@madarco/agentbox 0.4.0 → 0.5.0

package/dist/{chunk-SOMIKEN2.js → chunk-RFC5F5HR.js}

@@ -1,26 +1,18 @@
 #!/usr/bin/env node
 
-// ../../packages/sandbox-docker/dist/chunk-GQRG227R.js
+// ../../packages/sandbox-docker/dist/chunk-3MREFIME.js
 import { execa } from "execa";
-import { mkdir as mkdir2, readFile as readFile3, stat as stat3 } from "fs/promises";
+import { mkdir as mkdir2, readFile as readFile3 } from "fs/promises";
 import { homedir as homedir2 } from "os";
 import { join as join3 } from "path";
 import { execa as execa2 } from "execa";
-import { execa as execa3 } from "execa";
-import { existsSync } from "fs";
-import { fileURLToPath } from "url";
-import { dirname as dirname3, resolve as resolve2 } from "path";
-import { mkdir as mkdir22, readFile as readFile22, readdir as readdir2, rm as rm2, writeFile as writeFile2 } from "fs/promises";
-import { homedir as homedir22 } from "os";
-import { join as join22 } from "path";
-import { execa as execa4 } from "execa";
 
 // ../../packages/config/dist/index.js
 import { parse as parseYaml } from "yaml";
 import { createHash } from "crypto";
 import { realpath, stat } from "fs/promises";
 import { homedir } from "os";
-import { dirname, join, resolve } from "path";
+import { basename, dirname, join, resolve } from "path";
 import { readFile } from "fs/promises";
 import { parse as parseYaml2 } from "yaml";
 import { mkdir, readFile as readFile2, rename, rm, stat as stat2, writeFile } from "fs/promises";
@@ -442,8 +434,14 @@ function hashProjectPath(absPath) {
   const normalised = absPath.length > 1 && absPath.endsWith("/") ? absPath.slice(0, -1) : absPath;
   return createHash("sha1").update(normalised).digest("hex").slice(0, 16);
 }
+function sanitizeMnemonic(raw) {
+  return raw.toLowerCase().replace(/-/g, "_").replace(/[^a-z0-9_]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").slice(0, 32) || "unnamed";
+}
+function projectDirSegment(absPath) {
+  return `${hashProjectPath(absPath)}-${sanitizeMnemonic(basename(absPath))}`;
+}
 function projectConfigDir(absPath) {
-  return join(PROJECTS_DIR, hashProjectPath(absPath));
+  return join(PROJECTS_DIR, projectDirSegment(absPath));
 }
 function projectConfigFile(absPath) {
   return join(projectConfigDir(absPath), "config.yaml");
@@ -603,14 +601,17 @@ async function listProjectsConfigured() {
     throw err;
   }
   const out = [];
-  for (const hash of entries) {
-    if (!/^[0-9a-f]{16}$/.test(hash)) continue;
-    const meta = await readMeta(hash);
+  for (const dirName of entries) {
+    const m = /^([0-9a-f]{16})(?:-.+)?$/.exec(dirName);
+    if (!m) continue;
+    const hash = m[1];
+    const meta = await readMeta(dirName);
     if (!meta) continue;
     const cfgPath = projectConfigFile(meta.originalPath);
     const hasConfig = await fileExists2(cfgPath);
     out.push({
       hash,
+      dirName,
       originalPath: meta.originalPath,
       createdAt: meta.createdAt,
       lastSeenAt: meta.lastSeenAt,
@@ -637,7 +638,7 @@ async function pruneOrphanProjectConfigs(opts = {}) {
     removed.push({ hash: entry.hash, originalPath: entry.originalPath });
     if (!dryRun) {
       try {
-        await rm(join2(PROJECTS_DIR, entry.hash), { recursive: true, force: true });
+        await rm(join2(PROJECTS_DIR, entry.dirName), { recursive: true, force: true });
       } catch {
       }
     }
@@ -661,8 +662,8 @@ async function bumpProjectGcCounter() {
   await rename(tmp, PROJECT_GC_COUNTER_FILE);
   return next;
 }
-async function readMeta(hash) {
-  const metaPath = `${PROJECTS_DIR}/${hash}/meta.json`;
+async function readMeta(dirName) {
+  const metaPath = `${PROJECTS_DIR}/${dirName}/meta.json`;
   try {
     const text = await readFile2(metaPath, "utf8");
     const parsed = JSON.parse(text);
@@ -745,7 +746,15 @@ async function touchProjectMeta(absPath) {
   await rename(tmp, metaPath);
 }
 
-// ../../packages/sandbox-docker/dist/chunk-GQRG227R.js
+// ../../packages/sandbox-docker/dist/chunk-3MREFIME.js
+import { execa as execa3 } from "execa";
+import { existsSync } from "fs";
+import { fileURLToPath } from "url";
+import { dirname as dirname3, resolve as resolve2 } from "path";
+import { mkdir as mkdir22, mkdtemp, readFile as readFile22, readdir as readdir2, rm as rm2, writeFile as writeFile2 } from "fs/promises";
+import { homedir as homedir22, tmpdir } from "os";
+import { basename as basename2, join as join22 } from "path";
+import { execa as execa4 } from "execa";
 async function dockerInfo() {
   const result = await execa("docker", ["info"], { reject: false });
   if (result.exitCode !== 0) {
@@ -771,6 +780,13 @@ async function runBox(spec) {
     // need. Both are scoped to the outer box's namespaces — inner containers
     // can't escape it. We still avoid --privileged for cloud portability.
     "--cap-add=NET_ADMIN",
+    // /dev/fuse + SYS_ADMIN + apparmor:unconfined used to be required for the
+    // outer /workspace FUSE overlay. That overlay is gone, but they're still
+    // load-bearing for the *inner* dockerd: it runs with
+    // storage-driver=fuse-overlayfs (set in /etc/docker/daemon.json in the
+    // image) because the kernel `overlay` driver isn't usable from an
+    // unprivileged outer container, and fuse-overlayfs needs the fuse device
+    // + SYS_ADMIN to mount layers for inner containers.
     "--device=/dev/fuse",
     "--security-opt=apparmor:unconfined",
     "--security-opt=seccomp=unconfined",
@@ -785,11 +801,7 @@ async function runBox(spec) {
     // name host.docker.internal. Docker Desktop / OrbStack ship this alias by
     // default; on Linux native Docker it requires this explicit flag (no-op
     // on the macOS engines). Boxes use it to reach the host relay process.
-    "--add-host=host.docker.internal:host-gateway",
-    "-v",
-    `${spec.lowerPath}:/host-src:ro`,
-    "-v",
-    `${spec.upperVolume}:/upper`
+    "--add-host=host.docker.internal:host-gateway"
   ];
   const lim = spec.limits;
   if (lim) {
@@ -950,7 +962,6 @@ async function listAgentboxVolumes() {
   return (result.stdout ?? "").split("\n").map((s) => s.trim()).filter((s) => s.startsWith(AGENTBOX_PREFIX));
 }
 var CONTAINER_EXPORT_MERGED = "/host-export";
-var CONTAINER_EXPORT_UPPER = "/host-export-upper";
 var cachedEngine = null;
 async function detectEngine() {
   if (cachedEngine !== null) return cachedEngine;
@@ -967,15 +978,23 @@ function setEngineOverride(engine) {
   cachedEngine = engine;
 }
 var BOXES_ROOT = join3(homedir2(), ".agentbox", "boxes");
-function boxRunDirFor(id) {
-  return join3(BOXES_ROOT, id);
+function boxDirSegment(box) {
+  const mnemonic = sanitizeMnemonic(box.name);
+  const n = box.projectIndex;
+  if (typeof n === "number" && Number.isFinite(n) && n > 0) {
+    return `${box.id}-${String(n)}-${mnemonic}`;
+  }
+  return `${box.id}-${mnemonic}`;
 }
-function boxStatusPathFor(id) {
-  return join3(boxRunDirFor(id), "status.json");
+function boxRunDirFor(box) {
+  return join3(BOXES_ROOT, boxDirSegment(box));
 }
-async function readBoxStatus(id) {
+function boxStatusPathFor(box) {
+  return join3(boxRunDirFor(box), "status.json");
+}
+async function readBoxStatus(box) {
   try {
-    const raw = await readFile3(boxStatusPathFor(id), "utf8");
+    const raw = await readFile3(boxStatusPathFor(box), "utf8");
     const parsed = JSON.parse(raw);
     if (parsed.schema !== 1) return null;
     return parsed;
@@ -983,95 +1002,56 @@ async function readBoxStatus(id) {
     return null;
   }
 }
-async function pathExists(p) {
-  try {
-    await stat3(p);
-    return true;
-  } catch {
-    return false;
-  }
-}
 function orbstackVolumePath(volume, ...sub) {
   return join3(homedir2(), "OrbStack", "docker", "volumes", volume, ...sub);
 }
-async function resolveUpperLiveOnHost(upperVolume, engine) {
-  if (engine !== "orbstack") return null;
-  const orbPath = orbstackVolumePath(upperVolume, "upper");
-  if (await pathExists(orbPath)) return orbPath;
-  const mp = await inspectVolumeMountpoint(upperVolume);
-  if (mp && !mp.startsWith("/var/lib/docker")) {
-    const candidate = join3(mp, "upper");
-    if (await pathExists(candidate)) return candidate;
-  }
-  return null;
-}
-async function getHostPaths(record, engine) {
-  const eng = engine ?? await detectEngine();
-  const boxDir = boxRunDirFor(record.id);
+async function getHostPaths(record) {
+  const boxDir = boxRunDirFor(record);
   return {
     boxDir,
-    mergedExport: join3(boxDir, "workspace"),
-    upperExport: join3(boxDir, "upper"),
-    upperLiveOnHost: await resolveUpperLiveOnHost(record.upperVolume, eng)
+    mergedExport: join3(boxDir, "workspace")
   };
 }
 async function hasContainerPath(container, path) {
   const probe = await execInBox(container, ["test", "-d", path], { user: "root" });
   return probe.exitCode === 0;
 }
-async function refreshExport(record, opts) {
-  const engine = await detectEngine();
-  const paths = await getHostPaths(record, engine);
-  if (opts.layer === "upper" && engine === "orbstack" && paths.upperLiveOnHost) {
-    await mkdir2(paths.boxDir, { recursive: true });
-    return { hostPath: paths.upperLiveOnHost, copied: false, usedFallback: false };
-  }
-  const ctx = opts.layer === "merged" ? {
-    hostBoxDir: paths.boxDir,
-    hostTarget: paths.mergedExport,
-    containerSource: "/workspace",
-    containerBind: CONTAINER_EXPORT_MERGED,
-    excludeNodeModules: !opts.includeNodeModules
-  } : {
-    hostBoxDir: paths.boxDir,
-    hostTarget: paths.upperExport,
-    containerSource: "/upper/upper",
-    containerBind: CONTAINER_EXPORT_UPPER,
-    excludeNodeModules: false
-  };
-  await mkdir2(ctx.hostTarget, { recursive: true });
-  const bindAvailable = await hasContainerPath(record.container, ctx.containerBind);
+async function refreshExport(record, opts = {}) {
+  const paths = await getHostPaths(record);
+  const excludeNodeModules = !opts.includeNodeModules;
+  await mkdir2(paths.mergedExport, { recursive: true });
+  const bindAvailable = await hasContainerPath(record.container, CONTAINER_EXPORT_MERGED);
   if (bindAvailable) {
     const args = ["rsync", "-a", "--delete"];
-    if (ctx.excludeNodeModules) args.push("--exclude=node_modules");
-    args.push(`${ctx.containerSource}/`, `${ctx.containerBind}/`);
+    if (excludeNodeModules) args.push("--exclude=node_modules");
+    args.push("/workspace/", `${CONTAINER_EXPORT_MERGED}/`);
     const r = await execInBox(record.container, args, { user: "root" });
     if (r.exitCode !== 0) {
-      throw new ExportError(`rsync into ${ctx.containerBind} failed`, r.stdout, r.stderr);
+      throw new ExportError(`rsync into ${CONTAINER_EXPORT_MERGED} failed`, r.stdout, r.stderr);
     }
-    return { hostPath: ctx.hostTarget, copied: true, usedFallback: false };
+    return { hostPath: paths.mergedExport, copied: true, usedFallback: false };
   }
-  const excludes = ctx.excludeNodeModules ? ["--exclude=node_modules"] : [];
+  const excludes = excludeNodeModules ? ["--exclude=node_modules"] : [];
   const result = await execa2(
     "docker",
-    ["exec", "--user", "root", record.container, "tar", "-cf", "-", ...excludes, "-C", ctx.containerSource, "."],
+    ["exec", "--user", "root", record.container, "tar", "-cf", "-", ...excludes, "-C", "/workspace", "."],
     { reject: false, encoding: "buffer" }
   );
   if (result.exitCode !== 0) {
     throw new ExportError(
-      `tar from ${ctx.containerSource} failed`,
+      `tar from /workspace failed`,
       "",
       typeof result.stderr === "string" ? result.stderr : result.stderr.toString("utf8")
     );
   }
-  const extract = await execa2("tar", ["-xf", "-", "-C", ctx.hostTarget], {
+  const extract = await execa2("tar", ["-xf", "-", "-C", paths.mergedExport], {
     input: result.stdout,
     reject: false
   });
   if (extract.exitCode !== 0) {
     throw new ExportError("tar extract on host failed", extract.stdout, extract.stderr);
   }
-  return { hostPath: ctx.hostTarget, copied: true, usedFallback: true };
+  return { hostPath: paths.mergedExport, copied: true, usedFallback: true };
 }
 var DEFAULT_ENV_PATTERNS = [
   ".env",
@@ -1189,6 +1169,40 @@ async function copyHostEnvFilesToBox(opts) {
   }
   return { copied: list.length };
 }
+async function scanHostEnvFiles(workspaceDir, patterns) {
+  if (patterns.length === 0) return [];
+  const found = await execa2("find", buildHostEnvFindArgs(patterns).slice(1), {
+    cwd: workspaceDir,
+    reject: false
+  });
+  if (found.exitCode !== 0) return [];
+  return String(found.stdout).split("\0").map((p) => p.replace(/^\.\//, "")).filter((p) => p.length > 0);
+}
+async function copyHostFilesToBox(opts) {
+  const log = opts.onLog ?? (() => {
+  });
+  const list = opts.files.map((p) => p.replace(/^\.\//, "")).filter((p) => p.length > 0);
+  if (list.length === 0) return { copied: 0 };
+  const packed = await execa2("tar", ["-C", opts.workspaceDir, "--null", "-T", "-", "-cf", "-"], {
+    input: list.join("\0"),
+    encoding: "buffer",
+    reject: false
+  });
+  if (packed.exitCode !== 0) {
+    log(`warning: env-file tar pack failed: ${String(packed.stderr).slice(0, 300)}`);
+    return { copied: 0 };
+  }
+  const extract = await execa2(
+    "docker",
+    ["exec", "-i", "--user", "1000:1000", opts.container, "tar", "-xf", "-", "-C", "/workspace"],
+    { input: packed.stdout, reject: false }
+  );
+  if (extract.exitCode !== 0) {
+    log(`warning: env-file copy into box failed: ${String(extract.stderr).slice(0, 300)}`);
+    return { copied: 0 };
+  }
+  return { copied: list.length };
+}
 function parseItemizedChanges(stdout) {
   return stdout.split("\n").map((l) => l.trimEnd()).filter((l) => l.length > 0).filter((l) => {
     const code = l[0];
@@ -1197,15 +1211,13 @@ function parseItemizedChanges(stdout) {
   });
 }
 async function pullToHost(record, opts = {}) {
-  const engine = await detectEngine();
-  const paths = await getHostPaths(record, engine);
+  const paths = await getHostPaths(record);
   let scratchDir;
   if (opts.noRefresh) {
     scratchDir = paths.mergedExport;
     await mkdir2(scratchDir, { recursive: true });
   } else {
     const refreshed = await refreshExport(record, {
-      layer: "merged",
       includeNodeModules: opts.includeNodeModules
     });
     scratchDir = refreshed.hostPath;
@@ -1280,13 +1292,9 @@ async function openInFinder(record, opts) {
   let copied = false;
   let usedFallback = false;
   if (opts.noRefresh) {
-    const paths = await getHostPaths(record, engine);
-    if (opts.layer === "upper" && engine === "orbstack" && paths.upperLiveOnHost) {
-      hostPath = paths.upperLiveOnHost;
-    } else {
-      hostPath = opts.layer === "merged" ? paths.mergedExport : paths.upperExport;
-      await mkdir2(hostPath, { recursive: true });
-    }
+    const paths = await getHostPaths(record);
+    hostPath = paths.mergedExport;
+    await mkdir2(hostPath, { recursive: true });
   } else {
     const refreshed = await refreshExport(record, opts);
     hostPath = refreshed.hostPath;
@@ -1369,13 +1377,13 @@ async function ensureImage(ref = DEFAULT_BOX_IMAGE, opts = {}) {
   return { ref, built: true };
 }
 var CHECKPOINTS_ROOT = join22(homedir22(), ".agentbox", "checkpoints");
-var CHECKPOINT_VOLUME_PREFIX = "agentbox-ckpt-";
-var CHECKPOINT_MOUNT = "/agentbox-checkpoints";
-function checkpointVolumeName(projectRoot) {
-  return `${CHECKPOINT_VOLUME_PREFIX}${hashProjectPath(projectRoot)}`;
+var CHECKPOINT_IMAGE_PREFIX = "agentbox-ckpt-";
+function checkpointImageTag(projectRoot, name) {
+  const mnemonic = sanitizeMnemonic(basename2(projectRoot));
+  return `${CHECKPOINT_IMAGE_PREFIX}${hashProjectPath(projectRoot)}_${mnemonic}:${name}`;
 }
 function projectCheckpointsDir(projectRoot) {
-  return join22(CHECKPOINTS_ROOT, hashProjectPath(projectRoot));
+  return join22(CHECKPOINTS_ROOT, projectDirSegment(projectRoot));
 }
 function checkpointDir(projectRoot, name) {
   return join22(projectCheckpointsDir(projectRoot), name);
@@ -1384,7 +1392,7 @@ async function readManifest(dir) {
   try {
     const raw = await readFile22(join22(dir, "manifest.json"), "utf8");
     const m = JSON.parse(raw);
-    if (m.schema !== 1) return null;
+    if (m.schema !== 2) return null;
     return m;
   } catch {
     return null;
@@ -1413,17 +1421,35 @@ async function resolveCheckpoint(projectRoot, ref) {
   if (!manifest) return null;
   return { name: ref, dir, manifest };
 }
+async function listAllCheckpointImages() {
+  let projectDirs;
+  try {
+    projectDirs = (await readdir2(CHECKPOINTS_ROOT, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
+  } catch {
+    return [];
+  }
+  const out = /* @__PURE__ */ new Set();
+  for (const proj of projectDirs) {
+    const projPath = join22(CHECKPOINTS_ROOT, proj);
+    let names;
+    try {
+      names = (await readdir2(projPath, { withFileTypes: true })).filter((e) => e.isDirectory()).map((e) => e.name);
+    } catch {
+      continue;
+    }
+    for (const name of names) {
+      const manifest = await readManifest(join22(projPath, name));
+      if (manifest) out.add(manifest.image);
+    }
+  }
+  return Array.from(out);
+}
 async function removeCheckpoint(projectRoot, ref) {
   const dir = checkpointDir(projectRoot, ref);
   const manifest = await readManifest(dir);
   if (!manifest) return false;
   await rm2(dir, { recursive: true, force: true });
-  const volume = manifest.volume || checkpointVolumeName(projectRoot);
-  await execa4(
-    "docker",
-    ["run", "--rm", "--user", "0:0", "-v", `${volume}:/dst`, DEFAULT_BOX_IMAGE, "rm", "-rf", `/dst/${ref}`],
-    { reject: false }
-  );
+  await removeImage(manifest.image, { force: true });
   return true;
 }
 function computeNextCheckpointName(existingNames, boxName) {
@@ -1445,102 +1471,122 @@ async function nextCheckpointName(projectRoot, boxName) {
 function chainDepth(box) {
   return box.checkpointSource?.chain.length ?? 0;
 }
-function shq(s) {
-  return `'${s.replace(/'/g, `'\\''`)}'`;
+async function runCleanup(container, log) {
+  const r = await execInBox(container, ["/usr/local/bin/agentbox-checkpoint-cleanup"], {
+    user: "root"
+  });
+  if (r.exitCode !== 0) {
+    log(`warning: checkpoint cleanup exited ${String(r.exitCode)}: ${r.stderr.slice(0, 200)}`);
+  }
+}
+async function inspectImageConfig(imageRef) {
+  const r = await execa4("docker", ["image", "inspect", imageRef], { reject: false });
+  if (r.exitCode !== 0) {
+    throw new CheckpointError(`docker image inspect ${imageRef} failed`, r.stdout, r.stderr);
+  }
+  const parsed = JSON.parse(r.stdout);
+  if (!Array.isArray(parsed) || parsed.length === 0 || !parsed[0]?.Config) {
+    throw new CheckpointError(`unexpected docker image inspect shape for ${imageRef}`, r.stdout, "");
+  }
+  return parsed[0].Config;
+}
+var RUNTIME_ENV_BLOCKLIST = /* @__PURE__ */ new Set([
+  "AGENTBOX",
+  "AGENTBOX_BOX_ID",
+  "AGENTBOX_BOX_NAME",
+  "AGENTBOX_HOST_WORKSPACE",
+  "AGENTBOX_PROJECT_ROOT",
+  "AGENTBOX_PROJECT_INDEX",
+  "AGENTBOX_RELAY_URL",
+  "AGENTBOX_RELAY_TOKEN",
+  "AGENTBOX_VNC_PASSWORD",
+  "CLAUDE_EFFORT",
+  "CLAUDE_CODE_OAUTH_TOKEN",
+  "ANTHROPIC_API_KEY",
+  "ANTHROPIC_MODEL"
+]);
+function renderConfigDirectives(cfg) {
+  const lines = [];
+  for (const kv of cfg.Env ?? []) {
+    const eq = kv.indexOf("=");
+    if (eq <= 0) continue;
+    const k = kv.slice(0, eq);
+    if (RUNTIME_ENV_BLOCKLIST.has(k)) continue;
+    const v = kv.slice(eq + 1);
+    lines.push(`ENV ${k}=${dockerfileQuote(v)}`);
+  }
+  if (cfg.WorkingDir) lines.push(`WORKDIR ${cfg.WorkingDir}`);
+  if (cfg.User) lines.push(`USER ${cfg.User}`);
+  for (const p of Object.keys(cfg.ExposedPorts ?? {})) lines.push(`EXPOSE ${p.replace("/tcp", "")}`);
+  if (cfg.Entrypoint && cfg.Entrypoint.length > 0) {
+    lines.push(`ENTRYPOINT ${JSON.stringify(cfg.Entrypoint)}`);
+  }
+  if (cfg.Cmd && cfg.Cmd.length > 0) {
+    lines.push(`CMD ${JSON.stringify(cfg.Cmd)}`);
+  }
+  return lines;
+}
+function dockerfileQuote(v) {
+  if (/^[A-Za-z0-9._/:+@,=-]+$/.test(v)) return v;
+  return `"${v.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
 }
 async function createCheckpoint(opts) {
   const log = opts.onLog ?? (() => {
   });
   const { box } = opts;
-  const type = opts.merged === true || chainDepth(box) >= opts.maxLayers ? "merged" : "layered";
+  const type = opts.merged === true || chainDepth(box) >= opts.maxLayers ? "flattened" : "layered";
   const name = opts.name ?? await nextCheckpointName(opts.projectRoot, box.name);
   const dir = checkpointDir(opts.projectRoot, name);
-  if (await readManifest(dir)) {
-    throw new CheckpointError(`checkpoint ${name} already exists (rm it first)`, "", "");
+  const existing = await readManifest(dir);
+  if (existing) {
+    if (opts.replace) {
+      log(`replacing existing checkpoint ${name} (created ${existing.createdAt})`);
+      await removeCheckpoint(opts.projectRoot, name);
+    } else {
+      throw new CheckpointError(
+        `checkpoint ${name} already exists (created ${existing.createdAt}; rm it or pass --replace to recapture)`,
+        "",
+        ""
+      );
+    }
   }
-  const volume = checkpointVolumeName(opts.projectRoot);
-  await ensureVolume(volume);
+  const tag = checkpointImageTag(opts.projectRoot, name);
   await mkdir22(dir, { recursive: true });
-  const qn = shq(name);
+  log(`running pre-commit cleanup in ${box.container}`);
+  await runCleanup(box.container, log);
   if (type === "layered") {
-    log(`capturing upper delta of ${box.container} -> ${volume}/${name} (layered)`);
-    const script = [
-      "set -u",
-      `rm -rf /dst/${qn}`,
-      `mkdir -p /dst/${qn}`,
-      `cp -a /src/upper/. /dst/${qn}/ 2>/dev/null || true`,
-      `ls -A /dst/${qn} >/dev/null`
-    ].join("\n");
-    const r = await execa4(
-      "docker",
-      [
-        "run",
-        "--rm",
-        "--user",
-        "0:0",
-        "-v",
-        `${box.upperVolume}:/src:ro`,
-        "-v",
-        `${volume}:/dst`,
-        box.image,
-        "bash",
-        "-lc",
-        script
-      ],
-      { reject: false }
-    );
+    log(`docker commit ${box.container} -> ${tag} (layered)`);
+    const r = await execa4("docker", ["commit", box.container, tag], { reject: false });
     if (r.exitCode !== 0) {
-      throw new CheckpointError(`failed to copy upper layer for ${box.name}`, r.stdout, r.stderr);
+      throw new CheckpointError(`docker commit failed for ${box.container}`, r.stdout, r.stderr);
     }
   } else {
-    log(`capturing merged /workspace of ${box.container} -> ${volume}/${name} (merged)`);
-    const packed = await execa4(
-      "docker",
-      ["exec", "--user", "root", box.container, "tar", "-C", "/workspace", "-cf", "-", "."],
-      { reject: false, encoding: "buffer" }
-    );
-    if (packed.exitCode !== 0) {
-      throw new CheckpointError(
-        `failed to tar merged /workspace for ${box.name} (is the box running?)`,
-        "",
-        typeof packed.stderr === "string" ? packed.stderr : packed.stderr.toString("utf8")
-      );
+    log(`docker commit ${box.container} -> <intermediate> (flattened path)`);
+    const intermediate = `${tag}-intermediate`;
+    const commit = await execa4("docker", ["commit", box.container, intermediate], {
+      reject: false
+    });
+    if (commit.exitCode !== 0) {
+      throw new CheckpointError(`docker commit (intermediate) failed`, commit.stdout, commit.stderr);
     }
-    const extract = await execa4(
-      "docker",
-      [
-        "run",
-        "-i",
-        "--rm",
-        "--user",
-        "0:0",
-        "-v",
-        `${volume}:/dst`,
-        box.image,
-        "bash",
-        "-lc",
-        `set -u; rm -rf /dst/${qn}; mkdir -p /dst/${qn}; tar -xf - -C /dst/${qn}`
-      ],
-      { input: packed.stdout, reject: false }
-    );
-    if (extract.exitCode !== 0) {
-      throw new CheckpointError(
-        "tar extract into checkpoint volume failed",
-        extract.stdout,
-        extract.stderr
-      );
+    try {
+      await flattenImage(intermediate, tag, log);
+    } finally {
+      await removeImage(intermediate, { force: true });
     }
   }
   const base = (box.gitWorktrees ?? []).some((w) => w.kind === "root") ? "worktree" : "workspace";
   const manifest = {
-    schema: 1,
+    schema: 2,
     name,
     type,
+    image: tag,
+    // Layered carries lineage forward; flattened is self-contained.
     parents: type === "layered" ? box.checkpointSource?.chain ?? [] : [],
     base,
     sourceBoxId: box.id,
     sourceBoxName: box.name,
-    volume,
+    worktrees: box.gitWorktrees,
     createdAt: (/* @__PURE__ */ new Date()).toISOString()
   };
   await writeFile2(join22(dir, "manifest.json"), JSON.stringify(manifest, null, 2) + "\n", "utf8");
@@ -1550,35 +1596,45 @@ async function createCheckpoint(opts) {
   }
   return { name, dir, manifest };
 }
-async function resolveCheckpointLower(projectRoot, ref) {
-  const head = await resolveCheckpoint(projectRoot, ref);
-  if (!head) throw new CheckpointError(`checkpoint not found: ${ref}`, "", "");
-  if (!head.manifest.volume) {
-    throw new CheckpointError(
-      `checkpoint ${ref} is a legacy host-dir checkpoint; recreate it`,
-      "",
-      ""
-    );
-  }
-  const volume = head.manifest.volume;
-  if (head.manifest.type === "merged") {
-    return { type: "merged", volume, subpaths: [head.name], chain: [head.name] };
+async function flattenImage(sourceTag, destTag, log) {
+  const tmpName = `agentbox-flatten-${Date.now().toString(36)}`;
+  const create = await execa4(
+    "docker",
+    ["create", "--name", tmpName, sourceTag, "sleep", "0"],
+    { reject: false }
+  );
+  if (create.exitCode !== 0) {
+    throw new CheckpointError(`docker create for flatten failed`, create.stdout, create.stderr);
   }
-  const subpaths = [head.name];
-  const chain = [head.name];
-  for (const parentRef of head.manifest.parents) {
-    const p = await resolveCheckpoint(projectRoot, parentRef);
-    if (!p) {
-      throw new CheckpointError(
-        `checkpoint ${ref} references missing parent ${parentRef}`,
-        "",
-        ""
-      );
+  const scratch = await mkdtemp(join22(tmpdir(), "agentbox-flatten-"));
+  try {
+    const rootfsPath = join22(scratch, "rootfs.tar");
+    log(`exporting rootfs of ${sourceTag} to ${rootfsPath}`);
+    const exp = await execa4("docker", ["export", "-o", rootfsPath, tmpName], { reject: false });
+    if (exp.exitCode !== 0) {
+      throw new CheckpointError(`docker export failed`, exp.stdout, exp.stderr);
+    }
+    const cfg = await inspectImageConfig(sourceTag);
+    const lines = [
+      "FROM scratch",
+      // ADD untars during build (Docker's documented behavior for local tars).
+      "ADD rootfs.tar /",
+      ...renderConfigDirectives(cfg)
+    ];
+    await writeFile2(join22(scratch, "Dockerfile"), lines.join("\n") + "\n", "utf8");
+    log(`building flattened ${destTag} from rootfs.tar (FROM scratch)`);
+    const build = await execa4(
+      "docker",
+      ["build", "-t", destTag, "-f", join22(scratch, "Dockerfile"), scratch],
+      { reject: false }
+    );
+    if (build.exitCode !== 0) {
+      throw new CheckpointError(`flatten docker build failed`, build.stdout, build.stderr);
     }
-    subpaths.push(p.name);
-    chain.push(p.name);
+  } finally {
+    await execa4("docker", ["rm", "-f", tmpName], { reject: false });
+    await rm2(scratch, { recursive: true, force: true });
   }
-  return { type: "layered", volume, subpaths, chain };
 }
 var CheckpointError = class extends Error {
   constructor(message, stdout, stderr) {
@@ -1596,6 +1652,7 @@ export {
   lookupKey,
   UserConfigError,
   findProjectRoot,
+  sanitizeMnemonic,
   configPathFor,
   loadEffectiveConfig,
   setConfigValue,
@@ -1625,7 +1682,6 @@ export {
   publishedHostPort,
   listAgentboxVolumes,
   CONTAINER_EXPORT_MERGED,
-  CONTAINER_EXPORT_UPPER,
   detectEngine,
   setEngineOverride,
   BOXES_ROOT,
@@ -1636,16 +1692,18 @@ export {
   refreshExport,
   DEFAULT_ENV_PATTERNS,
   copyHostEnvFilesToBox,
+  scanHostEnvFiles,
+  copyHostFilesToBox,
   pullToHost,
   openInFinder,
   DEFAULT_BOX_IMAGE,
   ensureImage,
-  CHECKPOINT_VOLUME_PREFIX,
-  CHECKPOINT_MOUNT,
-  checkpointVolumeName,
+  CHECKPOINT_IMAGE_PREFIX,
+  checkpointImageTag,
   listCheckpoints,
+  resolveCheckpoint,
+  listAllCheckpointImages,
   removeCheckpoint,
-  createCheckpoint,
-  resolveCheckpointLower
+  createCheckpoint
 };
-//# sourceMappingURL=chunk-SOMIKEN2.js.map
+//# sourceMappingURL=chunk-RFC5F5HR.js.map