@madarco/agentbox 0.4.0 → 0.5.0

package/dist/{chunk-3NCUES35.js → chunk-6VTAPD4H.js}

@@ -3,9 +3,11 @@ import {
   ConfigError,
   VNC_CONTAINER_PORT,
   WEB_CONTAINER_PORT,
+  bindWorktrees,
   buildClaudeMounts,
   buildIdeMounts,
-  createBoxWorktree,
+  chownGitBindParents,
+  collectRepoCarryOver,
   createSnapshot,
   cursorServerVolumeName,
   detectGitRepos,
@@ -15,43 +17,45 @@ import {
   ensureRelay,
   generateRelayToken,
   generateVncPassword,
+  gitWorktreePathFor,
   launchCtlDaemon,
   launchDockerdDaemon,
   launchVncDaemon,
   loadConfig,
-  mountOverlay,
+  pickFreshBranch,
   registerBoxWithRelay,
   rehydrateRelayRegistry,
   repairIdeOwnership,
   resolveClaudeVolume,
+  seedSetupSkillIntoVolume,
+  seedWorkspace,
+  seedWorkspaceFromDir,
   snapshotPathFor,
-  verifyOverlay,
   vscodeServerVolumeName
-} from "./chunk-MOC54XL6.js";
+} from "./chunk-PXUBE5KS.js";
 import {
   allocateProjectIndex,
   readState,
   recordBox
-} from "./chunk-IDR4HVIC.js";
+} from "./chunk-HPZMD5DE.js";
 import {
-  CHECKPOINT_MOUNT,
   CONTAINER_EXPORT_MERGED,
-  CONTAINER_EXPORT_UPPER,
   DEFAULT_BOX_IMAGE,
   DEFAULT_ENV_PATTERNS,
   boxRunDirFor,
   containerExists,
   copyHostEnvFilesToBox,
+  copyHostFilesToBox,
   dockerInfo,
   dockerStorageDriver,
   ensureImage,
   ensureVolume,
   publishedHostPort,
-  resolveCheckpointLower,
+  resolveCheckpoint,
   runBox
-} from "./chunk-SOMIKEN2.js";
+} from "./chunk-RFC5F5HR.js";
 
-// ../../packages/sandbox-docker/dist/chunk-BC7AYNLK.js
+// ../../packages/sandbox-docker/dist/chunk-NCSJPHDB.js
 import { randomBytes } from "crypto";
 import { mkdir, stat } from "fs/promises";
 import { homedir } from "os";
@@ -147,11 +151,29 @@ async function createBox(opts) {
   }
   await dockerInfo();
   log("docker daemon reachable");
-  const imageRef = opts.image ?? DEFAULT_BOX_IMAGE;
-  const { built } = await ensureImage(imageRef, {
+  let checkpointImage;
+  let checkpointSource;
+  let restoredWorktrees;
+  if (opts.checkpointRef) {
+    const projectRootForCkpt = opts.projectRoot ?? workspace;
+    const head = await resolveCheckpoint(projectRootForCkpt, opts.checkpointRef);
+    if (!head) {
+      throw new Error(`checkpoint not found: ${opts.checkpointRef}`);
+    }
+    checkpointImage = head.manifest.image;
+    const chain = [head.name, ...head.manifest.parents];
+    checkpointSource = { ref: opts.checkpointRef, type: head.manifest.type, chain };
+    restoredWorktrees = head.manifest.worktrees;
+    log(
+      `starting from checkpoint ${opts.checkpointRef} (${head.manifest.type}, ${String(chain.length)} layer(s), image ${head.manifest.image})`
+    );
+  }
+  const imageRef = checkpointImage ?? opts.image ?? DEFAULT_BOX_IMAGE;
+  const ensureRef = checkpointImage ? opts.image ?? DEFAULT_BOX_IMAGE : imageRef;
+  const { built } = await ensureImage(ensureRef, {
     onProgress: (line) => log(`[image] ${line}`)
   });
-  log(built ? `built image ${imageRef}` : `using cached image ${imageRef}`);
+  log(built ? `built image ${ensureRef}` : `using cached image ${imageRef}`);
   let relayUp = false;
   try {
     await ensureRelay({ onLog: log });
@@ -168,78 +190,54 @@ async function createBox(opts) {
   if (await containerExists(containerName)) {
     throw new Error(`container ${containerName} already exists; remove it first`);
   }
-  const worktreesRoot = join(boxRunDirFor(id), "worktrees");
-  await mkdir(worktreesRoot, { recursive: true });
+  let projectIndex;
+  if (opts.projectRoot) {
+    projectIndex = allocateProjectIndex(await readState(), opts.projectRoot);
+  }
+  const repoCarryOvers = [];
   const gitWorktreeRecords = [];
-  const nestedWorktreeBinds = [];
-  const repos = await detectGitRepos(workspace);
-  if (repos.length > 0) {
-    log(
-      `detected ${String(repos.length)} git repo(s): ` + repos.map((r) => `${r.kind}${r.relPathFromWorkspace ? "@" + r.relPathFromWorkspace : ""}`).join(", ")
-    );
+  if (checkpointImage && restoredWorktrees && restoredWorktrees.length > 0) {
+    gitWorktreeRecords.push(...restoredWorktrees);
   }
-  for (const r of repos) {
-    const worktreeDir = join(worktreesRoot, r.relPathFromWorkspace || "root");
-    const branchBase = r.kind === "root" ? `agentbox/${name}` : `agentbox/${name}--${r.relPathFromWorkspace.replace(/[^A-Za-z0-9._-]+/g, "_")}`;
-    const result = await createBoxWorktree({
-      hostMainRepo: r.hostMainRepo,
-      branchName: branchBase,
-      worktreeDir,
-      onLog: log
-    });
-    const containerPath = r.kind === "root" ? "/workspace" : `/workspace/${r.relPathFromWorkspace}`;
-    gitWorktreeRecords.push({
-      kind: r.kind,
-      hostMainRepo: r.hostMainRepo,
-      hostWorktreeDir: worktreeDir,
-      containerPath,
-      branch: result.branchName,
-      relPathFromWorkspace: r.relPathFromWorkspace
-    });
-    if (r.kind === "nested") {
-      nestedWorktreeBinds.push({
+  if (!checkpointImage) {
+    const repos = await detectGitRepos(workspace);
+    if (repos.length > 0) {
+      log(
+        `detected ${String(repos.length)} git repo(s): ` + repos.map((r) => `${r.kind}${r.relPathFromWorkspace ? "@" + r.relPathFromWorkspace : ""}`).join(", ")
+      );
+    }
+    for (const r of repos) {
+      const branchBase = r.kind === "root" ? `agentbox/${name}` : `agentbox/${name}--${r.relPathFromWorkspace.replace(/[^A-Za-z0-9._-]+/g, "_")}`;
+      const branch = await pickFreshBranch(r.hostMainRepo, branchBase);
+      const containerPath = r.kind === "root" ? "/workspace" : `/workspace/${r.relPathFromWorkspace}`;
+      const gitWorktreePath = gitWorktreePathFor(branch);
+      const carry = await collectRepoCarryOver(r, branch, containerPath, gitWorktreePath);
+      repoCarryOvers.push(carry);
+      gitWorktreeRecords.push({
+        kind: r.kind,
+        hostMainRepo: r.hostMainRepo,
         containerPath,
-        mountFromPath: `/agentbox-worktrees/${r.relPathFromWorkspace}`
+        gitWorktreePath,
+        branch,
+        relPathFromWorkspace: r.relPathFromWorkspace
       });
     }
   }
-  let lowerPath = workspace;
-  const rootWorktree = gitWorktreeRecords.find((w) => w.kind === "root");
-  if (rootWorktree) {
-    lowerPath = rootWorktree.hostWorktreeDir;
-    log(`using worktree as overlay lower: ${lowerPath}`);
-  }
   let snapshotDir = null;
-  if (opts.useSnapshot) {
-    snapshotDir = snapshotPathFor(id);
+  const snapshotIsUseful = !checkpointImage && repoCarryOvers.length === 0;
+  if (opts.useSnapshot && snapshotIsUseful) {
+    snapshotDir = snapshotPathFor({ id, name, projectIndex });
     log(`cloning workspace to ${snapshotDir} (APFS clone where available)`);
-    const snap = await createSnapshot({ source: lowerPath, destination: snapshotDir });
+    const snap = await createSnapshot({ source: workspace, destination: snapshotDir });
     log(`pruned ${snap.prunedPaths.length} platform-dependent dirs from snapshot`);
-    lowerPath = snapshotDir;
-  }
-  let lowerDirs;
-  let checkpointVolume;
-  let checkpointSource;
-  if (opts.checkpointRef) {
-    const projectRootForCkpt = opts.projectRoot ?? workspace;
-    const spec = await resolveCheckpointLower(projectRootForCkpt, opts.checkpointRef);
-    checkpointVolume = spec.volume;
-    const layerDirs = spec.subpaths.map((s) => `${CHECKPOINT_MOUNT}/${s}`);
-    lowerDirs = spec.type === "merged" ? layerDirs : [...layerDirs, "/host-src"];
-    checkpointSource = { ref: opts.checkpointRef, type: spec.type, chain: spec.chain };
-    log(
-      `starting from checkpoint ${opts.checkpointRef} (${spec.type}, ${String(spec.subpaths.length)} layer(s), volume ${spec.volume})`
-    );
+  } else if (opts.useSnapshot && !checkpointImage) {
+    log("skipping --host-snapshot: git worktree path reads content from .git, not from a workspace clone");
   }
-  const upperVolume = `agentbox-upper-${id}`;
-  await ensureVolume(upperVolume);
   await ensureIdeVolumes(id);
   const dockerCacheShared = opts.docker?.sharedCache === true;
   const dockerVolume = dockerVolumeName(id, dockerCacheShared);
   await ensureVolume(dockerVolume);
-  log(
-    `prepared volumes ${upperVolume}, ${vscodeServerVolumeName(id)}, ${cursorServerVolumeName(id)}, ${dockerVolume}`
-  );
+  log(`prepared volumes ${vscodeServerVolumeName(id)}, ${cursorServerVolumeName(id)}, ${dockerVolume}`);
   const ide = buildIdeMounts(id);
   const claudeSpec = resolveClaudeVolume({
     isolate: opts.claudeConfig?.isolate ?? false,
@@ -247,7 +245,7 @@ async function createBox(opts) {
   });
   const claudeEnsured = await ensureClaudeVolume(claudeSpec, {
     syncFromHost: true,
-    image: imageRef,
+    image: ensureRef,
     hostWorkspace: workspace
   });
   if (claudeEnsured.synced) {
@@ -268,33 +266,24 @@ async function createBox(opts) {
   } else {
     log(`reusing volume ${claudeSpec.volume} (no host ~/.claude to sync)`);
   }
+  const seeded = await seedSetupSkillIntoVolume(claudeSpec.volume, ensureRef);
+  if (seeded.seeded) log(`seeded /agentbox-setup skill into ${claudeSpec.volume}`);
   const claudeMounts = buildClaudeMounts(claudeSpec, process.env);
-  const boxDir = boxRunDirFor(id);
+  const boxDir = boxRunDirFor({ id, name, projectIndex });
   const socketDir = join(boxDir, "run");
   const socketPath = join(socketDir, "ctl.sock");
   const mergedExportDir = join(boxDir, "workspace");
-  const upperExportDir = join(boxDir, "upper");
   await mkdir(socketDir, { recursive: true });
   await mkdir(mergedExportDir, { recursive: true });
-  await mkdir(upperExportDir, { recursive: true });
   const extraVolumes = await buildIdentityMounts();
   extraVolumes.push(...claudeMounts.extraVolumes);
   extraVolumes.push(...ide.extraVolumes);
   extraVolumes.push(`${socketDir}:/run/agentbox`);
   extraVolumes.push(`${mergedExportDir}:${CONTAINER_EXPORT_MERGED}`);
-  extraVolumes.push(`${upperExportDir}:${CONTAINER_EXPORT_UPPER}`);
   extraVolumes.push(`${dockerVolume}:/var/lib/docker`);
   for (const w of gitWorktreeRecords) {
     extraVolumes.push(`${w.hostMainRepo}/.git:${w.hostMainRepo}/.git`);
   }
-  for (const w of gitWorktreeRecords) {
-    if (w.kind === "nested") {
-      extraVolumes.push(`${w.hostWorktreeDir}:/agentbox-worktrees/${w.relPathFromWorkspace}`);
-    }
-  }
-  if (checkpointVolume) {
-    extraVolumes.push(`${checkpointVolume}:${CHECKPOINT_MOUNT}:ro`);
-  }
   for (const v of extraVolumes) log(`mounting agent dir: ${v}`);
   const relayToken = generateRelayToken();
   if (relayUp) {
@@ -305,6 +294,7 @@ async function createBox(opts) {
         name,
         containerName,
         createdAt,
+        projectIndex,
         worktrees: gitWorktreeRecords
       });
       log(`registered box token with relay`);
@@ -326,10 +316,6 @@ async function createBox(opts) {
   const webPortMappings = [
     { hostPort: 0, containerPort: WEB_CONTAINER_PORT, hostIp: "127.0.0.1" }
   ];
-  let projectIndex;
-  if (opts.projectRoot) {
-    projectIndex = allocateProjectIndex(await readState(), opts.projectRoot);
-  }
   const agentboxEnv = {
     AGENTBOX: "1",
     AGENTBOX_BOX_NAME: name,
@@ -355,8 +341,6 @@ async function createBox(opts) {
   await runBox({
     name: containerName,
     image: imageRef,
-    lowerPath,
-    upperVolume,
     extraVolumes,
     limits: effectiveLimits,
     portMappings: [...vncPortMappings, ...webPortMappings],
@@ -370,27 +354,45 @@ async function createBox(opts) {
     }
   });
   log(`container ${containerName} started`);
+  if (gitWorktreeRecords.length > 0) {
+    await chownGitBindParents({
+      container: containerName,
+      hostMainRepos: gitWorktreeRecords.map((w) => w.hostMainRepo),
+      onLog: log
+    });
+  }
   const boxEnv = await writeBoxEnvFile(containerName, boxEnvForFile);
   if (boxEnv.ok) log("wrote /etc/agentbox/box.env");
   else log(`writing /etc/agentbox/box.env failed: ${boxEnv.reason}`);
-  try {
-    await mountOverlay(containerName, { lowerDirs, nestedWorktrees: nestedWorktreeBinds });
-    log("fuse-overlayfs mounted at /workspace");
-    if (nestedWorktreeBinds.length > 0) {
-      log(`bind-mounted ${String(nestedWorktreeBinds.length)} nested worktree(s) over /workspace`);
+  if (!checkpointImage) {
+    if (repoCarryOvers.length > 0) {
+      try {
+        await seedWorkspace({ container: containerName, repos: repoCarryOvers, onLog: log });
+        log("seeded /workspace from in-container git worktree(s)");
+      } catch (err) {
+        log(
+          `seedWorkspace failed; leaving ${containerName} running so you can inspect it`
+        );
+        throw err;
+      }
+    } else {
+      const source = snapshotDir ?? workspace;
+      await seedWorkspaceFromDir({ container: containerName, hostSource: source, onLog: log });
     }
-  } catch (err) {
-    log(`overlay mount failed; leaving container ${containerName} running so you can inspect it`);
-    throw err;
-  }
-  const overlayChecks = await verifyOverlay(containerName, lowerDirs ?? ["/host-src"]);
-  const failed = overlayChecks.filter((c) => !c.ok);
-  if (failed.length > 0) {
-    const detail = failed.map((c) => `  - ${c.name}: ${c.detail}`).join("\n");
-    throw new Error(`overlay verification failed:
-${detail}`);
+  } else if (restoredWorktrees && restoredWorktrees.length > 0) {
+    await bindWorktrees(
+      containerName,
+      restoredWorktrees.map((w) => ({
+        kind: w.kind,
+        containerPath: w.containerPath,
+        gitWorktreePath: w.gitWorktreePath
+      })),
+      log
+    );
+    log("re-bound /workspace from checkpoint image");
+  } else {
+    log("using /workspace from checkpoint image (no worktrees recorded; no rebind)");
   }
-  log("overlay verified");
   await repairIdeOwnership(containerName);
   log(".vscode-server + .cursor-server ownership verified");
   const ctl = await launchCtlDaemon(containerName, socketPath);
@@ -437,6 +439,18 @@ ${detail}`);
     });
     log(copied > 0 ? `copied ${String(copied)} env/config file(s)` : "no env/config files found");
   }
+  if (opts.envFilesToImport && opts.envFilesToImport.length > 0) {
+    log(`copying ${String(opts.envFilesToImport.length)} selected env/config file(s) into /workspace`);
+    const { copied } = await copyHostFilesToBox({
+      container: containerName,
+      workspaceDir: workspace,
+      files: opts.envFilesToImport,
+      onLog: log
+    });
+    if (copied !== opts.envFilesToImport.length) {
+      log(`copied ${String(copied)}/${String(opts.envFilesToImport.length)} selected env/config file(s)`);
+    }
+  }
   let vncHostPort = null;
   if (vncEnabled) {
     const vnc = await launchVncDaemon(containerName);
@@ -457,8 +471,6 @@ ${detail}`);
     container: containerName,
     image: imageRef,
     workspacePath: workspace,
-    lowerPath,
-    upperVolume,
     snapshotDir,
     socketPath,
     claudeConfigVolume: claudeSpec.volume,
@@ -478,14 +490,13 @@ ${detail}`);
     dockerCacheShared: dockerCacheShared || void 0,
     projectRoot: opts.projectRoot,
     projectIndex,
-    lowerDirs,
-    checkpointVolume,
+    checkpointImage,
     checkpointSource,
     resourceLimits: persistableLimits(effectiveLimits),
     createdAt
   };
   await recordBox(record);
-  return { record, overlayChecks, imageBuilt: built };
+  return { record, imageBuilt: built };
 }
 
 export {
@@ -493,4 +504,4 @@ export {
   defaultBoxName,
   createBox
 };
-//# sourceMappingURL=chunk-3NCUES35.js.map
+//# sourceMappingURL=chunk-6VTAPD4H.js.map

package/dist/chunk-6VTAPD4H.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../packages/sandbox-docker/src/create.ts","../../../packages/sandbox-docker/src/box-env.ts"],"sourcesContent":["import { randomBytes } from 'node:crypto';\nimport { mkdir, stat } from 'node:fs/promises';\nimport { homedir } from 'node:os';\nimport { basename, join, resolve } from 'node:path';\nimport { execa } from 'execa';\nimport { ConfigError, loadConfig } from '@agentbox/ctl';\nimport {\n  buildClaudeMounts,\n  ensureClaudeVolume,\n  resolveClaudeVolume,\n  seedSetupSkillIntoVolume,\n} from './claude.js';\nimport {\n  type BoxLimitSpec,\n  containerExists,\n  dockerInfo,\n  dockerStorageDriver,\n  ensureVolume,\n  publishedHostPort,\n  runBox,\n} from './docker.js';\nimport { dockerVolumeName, launchDockerdDaemon } from './dockerd.js';\nimport { generateVncPassword, launchVncDaemon, VNC_CONTAINER_PORT } from './vnc.js';\nimport { WEB_CONTAINER_PORT } from './web.js';\nimport { detectGitRepos, pickFreshBranch } from './git-worktree.js';\nimport {\n  bindWorktrees,\n  chownGitBindParents,\n  collectRepoCarryOver,\n  gitWorktreePathFor,\n  seedWorkspace,\n  seedWorkspaceFromDir,\n  type RepoCarryOver,\n} from './in-box-git.js';\nimport {\n  CONTAINER_EXPORT_MERGED,\n  DEFAULT_ENV_PATTERNS,\n  boxRunDirFor,\n  copyHostEnvFilesToBox,\n  copyHostFilesToBox,\n} from './host-export.js';\nimport { DEFAULT_BOX_IMAGE, ensureImage } from './image.js';\nimport {\n  allocateProjectIndex,\n  readState,\n  recordBox,\n  type BoxRecord,\n  type GitWorktreeRecord,\n} from './state.js';\nimport { createSnapshot, snapshotPathFor } from './snapshot.js';\nimport { resolveCheckpoint } from './checkpoint.js';\nimport { launchCtlDaemon } from './ctl.js';\nimport { writeBoxEnvFile } from './box-env.js';\nimport {\n  ensureRelay,\n  generateRelayToken,\n  registerBoxWithRelay,\n  rehydrateRelayRegistry,\n} from './relay.js';\nimport {\n  buildIdeMounts,\n  cursorServerVolumeName,\n  ensureIdeVolumes,\n  repairIdeOwnership,\n  vscodeServerVolumeName,\n} from './vscode.js';\n\nexport interface CreateBoxOptions {\n  workspacePath: string;\n  name?: string;\n  /**\n   * Take a `cp -c` APFS clone of the host workspace into\n   * `~/.agentbox/snapshots/<id>/` before seeding `/workspace`. Stabilizes the\n   * source of the tar pipe in the non-git case (and the untracked-file\n   * pipe in the git case) against host edits during create. Effectively a\n   * no-op when a git worktree is detected — the worktree's tracked content\n   * comes from `.git`, not from a workspace copy.\n   */\n  useSnapshot: boolean;\n  /**\n   * Start the box from a project checkpoint (the `--snapshot <ref>` path).\n   * Resolved against `projectRoot` (or `workspacePath` when unset). The\n   * checkpoint is a local Docker *image* tag now; the box is created with\n   * `docker run <ckpt-image>` and inherits a populated `/workspace`. No\n   * `seedWorkspace` runs in this path.\n   */\n  checkpointRef?: string;\n  image?: string;\n  onLog?: (line: string) => void;\n  /**\n   * Claude Code config volume. When omitted, defaults to `{ isolate: false }` —\n   * every box mounts the shared `agentbox-claude-config` volume at\n   * /home/vscode/.claude so auth / skills / plugins persist across boxes.\n   */\n  claudeConfig?: { isolate: boolean };\n  /** Extra env vars forwarded to the container (merged on top of claude env forwarding). */\n  claudeEnv?: Record<string, string>;\n  /**\n   * When true, run `npm install -g @playwright/cli@latest` inside the box after\n   * `/workspace` is seeded. agent-browser is always installed in the image;\n   * this flag adds the Playwright CLI on top for boxes that need it.\n   */\n  withPlaywright?: boolean;\n  /**\n   * When true, copy the host's env/config files (DEFAULT_ENV_PATTERNS basename\n   * globs — `.env*`, `secrets.toml`, `agentbox.yaml`, ...) into the box's\n   * /workspace after seeding, bypassing gitignore. The reverse of `pull env`.\n   * One-shot at create time; the files persist in the container's writable\n   * layer across pause/stop/start.\n   */\n  withEnv?: boolean;\n  /**\n   * Explicit relative-path file list to copy from `workspacePath` into the\n   * box's /workspace after seeding (no glob expansion, no scan — the list is\n   * pre-vetted, e.g. picked by the wizard's multiselect). Independent of\n   * `withEnv`: if both are set, both run (idempotent on overlapping files).\n   * One-shot at create time; persists across pause/stop/start.\n   */\n  envFilesToImport?: string[];\n  /**\n   * VNC stack (Xvnc on :1 + websockify serving noVNC on container :6080).\n   * Defaults to enabled. The CLI exposes `--no-vnc` for opt-out. Disabling\n   * skips port mapping + password generation + the in-container supervisor\n   * launch; the apt-installed binaries stay in the image but are unused.\n   */\n  vnc?: { enabled: boolean };\n  /**\n   * Docker-in-Docker. Always-on (the in-box dockerd is part of the box\n   * surface). When `sharedCache` is true the per-box `agentbox-docker-<id>`\n   * volume is replaced with the shared `agentbox-docker-cache` volume — image\n   * layers persist across boxes (and `destroy`/`prune` won't remove it).\n   */\n  docker?: { sharedCache: boolean };\n  /**\n   * Absolute host path of the cwd's project at create time. When provided,\n   * `createBox` stamps `projectRoot` + an allocated `projectIndex` on the\n   * BoxRecord so the CLI can auto-pick / resolve by index. The CLI computes\n   * this via `findProjectRoot(workspacePath)` from `@agentbox/config`; this\n   * package stays free of the config dep. Omit for unowned boxes created\n   * directly via the programmatic API.\n   */\n  projectRoot?: string;\n  /**\n   * Container resource ceilings (engine-agnostic: bytes / fractional cpus /\n   * pid count / raw disk size string). Absent fields = unlimited. `disk` is\n   * best-effort: dropped (with a warning via `onLog`) when the engine's\n   * storage driver can't enforce `--storage-opt size=` (overlay2 / macOS).\n   */\n  limits?: BoxLimitSpec;\n}\n\nexport interface CreatedBox {\n  record: BoxRecord;\n  imageBuilt: boolean;\n}\n\n/**\n * Compact the engine-applied limits into the BoxRecord shape: only fields that\n * actually constrain the box (>0 / non-empty). Returns undefined when nothing\n * was applied so legacy/unlimited boxes stay free of the field.\n */\nfunction persistableLimits(\n  lim: BoxLimitSpec | undefined,\n): BoxRecord['resourceLimits'] | undefined {\n  if (!lim) return undefined;\n  const out: NonNullable<BoxRecord['resourceLimits']> = {};\n  if (lim.memoryBytes && lim.memoryBytes > 0) out.memoryBytes = Math.floor(lim.memoryBytes);\n  if (lim.cpus && lim.cpus > 0) out.cpus = lim.cpus;\n  if (lim.pidsLimit && lim.pidsLimit > 0) out.pidsLimit = Math.floor(lim.pidsLimit);\n  if (lim.disk) out.disk = lim.disk;\n  return Object.keys(out).length > 0 ? out : undefined;\n}\n\nfunction generateBoxId(): string {\n  return randomBytes(4).toString('hex');\n}\n\nexport function sanitizeBasename(workspacePath: string): string {\n  const raw = basename(resolve(workspacePath));\n  return raw\n    .toLowerCase()\n    .replace(/[^a-z0-9._-]+/g, '-')\n    .replace(/-+/g, '-')\n    .replace(/^[-._]+|[-._]+$/g, '')\n    .slice(0, 30)\n    .replace(/[-._]+$/, '');\n}\n\nexport function defaultBoxName(workspacePath: string, id: string): string {\n  const base = sanitizeBasename(workspacePath);\n  return base.length > 0 ? `${base}-${id}` : id;\n}\n\nasync function pathExists(p: string): Promise<boolean> {\n  try {\n    await stat(p);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n// ~/.claude is intentionally NOT in this list: it lives in the named volume\n// `agentbox-claude-config` (see resolveClaudeVolume / ensureClaudeVolume) so\n// auth persists inside the container without leaking host state. Only\n// non-claude identity files are bind-mounted from the host.\nasync function buildIdentityMounts(): Promise<string[]> {\n  const home = homedir();\n  const candidates: Array<{ src: string; dst: string; readOnly: boolean }> = [\n    { src: join(home, '.codex'), dst: '/home/vscode/.codex', readOnly: false },\n    { src: join(home, '.gitconfig'), dst: '/home/vscode/.gitconfig', readOnly: true },\n  ];\n  const out: string[] = [];\n  for (const c of candidates) {\n    if (await pathExists(c.src)) {\n      out.push(`${c.src}:${c.dst}${c.readOnly ? ':ro' : ''}`);\n    }\n  }\n  return out;\n}\n\nexport async function createBox(opts: CreateBoxOptions): Promise<CreatedBox> {\n  const log = opts.onLog ?? (() => {});\n  const workspace = resolve(opts.workspacePath);\n  if (!(await pathExists(workspace))) {\n    throw new Error(`workspace does not exist: ${workspace}`);\n  }\n\n  // Pre-flight agentbox.yaml validation on the host so the user sees the real\n  // ConfigError instead of an opaque \"socket did not appear\" timeout from the\n  // detached daemon exec later. The daemon re-validates inside the box anyway\n  // — defence in depth, and necessary because the file lives in the\n  // container's writable layer and can be edited after create.\n  const cfgPath = join(workspace, 'agentbox.yaml');\n  if (await pathExists(cfgPath)) {\n    try {\n      const cfg = await loadConfig(cfgPath);\n      log(`agentbox.yaml validated (${String(cfg.services.length)} service(s))`);\n    } catch (err) {\n      if (err instanceof ConfigError) {\n        throw new Error(`agentbox.yaml validation failed:\\n  ${err.message}`);\n      }\n      throw err;\n    }\n  }\n\n  await dockerInfo();\n  log('docker daemon reachable');\n\n  // Checkpoint resolution happens *before* image ensure because a checkpoint\n  // image replaces the base image as the docker-run base. resolveCheckpoint\n  // returns null on miss; we error with the ref so the user can fix it.\n  let checkpointImage: string | undefined;\n  let checkpointSource: BoxRecord['checkpointSource'];\n  let restoredWorktrees: GitWorktreeRecord[] | undefined;\n  if (opts.checkpointRef) {\n    const projectRootForCkpt = opts.projectRoot ?? workspace;\n    const head = await resolveCheckpoint(projectRootForCkpt, opts.checkpointRef);\n    if (!head) {\n      throw new Error(`checkpoint not found: ${opts.checkpointRef}`);\n    }\n    checkpointImage = head.manifest.image;\n    // Chain: head first then its parents (base-most last). For a flattened\n    // checkpoint this collapses to a single-entry chain.\n    const chain = [head.name, ...head.manifest.parents];\n    checkpointSource = { ref: opts.checkpointRef, type: head.manifest.type, chain };\n    // The source's per-worktree paths persisted on the manifest so we can\n    // re-establish the /workspace bind mount(s) after `docker run` (docker\n    // commit doesn't capture bind-mount content, so the image's /workspace\n    // is empty until we re-bind).\n    restoredWorktrees = head.manifest.worktrees;\n    log(\n      `starting from checkpoint ${opts.checkpointRef} (${head.manifest.type}, ${String(chain.length)} layer(s), image ${head.manifest.image})`,\n    );\n  }\n\n  const imageRef = checkpointImage ?? opts.image ?? DEFAULT_BOX_IMAGE;\n  // ensureImage only acts on the base image; checkpoint images are local-only\n  // and must already exist (they were created by `agentbox checkpoint`).\n  const ensureRef = checkpointImage ? (opts.image ?? DEFAULT_BOX_IMAGE) : imageRef;\n  const { built } = await ensureImage(ensureRef, {\n    onProgress: (line) => log(`[image] ${line}`),\n  });\n  log(built ? `built image ${ensureRef}` : `using cached image ${imageRef}`);\n\n  // Bring up the host relay before the box so the box can post events\n  // immediately on boot. Best-effort — a relay outage shouldn't block create.\n  // Always re-push known box tokens after ensure: the relay's registry is\n  // in-memory, so a daemon restart or `docker restart agentbox-relay` between\n  // CLI invocations leaves it empty. Repushing is idempotent and cheap.\n  let relayUp = false;\n  try {\n    await ensureRelay({ onLog: log });\n    const existing = await readState();\n    await rehydrateRelayRegistry(existing.boxes);\n    relayUp = true;\n  } catch (err) {\n    log(`relay unavailable: ${err instanceof Error ? err.message : String(err)}`);\n  }\n\n  const id = generateBoxId();\n  const name = opts.name ?? defaultBoxName(workspace, id);\n  const containerName = `agentbox-${name}`;\n  const createdAt = new Date().toISOString();\n  if (await containerExists(containerName)) {\n    throw new Error(`container ${containerName} already exists; remove it first`);\n  }\n\n  // Per-project monotonic index. Allocated *here* so it can flow into the\n  // box / snapshot dir segments (`<id>-<n>-<mnemonic>`) and the\n  // `AGENTBOX_PROJECT_INDEX` container env var. Pre-feature legacy boxes\n  // never pass `projectRoot`; those records keep `projectIndex` undefined and\n  // the dir segments fall back to `<id>-<mnemonic>`.\n  let projectIndex: number | undefined;\n  if (opts.projectRoot) {\n    projectIndex = allocateProjectIndex(await readState(), opts.projectRoot);\n  }\n\n  // Repo detection + host-side carry-over capture. Branches are picked here\n  // (against the host main repos' refs) so they're recorded on the BoxRecord\n  // regardless of whether the in-container `git worktree add` succeeds later.\n  // When restoring from a checkpoint, the source's per-worktree records are\n  // restored from the manifest *here* (not after `docker run`) so the\n  // `.git/` bind-mounts in `extraVolumes` know which host main repos to\n  // wire up — without those binds the in-container `/workspace/.git` would\n  // resolve to a path that doesn't exist in the new container.\n  const repoCarryOvers: RepoCarryOver[] = [];\n  const gitWorktreeRecords: GitWorktreeRecord[] = [];\n  if (checkpointImage && restoredWorktrees && restoredWorktrees.length > 0) {\n    gitWorktreeRecords.push(...restoredWorktrees);\n  }\n  if (!checkpointImage) {\n    const repos = await detectGitRepos(workspace);\n    if (repos.length > 0) {\n      log(\n        `detected ${String(repos.length)} git repo(s): ` +\n          repos.map((r) => `${r.kind}${r.relPathFromWorkspace ? '@' + r.relPathFromWorkspace : ''}`).join(', '),\n      );\n    }\n    for (const r of repos) {\n      const branchBase =\n        r.kind === 'root'\n          ? `agentbox/${name}`\n          : `agentbox/${name}--${r.relPathFromWorkspace.replace(/[^A-Za-z0-9._-]+/g, '_')}`;\n      const branch = await pickFreshBranch(r.hostMainRepo, branchBase);\n      const containerPath =\n        r.kind === 'root' ? '/workspace' : `/workspace/${r.relPathFromWorkspace}`;\n      const gitWorktreePath = gitWorktreePathFor(branch);\n      const carry = await collectRepoCarryOver(r, branch, containerPath, gitWorktreePath);\n      repoCarryOvers.push(carry);\n      gitWorktreeRecords.push({\n        kind: r.kind,\n        hostMainRepo: r.hostMainRepo,\n        containerPath,\n        gitWorktreePath,\n        branch,\n        relPathFromWorkspace: r.relPathFromWorkspace,\n      });\n    }\n  }\n\n  // --host-snapshot: APFS clone the workspace into a per-box scratch dir.\n  // Only the no-git, no-checkpoint path actually consumes the clone (as the\n  // source of the tar pipe in seedWorkspaceFromDir). For the git path the\n  // worktree content comes from `.git`'s object DB (bind-mounted) and the\n  // untracked-file tar pipe reads from the live host main repo — neither\n  // touches `snapshotDir`, so we skip it. For checkpoint restore there's no\n  // seedWorkspace at all. Kept on the BoxRecord so destroyBox can clean it up.\n  let snapshotDir: string | null = null;\n  const snapshotIsUseful = !checkpointImage && repoCarryOvers.length === 0;\n  if (opts.useSnapshot && snapshotIsUseful) {\n    snapshotDir = snapshotPathFor({ id, name, projectIndex });\n    log(`cloning workspace to ${snapshotDir} (APFS clone where available)`);\n    const snap = await createSnapshot({ source: workspace, destination: snapshotDir });\n    log(`pruned ${snap.prunedPaths.length} platform-dependent dirs from snapshot`);\n  } else if (opts.useSnapshot && !checkpointImage) {\n    log('skipping --host-snapshot: git worktree path reads content from .git, not from a workspace clone');\n  }\n\n  await ensureIdeVolumes(id);\n  const dockerCacheShared = opts.docker?.sharedCache === true;\n  const dockerVolume = dockerVolumeName(id, dockerCacheShared);\n  await ensureVolume(dockerVolume);\n  log(`prepared volumes ${vscodeServerVolumeName(id)}, ${cursorServerVolumeName(id)}, ${dockerVolume}`);\n  const ide = buildIdeMounts(id);\n\n  // Claude Code config volume. Shared by default so users sign in once across\n  // every box; --isolate-claude-config opts into a per-box volume. Either way,\n  // the host's ~/.claude is the authoritative source: we rsync host -> volume\n  // on every create so updates on the host (new login, new skills, new MCP)\n  // flow into the next box. Sync is additive — box-only state (session logs,\n  // etc.) is preserved.\n  const claudeSpec = resolveClaudeVolume({\n    isolate: opts.claudeConfig?.isolate ?? false,\n    boxId: id,\n  });\n  const claudeEnsured = await ensureClaudeVolume(claudeSpec, {\n    syncFromHost: true,\n    image: ensureRef,\n    hostWorkspace: workspace,\n  });\n  if (claudeEnsured.synced) {\n    log(`synced ${claudeSpec.volume} from ~/.claude`);\n    if ((claudeEnsured.filteredHookCount ?? 0) > 0) {\n      log(\n        `filtered ${String(claudeEnsured.filteredHookCount)} host-path hook(s) (paths under ~/)`,\n      );\n    }\n    if (claudeEnsured.clearedInstallMethod) {\n      log(\"cleared host's installMethod from synced .claude.json (box uses the native installer)\");\n    }\n    if (claudeEnsured.aliasedProjectKey) {\n      log(`aliased project state for ${workspace} -> /workspace in synced .claude.json`);\n    }\n  } else if (claudeEnsured.created) {\n    log(`created empty volume ${claudeSpec.volume} (no host ~/.claude to sync)`);\n  } else {\n    log(`reusing volume ${claudeSpec.volume} (no host ~/.claude to sync)`);\n  }\n  // Box-only: seed /agentbox-setup into the volume from the image. Never\n  // touches the host's ~/.claude. Skipped if a copy already exists.\n  const seeded = await seedSetupSkillIntoVolume(claudeSpec.volume, ensureRef);\n  if (seeded.seeded) log(`seeded /agentbox-setup skill into ${claudeSpec.volume}`);\n  const claudeMounts = buildClaudeMounts(claudeSpec, process.env);\n\n  const boxDir = boxRunDirFor({ id, name, projectIndex });\n  const socketDir = join(boxDir, 'run');\n  const socketPath = join(socketDir, 'ctl.sock');\n  // Per-box host dir that `agentbox open` refreshes the merged /workspace\n  // into. Bound in at create time so `docker exec rsync` can write straight\n  // to the host filesystem — no container restart needed.\n  const mergedExportDir = join(boxDir, 'workspace');\n  await mkdir(socketDir, { recursive: true });\n  await mkdir(mergedExportDir, { recursive: true });\n\n  const extraVolumes = await buildIdentityMounts();\n  extraVolumes.push(...claudeMounts.extraVolumes);\n  extraVolumes.push(...ide.extraVolumes);\n  extraVolumes.push(`${socketDir}:/run/agentbox`);\n  extraVolumes.push(`${mergedExportDir}:${CONTAINER_EXPORT_MERGED}`);\n  // In-box dockerd's data root. Per-box (`agentbox-docker-<id>`, wiped on\n  // destroy) by default; shared (`agentbox-docker-cache`, preserved) when\n  // `box.dockerCacheShared` is set.\n  extraVolumes.push(`${dockerVolume}:/var/lib/docker`);\n  // Bind-mount each main repo's `.git/` at its identical absolute host path,\n  // RW. The in-container `git worktree add` writes to <main>/.git/worktrees/\n  // and the agent's commits write to refs/objects; both have to hit the same\n  // path on host and inside the container so `git push` from the host main\n  // repo sees the new commits without further sync.\n  for (const w of gitWorktreeRecords) {\n    extraVolumes.push(`${w.hostMainRepo}/.git:${w.hostMainRepo}/.git`);\n  }\n  for (const v of extraVolumes) log(`mounting agent dir: ${v}`);\n\n  // Per-box bearer token for the host relay. Register *before* runBox so the\n  // box's supervisor can post on boot. Skip if the relay isn't reachable —\n  // the box still works, it just won't deliver events to the host.\n  const relayToken = generateRelayToken();\n  if (relayUp) {\n    try {\n      await registerBoxWithRelay({\n        boxId: id,\n        token: relayToken,\n        name,\n        containerName,\n        createdAt,\n        projectIndex,\n        worktrees: gitWorktreeRecords,\n      });\n      log(`registered box token with relay`);\n    } catch (err) {\n      log(`relay register failed: ${err instanceof Error ? err.message : String(err)}`);\n      relayUp = false;\n    }\n  }\n  const relayEnv: Record<string, string> = relayUp\n    ? {\n        // host.docker.internal resolves to the host (where the relay node\n        // process is running). The matching `--add-host` is set in runBox.\n        AGENTBOX_RELAY_URL: `http://host.docker.internal:8787`,\n        AGENTBOX_RELAY_TOKEN: relayToken,\n      }\n    : {};\n\n  // VNC stack defaults on; the CLI surfaces `--no-vnc` for opt-out. Generate\n  // the password and the port mapping up front so they're baked into the\n  // container's env + `-p` flags before `docker run` — both must be set at\n  // create time (env survives stop/start; port mappings are immutable).\n  const vncEnabled = opts.vnc?.enabled !== false;\n  const vncPassword = vncEnabled ? generateVncPassword() : undefined;\n  const vncEnv: Record<string, string> = vncEnabled && vncPassword\n    ? { AGENTBOX_VNC_PASSWORD: vncPassword }\n    : {};\n  const vncPortMappings = vncEnabled\n    ? [{ hostPort: 0, containerPort: VNC_CONTAINER_PORT, hostIp: '127.0.0.1' }]\n    : [];\n\n  // Reserve the web port unconditionally: `docker run -p` is immutable, but the\n  // `expose:`-flagged service is usually only known after the in-box wizard\n  // writes agentbox.yaml. The supervisor forwards :80 to it later; here we just\n  // guarantee a published host port exists for whenever that happens.\n  const webPortMappings = [\n    { hostPort: 0, containerPort: WEB_CONTAINER_PORT, hostIp: '127.0.0.1' },\n  ];\n\n  // Identity vars that make the box self-aware. `projectIndex` was allocated\n  // earlier (right after `id`/`name`) so dir-segment helpers could see it; we\n  // just read the binding here.\n  const agentboxEnv: Record<string, string> = {\n    AGENTBOX: '1',\n    AGENTBOX_BOX_NAME: name,\n    AGENTBOX_HOST_WORKSPACE: workspace,\n    ...(opts.projectRoot ? { AGENTBOX_PROJECT_ROOT: opts.projectRoot } : {}),\n    ...(projectIndex !== undefined\n      ? { AGENTBOX_PROJECT_INDEX: String(projectIndex) }\n      : {}),\n  };\n  const boxEnvForFile: Record<string, string> = {\n    AGENTBOX_BOX_ID: id,\n    ...agentboxEnv,\n  };\n\n  // `--storage-opt size=` is only enforced by devicemapper/btrfs/zfs.\n  const appliedLimits: BoxLimitSpec | undefined = opts.limits;\n  let effectiveLimits = appliedLimits;\n  if (appliedLimits?.disk) {\n    const driver = await dockerStorageDriver();\n    if (!/^(devicemapper|btrfs|zfs|windowsfilter)$/.test(driver)) {\n      log(\n        `warning: --disk/box.disk is a no-op on this engine (storage-driver=${driver || 'unknown'}); ignoring`,\n      );\n      effectiveLimits = { ...appliedLimits, disk: null };\n    }\n  }\n\n  await runBox({\n    name: containerName,\n    image: imageRef,\n    extraVolumes,\n    limits: effectiveLimits,\n    portMappings: [...vncPortMappings, ...webPortMappings],\n    env: {\n      AGENTBOX_BOX_ID: id,\n      ...agentboxEnv,\n      ...claudeMounts.env,\n      ...relayEnv,\n      ...vncEnv,\n      ...(opts.claudeEnv ?? {}),\n    },\n  });\n  log(`container ${containerName} started`);\n\n  // Flip the in-container parent dir of each bind-mounted `.git` to\n  // vscode-owned. Docker auto-creates the intermediates (e.g. the project root\n  // path that contains `.git`) as root:root 755 in the writable layer; without\n  // this chown the agent can't write siblings of `.git` (`.turbo/`, `.next/`,\n  // build caches) at the project root. Non-recursive — the bind-mounted `.git`\n  // itself stays untouched (recursive chown would propagate to the host).\n  if (gitWorktreeRecords.length > 0) {\n    await chownGitBindParents({\n      container: containerName,\n      hostMainRepos: gitWorktreeRecords.map((w) => w.hostMainRepo),\n      onLog: log,\n    });\n  }\n\n  // /etc/agentbox/box.env: sourced by /etc/profile.d/agentbox.sh in login\n  // shells (the docker-run env doesn't reach `agentbox shell <box>` cleanly\n  // without it). Best-effort — env vars on the container are the primary\n  // path; this file is for shells launched via tools that strip env.\n  const boxEnv = await writeBoxEnvFile(containerName, boxEnvForFile);\n  if (boxEnv.ok) log('wrote /etc/agentbox/box.env');\n  else log(`writing /etc/agentbox/box.env failed: ${boxEnv.reason}`);\n\n  // Seed /workspace.\n  //   - Checkpoint restore: the image already has the source box's per-box\n  //     worktree dir populated; we only need to re-establish the bind mount\n  //     onto /workspace (docker commit doesn't capture bind-mount content).\n  //   - Git path: create in-container worktrees + bind + replay stash + untracked.\n  //   - No-git path: tar-pipe host workspace (or its APFS clone) into\n  //     /workspace (no bind — files live directly in the image's writable\n  //     layer at /workspace).\n  if (!checkpointImage) {\n    if (repoCarryOvers.length > 0) {\n      try {\n        await seedWorkspace({ container: containerName, repos: repoCarryOvers, onLog: log });\n        log('seeded /workspace from in-container git worktree(s)');\n      } catch (err) {\n        log(\n          `seedWorkspace failed; leaving ${containerName} running so you can inspect it`,\n        );\n        throw err;\n      }\n    } else {\n      const source = snapshotDir ?? workspace;\n      await seedWorkspaceFromDir({ container: containerName, hostSource: source, onLog: log });\n    }\n  } else if (restoredWorktrees && restoredWorktrees.length > 0) {\n    // gitWorktreeRecords was populated above (pre-`docker run`) so the .git\n    // bind-mounts in extraVolumes are wired. The /workspace bind itself\n    // can't be set up until the container is running, so we apply it here.\n    await bindWorktrees(\n      containerName,\n      restoredWorktrees.map((w) => ({\n        kind: w.kind,\n        containerPath: w.containerPath,\n        gitWorktreePath: w.gitWorktreePath,\n      })),\n      log,\n    );\n    log('re-bound /workspace from checkpoint image');\n  } else {\n    log('using /workspace from checkpoint image (no worktrees recorded; no rebind)');\n  }\n\n  await repairIdeOwnership(containerName);\n  log('.vscode-server + .cursor-server ownership verified');\n\n  const ctl = await launchCtlDaemon(containerName, socketPath);\n  if (ctl.up) log('agentbox-ctl daemon up');\n  else log(`agentbox-ctl daemon did not become reachable: ${ctl.reason}`);\n\n  // dockerd: always-on, mirrors launchVncDaemon. Best-effort — a slow start\n  // shouldn't fail box creation; `agentbox start` will relaunch on restart\n  // (the daemon dies with the container). Storage driver is fuse-overlayfs,\n  // pinned in /etc/docker/daemon.json baked into the image.\n  const dockerd = await launchDockerdDaemon(containerName);\n  if (dockerd.up) {\n    log(`dockerd up (storage-driver=fuse-overlayfs, data root=${dockerVolume})`);\n  } else {\n    log(`dockerd did not become ready: ${dockerd.reason}`);\n  }\n\n  if (opts.withPlaywright) {\n    log('installing @playwright/cli@latest (--with-playwright)');\n    const result = await execa(\n      'docker',\n      [\n        'exec',\n        '--user',\n        'root',\n        containerName,\n        'bash',\n        '-lc',\n        'npm install -g @playwright/cli@latest 2>&1',\n      ],\n      { reject: false },\n    );\n    for (const line of (result.stdout ?? '').split('\\n')) {\n      if (line.trim().length > 0) log(`[playwright] ${line}`);\n    }\n    if (result.exitCode !== 0) {\n      throw new Error(\n        `failed to install @playwright/cli (exit ${String(result.exitCode)}): ${(result.stderr ?? '').toString().slice(0, 400)}`,\n      );\n    }\n    log('@playwright/cli installed');\n  }\n\n  if (opts.withEnv) {\n    log('copying host env/config files into /workspace (--with-env)');\n    const { copied } = await copyHostEnvFilesToBox({\n      container: containerName,\n      workspaceDir: workspace,\n      patterns: DEFAULT_ENV_PATTERNS,\n      onLog: log,\n    });\n    log(copied > 0 ? `copied ${String(copied)} env/config file(s)` : 'no env/config files found');\n  }\n\n  if (opts.envFilesToImport && opts.envFilesToImport.length > 0) {\n    log(`copying ${String(opts.envFilesToImport.length)} selected env/config file(s) into /workspace`);\n    const { copied } = await copyHostFilesToBox({\n      container: containerName,\n      workspaceDir: workspace,\n      files: opts.envFilesToImport,\n      onLog: log,\n    });\n    if (copied !== opts.envFilesToImport.length) {\n      log(`copied ${String(copied)}/${String(opts.envFilesToImport.length)} selected env/config file(s)`);\n    }\n  }\n\n  // VNC daemon (Xvnc + websockify). Best-effort, like launchCtlDaemon. The\n  // host port mapping was wired into runBox above (hostPort=0 → random); we\n  // resolve the assigned port here for storage. If the daemon fails to come\n  // up we still record vncEnabled so `agentbox start` will retry the launch.\n  let vncHostPort: number | null = null;\n  if (vncEnabled) {\n    const vnc = await launchVncDaemon(containerName);\n    if (vnc.up) log('vnc stack up (Xvnc + websockify + noVNC)');\n    else log(`vnc stack did not become reachable: ${vnc.reason}`);\n    vncHostPort = await publishedHostPort(containerName, VNC_CONTAINER_PORT);\n    if (vncHostPort) log(`vnc web on host 127.0.0.1:${String(vncHostPort)}`);\n  }\n\n  const webHostPort = await publishedHostPort(containerName, WEB_CONTAINER_PORT);\n  if (webHostPort) {\n    log(\n      `web port reserved on host 127.0.0.1:${String(webHostPort)} ` +\n        `(forwards to the web service once agentbox.yaml sets a service expose:)`,\n    );\n  }\n\n  const record: BoxRecord = {\n    id,\n    name,\n    container: containerName,\n    image: imageRef,\n    workspacePath: workspace,\n    snapshotDir,\n    socketPath,\n    claudeConfigVolume: claudeSpec.volume,\n    vscodeServerVolume: vscodeServerVolumeName(id),\n    cursorServerVolume: cursorServerVolumeName(id),\n    relayToken: relayUp ? relayToken : undefined,\n    gitWorktrees: gitWorktreeRecords.length > 0 ? gitWorktreeRecords : undefined,\n    withPlaywright: opts.withPlaywright ? true : undefined,\n    withEnv: opts.withEnv ? true : undefined,\n    vncEnabled: vncEnabled ? true : undefined,\n    vncContainerPort: vncEnabled ? VNC_CONTAINER_PORT : undefined,\n    vncHostPort: vncHostPort ?? undefined,\n    vncPassword: vncPassword,\n    webContainerPort: WEB_CONTAINER_PORT,\n    webHostPort: webHostPort ?? undefined,\n    dockerVolume,\n    dockerCacheShared: dockerCacheShared || undefined,\n    projectRoot: opts.projectRoot,\n    projectIndex,\n    checkpointImage,\n    checkpointSource,\n    resourceLimits: persistableLimits(effectiveLimits),\n    createdAt,\n  };\n  await recordBox(record);\n\n  return { record, imageBuilt: built };\n}\n","import { execa } from 'execa';\n\n/**\n * Writes /etc/agentbox/box.env inside the container as a POSIX-sourceable\n * key='value' file. Paired with /etc/profile.d/agentbox.sh (baked in the\n * image), which `set -a; . /etc/agentbox/box.env; set +a`s it on login.\n *\n * Best-effort: failure is logged by the caller; an unwritable file just\n * means interactive shells lose the AGENTBOX_* vars (the env vars baked\n * into docker run still survive).\n */\nexport async function writeBoxEnvFile(\n  container: string,\n  env: Record<string, string>,\n): Promise<{ ok: true } | { ok: false; reason: string }> {\n  const body = formatBoxEnvBody(env);\n  const result = await execa(\n    'docker',\n    ['exec', '--user', 'root', '-i', container, 'sh', '-c', 'umask 022 && cat > /etc/agentbox/box.env'],\n    { input: body, reject: false },\n  );\n  if (result.exitCode !== 0) {\n    return {\n      ok: false,\n      reason: `docker exec failed (exit ${String(result.exitCode)}): ${(result.stderr ?? '').toString().slice(0, 400)}`,\n    };\n  }\n  return { ok: true };\n}\n\n// Single-quote each value and escape embedded single quotes as '\\''. Avoids\n// double-quoted form because `. ` would expand $foo / `cmd` at source time.\nexport function formatBoxEnvBody(env: Record<string, string>): string {\n  const lines: string[] = [];\n  for (const [k, v] of Object.entries(env)) {\n    lines.push(`${k}=${shellSingleQuote(v)}`);\n  }\n  return lines.join('\\n') + '\\n';\n}\n\nfunction shellSingleQuote(s: string): string {\n  return `'${s.replace(/'/g, `'\\\\''`)}'`;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,mBAAmB;AAC5B,SAAS,OAAO,YAAY;AAC5B,SAAS,eAAe;AACxB,SAAS,UAAU,MAAM,eAAe;AACxC,SAAS,SAAAA,cAAa;ACJtB,SAAS,aAAa;AAWtB,eAAsB,gBACpB,WACA,KACuD;AACvD,QAAM,OAAO,iBAAiB,GAAG;AACjC,QAAM,SAAS,MAAM;IACnB;IACA,CAAC,QAAQ,UAAU,QAAQ,MAAM,WAAW,MAAM,MAAM,0CAA0C;IAClG,EAAE,OAAO,MAAM,QAAQ,MAAM;EAC/B;AACA,MAAI,OAAO,aAAa,GAAG;AACzB,WAAO;MACL,IAAI;MACJ,QAAQ,4BAA4B,OAAO,OAAO,QAAQ,CAAC,OAAO,OAAO,UAAU,IAAI,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;IACjH;EACF;AACA,SAAO,EAAE,IAAI,KAAK;AACpB;AAIO,SAAS,iBAAiB,KAAqC;AACpE,QAAM,QAAkB,CAAC;AACzB,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,GAAG,GAAG;AACxC,UAAM,KAAK,GAAG,CAAC,IAAI,iBAAiB,CAAC,CAAC,EAAE;EAC1C;AACA,SAAO,MAAM,KAAK,IAAI,IAAI;AAC5B;AAEA,SAAS,iBAAiB,GAAmB;AAC3C,SAAO,IAAI,EAAE,QAAQ,MAAM,OAAO,CAAC;AACrC;ADuHA,SAAS,kBACP,KACyC;AACzC,MAAI,CAAC,IAAK,QAAO;AACjB,QAAM,MAAgD,CAAC;AACvD,MAAI,IAAI,eAAe,IAAI,cAAc,EAAG,KAAI,cAAc,KAAK,MAAM,IAAI,WAAW;AACxF,MAAI,IAAI,QAAQ,IAAI,OAAO,EAAG,KAAI,OAAO,IAAI;AAC7C,MAAI,IAAI,aAAa,IAAI,YAAY,EAAG,KAAI,YAAY,KAAK,MAAM,IAAI,SAAS;AAChF,MAAI,IAAI,KAAM,KAAI,OAAO,IAAI;AAC7B,SAAO,OAAO,KAAK,GAAG,EAAE,SAAS,IAAI,MAAM;AAC7C;AAEA,SAAS,gBAAwB;AAC/B,SAAO,YAAY,CAAC,EAAE,SAAS,KAAK;AACtC;AAEO,SAAS,iBAAiB,eAA+B;AAC9D,QAAM,MAAM,SAAS,QAAQ,aAAa,CAAC;AAC3C,SAAO,IACJ,YAAY,EACZ,QAAQ,kBAAkB,GAAG,EAC7B,QAAQ,OAAO,GAAG,EAClB,QAAQ,oBAAoB,EAAE,EAC9B,MAAM,GAAG,EAAE,EACX,QAAQ,WAAW,EAAE;AAC1B;AAEO,SAAS,eAAe,eAAuB,IAAoB;AACxE,QAAM,OAAO,iBAAiB,aAAa;AAC3C,SAAO,KAAK,SAAS,IAAI,GAAG,IAAI,IAAI,EAAE,KAAK;AAC7C;AAEA,eAAe,WAAW,GAA6B;AACrD,MAAI;AACF,UAAM,KAAK,CAAC;AACZ,WAAO;EACT,QAAQ;AACN,WAAO;EACT;AACF;AAMA,eAAe,sBAAyC;AACtD,QAAM,OAAO,QAAQ;AACrB,QAAM,aAAqE;IACzE,EAAE,KAAK,KAAK,MAAM,QAAQ,GAAG,KAAK,uBAAuB,UAAU,MAAM;IACzE,EAAE,KAAK,KAAK,MAAM,YAAY,GAAG,KAAK,2BAA2B,UAAU,KAAK;EAClF;AACA,QAAM,MAAgB,CAAC;AACvB,aAAW,KAAK,YAAY;AAC1B,QAAI,MAAM,WAAW,EAAE,GAAG,GAAG;AAC3B,UAAI,KAAK,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,EAAE,WAAW,QAAQ,EAAE,EAAE;IACxD;EACF;AACA,SAAO;AACT;AAEA,eAAsB,UAAU,MAA6C;AAC3E,QAAM,MAAM,KAAK,UAAU,MAAM;EAAC;AAClC,QAAM,YAAY,QAAQ,KAAK,aAAa;AAC5C,MAAI,CAAE,MAAM,WAAW,SAAS,GAAI;AAClC,UAAM,IAAI,MAAM,6BAA6B,SAAS,EAAE;EAC1D;AAOA,QAAM,UAAU,KAAK,WAAW,eAAe;AAC/C,MAAI,MAAM,WAAW,OAAO,GAAG;AAC7B,QAAI;AACF,YAAM,MAAM,MAAM,WAAW,OAAO;AACpC,UAAI,4BAA4B,OAAO,IAAI,SAAS,MAAM,CAAC,cAAc;IAC3E,SAAS,KAAK;AACZ,UAAI,eAAe,aAAa;AAC9B,cAAM,IAAI,MAAM;IAAuC,IAAI,OAAO,EAAE;MACtE;AACA,YAAM;IACR;EACF;AAEA,QAAM,WAAW;AACjB,MAAI,yBAAyB;AAK7B,MAAI;AACJ,MAAI;AACJ,MAAI;AACJ,MAAI,KAAK,eAAe;AACtB,UAAM,qBAAqB,KAAK,eAAe;AAC/C,UAAM,OAAO,MAAM,kBAAkB,oBAAoB,KAAK,aAAa;AAC3E,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,yBAAyB,KAAK,aAAa,EAAE;IAC/D;AACA,sBAAkB,KAAK,SAAS;AAGhC,UAAM,QAAQ,CAAC,KAAK,MAAM,GAAG,KAAK,SAAS,OAAO;AAClD,uBAAmB,EAAE,KAAK,KAAK,eAAe,MAAM,KAAK,SAAS,MAAM,MAAM;AAK9E,wBAAoB,KAAK,SAAS;AAClC;MACE,4BAA4B,KAAK,aAAa,KAAK,KAAK,SAAS,IAAI,KAAK,OAAO,MAAM,MAAM,CAAC,oBAAoB,KAAK,SAAS,KAAK;IACvI;EACF;AAEA,QAAM,WAAW,mBAAmB,KAAK,SAAS;AAGlD,QAAM,YAAY,kBAAmB,KAAK,SAAS,oBAAqB;AACxE,QAAM,EAAE,MAAM,IAAI,MAAM,YAAY,WAAW;IAC7C,YAAY,CAAC,SAAS,IAAI,WAAW,IAAI,EAAE;EAC7C,CAAC;AACD,MAAI,QAAQ,eAAe,SAAS,KAAK,sBAAsB,QAAQ,EAAE;AAOzE,MAAI,UAAU;AACd,MAAI;AACF,UAAM,YAAY,EAAE,OAAO,IAAI,CAAC;AAChC,UAAM,WAAW,MAAM,UAAU;AACjC,UAAM,uBAAuB,SAAS,KAAK;AAC3C,cAAU;EACZ,SAAS,KAAK;AACZ,QAAI,sBAAsB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;EAC9E;AAEA,QAAM,KAAK,cAAc;AACzB,QAAM,OAAO,KAAK,QAAQ,eAAe,WAAW,EAAE;AACtD,QAAM,gBAAgB,YAAY,IAAI;AACtC,QAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,MAAI,MAAM,gBAAgB,aAAa,GAAG;AACxC,UAAM,IAAI,MAAM,aAAa,aAAa,kCAAkC;EAC9E;AAOA,MAAI;AACJ,MAAI,KAAK,aAAa;AACpB,mBAAe,qBAAqB,MAAM,UAAU,GAAG,KAAK,WAAW;EACzE;AAUA,QAAM,iBAAkC,CAAC;AACzC,QAAM,qBAA0C,CAAC;AACjD,MAAI,mBAAmB,qBAAqB,kBAAkB,SAAS,GAAG;AACxE,uBAAmB,KAAK,GAAG,iBAAiB;EAC9C;AACA,MAAI,CAAC,iBAAiB;AACpB,UAAM,QAAQ,MAAM,eAAe,SAAS;AAC5C,QAAI,MAAM,SAAS,GAAG;AACpB;QACE,YAAY,OAAO,MAAM,MAAM,CAAC,mBAC9B,MAAM,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,GAAG,EAAE,uBAAuB,MAAM,EAAE,uBAAuB,EAAE,EAAE,EAAE,KAAK,IAAI;MACxG;IACF;AACA,eAAW,KAAK,OAAO;AACrB,YAAM,aACJ,EAAE,SAAS,SACP,YAAY,IAAI,KAChB,YAAY,IAAI,KAAK,EAAE,qBAAqB,QAAQ,qBAAqB,GAAG,CAAC;AACnF,YAAM,SAAS,MAAM,gBAAgB,EAAE,cAAc,UAAU;AAC/D,YAAM,gBACJ,EAAE,SAAS,SAAS,eAAe,cAAc,EAAE,oBAAoB;AACzE,YAAM,kBAAkB,mBAAmB,MAAM;AACjD,YAAM,QAAQ,MAAM,qBAAqB,GAAG,QAAQ,eAAe,eAAe;AAClF,qBAAe,KAAK,KAAK;AACzB,yBAAmB,KAAK;QACtB,MAAM,EAAE;QACR,cAAc,EAAE;QAChB;QACA;QACA;QACA,sBAAsB,EAAE;MAC1B,CAAC;IACH;EACF;AASA,MAAI,cAA6B;AACjC,QAAM,mBAAmB,CAAC,mBAAmB,eAAe,WAAW;AACvE,MAAI,KAAK,eAAe,kBAAkB;AACxC,kBAAc,gBAAgB,EAAE,IAAI,MAAM,aAAa,CAAC;AACxD,QAAI,wBAAwB,WAAW,+BAA+B;AACtE,UAAM,OAAO,MAAM,eAAe,EAAE,QAAQ,WAAW,aAAa,YAAY,CAAC;AACjF,QAAI,UAAU,KAAK,YAAY,MAAM,wCAAwC;EAC/E,WAAW,KAAK,eAAe,CAAC,iBAAiB;AAC/C,QAAI,iGAAiG;EACvG;AAEA,QAAM,iBAAiB,EAAE;AACzB,QAAM,oBAAoB,KAAK,QAAQ,gBAAgB;AACvD,QAAM,eAAe,iBAAiB,IAAI,iBAAiB;AAC3D,QAAM,aAAa,YAAY;AAC/B,MAAI,oBAAoB,uBAAuB,EAAE,CAAC,KAAK,uBAAuB,EAAE,CAAC,KAAK,YAAY,EAAE;AACpG,QAAM,MAAM,eAAe,EAAE;AAQ7B,QAAM,aAAa,oBAAoB;IACrC,SAAS,KAAK,cAAc,WAAW;IACvC,OAAO;EACT,CAAC;AACD,QAAM,gBAAgB,MAAM,mBAAmB,YAAY;IACzD,cAAc;IACd,OAAO;IACP,eAAe;EACjB,CAAC;AACD,MAAI,cAAc,QAAQ;AACxB,QAAI,UAAU,WAAW,MAAM,iBAAiB;AAChD,SAAK,cAAc,qBAAqB,KAAK,GAAG;AAC9C;QACE,YAAY,OAAO,cAAc,iBAAiB,CAAC;MACrD;IACF;AACA,QAAI,cAAc,sBAAsB;AACtC,UAAI,uFAAuF;IAC7F;AACA,QAAI,cAAc,mBAAmB;AACnC,UAAI,6BAA6B,SAAS,uCAAuC;IACnF;EACF,WAAW,cAAc,SAAS;AAChC,QAAI,wBAAwB,WAAW,MAAM,8BAA8B;EAC7E,OAAO;AACL,QAAI,kBAAkB,WAAW,MAAM,8BAA8B;EACvE;AAGA,QAAM,SAAS,MAAM,yBAAyB,WAAW,QAAQ,SAAS;AAC1E,MAAI,OAAO,OAAQ,KAAI,qCAAqC,WAAW,MAAM,EAAE;AAC/E,QAAM,eAAe,kBAAkB,YAAY,QAAQ,GAAG;AAE9D,QAAM,SAAS,aAAa,EAAE,IAAI,MAAM,aAAa,CAAC;AACtD,QAAM,YAAY,KAAK,QAAQ,KAAK;AACpC,QAAM,aAAa,KAAK,WAAW,UAAU;AAI7C,QAAM,kBAAkB,KAAK,QAAQ,WAAW;AAChD,QAAM,MAAM,WAAW,EAAE,WAAW,KAAK,CAAC;AAC1C,QAAM,MAAM,iBAAiB,EAAE,WAAW,KAAK,CAAC;AAEhD,QAAM,eAAe,MAAM,oBAAoB;AAC/C,eAAa,KAAK,GAAG,aAAa,YAAY;AAC9C,eAAa,KAAK,GAAG,IAAI,YAAY;AACrC,eAAa,KAAK,GAAG,SAAS,gBAAgB;AAC9C,eAAa,KAAK,GAAG,eAAe,IAAI,uBAAuB,EAAE;AAIjE,eAAa,KAAK,GAAG,YAAY,kBAAkB;AAMnD,aAAW,KAAK,oBAAoB;AAClC,iBAAa,KAAK,GAAG,EAAE,YAAY,SAAS,EAAE,YAAY,OAAO;EACnE;AACA,aAAW,KAAK,aAAc,KAAI,uBAAuB,CAAC,EAAE;AAK5D,QAAM,aAAa,mBAAmB;AACtC,MAAI,SAAS;AACX,QAAI;AACF,YAAM,qBAAqB;QACzB,OAAO;QACP,OAAO;QACP;QACA;QACA;QACA;QACA,WAAW;MACb,CAAC;AACD,UAAI,iCAAiC;IACvC,SAAS,KAAK;AACZ,UAAI,0BAA0B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AAChF,gBAAU;IACZ;EACF;AACA,QAAM,WAAmC,UACrC;;;IAGE,oBAAoB;IACpB,sBAAsB;EACxB,IACA,CAAC;AAML,QAAM,aAAa,KAAK,KAAK,YAAY;AACzC,QAAM,cAAc,aAAa,oBAAoB,IAAI;AACzD,QAAM,SAAiC,cAAc,cACjD,EAAE,uBAAuB,YAAY,IACrC,CAAC;AACL,QAAM,kBAAkB,aACpB,CAAC,EAAE,UAAU,GAAG,eAAe,oBAAoB,QAAQ,YAAY,CAAC,IACxE,CAAC;AAML,QAAM,kBAAkB;IACtB,EAAE,UAAU,GAAG,eAAe,oBAAoB,QAAQ,YAAY;EACxE;AAKA,QAAM,cAAsC;IAC1C,UAAU;IACV,mBAAmB;IACnB,yBAAyB;IACzB,GAAI,KAAK,cAAc,EAAE,uBAAuB,KAAK,YAAY,IAAI,CAAC;IACtE,GAAI,iBAAiB,SACjB,EAAE,wBAAwB,OAAO,YAAY,EAAE,IAC/C,CAAC;EACP;AACA,QAAM,gBAAwC;IAC5C,iBAAiB;IACjB,GAAG;EACL;AAGA,QAAM,gBAA0C,KAAK;AACrD,MAAI,kBAAkB;AACtB,MAAI,eAAe,MAAM;AACvB,UAAM,SAAS,MAAM,oBAAoB;AACzC,QAAI,CAAC,2CAA2C,KAAK,MAAM,GAAG;AAC5D;QACE,sEAAsE,UAAU,SAAS;MAC3F;AACA,wBAAkB,EAAE,GAAG,eAAe,MAAM,KAAK;IACnD;EACF;AAEA,QAAM,OAAO;IACX,MAAM;IACN,OAAO;IACP;IACA,QAAQ;IACR,cAAc,CAAC,GAAG,iBAAiB,GAAG,eAAe;IACrD,KAAK;MACH,iBAAiB;MACjB,GAAG;MACH,GAAG,aAAa;MAChB,GAAG;MACH,GAAG;MACH,GAAI,KAAK,aAAa,CAAC;IACzB;EACF,CAAC;AACD,MAAI,aAAa,aAAa,UAAU;AAQxC,MAAI,mBAAmB,SAAS,GAAG;AACjC,UAAM,oBAAoB;MACxB,WAAW;MACX,eAAe,mBAAmB,IAAI,CAAC,MAAM,EAAE,YAAY;MAC3D,OAAO;IACT,CAAC;EACH;AAMA,QAAM,SAAS,MAAM,gBAAgB,eAAe,aAAa;AACjE,MAAI,OAAO,GAAI,KAAI,6BAA6B;MAC3C,KAAI,yCAAyC,OAAO,MAAM,EAAE;AAUjE,MAAI,CAAC,iBAAiB;AACpB,QAAI,eAAe,SAAS,GAAG;AAC7B,UAAI;AACF,cAAM,cAAc,EAAE,WAAW,eAAe,OAAO,gBAAgB,OAAO,IAAI,CAAC;AACnF,YAAI,qDAAqD;MAC3D,SAAS,KAAK;AACZ;UACE,iCAAiC,aAAa;QAChD;AACA,cAAM;MACR;IACF,OAAO;AACL,YAAM,SAAS,eAAe;AAC9B,YAAM,qBAAqB,EAAE,WAAW,eAAe,YAAY,QAAQ,OAAO,IAAI,CAAC;IACzF;EACF,WAAW,qBAAqB,kBAAkB,SAAS,GAAG;AAI5D,UAAM;MACJ;MACA,kBAAkB,IAAI,CAAC,OAAO;QAC5B,MAAM,EAAE;QACR,eAAe,EAAE;QACjB,iBAAiB,EAAE;MACrB,EAAE;MACF;IACF;AACA,QAAI,2CAA2C;EACjD,OAAO;AACL,QAAI,2EAA2E;EACjF;AAEA,QAAM,mBAAmB,aAAa;AACtC,MAAI,oDAAoD;AAExD,QAAM,MAAM,MAAM,gBAAgB,eAAe,UAAU;AAC3D,MAAI,IAAI,GAAI,KAAI,wBAAwB;MACnC,KAAI,iDAAiD,IAAI,MAAM,EAAE;AAMtE,QAAM,UAAU,MAAM,oBAAoB,aAAa;AACvD,MAAI,QAAQ,IAAI;AACd,QAAI,wDAAwD,YAAY,GAAG;EAC7E,OAAO;AACL,QAAI,iCAAiC,QAAQ,MAAM,EAAE;EACvD;AAEA,MAAI,KAAK,gBAAgB;AACvB,QAAI,uDAAuD;AAC3D,UAAM,SAAS,MAAMC;MACnB;MACA;QACE;QACA;QACA;QACA;QACA;QACA;QACA;MACF;MACA,EAAE,QAAQ,MAAM;IAClB;AACA,eAAW,SAAS,OAAO,UAAU,IAAI,MAAM,IAAI,GAAG;AACpD,UAAI,KAAK,KAAK,EAAE,SAAS,EAAG,KAAI,gBAAgB,IAAI,EAAE;IACxD;AACA,QAAI,OAAO,aAAa,GAAG;AACzB,YAAM,IAAI;QACR,2CAA2C,OAAO,OAAO,QAAQ,CAAC,OAAO,OAAO,UAAU,IAAI,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;MACxH;IACF;AACA,QAAI,2BAA2B;EACjC;AAEA,MAAI,KAAK,SAAS;AAChB,QAAI,4DAA4D;AAChE,UAAM,EAAE,OAAO,IAAI,MAAM,sBAAsB;MAC7C,WAAW;MACX,cAAc;MACd,UAAU;MACV,OAAO;IACT,CAAC;AACD,QAAI,SAAS,IAAI,UAAU,OAAO,MAAM,CAAC,wBAAwB,2BAA2B;EAC9F;AAEA,MAAI,KAAK,oBAAoB,KAAK,iBAAiB,SAAS,GAAG;AAC7D,QAAI,WAAW,OAAO,KAAK,iBAAiB,MAAM,CAAC,8CAA8C;AACjG,UAAM,EAAE,OAAO,IAAI,MAAM,mBAAmB;MAC1C,WAAW;MACX,cAAc;MACd,OAAO,KAAK;MACZ,OAAO;IACT,CAAC;AACD,QAAI,WAAW,KAAK,iBAAiB,QAAQ;AAC3C,UAAI,UAAU,OAAO,MAAM,CAAC,IAAI,OAAO,KAAK,iBAAiB,MAAM,CAAC,8BAA8B;IACpG;EACF;AAMA,MAAI,cAA6B;AACjC,MAAI,YAAY;AACd,UAAM,MAAM,MAAM,gBAAgB,aAAa;AAC/C,QAAI,IAAI,GAAI,KAAI,0CAA0C;QACrD,KAAI,uCAAuC,IAAI,MAAM,EAAE;AAC5D,kBAAc,MAAM,kBAAkB,eAAe,kBAAkB;AACvE,QAAI,YAAa,KAAI,6BAA6B,OAAO,WAAW,CAAC,EAAE;EACzE;AAEA,QAAM,cAAc,MAAM,kBAAkB,eAAe,kBAAkB;AAC7E,MAAI,aAAa;AACf;MACE,uCAAuC,OAAO,WAAW,CAAC;IAE5D;EACF;AAEA,QAAM,SAAoB;IACxB;IACA;IACA,WAAW;IACX,OAAO;IACP,eAAe;IACf;IACA;IACA,oBAAoB,WAAW;IAC/B,oBAAoB,uBAAuB,EAAE;IAC7C,oBAAoB,uBAAuB,EAAE;IAC7C,YAAY,UAAU,aAAa;IACnC,cAAc,mBAAmB,SAAS,IAAI,qBAAqB;IACnE,gBAAgB,KAAK,iBAAiB,OAAO;IAC7C,SAAS,KAAK,UAAU,OAAO;IAC/B,YAAY,aAAa,OAAO;IAChC,kBAAkB,aAAa,qBAAqB;IACpD,aAAa,eAAe;IAC5B;IACA,kBAAkB;IAClB,aAAa,eAAe;IAC5B;IACA,mBAAmB,qBAAqB;IACxC,aAAa,KAAK;IAClB;IACA;IACA;IACA,gBAAgB,kBAAkB,eAAe;IACjD;EACF;AACA,QAAM,UAAU,MAAM;AAEtB,SAAO,EAAE,QAAQ,YAAY,MAAM;AACrC;","names":["execa","execa"]}

package/dist/{chunk-J35IH7W5.js → chunk-7J5AJLWG.js}

@@ -1,15 +1,14 @@
 #!/usr/bin/env node
 import {
-  CHECKPOINT_VOLUME_PREFIX,
-  checkpointVolumeName,
+  CHECKPOINT_IMAGE_PREFIX,
+  checkpointImageTag,
   detectEngine,
   inspectContainer,
   inspectContainerStatus,
-  inspectVolumeMountpoint,
-  listAgentboxVolumes
-} from "./chunk-SOMIKEN2.js";
+  inspectVolumeMountpoint
+} from "./chunk-RFC5F5HR.js";
 
-// ../../packages/sandbox-docker/dist/chunk-ENPH736J.js
+// ../../packages/sandbox-docker/dist/chunk-HXGUOS4P.js
 import { homedir } from "os";
 import { join } from "path";
 import { execa } from "execa";
@@ -81,17 +80,43 @@ async function volumeSizeBytes(name) {
   }
   return null;
 }
-async function projectCheckpointVolumeBytes(projectRoot) {
-  return volumeSizeBytes(checkpointVolumeName(projectRoot));
+async function imageBytes(tag) {
+  const r = await execa("docker", ["image", "inspect", tag, "--format", "{{.Size}}"], {
+    reject: false
+  });
+  if (r.exitCode !== 0) return null;
+  const n = Number.parseInt((r.stdout ?? "").trim(), 10);
+  return Number.isFinite(n) ? n : null;
+}
+async function projectCheckpointImageBytes(projectRoot, name) {
+  return imageBytes(checkpointImageTag(projectRoot, name));
 }
-async function allCheckpointVolumesBytes() {
-  const vols = (await listAgentboxVolumes()).filter(
-    (v) => v.startsWith(CHECKPOINT_VOLUME_PREFIX)
+async function allCheckpointImagesBytes() {
+  const r = await execa(
+    "docker",
+    [
+      "image",
+      "ls",
+      "--format",
+      "{{.Repository}}:{{.Tag}}	{{.Size}}",
+      `${CHECKPOINT_IMAGE_PREFIX}*`
+    ],
+    { reject: false }
   );
-  if (vols.length === 0) return null;
-  const sizes = await Promise.all(vols.map((v) => volumeSizeBytes(v)));
-  const known = sizes.filter((s) => s !== null);
-  return known.length === 0 ? null : known.reduce((a, b) => a + b, 0);
+  if (r.exitCode !== 0) return null;
+  const lines = (r.stdout ?? "").split("\n").map((s) => s.trim()).filter((s) => s.length > 0);
+  if (lines.length === 0) return null;
+  let total = 0;
+  let any = false;
+  for (const line of lines) {
+    const [, size] = line.split("	");
+    const n = size ? parseDockerSize(size) : null;
+    if (n !== null) {
+      total += n;
+      any = true;
+    }
+  }
+  return any ? total : null;
 }
 async function agentboxHomeBytes() {
   return duBytes(join(homedir(), ".agentbox"));
@@ -118,17 +143,30 @@ function reconcileLimits(persisted, dockerJson) {
     disk: persisted.disk
   };
 }
+async function containerWritableBytes(container) {
+  const r = await execa(
+    "docker",
+    ["ps", "-a", "--filter", `name=^${container}$`, "--format", "{{.Size}}", "--size"],
+    { reject: false }
+  );
+  if (r.exitCode !== 0) return null;
+  const first = (r.stdout ?? "").split("\n")[0]?.trim();
+  if (!first) return null;
+  const m = /^([^()]+?)(?:\s*\(.*\))?$/.exec(first);
+  const sz = m ? m[1].trim() : first;
+  return parseDockerSize(sz);
+}
 async function boxResourceStats(record) {
   const warnings = [];
   const dockerJson = await inspectContainer(record.container);
   const limits = reconcileLimits(limitsFromRecord(record), dockerJson);
-  const [diskUpper, diskDocker, snapshotDiskBytes, checkpointVolumeBytes] = await Promise.all([
-    volumeSizeBytes(record.upperVolume),
+  const [diskContainer, diskDocker, snapshotDiskBytes, checkpointImageBytesValue] = await Promise.all([
+    containerWritableBytes(record.container),
     record.dockerVolume ? volumeSizeBytes(record.dockerVolume) : Promise.resolve(null),
     record.snapshotDir ? duBytes(record.snapshotDir) : Promise.resolve(null),
-    record.checkpointVolume ? volumeSizeBytes(record.checkpointVolume) : Promise.resolve(null)
+    record.checkpointImage ? imageBytes(record.checkpointImage) : Promise.resolve(null)
   ]);
-  const diskUsedBytes = diskUpper === null && diskDocker === null ? null : (diskUpper ?? 0) + (diskDocker ?? 0);
+  const diskUsedBytes = diskContainer === null && diskDocker === null ? null : (diskContainer ?? 0) + (diskDocker ?? 0);
   if (diskUsedBytes === null) {
     warnings.push("disk usage unavailable on this engine");
   }
@@ -142,7 +180,7 @@ async function boxResourceStats(record) {
     pids: null,
     diskUsedBytes,
     snapshotDiskBytes,
-    checkpointVolumeBytes,
+    checkpointVolumeBytes: checkpointImageBytesValue,
     netRxBytes: null,
     netTxBytes: null,
     blockReadBytes: null,
@@ -192,9 +230,9 @@ async function boxResourceStats(record) {
 export {
   parseDockerSize,
   volumeSizeBytes,
-  projectCheckpointVolumeBytes,
-  allCheckpointVolumesBytes,
+  projectCheckpointImageBytes,
+  allCheckpointImagesBytes,
   agentboxHomeBytes,
   boxResourceStats
 };
-//# sourceMappingURL=chunk-J35IH7W5.js.map
+//# sourceMappingURL=chunk-7J5AJLWG.js.map