@madarco/agentbox 0.13.0 → 0.15.0

package/dist/{dist-7KVUIKJX.js → dist-AGTIA7AD.js}

@@ -2,61 +2,62 @@
 import {
   DEFAULT_HCLOUD_ENDPOINT,
   HetznerApiError,
+  RUNTIME_ASSETS,
+  candidatesFor,
   createPerBoxFirewall,
+  currentHetznerBaseFingerprintLive,
   deletePerBoxFirewall,
   detectEgressIp,
   ensureHetznerCredentials,
   ensureHetznerEnvLoaded,
+  findStagedCliRuntimeRoot,
   isAttemptTimeout,
   isRetriable,
   makeHetznerClient,
   maskKey,
   normalizeSourceCidr,
+  preparedStatePath,
   readHetznerCredStatus,
+  readPreparedState,
+  resolveRuntimeAssets,
   secretsPath,
   sshOnlyInboundRule,
   syncFirewallSource,
-  withHetznerRetry
-} from "./chunk-R5XIDQFR.js";
+  updatePreparedState,
+  withHetznerRetry,
+  writePreparedState
+} from "./chunk-BKU34KYY.js";
 import {
   createCloudProvider
-} from "./chunk-4NQXNQ53.js";
+} from "./chunk-E7CHS7ZR.js";
 import {
-  stageClaudeCredentialsForUpload,
+  UserFacingError,
   stageClaudeStaticForUpload,
-  stageCodexCredentialsForUpload,
   stageCodexStaticForUpload,
-  stageOpencodeCredentialsForUpload,
   stageOpencodeStaticForUpload
-} from "./chunk-B4QG2MCW.js";
+} from "./chunk-MLMFNN4T.js";
 import {
   computeContextSha256,
-  preparedStatePathFor,
-  readCliStamp,
-  readPreparedStateRaw,
-  writePreparedStateRaw
-} from "./chunk-SNTHHWKY.js";
+  readCliStamp
+} from "./chunk-XKH7NTT7.js";
 import "./chunk-G3H2L3O2.js";
 
 // ../../packages/sandbox-hetzner/dist/index.js
-import { existsSync as existsSync3 } from "fs";
+import { existsSync as existsSync2 } from "fs";
 import { rm as rm2, rename, mkdir as mkdir3 } from "fs/promises";
 import { join as join4 } from "path";
 import { execa as execa4 } from "execa";
 import { resolve as resolvePath } from "path";
 import { join as join2 } from "path";
-import { existsSync } from "fs";
-import { dirname, resolve } from "path";
-import { fileURLToPath } from "url";
 import { mkdir, readFile } from "fs/promises";
-import { dirname as dirname2, join, resolve as resolve2 } from "path";
+import { dirname, join, resolve } from "path";
 import { execa } from "execa";
 import { execa as execa2 } from "execa";
-import { existsSync as existsSync2 } from "fs";
+import { existsSync } from "fs";
 import { mkdir as mkdir2, rm } from "fs/promises";
 import { createServer } from "net";
 import { homedir } from "os";
-import { dirname as dirname3, join as join3, resolve as resolve3 } from "path";
+import { dirname as dirname2, join as join3, resolve as resolve2 } from "path";
 import { execa as execa3 } from "execa";
 function generatePrepareCloudInit(opts) {
   const pubkey = opts.sshPubkey.trim();
@@ -147,146 +148,8 @@ async function pollUntil(label, check, opts = {}) {
     interval = Math.min(interval * 2, max);
   }
 }
-var SCHEMA = 2;
-function preparedStatePath() {
-  return preparedStatePathFor("hetzner");
-}
-function readPreparedState() {
-  const raw = readPreparedStateRaw("hetzner");
-  if (raw === null || typeof raw !== "object") return { schema: SCHEMA };
-  const parsed = raw;
-  if (parsed.schema === 1) {
-    const v1 = parsed;
-    return migrateFromV1(v1);
-  }
-  if (parsed.schema !== SCHEMA) {
-    return { schema: SCHEMA };
-  }
-  return {
-    schema: SCHEMA,
-    base: parsed.base
-  };
-}
-function migrateFromV1(v1) {
-  const base = v1.base ? {
-    imageId: v1.base.imageId,
-    description: v1.base.description,
-    createdAt: v1.base.createdAt,
-    contextSha256: v1.base.installScriptSha256
-  } : void 0;
-  return {
-    schema: SCHEMA,
-    base
-  };
-}
-function writePreparedState(state) {
-  writePreparedStateRaw("hetzner", state);
-}
-function updatePreparedState(mutate) {
-  const s = readPreparedState();
-  mutate(s);
-  writePreparedState(s);
-}
-var SELF = dirname(fileURLToPath(import.meta.url));
-function findStagedCliRuntimeRoot() {
-  const candidates = [
-    resolve(SELF, "..", "runtime"),
-    // <cliRoot>/dist/.. → <cliRoot> then /runtime
-    resolve(SELF, "..", "..", "runtime")
-    // chunk-NNNN.js at <cliRoot>/dist/<sub>/.. → <cliRoot>/runtime
-  ];
-  for (const c of candidates) {
-    if (existsSync(resolve(c, "hetzner", "scripts", "install-box.sh"))) return c;
-  }
-  return void 0;
-}
-var RUNTIME_ASSETS = [
-  { name: "install-box.sh", remoteBasename: "agentbox-install.sh", remoteMode: 493 },
-  { name: "agentbox-ctl", remoteBasename: "agentbox-ctl", remoteMode: 493 },
-  { name: "agentbox-vnc-start", remoteBasename: "agentbox-vnc-start", remoteMode: 493 },
-  { name: "agentbox-dockerd-start", remoteBasename: "agentbox-dockerd-start", remoteMode: 493 },
-  { name: "agentbox-checkpoint-cleanup", remoteBasename: "agentbox-checkpoint-cleanup", remoteMode: 493 },
-  { name: "agentbox-open", remoteBasename: "agentbox-open", remoteMode: 493 },
-  { name: "gh-shim", remoteBasename: "agentbox-gh-shim", remoteMode: 493 },
-  { name: "git-shim", remoteBasename: "agentbox-git-shim", remoteMode: 493 },
-  { name: "custom-system-CLAUDE.md", remoteBasename: "agentbox-custom-CLAUDE.md", remoteMode: 420 },
-  { name: "claude-managed-settings.json", remoteBasename: "agentbox-managed-settings.json", remoteMode: 420 },
-  { name: "agentbox-codex-hooks.json", remoteBasename: "agentbox-codex-hooks.json", remoteMode: 420 },
-  { name: "agentbox-setup-skill.md", remoteBasename: "agentbox-setup-skill.md", remoteMode: 420 }
-];
-function candidatesFor(name, opts = {}) {
-  const cliRoot = opts.cliRuntimeRoot;
-  const monorepo = opts.repoRoot ?? guessRepoRoot();
-  const monorepoRelative = {
-    "install-box.sh": ["packages/sandbox-hetzner/scripts/install-box.sh"],
-    "agentbox-ctl": ["packages/ctl/dist/bin.cjs"],
-    "agentbox-vnc-start": ["packages/sandbox-docker/scripts/agentbox-vnc-start"],
-    "agentbox-dockerd-start": ["packages/sandbox-docker/scripts/agentbox-dockerd-start"],
-    "agentbox-checkpoint-cleanup": ["packages/sandbox-docker/scripts/agentbox-checkpoint-cleanup"],
-    "agentbox-open": ["packages/sandbox-docker/scripts/agentbox-open"],
-    "gh-shim": ["packages/sandbox-docker/scripts/gh-shim"],
-    "git-shim": ["packages/sandbox-docker/scripts/git-shim"],
-    "custom-system-CLAUDE.md": ["packages/sandbox-hetzner/scripts/custom-system-CLAUDE.md"],
-    "claude-managed-settings.json": ["packages/sandbox-docker/scripts/claude-managed-settings.json"],
-    "agentbox-codex-hooks.json": ["packages/sandbox-docker/scripts/agentbox-codex-hooks.json"],
-    "agentbox-setup-skill.md": ["apps/cli/share/agentbox-setup/SKILL.md"]
-  };
-  const cliRelative = {
-    "install-box.sh": ["hetzner/scripts/install-box.sh"],
-    "agentbox-ctl": ["hetzner/ctl.cjs"],
-    "agentbox-vnc-start": ["hetzner/agentbox-vnc-start", "docker/packages/sandbox-docker/scripts/agentbox-vnc-start"],
-    "agentbox-dockerd-start": ["hetzner/agentbox-dockerd-start", "docker/packages/sandbox-docker/scripts/agentbox-dockerd-start"],
-    "agentbox-checkpoint-cleanup": ["hetzner/agentbox-checkpoint-cleanup", "docker/packages/sandbox-docker/scripts/agentbox-checkpoint-cleanup"],
-    "agentbox-open": ["hetzner/agentbox-open", "docker/packages/sandbox-docker/scripts/agentbox-open"],
-    "gh-shim": ["hetzner/gh-shim", "docker/packages/sandbox-docker/scripts/gh-shim"],
-    "git-shim": ["hetzner/git-shim", "docker/packages/sandbox-docker/scripts/git-shim"],
-    "custom-system-CLAUDE.md": ["hetzner/custom-system-CLAUDE.md"],
-    "claude-managed-settings.json": ["hetzner/claude-managed-settings.json", "docker/packages/sandbox-docker/scripts/claude-managed-settings.json"],
-    "agentbox-codex-hooks.json": ["hetzner/agentbox-codex-hooks.json", "docker/packages/sandbox-docker/scripts/agentbox-codex-hooks.json"],
-    "agentbox-setup-skill.md": ["hetzner/agentbox-setup-skill.md", "docker/apps/cli/share/agentbox-setup/SKILL.md"]
-  };
-  const out = [];
-  if (cliRoot) {
-    for (const rel of cliRelative[name] ?? []) out.push(resolve(cliRoot, rel));
-  }
-  for (const rel of monorepoRelative[name] ?? []) out.push(resolve(monorepo, rel));
-  return out;
-}
-function resolveRuntimeAssets(opts = {}) {
-  const out = [];
-  const missing = [];
-  for (const asset of RUNTIME_ASSETS) {
-    const cands = candidatesFor(asset.name, opts);
-    const hit = cands.find((p) => existsSync(p));
-    if (!hit) {
-      missing.push({ name: asset.name, tried: cands });
-      continue;
-    }
-    out.push({ ...asset, localPath: hit });
-  }
-  if (missing.length > 0) {
-    const lines = missing.flatMap((m) => [`  - ${m.name}: tried`, ...m.tried.map((p) => `      ${p}`)]);
-    throw new Error(
-      `hetzner: could not resolve runtime assets \u2014 these files are needed to install on the prepare VPS:
-` + lines.join("\n") + `
-
-If you are running from the monorepo, ensure \`pnpm -w build\` has run so packages/ctl/dist/bin.cjs exists. If you are running from a published CLI bundle, the runtime/hetzner tree should be staged automatically.`
-    );
-  }
-  return out;
-}
-function guessRepoRoot() {
-  let cur = SELF;
-  for (let i = 0; i < 8; i++) {
-    if (existsSync(resolve(cur, "pnpm-workspace.yaml"))) return cur;
-    const parent = dirname(cur);
-    if (parent === cur) break;
-    cur = parent;
-  }
-  return SELF;
-}
 async function mintSshKey(targetDir, comment) {
-  const dir = resolve2(targetDir);
+  const dir = resolve(targetDir);
   const priv = join(dir, "id_ed25519");
   const pub = `${priv}.pub`;
   await mkdir(dir, { recursive: true, mode: 448 });
@@ -299,14 +162,14 @@ async function mintSshKey(targetDir, comment) {
   return { dir, privatePath: priv, publicPath: pub, publicKey };
 }
 async function mintPrepareKey() {
-  const root = resolve2(homedirOrCwd(), ".agentbox", "hetzner", `prepare-${Date.now().toString(36)}`);
+  const root = resolve(homedirOrCwd(), ".agentbox", "hetzner", `prepare-${Date.now().toString(36)}`);
   const key = await mintSshKey(root, `agentbox-prepare-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-")}`);
   return {
     ...key,
     cleanup: async () => {
       try {
         const { rm: rm3 } = await import("fs/promises");
-        await rm3(dirname2(key.privatePath), { recursive: true, force: true });
+        await rm3(dirname(key.privatePath), { recursive: true, force: true });
       } catch {
       }
     }
@@ -633,7 +496,7 @@ var prepareHetznerProvider = (req) => prepareHetzner({
 async function ensureHetznerBaseSnapshot() {
   const state = readPreparedState();
   if (state.base !== void 0) return;
-  throw new Error(
+  throw new UserFacingError(
     "no Hetzner base snapshot found.\nRun `agentbox prepare --provider hetzner` first (Hetzner cannot build images from a Dockerfile,\nso the base snapshot is a one-time prerequisite for cloud boxes on this backend)."
   );
 }
@@ -661,11 +524,11 @@ var SshTunnelManager = class {
       boxSshDir,
       forwards: /* @__PURE__ */ new Map()
     };
-    if (existsSync2(controlPath) && await this.isAlive(controlPath)) {
+    if (existsSync(controlPath) && await this.isAlive(controlPath)) {
       this.boxes.set(opts.boxId, tunnel);
       return;
     }
-    if (existsSync2(controlPath)) {
+    if (existsSync(controlPath)) {
       await rm(controlPath, { force: true });
     }
     const connectTimeout = opts.connectTimeoutSeconds ?? 10;
@@ -697,7 +560,7 @@ var SshTunnelManager = class {
       `${user}@${opts.vpsHost}`
     ];
     const res = await execa3("ssh", argv, { reject: false });
-    if (res.exitCode !== 0 || !existsSync2(controlPath)) {
+    if (res.exitCode !== 0 || !existsSync(controlPath)) {
       throw new Error(
         `ssh ControlMaster failed for ${opts.boxId} (exit ${String(res.exitCode)}): ${res.stderr || res.stdout || "(no output)"}`
       );
@@ -759,7 +622,7 @@ var SshTunnelManager = class {
     const existing = this.boxes.get(opts.boxId);
     if (existing) {
       const alive = await this.isAlive(existing.controlPath);
-      if (!alive && existsSync2(existing.controlPath)) {
+      if (!alive && existsSync(existing.controlPath)) {
         try {
           await execa3(
             "ssh",
@@ -798,7 +661,7 @@ var SshTunnelManager = class {
   async close(boxId) {
     const tunnel = this.boxes.get(boxId);
     if (!tunnel) return;
-    if (existsSync2(tunnel.controlPath)) {
+    if (existsSync(tunnel.controlPath)) {
       await execa3("ssh", ["-O", "exit", "-S", tunnel.controlPath, "dummy"], { reject: false });
       await rm(tunnel.controlPath, { force: true });
     }
@@ -844,7 +707,7 @@ var SshTunnelManager = class {
   }
 };
 function defaultBoxSshDir(boxId) {
-  return resolve3(homedir(), ".agentbox", "boxes", boxId, "ssh");
+  return resolve2(homedir(), ".agentbox", "boxes", boxId, "ssh");
 }
 async function pickFreePort() {
   return new Promise((resolveOk, reject) => {
@@ -976,7 +839,7 @@ async function ensureLiveTarget(sandboxId) {
     throw new Error(`hetzner: server ${String(id)} has no IPv4 address`);
   }
   const state = await ensurePerBoxState(sandboxId);
-  if (!existsSync3(state.identity)) {
+  if (!existsSync2(state.identity)) {
     throw new Error(
       `hetzner: per-box SSH key missing for sandbox ${sandboxId} (expected at ${state.identity}). If this box was created by a different host, you'll need to re-create it on this host.`
     );
@@ -1068,14 +931,6 @@ var hetznerBackend = {
       }
       await ensureTunnel(sandboxId, state, vpsIp);
       progress("ssh up; ControlMaster open");
-      const liveTarget = buildSshTarget(state, vpsIp, tunnels.controlPath(sandboxId));
-      try {
-        await pushHetznerAgentCredentials(liveTarget, onLog);
-      } catch (credErr) {
-        onLog(
-          `hetzner: WARN \u2014 agent credential push failed (${credErr instanceof Error ? credErr.message : String(credErr)}); in-box claude/codex/opencode will prompt for interactive login`
-        );
-      }
       return { sandboxId };
     } catch (err) {
       if (serverId !== null) {
@@ -1095,10 +950,10 @@ var hetznerBackend = {
         }
       }
       try {
-        if (existsSync3(key.dir)) await rm2(key.dir, { recursive: true, force: true });
+        if (existsSync2(key.dir)) await rm2(key.dir, { recursive: true, force: true });
         if (serverId !== null) {
           const finalDir = perBoxDir(String(serverId));
-          if (existsSync3(finalDir)) await rm2(finalDir, { recursive: true, force: true });
+          if (existsSync2(finalDir)) await rm2(finalDir, { recursive: true, force: true });
         }
       } catch {
       }
@@ -1322,58 +1177,13 @@ var hetznerBackend = {
     }
   }
 };
-async function pushHetznerAgentCredentials(target, log) {
-  const specs = [
-    { kind: "claude", stage: stageClaudeCredentialsForUpload, dest: "/home/vscode/.agentbox-creds/claude" },
-    { kind: "codex", stage: stageCodexCredentialsForUpload, dest: "/home/vscode/.agentbox-creds/codex" },
-    { kind: "opencode", stage: stageOpencodeCredentialsForUpload, dest: "/home/vscode/.agentbox-creds/opencode" }
-  ];
-  for (const spec of specs) {
-    const staged = await spec.stage();
-    for (const w of staged.warnings) log(`hetzner: [${spec.kind}-creds] ${w}`);
-    try {
-      if (!staged.tarballPath) {
-        log(`hetzner: ${spec.kind}: no host credentials to push (skipping)`);
-        continue;
-      }
-      const remote = `/tmp/agentbox-${spec.kind}-creds.tar.gz`;
-      const argv = [
-        ...sshOptArgs(target),
-        staged.tarballPath,
-        `${target.user}@${target.host}:${remote}`
-      ];
-      const scpRes = await execa4("scp", argv, { reject: false, timeout: 12e4 });
-      if (scpRes.exitCode !== 0) {
-        throw new Error(
-          `scp ${spec.kind} credentials failed (exit ${String(scpRes.exitCode)}): ${scpRes.stderr ?? ""}`
-        );
-      }
-      const extract = await execa4(
-        "ssh",
-        [
-          ...sshOptArgs(target),
-          `${target.user}@${target.host}`,
-          `sudo -u vscode mkdir -p ${spec.dest} && sudo -u vscode tar -xzf ${remote} -C ${spec.dest} --no-same-permissions --no-same-owner -m && rm -f ${remote}`
-        ],
-        { reject: false, timeout: 3e4 }
-      );
-      if (extract.exitCode !== 0) {
-        throw new Error(
-          `${spec.kind} credential extract failed (exit ${String(extract.exitCode)}): ${extract.stderr ?? ""}`
-        );
-      }
-      log(`hetzner: ${spec.kind}: credentials pushed`);
-    } finally {
-      await staged.cleanup();
-    }
-  }
-}
 var cloudProvider = createCloudProvider(hetznerBackend, {
   defaultResources: { cpu: 2, memory: 4, disk: 40 }
 });
 var hetznerProvider = {
   ...cloudProvider,
-  prepare: prepareHetznerProvider
+  prepare: prepareHetznerProvider,
+  baseFingerprint: () => currentHetznerBaseFingerprintLive()
 };
 export {
   DEFAULT_HCLOUD_ENDPOINT,
@@ -1382,6 +1192,7 @@ export {
   RUNTIME_ASSETS,
   candidatesFor,
   createPerBoxFirewall,
+  currentHetznerBaseFingerprintLive,
   deletePerBoxFirewall,
   detectEgressIp,
   ensureHetznerBaseSnapshot,
@@ -1417,4 +1228,4 @@ export {
   withHetznerRetry,
   writePreparedState
 };
-//# sourceMappingURL=dist-7KVUIKJX.js.map
+//# sourceMappingURL=dist-AGTIA7AD.js.map