise((resolveOk, reject) => {
@@ -976,7 +839,7 @@ async function ensureLiveTarget(sandboxId) {
     throw new Error(`hetzner: server ${String(id)} has no IPv4 address`);
   }
   const state = await ensurePerBoxState(sandboxId);
-  if (!existsSync3(state.identity)) {
+  if (!existsSync2(state.identity)) {
     throw new Error(
       `hetzner: per-box SSH key missing for sandbox ${sandboxId} (expected at ${state.identity}). If this box was created by a different host, you'll need to re-create it on this host.`
     );
@@ -1068,14 +931,6 @@ var hetznerBackend = {
       }
       await ensureTunnel(sandboxId, state, vpsIp);
       progress("ssh up; ControlMaster open");
-      const liveTarget = buildSshTarget(state, vpsIp, tunnels.controlPath(sandboxId));
-      try {
-        await pushHetznerAgentCredentials(liveTarget, onLog);
-      } catch (credErr) {
-        onLog(
-          `hetzner: WARN \u2014 agent credential push failed (${credErr instanceof Error ? credErr.message : String(credErr)}); in-box claude/codex/opencode will prompt for interactive login`
-        );
-      }
       return { sandboxId };
     } catch (err) {
       if (serverId !== null) {
@@ -1095,10 +950,10 @@ var hetznerBackend = {
         }
       }
       try {
-        if (existsSync3(key.dir)) await rm2(key.dir, { recursive: true, force: true });
+        if (existsSync2(key.dir)) await rm2(key.dir, { recursive: true, force: true });
         if (serverId !== null) {
           const finalDir = perBoxDir(String(serverId));
-          if (existsSync3(finalDir)) await rm2(finalDir, { recursive: true, force: true });
+          if (existsSync2(finalDir)) await rm2(finalDir, { recursive: true, force: true });
         }
       } catch {
       }
@@ -1322,58 +1177,13 @@ var hetznerBackend = {
     }
   }
 };
-async function pushHetznerAgentCredentials(target, log) {
-  const specs = [
-    { kind: "claude", stage: stageClaudeCredentialsForUpload, dest: "/home/vscode/.agentbox-creds/claude" },
-    { kind: "codex", stage: stageCodexCredentialsForUpload, dest: "/home/vscode/.agentbox-creds/codex" },
-    { kind: "opencode", stage: stageOpencodeCredentialsForUpload, dest: "/home/vscode/.agentbox-creds/opencode" }
-  ];
-  for (const spec of specs) {
-    const staged = await spec.stage();
-    for (const w of staged.warnings) log(`hetzner: [${spec.kind}-creds] ${w}`);
-    try {
-      if (!staged.tarballPath) {
-        log(`hetzner: ${spec.kind}: no host credentials to push (skipping)`);
-        continue;
-      }
-      const remote = `/tmp/agentbox-${spec.kind}-creds.tar.gz`;
-      const argv = [
-        ...sshOptArgs(target),
-        staged.tarballPath,
-        `${target.user}@${target.host}:${remote}`
-      ];
-      const scpRes = await execa4("scp", argv, { reject: false, timeout: 12e4 });
-      if (scpRes.exitCode !== 0) {
-        throw new Error(
-          `scp ${spec.kind} credentials failed (exit ${String(scpRes.exitCode)}): ${scpRes.stderr ?? ""}`
-        );
-      }
-      const extract = await execa4(
-        "ssh",
-        [
-          ...sshOptArgs(target),
-          `${target.user}@${target.host}`,
-          `sudo -u vscode mkdir -p ${spec.dest} && sudo -u vscode tar -xzf ${remote} -C ${spec.dest} --no-same-permissions --no-same-owner -m && rm -f ${remote}`
-        ],
-        { reject: false, timeout: 3e4 }
-      );
-      if (extract.exitCode !== 0) {
-        throw new Error(
-          `${spec.kind} credential extract failed (exit ${String(extract.exitCode)}): ${extract.stderr ?? ""}`
-        );
-      }
-      log(`hetzner: ${spec.kind}: credentials pushed`);
-    } finally {
-      await staged.cleanup();
-    }
-  }
-}
 var cloudProvider = createCloudProvider(hetznerBackend, {
   defaultResources: { cpu: 2, memory: 4, disk: 40 }
 });
 var hetznerProvider = {
   ...cloudProvider,
-  prepare: prepareHetznerProvider
+  prepare: prepareHetznerProvider,
+  baseFingerprint: () => currentHetznerBaseFingerprintLive()
 };
 export {
   DEFAULT_HCLOUD_ENDPOINT,
@@ -1382,6 +1192,7 @@ export {
   RUNTIME_ASSETS,
   candidatesFor,
   createPerBoxFirewall,
+  currentHetznerBaseFingerprintLive,
   deletePerBoxFirewall,
   detectEgressIp,
   ensureHetznerBaseSnapshot,
@@ -1417,4 +1228,4 @@ export {
   withHetznerRetry,
   writePreparedState
 };
-//# sourceMappingURL=dist-SWUOU34W.js.map
+//# sourceMappingURL=dist-J2IHD5T7.js.map