@madarco/agentbox 0.4.1 → 0.6.0

package/dist/{chunk-NSIECUCS.js → chunk-HTTKML3C.js}

@@ -6,24 +6,28 @@ import {
   execInBox,
   orbstackVolumePath,
   removeContainer,
+  sanitizeMnemonic,
   volumeExists
-} from "./chunk-SOMIKEN2.js";
+} from "./chunk-HHMWQNLF.js";
 
-// ../../packages/sandbox-docker/dist/chunk-NY7PB7KY.js
+// ../../packages/sandbox-docker/dist/chunk-SRQIM7LG.js
 import { spawnSync } from "child_process";
 import { mkdir, mkdtemp, readdir, readFile, rm, stat, writeFile } from "fs/promises";
 import { homedir, tmpdir } from "os";
 import { join, relative } from "path";
+import { setTimeout as delay } from "timers/promises";
 import { execa } from "execa";
 import { randomBytes } from "crypto";
 import { execa as execa2 } from "execa";
 import { readdir as readdir2, stat as stat2 } from "fs/promises";
 import { join as join2 } from "path";
 import { execa as execa3 } from "execa";
+import { execa as execa4 } from "execa";
 import { mkdir as mkdir2, readdir as readdir3, rm as rm2, stat as stat3 } from "fs/promises";
 import { homedir as homedir2, platform } from "os";
 import { join as join3, resolve } from "path";
 import { stat as stat4 } from "fs/promises";
+import { execa as execa5 } from "execa";
 import { spawn } from "child_process";
 import { randomBytes as randomBytes2 } from "crypto";
 import { existsSync, openSync } from "fs";
@@ -31,7 +35,7 @@ import { mkdir as mkdir3, readFile as readFile2, unlink, writeFile as writeFile2
 import { request as httpRequest } from "http";
 import { homedir as homedir3 } from "os";
 import { dirname, join as join4, resolve as resolve2 } from "path";
-import { setTimeout as delay } from "timers/promises";
+import { setTimeout as delay2 } from "timers/promises";
 import { fileURLToPath } from "url";
 
 // ../../packages/relay/dist/index.js
@@ -41,7 +45,7 @@ var RELAY_NETWORK_NAME = "agentbox-net";
 var RELAY_IMAGE_REF = "agentbox/relay:dev";
 var MAX_BODY_BYTES = 1024 * 1024;
 
-// ../../packages/sandbox-docker/dist/chunk-NY7PB7KY.js
+// ../../packages/sandbox-docker/dist/chunk-SRQIM7LG.js
 function isHostPathHookCommand(command, hostHome) {
   if (typeof command !== "string" || command.length === 0) return false;
   if (hostHome.length === 0) return false;
@@ -78,6 +82,27 @@ function filterHostHooks(data, hostHome) {
   }
   return { data: clone, removedCommands };
 }
+function trustWorkspace(data, workspacePath) {
+  const clone = structuredClone(data);
+  if (clone === null || typeof clone !== "object" || Array.isArray(clone)) {
+    return { data: clone, trusted: false };
+  }
+  if (workspacePath.length === 0) return { data: clone, trusted: false };
+  const obj = clone;
+  if (obj.projects === null || typeof obj.projects !== "object" || Array.isArray(obj.projects)) {
+    obj.projects = {};
+  }
+  const projects = obj.projects;
+  const existing = projects[workspacePath];
+  const entry = existing !== null && typeof existing === "object" && !Array.isArray(existing) ? existing : {};
+  if (entry.hasTrustDialogAccepted === true) {
+    projects[workspacePath] = entry;
+    return { data: clone, trusted: false };
+  }
+  entry.hasTrustDialogAccepted = true;
+  projects[workspacePath] = entry;
+  return { data: clone, trusted: true };
+}
 function addProjectAlias(data, fromPath, toPath) {
   const clone = structuredClone(data);
   if (clone === null || typeof clone !== "object" || Array.isArray(clone)) {
@@ -104,17 +129,17 @@ function addProjectAlias(data, fromPath, toPath) {
   }
   return { data: clone, aliased: true };
 }
-function clearInstallMethod(data) {
+function setInstallMethodNative(data) {
   const clone = structuredClone(data);
   if (clone === null || typeof clone !== "object" || Array.isArray(clone)) {
-    return { data: clone, cleared: false };
+    return { data: clone, applied: false };
   }
   const obj = clone;
-  if (Object.prototype.hasOwnProperty.call(obj, "installMethod")) {
-    delete obj.installMethod;
-    return { data: clone, cleared: true };
-  }
-  return { data: clone, cleared: false };
+  const changed = obj.installMethod !== "native" || obj.autoUpdates !== false || obj.autoUpdatesProtectedForNative !== true;
+  obj.installMethod = "native";
+  obj.autoUpdates = false;
+  obj.autoUpdatesProtectedForNative = true;
+  return { data: clone, applied: changed };
 }
 var SKILL_EXCLUDE_PREFIXES = ["agentbox-"];
 var CONTAINER_PLUGINS_PREFIX = "/home/vscode/.claude/plugins/";
@@ -188,11 +213,31 @@ function mergeInstalledPlugins(hostJson, boxJson, opts) {
     (host, merged) => ({ ...host, plugins: merged })
   );
 }
+function referencedPluginVersionKeys(installedPluginsJson) {
+  const keys = /* @__PURE__ */ new Set();
+  if (!isPlainObject(installedPluginsJson)) return keys;
+  const plugins = installedPluginsJson["plugins"];
+  if (!isPlainObject(plugins)) return keys;
+  for (const entries of Object.values(plugins)) {
+    if (!Array.isArray(entries)) continue;
+    for (const entry of entries) {
+      if (!isPlainObject(entry)) continue;
+      const installPath = entry["installPath"];
+      if (typeof installPath !== "string") continue;
+      const segments = installPath.split("/").filter((s) => s.length > 0);
+      if (segments.length < 3) continue;
+      keys.add(segments.slice(-3).join("/"));
+    }
+  }
+  return keys;
+}
 var SHARED_CLAUDE_VOLUME = "agentbox-claude-config";
 var DEFAULT_CLAUDE_SESSION = "claude";
 var CONTAINER_CLAUDE_DIR = "/home/vscode/.claude";
 var CONTAINER_USER = "vscode";
 var CONTAINER_WORKSPACE = "/workspace";
+var IN_BOX_SETUP_GUIDE_PATH = "/usr/local/share/agentbox/setup-guide.md";
+var SETUP_SKILL_DST = "/dst/skills/agentbox-setup/SKILL.md";
 function resolveClaudeVolume(opts) {
   if (opts.isolate) {
     return { volume: `${SHARED_CLAUDE_VOLUME}-${opts.boxId}` };
@@ -207,6 +252,14 @@ async function pathExists(p) {
     return false;
   }
 }
+async function volumeHasClaudeJson(volume, image) {
+  const res = await execa(
+    "docker",
+    ["run", "--rm", "-v", `${volume}:/dst`, image, "sh", "-c", "test -e /dst/_claude.json"],
+    { reject: false }
+  );
+  return res.exitCode === 0;
+}
 async function findBrokenSymlinks(root) {
   const broken = [];
   async function walk(dir) {
@@ -241,6 +294,7 @@ async function ensureClaudeVolume(spec, opts) {
   if (!await pathExists(hostClaude)) return { created, synced: false };
   const hostClaudeJson = join(homedir(), ".claude.json");
   const hasJson = await pathExists(hostClaudeJson);
+  const seedClaudeJson = !await volumeHasClaudeJson(spec.volume, opts.image);
   const hostHome = homedir();
   const hostAgents = join(homedir(), ".agents");
   const hasAgents = await pathExists(hostAgents);
@@ -258,12 +312,13 @@ async function ensureClaudeVolume(spec, opts) {
     "-v",
     `${hostClaude}:/src-claude:ro`
   ];
-  if (hasJson) args.push("-v", `${hostClaudeJson}:/src-claude-json:ro`);
+  if (hasJson && seedClaudeJson) args.push("-v", `${hostClaudeJson}:/src-claude-json:ro`);
   if (hasAgents) args.push("-v", `${hostAgents}:/.agents:ro`);
   const filterDir = await mkdtemp(join(tmpdir(), "agentbox-claude-filter-"));
   let filteredHookCount = 0;
-  let clearedInstallMethod = false;
+  let installMethodFixed = false;
   let aliasedProjectKey = false;
+  let workspaceTrusted = false;
   try {
     const settingsResult = await maybeFilterTo(
       join(hostClaude, "settings.json"),
@@ -271,21 +326,40 @@ async function ensureClaudeVolume(spec, opts) {
       hostHome
     );
     filteredHookCount += settingsResult.removedHooks;
-    if (hasJson) {
+    if (!seedClaudeJson) {
+    } else if (hasJson) {
       const jsonResult = await maybeFilterTo(
         hostClaudeJson,
         join(filterDir, "_claude.json"),
         hostHome,
         {
-          clearInstallMethod: true,
-          aliasProject: opts.hostWorkspace ? { from: opts.hostWorkspace, to: CONTAINER_WORKSPACE } : void 0
+          setInstallMethodNative: true,
+          aliasProject: opts.hostWorkspace ? { from: opts.hostWorkspace, to: CONTAINER_WORKSPACE } : void 0,
+          trustWorkspacePath: CONTAINER_WORKSPACE
         }
       );
       filteredHookCount += jsonResult.removedHooks;
-      clearedInstallMethod = jsonResult.clearedInstallMethod;
+      installMethodFixed = jsonResult.installMethodFixed;
       aliasedProjectKey = jsonResult.aliasedProjectKey;
+      workspaceTrusted = jsonResult.workspaceTrusted;
+    } else {
+      await writeFile(
+        join(filterDir, "_claude.json"),
+        JSON.stringify(
+          {
+            installMethod: "native",
+            autoUpdates: false,
+            autoUpdatesProtectedForNative: true,
+            projects: { [CONTAINER_WORKSPACE]: { hasTrustDialogAccepted: true } }
+          },
+          null,
+          2
+        )
+      );
+      installMethodFixed = true;
+      workspaceTrusted = true;
     }
-    if (filteredHookCount > 0 || clearedInstallMethod || aliasedProjectKey) {
+    if (filteredHookCount > 0 || installMethodFixed || aliasedProjectKey || workspaceTrusted) {
       args.push("-v", `${filterDir}:/src-filter:ro`);
     }
     const brokenSymlinks = await findBrokenSymlinks(hostClaude);
@@ -332,22 +406,57 @@ async function ensureClaudeVolume(spec, opts) {
   } finally {
     await rm(filterDir, { recursive: true, force: true });
   }
-  return { created, synced: true, filteredHookCount, clearedInstallMethod, aliasedProjectKey };
+  return {
+    created,
+    synced: true,
+    filteredHookCount,
+    installMethodFixed,
+    aliasedProjectKey,
+    workspaceTrusted
+  };
+}
+async function seedSetupSkillIntoVolume(volume, image) {
+  try {
+    const { stdout } = await execa("docker", [
+      "run",
+      "--rm",
+      "--user",
+      "0",
+      "-v",
+      `${volume}:/dst`,
+      image,
+      "sh",
+      "-c",
+      // Always overwrite from the image so an image upgrade propagates. Prints
+      // SEEDED on success; the whole thing is `|| true` so a missing image
+      // asset is a clean no-op, never a non-zero exit.
+      `{ [ -f ${IN_BOX_SETUP_GUIDE_PATH} ] && rm -rf /dst/skills/agentbox-setup && mkdir -p /dst/skills/agentbox-setup && cp -a ${IN_BOX_SETUP_GUIDE_PATH} ${SETUP_SKILL_DST} && chown -R 1000:1000 /dst/skills/agentbox-setup && echo SEEDED; } || true`
+    ]);
+    return { seeded: stdout.includes("SEEDED") };
+  } catch {
+    return { seeded: false };
+  }
 }
 async function maybeFilterTo(src, dest, hostHome, opts = {}) {
+  const zero = {
+    removedHooks: 0,
+    installMethodFixed: false,
+    aliasedProjectKey: false,
+    workspaceTrusted: false
+  };
   let parsed;
   try {
     parsed = JSON.parse(await readFile(src, "utf8"));
   } catch {
-    return { removedHooks: 0, clearedInstallMethod: false, aliasedProjectKey: false };
+    return zero;
   }
   const filtered = filterHostHooks(parsed, hostHome);
   let working = filtered.data;
-  let cleared = false;
-  if (opts.clearInstallMethod) {
-    const r = clearInstallMethod(working);
+  let installFixed = false;
+  if (opts.setInstallMethodNative) {
+    const r = setInstallMethodNative(working);
     working = r.data;
-    cleared = r.cleared;
+    installFixed = r.applied;
   }
   let aliased = false;
   if (opts.aliasProject) {
@@ -355,14 +464,21 @@ async function maybeFilterTo(src, dest, hostHome, opts = {}) {
     working = r.data;
     aliased = r.aliased;
   }
-  if (filtered.removedCommands.length === 0 && !cleared && !aliased) {
-    return { removedHooks: 0, clearedInstallMethod: false, aliasedProjectKey: false };
+  let trusted = false;
+  if (opts.trustWorkspacePath) {
+    const r = trustWorkspace(working, opts.trustWorkspacePath);
+    working = r.data;
+    trusted = r.trusted;
+  }
+  if (filtered.removedCommands.length === 0 && !installFixed && !aliased && !trusted) {
+    return zero;
   }
   await writeFile(dest, JSON.stringify(working, null, 2));
   return {
     removedHooks: filtered.removedCommands.length,
-    clearedInstallMethod: cleared,
-    aliasedProjectKey: aliased
+    installMethodFixed: installFixed,
+    aliasedProjectKey: aliased,
+    workspaceTrusted: trusted
   };
 }
 var FORWARDED_ENV_KEYS = [
@@ -410,7 +526,18 @@ async function isDir(p) {
     return false;
   }
 }
+async function readReferencedPluginKeys(installedPluginsJsonPath) {
+  try {
+    const raw = await readFile(installedPluginsJsonPath, "utf8");
+    return referencedPluginVersionKeys(JSON.parse(raw));
+  } catch {
+    return /* @__PURE__ */ new Set();
+  }
+}
 async function scanPluginCacheForRebuild(cacheRoot) {
+  const referenced = await readReferencedPluginKeys(
+    join(cacheRoot, "..", "installed_plugins.json")
+  );
   let marketplaces;
   try {
     marketplaces = await readdir(cacheRoot, { withFileTypes: true });
@@ -437,6 +564,7 @@ async function scanPluginCacheForRebuild(cacheRoot) {
       }
       for (const v of versions) {
         if (!v.isDirectory()) continue;
+        if (referenced.size > 0 && !referenced.has(`${m.name}/${p.name}/${v.name}`)) continue;
         const vPath = join(pPath, v.name);
         if (!await isFile(join(vPath, "package.json"))) continue;
         if (await isFile(join(vPath, PLUGIN_INSTALLED_MARKER))) continue;
@@ -452,13 +580,38 @@ async function resolveClaudeCacheLiveOnHost(volume) {
   if (!await isDir(orbstackVolumePath(volume))) return null;
   return orbstackVolumePath(volume, "plugins", "cache");
 }
+async function readBoxReferencedPluginKeys(container) {
+  const res = await execa(
+    "docker",
+    [
+      "exec",
+      "--user",
+      CONTAINER_USER,
+      container,
+      "cat",
+      `${CONTAINER_CLAUDE_DIR}/plugins/installed_plugins.json`
+    ],
+    { reject: false }
+  );
+  if (res.exitCode !== 0 || !res.stdout) return /* @__PURE__ */ new Set();
+  try {
+    return referencedPluginVersionKeys(JSON.parse(res.stdout));
+  } catch {
+    return /* @__PURE__ */ new Set();
+  }
+}
 async function rebuildPluginNativeDeps(container, opts = {}) {
   if (opts.volume) {
     const cacheRoot = await resolveClaudeCacheLiveOnHost(opts.volume);
     if (cacheRoot && !await scanPluginCacheForRebuild(cacheRoot)) {
-      return { rebuilt: [], failed: [], skipped: true };
+      return { rebuilt: [], failed: [], pruned: [], prunedBytes: 0, skipped: true };
     }
   }
+  const referenced = await readBoxReferencedPluginKeys(container);
+  const refSetup = referenced.size > 0 ? `cat <<'AGENTBOX_REF_EOF' > "$WORK/referenced"
+${[...referenced].sort().join("\n")}
+AGENTBOX_REF_EOF
+` : "";
   const script = `set -u
 PLUGINS_DIR=/home/vscode/.claude/plugins/cache
 MARKER=${PLUGIN_INSTALLED_MARKER}
@@ -469,7 +622,12 @@ MAX=4
 [ -d "$PLUGINS_DIR" ] || exit 0
 mkdir -p "$NPM_CACHE"
 WORK=$(mktemp -d)
-relkey() { printf '%s' "\${1#$PLUGINS_DIR/}" | tr '/' '_'; }
+${refSetup}relkey() { printf '%s' "\${1#$PLUGINS_DIR/}" | tr '/' '_'; }
+# True when refs are unknown (no file) or $1 (<m>/<p>/<v>) is referenced.
+is_referenced() {
+  [ -s "$WORK/referenced" ] || return 0
+  grep -Fxq "$1" "$WORK/referenced"
+}
 # Run one plugin's install. $1 is frozen by value at call time, so it's safe
 # to read from the backgrounded subshell; the rest are set-once constants.
 do_one() {
@@ -489,10 +647,29 @@ do_one() {
     printf 'FAIL\\n' > "$WORK/$key.res"
   fi
 }
+# Prune pass: every unreferenced (stale) version dir loses its node_modules and
+# our markers. Only runs when installed_plugins.json gave us a reference set.
+if [ -s "$WORK/referenced" ]; then
+  for dir in "$PLUGINS_DIR"/*/*/*/; do
+    [ -d "$dir" ] || continue
+    rel=\${dir%/}; rel=\${rel#$PLUGINS_DIR/}
+    grep -Fxq "$rel" "$WORK/referenced" && continue
+    if [ -d "$dir/node_modules" ]; then
+      bytes=$(du -sb "$dir/node_modules" 2>/dev/null | cut -f1)
+      [ -n "$bytes" ] || bytes=0
+      rm -rf "$dir/node_modules" "$dir/$MARKER" "$dir/$FAILMARKER"
+      echo "PRUNE_OK $rel $bytes"
+    else
+      rm -f "$dir/$MARKER" "$dir/$FAILMARKER"
+    fi
+  done
+fi
 n=0
 for dir in "$PLUGINS_DIR"/*/*/*/; do
   [ -d "$dir" ] || continue
   [ -f "$dir/package.json" ] || continue
+  rel=\${dir%/}; rel=\${rel#$PLUGINS_DIR/}
+  is_referenced "$rel" || continue
   [ -f "$dir/$MARKER" ] && continue
   [ -n "$(find "$dir" -maxdepth 1 -name "$FAILMARKER" -mmin -$BACKOFF_MIN 2>/dev/null)" ] && continue
   echo "REBUILD_START \${dir#$PLUGINS_DIR/}"
@@ -529,6 +706,8 @@ rm -rf "$WORK"
   );
   const rebuilt = [];
   const failed = [];
+  const pruned = [];
+  let prunedBytes = 0;
   const lines = (result.stdout ?? "").split("\n");
   let collectingFail = null;
   for (const line of lines) {
@@ -547,9 +726,19 @@ rm -rf "$WORK"
       rebuilt.push(line.slice("REBUILD_OK ".length));
     } else if (line.startsWith("REBUILD_FAIL ")) {
       collectingFail = { dir: line.slice("REBUILD_FAIL ".length), stderr: [] };
+    } else if (line.startsWith("PRUNE_OK ")) {
+      const rest = line.slice("PRUNE_OK ".length);
+      const sp = rest.lastIndexOf(" ");
+      if (sp > 0) {
+        const dir = rest.slice(0, sp);
+        const bytes = Number(rest.slice(sp + 1));
+        pruned.push(dir);
+        if (Number.isFinite(bytes)) prunedBytes += bytes;
+        opts.onProgress?.(`pruning stale plugin cache ${dir}`);
+      }
     }
   }
-  return { rebuilt, failed, skipped: false };
+  return { rebuilt, failed, pruned, prunedBytes, skipped: false };
 }
 var ClaudeSessionError = class extends Error {
   constructor(message) {
@@ -564,7 +753,6 @@ function shQuote(arg) {
 }
 async function startClaudeSession(opts) {
   const sessionName = opts.sessionName ?? DEFAULT_CLAUDE_SESSION;
-  const boxName = opts.boxName ?? opts.container.replace(/^agentbox-/, "");
   const cmd = ["claude", ...opts.claudeArgs].map(shQuote).join(" ");
   const term = process.env["TERM"] ?? "xterm-256color";
   const envFlags = ["-e", `TERM=${term}`];
@@ -586,7 +774,7 @@ async function startClaudeSession(opts) {
       "-s",
       sessionName,
       cmd,
-      ...buildClaudeStatusBarArgs(sessionName, boxName)
+      ...buildClaudeStatusBarArgs(sessionName)
     ],
     { reject: false }
   );
@@ -660,13 +848,15 @@ function buildClaudeDashboardAttachArgv(container, sessionName) {
     dash
   ];
 }
-function buildClaudeStatusBarArgs(sessionName, boxName) {
+function buildClaudeStatusBarArgs(sessionName) {
   const s = sessionName;
-  const name = boxName;
   return [
-    // Server-global (no -t): remap prefix Ctrl-b -> Ctrl+a, bind `q` to detach
-    // so Ctrl+a q matches the dashboard's quit chord. `send-prefix` makes a
-    // double Ctrl+a reach Claude as a literal Ctrl+a.
+    // Server-global (no -t): primary prefix Ctrl+a (dashboard parity), keep
+    // tmux's default Ctrl+b as a secondary prefix so users with existing
+    // muscle memory / integrations aren't broken. `q` is the same key under
+    // both prefixes (single key table) -> Ctrl+a q AND Ctrl+b q both detach.
+    // `send-prefix` / `send-prefix -2` let a double-tap of either prefix
+    // reach Claude as that literal key.
     ";",
     "set",
     "-g",
@@ -676,9 +866,6 @@ function buildClaudeStatusBarArgs(sessionName, boxName) {
     "set",
     "-g",
     "prefix2",
-    "None",
-    ";",
-    "unbind-key",
     "C-b",
     ";",
     "bind-key",
@@ -686,80 +873,88 @@ function buildClaudeStatusBarArgs(sessionName, boxName) {
     "send-prefix",
     ";",
     "bind-key",
+    "C-b",
+    "send-prefix",
+    "-2",
+    ";",
+    "bind-key",
     "q",
     "detach-client",
+    // Hide the inner tmux status bar — the wrapped-pty footer (for
+    // `agentbox claude` / `agentbox shell`) and the dashboard's own status
+    // row already show the box name + detach hint; without `status off`
+    // they double up.
     ";",
     "set",
     "-t",
     s,
-    "status-interval",
-    "60",
-    ";",
-    "set",
-    "-t",
-    s,
-    "status-justify",
-    "left",
-    ";",
-    "set",
-    "-t",
-    s,
-    "status-style",
-    "bg=colour236,fg=colour250",
-    ";",
-    "set",
-    "-t",
-    s,
-    "status-left-length",
-    "60",
-    ";",
-    "set",
-    "-t",
-    s,
-    "status-left",
-    `#[fg=colour16,bg=colour39,bold] agentbox \u25B8 ${name} #[default] `,
-    ";",
-    "set",
-    "-t",
-    s,
-    "status-right-length",
-    "30",
-    ";",
-    "set",
-    "-t",
-    s,
-    "status-right",
-    "#[fg=colour255]Control+a q#[fg=colour245]: detach ",
-    ";",
-    "set",
-    "-t",
-    s,
-    "window-status-format",
-    "",
-    ";",
-    "set",
-    "-t",
-    s,
-    "window-status-current-format",
-    ""
+    "status",
+    "off"
   ];
 }
 function buildShellArgv(container) {
   const term = process.env["TERM"] ?? "xterm-256color";
   return ["exec", "-it", "-e", `TERM=${term}`, "--user", CONTAINER_USER, container, "bash", "-l"];
 }
-function formatDetachNotice(ref) {
-  return `Session detached. Reattach with: agentbox claude attach ${ref}`;
+function buildClaudeLoginRunArgv(opts) {
+  const term = process.env["TERM"] ?? "xterm-256color";
+  return [
+    "run",
+    "-it",
+    "--rm",
+    "-e",
+    `TERM=${term}`,
+    "-e",
+    "DISPLAY=",
+    "-v",
+    `${opts.volume}:${CONTAINER_CLAUDE_DIR}`,
+    "--user",
+    CONTAINER_USER,
+    opts.image,
+    "claude",
+    "auth",
+    "login",
+    ...opts.extraArgs
+  ];
 }
-function attachClaudeSession(container, sessionName, reattachRef) {
-  const child = spawnSync("docker", buildClaudeAttachArgv(container, sessionName), {
-    stdio: "inherit"
-  });
-  const code = child.status ?? 0;
-  if (reattachRef && code === 0) {
-    process.stdout.write("\x1B[1A\x1B[2K\r" + formatDetachNotice(reattachRef) + "\n");
+function runInteractiveClaudeLogin(dockerArgv) {
+  const child = spawnSync("docker", dockerArgv, { stdio: "inherit" });
+  return { exitCode: child.status ?? 1 };
+}
+async function warmUpClaudeCredentials(volume, image, opts = {}) {
+  const MAX_ATTEMPTS = 6;
+  const SLEEP_MS = 5e3;
+  for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
+    opts.onProgress?.(`checking credentials... ${attempt}/${MAX_ATTEMPTS}`);
+    const res = await execa(
+      "docker",
+      [
+        "run",
+        "--rm",
+        "-v",
+        `${volume}:${CONTAINER_CLAUDE_DIR}`,
+        "--user",
+        CONTAINER_USER,
+        "-e",
+        "DISABLE_AUTOUPDATER=1",
+        image,
+        "claude",
+        "--dangerously-skip-permissions",
+        "-p",
+        "ok"
+      ],
+      { reject: false, timeout: 6e4 }
+    );
+    const out = `${res.stdout ?? ""}
+${res.stderr ?? ""}`;
+    const apiError = /API Error|is not supported on this model|"type":\s*"error"/i.test(out);
+    if (res.exitCode === 0 && !apiError) return { warmed: true, attempts: attempt };
+    if (attempt < MAX_ATTEMPTS) await delay(SLEEP_MS);
   }
-  process.exit(code);
+  return { warmed: false, attempts: MAX_ATTEMPTS };
+}
+function formatDetachNotice(ref) {
+  return `Session detached. Reattach with: agentbox claude attach ${ref}`;
 }
 async function claudeSessionInfo(container, sessionName) {
   const name = sessionName ?? DEFAULT_CLAUDE_SESSION;
@@ -1053,211 +1248,281 @@ async function isGitDir(path) {
     return false;
   }
 }
-async function createBoxWorktree(args) {
-  const log = args.onLog ?? (() => {
-  });
-  const stash = await execa2("git", ["-C", args.hostMainRepo, "stash", "create"], {
-    reject: false
-  });
-  const stashSha = stash.exitCode === 0 ? stash.stdout.trim() || null : null;
-  const untracked = await execa2(
-    "git",
-    ["-C", args.hostMainRepo, "ls-files", "--others", "--exclude-standard", "-z"],
-    { reject: false }
-  );
-  const untrackedList = untracked.exitCode === 0 && untracked.stdout.length > 0 ? untracked.stdout.split("\0").filter((s) => s.length > 0) : [];
-  const branchName = await pickFreshBranch(args.hostMainRepo, args.branchName);
-  const wadd = await execa2(
+async function pickFreshBranch(hostMainRepo, base) {
+  let candidate = base;
+  let suffix = 2;
+  while (await branchExists(hostMainRepo, candidate)) {
+    candidate = `${base}-${String(suffix++)}`;
+    if (suffix > 100) throw new GitWorktreeError(`could not find a free branch name near ${base}`);
+  }
+  return candidate;
+}
+async function branchExists(hostMainRepo, name) {
+  const result = await execa2(
     "git",
-    ["-C", args.hostMainRepo, "worktree", "add", "-b", branchName, args.worktreeDir, "HEAD"],
+    ["-C", hostMainRepo, "show-ref", "--verify", "--quiet", `refs/heads/${name}`],
     { reject: false }
   );
-  if (wadd.exitCode !== 0) {
-    throw new GitWorktreeError(
-      `git worktree add failed for ${args.hostMainRepo}: ${wadd.stderr || wadd.stdout}`
-    );
+  return result.exitCode === 0;
+}
+var GitWorktreeError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "GitWorktreeError";
   }
-  log(`created worktree ${args.worktreeDir} on branch ${branchName}`);
-  await execa2(
+};
+var WORKTREE_ROOT = "/home/vscode/.agentbox-worktrees";
+function fsSafeBranch(branch) {
+  return branch.replace(/[^A-Za-z0-9._-]+/g, "_");
+}
+function gitWorktreePathFor(branch) {
+  return `${WORKTREE_ROOT}/${fsSafeBranch(branch)}`;
+}
+async function collectRepoCarryOver(repo, branch, containerPath, gitWorktreePath) {
+  const stash = await execa3("git", ["-C", repo.hostMainRepo, "stash", "create"], { reject: false });
+  const stashSha = stash.exitCode === 0 ? stash.stdout.trim() || null : null;
+  const untracked = await execa3(
     "git",
-    ["-C", args.hostMainRepo, "config", "extensions.worktreeConfig", "true"],
+    ["-C", repo.hostMainRepo, "ls-files", "--others", "--exclude-standard", "-z"],
     { reject: false }
   );
-  await execa2(
-    "git",
-    ["-C", args.worktreeDir, "config", "--worktree", "commit.gpgsign", "false"],
+  const untrackedNul = untracked.exitCode === 0 ? untracked.stdout : "";
+  return {
+    repo,
+    containerPath,
+    gitWorktreePath,
+    branch,
+    stashSha,
+    untrackedNul,
+    hostSource: repo.hostMainRepo
+  };
+}
+async function dexec(container, argv, user = "vscode", cwd = "/") {
+  const r = await execa3(
+    "docker",
+    ["exec", "-w", cwd, "--user", user, container, ...argv],
     { reject: false }
   );
-  if (stashSha) {
-    const withIndex = await execa2(
-      "git",
-      ["-C", args.worktreeDir, "stash", "apply", "--index", stashSha],
+  if (r.exitCode !== 0) {
+    throw new GitWorktreeError(`${argv.join(" ")} failed: ${r.stderr || r.stdout}`);
+  }
+}
+async function chownGitBindParents(args) {
+  const log = args.onLog ?? (() => {
+  });
+  const repos = Array.from(new Set(args.hostMainRepos));
+  for (const repo of repos) {
+    const result = await execInBox(args.container, ["chown", "vscode:vscode", repo], {
+      user: "root"
+    });
+    if (result.exitCode === 0) {
+      log(`chowned ${repo} to vscode:vscode (parent of bind-mounted .git)`);
+    } else {
+      const msg = (result.stderr || result.stdout || `exit ${result.exitCode}`).trim();
+      log(`chown ${repo} failed (best-effort, ignoring): ${msg}`);
+    }
+  }
+}
+async function bindWorktrees(container, binds, onLog) {
+  const log = onLog ?? (() => {
+  });
+  const ordered = [...binds].sort(
+    (a, b) => a.kind === "root" && b.kind !== "root" ? -1 : a.kind !== "root" && b.kind === "root" ? 1 : 0
+  );
+  for (const b of ordered) {
+    await execa3(
+      "docker",
+      ["exec", "-w", "/", "--user", "root", container, "sh", "-c", `mountpoint -q ${b.containerPath} && umount ${b.containerPath} || true`],
+      { reject: false }
+    );
+    if (b.kind === "nested") {
+      await dexec(container, ["mkdir", "-p", ctParent(b.containerPath)], "root");
+      await dexec(container, ["mkdir", "-p", b.containerPath], "root");
+    }
+    await dexec(container, ["mount", "--bind", b.gitWorktreePath, b.containerPath], "root");
+    log(`bind-mounted ${b.containerPath} <- ${b.gitWorktreePath}`);
+  }
+}
+async function seedWorkspace(opts) {
+  const log = opts.onLog ?? (() => {
+  });
+  await dexec(opts.container, ["mkdir", "-p", WORKTREE_ROOT]);
+  for (const r of opts.repos) {
+    const main = r.repo.hostMainRepo;
+    const wt = r.gitWorktreePath;
+    const add = await execa3(
+      "docker",
+      [
+        "exec",
+        "--user",
+        "vscode",
+        opts.container,
+        "git",
+        "-C",
+        main,
+        "worktree",
+        "add",
+        "-b",
+        r.branch,
+        wt,
+        "HEAD"
+      ],
+      { reject: false }
+    );
+    if (add.exitCode !== 0) {
+      throw new GitWorktreeError(
+        `git worktree add ${wt} (branch ${r.branch}) failed: ${add.stderr || add.stdout}`
+      );
+    }
+    log(`worktree ${wt} on branch ${r.branch} (host main ${main})`);
+    await execa3(
+      "docker",
+      [
+        "exec",
+        "--user",
+        "vscode",
+        opts.container,
+        "git",
+        "-C",
+        main,
+        "config",
+        "extensions.worktreeConfig",
+        "true"
+      ],
       { reject: false }
     );
-    if (withIndex.exitCode !== 0) {
-      const noIndex = await execa2(
+    await execa3(
+      "docker",
+      [
+        "exec",
+        "--user",
+        "vscode",
+        opts.container,
         "git",
-        ["-C", args.worktreeDir, "stash", "apply", stashSha],
+        "-C",
+        wt,
+        "config",
+        "--worktree",
+        "commit.gpgsign",
+        "false"
+      ],
+      { reject: false }
+    );
+  }
+  await bindWorktrees(
+    opts.container,
+    opts.repos.map((r) => ({
+      kind: r.repo.kind,
+      containerPath: r.containerPath,
+      gitWorktreePath: r.gitWorktreePath
+    })),
+    log
+  );
+  for (const r of opts.repos) {
+    const ct = r.containerPath;
+    if (r.stashSha) {
+      const withIndex = await execa3(
+        "docker",
+        [
+          "exec",
+          "--user",
+          "vscode",
+          opts.container,
+          "git",
+          "-C",
+          ct,
+          "stash",
+          "apply",
+          "--index",
+          r.stashSha
+        ],
         { reject: false }
       );
-      if (noIndex.exitCode !== 0) {
-        log(
-          `warning: stash apply failed in worktree (${withIndex.stderr || withIndex.stdout || "no message"})`
+      if (withIndex.exitCode !== 0) {
+        const noIndex = await execa3(
+          "docker",
+          [
+            "exec",
+            "--user",
+            "vscode",
+            opts.container,
+            "git",
+            "-C",
+            ct,
+            "stash",
+            "apply",
+            r.stashSha
+          ],
+          { reject: false }
         );
+        if (noIndex.exitCode !== 0) {
+          log(
+            `warning: stash apply failed in ${ct} (${withIndex.stderr || withIndex.stdout || "no message"})`
+          );
+        } else {
+          log(`applied tracked changes (without index \u2014 staged state lost) in ${ct}`);
+        }
       } else {
-        log(`applied tracked changes (without index \u2014 staged state lost)`);
+        log(`applied tracked changes from host main into ${ct}`);
       }
-    } else {
-      log(`applied tracked changes from host main`);
     }
-  }
-  if (untrackedList.length > 0) {
-    const tarOut = await execa2(
-      "tar",
-      ["-C", args.hostMainRepo, "--null", "-T", "-", "-cf", "-"],
-      {
-        input: untrackedList.join("\0"),
+    if (r.untrackedNul.length > 0) {
+      const tarOut = await execa3("tar", ["-C", r.hostSource, "--null", "-T", "-", "-cf", "-"], {
+        input: r.untrackedNul.replace(/\0$/, ""),
         encoding: "buffer",
         reject: false
-      }
-    );
-    if (tarOut.exitCode === 0) {
-      const tarIn = await execa2("tar", ["-C", args.worktreeDir, "-xf", "-"], {
-        input: tarOut.stdout,
-        reject: false
       });
+      if (tarOut.exitCode !== 0) {
+        log(`warning: tar of untracked files for ${r.repo.hostMainRepo} failed: ${tarOut.stderr}`);
+        continue;
+      }
+      const tarIn = await execa3(
+        "docker",
+        ["exec", "-i", "--user", "vscode", opts.container, "tar", "-C", ct, "-xf", "-"],
+        { input: tarOut.stdout, reject: false }
+      );
       if (tarIn.exitCode !== 0) {
-        log(`warning: untracked-file copy into worktree failed: ${tarIn.stderr}`);
+        log(`warning: untracked-file copy into ${ct} failed: ${tarIn.stderr}`);
       } else {
-        log(`copied ${String(untrackedList.length)} untracked file(s) into worktree`);
+        const count = r.untrackedNul.split("\0").filter((s) => s.length > 0).length;
+        log(`copied ${String(count)} untracked file(s) into ${ct}`);
       }
-    } else {
-      log(`warning: tar of untracked files failed: ${tarOut.stderr}`);
     }
   }
-  return { branchName, stashSha, untrackedCount: untrackedList.length };
 }
-async function pickFreshBranch(hostMainRepo, base) {
-  let candidate = base;
-  let suffix = 2;
-  while (await branchExists(hostMainRepo, candidate)) {
-    candidate = `${base}-${String(suffix++)}`;
-    if (suffix > 100) throw new GitWorktreeError(`could not find a free branch name near ${base}`);
+async function seedWorkspaceFromDir(opts) {
+  const log = opts.onLog ?? (() => {
+  });
+  const tarOut = await execa3("tar", ["-C", opts.hostSource, "-cf", "-", "."], {
+    encoding: "buffer",
+    reject: false
+  });
+  if (tarOut.exitCode !== 0) {
+    throw new GitWorktreeError(`tar of ${opts.hostSource} failed: ${tarOut.stderr}`);
   }
-  return candidate;
-}
-async function branchExists(hostMainRepo, name) {
-  const result = await execa2(
-    "git",
-    ["-C", hostMainRepo, "show-ref", "--verify", "--quiet", `refs/heads/${name}`],
-    { reject: false }
+  const tarIn = await execa3(
+    "docker",
+    ["exec", "-i", "--user", "1000:1000", opts.container, "tar", "-C", "/workspace", "-xf", "-"],
+    { input: tarOut.stdout, reject: false }
   );
-  return result.exitCode === 0;
+  if (tarIn.exitCode !== 0) {
+    throw new GitWorktreeError(`tar extract into /workspace failed: ${tarIn.stderr}`);
+  }
+  log(`seeded /workspace from ${opts.hostSource}`);
 }
-async function removeBoxWorktree(args) {
-  const remove = await execa2(
+async function removeInBoxWorktree(args) {
+  const remove = await execa3(
     "git",
-    ["-C", args.hostMainRepo, "worktree", "remove", "--force", args.worktreeDir],
+    ["-C", args.hostMainRepo, "worktree", "remove", "--force", args.gitWorktreePath],
     { reject: false }
   );
   if (remove.exitCode === 0) return;
-  await execa2("rm", ["-rf", args.worktreeDir], { reject: false });
-  await execa2("git", ["-C", args.hostMainRepo, "worktree", "prune"], { reject: false });
+  await execa3("git", ["-C", args.hostMainRepo, "worktree", "prune"], { reject: false });
 }
-var GitWorktreeError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "GitWorktreeError";
-  }
-};
-var DEFAULT_LOWER_DIRS = ["/host-src"];
-var BOX_USER_UID = 1e3;
-var BOX_USER_GID = 1e3;
-async function mountOverlay(container, opts = {}) {
-  const lowerDirs = opts.lowerDirs && opts.lowerDirs.length > 0 ? opts.lowerDirs : ["/host-src"];
-  const mountOpts = [
-    `lowerdir=${lowerDirs.join(":")}`,
-    "upperdir=/upper/upper",
-    "workdir=/upper/work",
-    `squash_to_uid=${String(BOX_USER_UID)}`,
-    `squash_to_gid=${String(BOX_USER_GID)}`
-  ].join(",");
-  const lines = [
-    "set -euo pipefail",
-    "mkdir -p /upper/upper /upper/work /workspace",
-    // Idempotent — if a previous attempt left a stale overlay, unmount first.
-    "mountpoint -q /workspace && fusermount3 -u /workspace || true",
-    `fuse-overlayfs -o ${mountOpts} /workspace`,
-    "mountpoint -q /workspace"
-  ];
-  for (const w of opts.nestedWorktrees ?? []) {
-    lines.push(
-      `mkdir -p ${shellQuote(w.containerPath)}`,
-      `mountpoint -q ${shellQuote(w.containerPath)} && umount ${shellQuote(w.containerPath)} || true`,
-      `mount --bind ${shellQuote(w.mountFromPath)} ${shellQuote(w.containerPath)}`,
-      `mountpoint -q ${shellQuote(w.containerPath)}`
-    );
-  }
-  const result = await execInBox(container, ["bash", "-lc", lines.join("\n")], { user: "root" });
-  if (result.exitCode !== 0) {
-    throw new OverlayError(
-      `failed to mount FUSE overlay in ${container}`,
-      result.stdout,
-      result.stderr
-    );
-  }
-  return { upperWritePath: "/upper/upper" };
-}
-function shellQuote(s) {
-  return `'${s.replace(/'/g, `'\\''`)}'`;
+function ctParent(p) {
+  const i = p.lastIndexOf("/");
+  return i <= 0 ? "/" : p.slice(0, i);
 }
-async function verifyOverlay(container, lowerDirs = DEFAULT_LOWER_DIRS) {
-  const sentinel = ".agentbox-overlay-check";
-  const checks = [];
-  const ls = await execInBox(container, ["bash", "-lc", `ls -A /workspace | head -1`], {
-    user: "root"
-  });
-  checks.push({
-    name: "workspace lists lower contents",
-    ok: ls.exitCode === 0,
-    detail: ls.exitCode === 0 ? `first entry: ${ls.stdout.trim() || "(empty)"}` : ls.stderr.trim()
-  });
-  const write = await execInBox(container, ["bash", "-lc", `touch /workspace/${sentinel}`], {
-    user: "root"
-  });
-  checks.push({
-    name: "write through overlay succeeds",
-    ok: write.exitCode === 0,
-    detail: write.exitCode === 0 ? `created /workspace/${sentinel}` : write.stderr.trim()
-  });
-  const upper = await execInBox(container, ["bash", "-lc", `test -f /upper/upper/${sentinel}`], {
-    user: "root"
-  });
-  checks.push({
-    name: "write lands in /upper (cow target)",
-    ok: upper.exitCode === 0,
-    detail: upper.exitCode === 0 ? `/upper/upper/${sentinel} exists` : `expected /upper/upper/${sentinel} to exist`
-  });
-  const lowerProbe = lowerDirs.map((d) => `test ! -e ${shellQuote(d)}/${sentinel}`).join(" && ");
-  const lower = await execInBox(container, ["bash", "-lc", lowerProbe], { user: "root" });
-  checks.push({
-    name: `lower untouched (${lowerDirs.join(", ")})`,
-    ok: lower.exitCode === 0,
-    detail: lower.exitCode === 0 ? `${sentinel} absent from every lower` : `${sentinel} leaked into a lower layer`
-  });
-  await execInBox(container, ["bash", "-lc", `rm -f /workspace/${sentinel}`], { user: "root" });
-  return checks;
-}
-var OverlayError = class extends Error {
-  constructor(message, stdout, stderr) {
-    super(message);
-    this.stdout = stdout;
-    this.stderr = stderr;
-    this.name = "OverlayError";
-  }
-  stdout;
-  stderr;
-};
 var EXCLUDE_DIRS = /* @__PURE__ */ new Set([
   "node_modules",
   ".next",
@@ -1274,8 +1539,11 @@ var EXCLUDE_DIRS = /* @__PURE__ */ new Set([
   ".parcel-cache"
 ]);
 var SNAPSHOTS_ROOT = join3(homedir2(), ".agentbox", "snapshots");
-function snapshotPathFor(boxId) {
-  return join3(SNAPSHOTS_ROOT, boxId);
+function snapshotPathFor(box) {
+  const mnemonic = sanitizeMnemonic(box.name);
+  const n = box.projectIndex;
+  const segment = typeof n === "number" && Number.isFinite(n) && n > 0 ? `${box.id}-${String(n)}-${mnemonic}` : `${box.id}-${mnemonic}`;
+  return join3(SNAPSHOTS_ROOT, segment);
 }
 async function findExcludedDirs(root, excluded = EXCLUDE_DIRS) {
   const matches = [];
@@ -1305,13 +1573,15 @@ async function createSnapshot(opts) {
   const excluded = opts.excluded ?? EXCLUDE_DIRS;
   await mkdir2(SNAPSHOTS_ROOT, { recursive: true });
   const cpArgs = platform() === "darwin" ? ["-cR"] : ["-R"];
-  await execa3("cp", [...cpArgs, `${source}/`, destination]);
+  await execa4("cp", [...cpArgs, `${source}/`, destination]);
   const toPrune = await findExcludedDirs(destination, excluded);
   await Promise.all(toPrune.map((p) => rm2(p, { recursive: true, force: true })));
   return { destination, prunedPaths: toPrune };
 }
+var CTL_DAEMON_LOG = "/var/log/agentbox/ctl-daemon.log";
 async function launchCtlDaemon(container, hostSocketPath, timeoutMs = 3e3) {
-  const result = await execInBox(container, ["agentbox-ctl", "daemon"], {
+  const wrapped = `mkdir -p ${CTL_DAEMON_LOG.replace(/\/[^/]*$/, "")} && exec agentbox-ctl daemon >>${CTL_DAEMON_LOG} 2>&1`;
+  const result = await execInBox(container, ["sh", "-c", wrapped], {
     user: "vscode",
     detach: true
   });
@@ -1336,6 +1606,23 @@ async function pathExists2(p) {
     return false;
   }
 }
+async function ensureHomeOwnedByVscode(container) {
+  await execa5(
+    "docker",
+    [
+      "exec",
+      "--user",
+      "root",
+      container,
+      "chown",
+      "-R",
+      "--from=root",
+      "vscode:vscode",
+      "/home/vscode"
+    ],
+    { reject: false }
+  );
+}
 var STATE_DIR = join4(homedir3(), ".agentbox");
 var PID_FILE = join4(STATE_DIR, "relay.pid");
 var LOG_FILE = join4(STATE_DIR, "relay.log");
@@ -1364,7 +1651,7 @@ async function ensureRelay(opts = {}) {
   if (existingPid !== null && await processAlive(existingPid)) {
     for (let i = 0; i < 10; i++) {
       if (await pingHealthz(300)) return ENDPOINT;
-      await delay(200);
+      await delay2(200);
     }
     log(`relay pid ${String(existingPid)} alive but /healthz unresponsive \u2014 proceeding anyway`);
     return ENDPOINT;
@@ -1398,7 +1685,7 @@ async function ensureRelay(opts = {}) {
       log(`relay reachable on ${ENDPOINT.hostUrl}`);
       return ENDPOINT;
     }
-    await delay(200);
+    await delay2(200);
   }
   throw new Error(
     `relay did not become reachable on ${ENDPOINT.hostUrl} within 5s; see ${LOG_FILE}`
@@ -1454,7 +1741,7 @@ async function stopRelay() {
   }
   for (let i = 0; i < 20; i++) {
     if (!await processAlive(pid)) break;
-    await delay(100);
+    await delay2(100);
   }
   if (await processAlive(pid)) {
     try {
@@ -1466,6 +1753,21 @@ async function stopRelay() {
   });
   return { stopped: true, pid };
 }
+async function getRelayStatus() {
+  const pid = await readPidFile();
+  const pidAlive = pid !== null && await processAlive(pid);
+  const health = await fetchHealthz(300);
+  return {
+    running: health !== null,
+    pid,
+    pidAlive,
+    port: PORT,
+    endpoint: ENDPOINT,
+    health: health === null ? null : { boxes: health.boxes, events: health.events },
+    pidFile: PID_FILE,
+    logFile: LOG_FILE
+  };
+}
 function pingHealthz(timeoutMs) {
   return new Promise((resolveP) => {
     const req = httpRequest(
@@ -1484,6 +1786,42 @@ function pingHealthz(timeoutMs) {
     req.end();
   });
 }
+function fetchHealthz(timeoutMs) {
+  return new Promise((resolveP) => {
+    const req = httpRequest(
+      { host: "127.0.0.1", port: PORT, method: "GET", path: "/healthz", timeout: timeoutMs },
+      (res) => {
+        const status = res.statusCode ?? 0;
+        if (status < 200 || status >= 300) {
+          res.resume();
+          resolveP(null);
+          return;
+        }
+        const chunks = [];
+        res.on("data", (c) => chunks.push(c));
+        res.on("end", () => {
+          try {
+            const parsed = JSON.parse(Buffer.concat(chunks).toString("utf8"));
+            if (typeof parsed.ok === "boolean" && typeof parsed.boxes === "number" && typeof parsed.events === "number") {
+              resolveP({ ok: parsed.ok, boxes: parsed.boxes, events: parsed.events });
+            } else {
+              resolveP(null);
+            }
+          } catch {
+            resolveP(null);
+          }
+        });
+        res.on("error", () => resolveP(null));
+      }
+    );
+    req.on("error", () => resolveP(null));
+    req.on("timeout", () => {
+      req.destroy();
+      resolveP(null);
+    });
+    req.end();
+  });
+}
 async function readPidFile() {
   try {
     const text = await readFile2(PID_FILE, "utf8");
@@ -1507,7 +1845,7 @@ function generateRelayToken() {
 async function registerBoxWithRelay(args) {
   const worktrees = (args.worktrees ?? []).map((w) => ({
     containerPath: w.containerPath,
-    hostWorktreeDir: w.hostWorktreeDir,
+    hostMainRepo: w.hostMainRepo,
     branch: w.branch
   }));
   await adminPost("/admin/register-box", {
@@ -1516,6 +1854,7 @@ async function registerBoxWithRelay(args) {
     name: args.name,
     containerName: args.containerName,
     createdAt: args.createdAt,
+    projectIndex: args.projectIndex,
     worktrees
   });
 }
@@ -1525,6 +1864,26 @@ async function forgetBoxFromRelay(boxId) {
   } catch {
   }
 }
+async function setRelayNotice(boxId, kind, message, ttlMs) {
+  try {
+    const body = await adminPostForJson("/admin/notices/set", {
+      boxId,
+      kind,
+      message,
+      ...typeof ttlMs === "number" ? { ttlMs } : {}
+    });
+    const id = body?.id;
+    return typeof id === "string" && id.length > 0 ? id : null;
+  } catch {
+    return null;
+  }
+}
+async function clearRelayNotice(boxId, id) {
+  try {
+    await adminPost("/admin/notices/clear", { boxId, id });
+  } catch {
+  }
+}
 async function adminPost(path, body) {
   const json = JSON.stringify(body);
   await new Promise((resolveP, rejectP) => {
@@ -1563,6 +1922,49 @@ async function adminPost(path, body) {
     req.end();
   });
 }
+async function adminPostForJson(path, body) {
+  const json = JSON.stringify(body);
+  return new Promise((resolveP, rejectP) => {
+    const req = httpRequest(
+      {
+        host: "127.0.0.1",
+        port: PORT,
+        method: "POST",
+        path,
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(json).toString()
+        },
+        timeout: 3e3
+      },
+      (res) => {
+        const chunks = [];
+        res.on("data", (c) => chunks.push(c));
+        res.on("end", () => {
+          const status = res.statusCode ?? 0;
+          if (status < 200 || status >= 300) {
+            rejectP(new Error(`relay ${path} \u2192 ${String(status)}`));
+            return;
+          }
+          const text = Buffer.concat(chunks).toString("utf8");
+          try {
+            resolveP(text.length > 0 ? JSON.parse(text) : {});
+          } catch (err) {
+            rejectP(err instanceof Error ? err : new Error(String(err)));
+          }
+        });
+        res.on("error", rejectP);
+      }
+    );
+    req.on("error", rejectP);
+    req.on("timeout", () => {
+      req.destroy();
+      rejectP(new Error(`relay ${path} timeout`));
+    });
+    req.write(json);
+    req.end();
+  });
+}
 async function rehydrateRelayRegistry(boxes) {
   for (const b of boxes) {
     if (!b.relayToken) continue;
@@ -1573,6 +1975,7 @@ async function rehydrateRelayRegistry(boxes) {
         name: b.name,
         containerName: b.container,
         createdAt: b.createdAt,
+        projectIndex: b.projectIndex,
         worktrees: b.gitWorktrees
       });
     } catch {
@@ -1682,10 +2085,10 @@ async function ensureAgentboxTasksFile(container, services, opts = {}) {
   return { status: "wrote" };
 }
 async function writeFileInBox(container, path, content) {
-  const { execa: execa4 } = await import("execa");
-  const result = await execa4(
+  const { execa: execa6 } = await import("execa");
+  const result = await execa6(
     "docker",
-    ["exec", "-i", "--user", "vscode", container, "sh", "-c", `cat > ${shellQuote2(path)}`],
+    ["exec", "-i", "--user", "vscode", container, "sh", "-c", `cat > ${shellQuote(path)}`],
     { input: content, reject: false }
   );
   return {
@@ -1694,7 +2097,7 @@ async function writeFileInBox(container, path, content) {
     stderr: result.stderr ?? ""
   };
 }
-function shellQuote2(s) {
+function shellQuote(s) {
   return `'${s.replace(/'/g, `'\\''`)}'`;
 }
 
@@ -2181,19 +2584,25 @@ async function loadConfig(path) {
 }
 
 export {
+  DEFAULT_RELAY_PORT,
   RELAY_CONTAINER_NAME,
   RELAY_NETWORK_NAME,
   RELAY_IMAGE_REF,
   SHARED_CLAUDE_VOLUME,
   resolveClaudeVolume,
   ensureClaudeVolume,
+  seedSetupSkillIntoVolume,
   buildClaudeMounts,
   rebuildPluginNativeDeps,
   ClaudeSessionError,
   startClaudeSession,
+  buildClaudeAttachArgv,
   buildClaudeDashboardAttachArgv,
   buildShellArgv,
-  attachClaudeSession,
+  buildClaudeLoginRunArgv,
+  runInteractiveClaudeLogin,
+  warmUpClaudeCredentials,
+  formatDetachNotice,
   claudeSessionInfo,
   pullClaudeExtras,
   SHARED_DOCKER_CACHE_VOLUME,
@@ -2205,20 +2614,27 @@ export {
   buildVncUrls,
   WEB_CONTAINER_PORT,
   detectGitRepos,
-  createBoxWorktree,
-  removeBoxWorktree,
-  DEFAULT_LOWER_DIRS,
-  mountOverlay,
-  verifyOverlay,
+  pickFreshBranch,
+  gitWorktreePathFor,
+  collectRepoCarryOver,
+  chownGitBindParents,
+  bindWorktrees,
+  seedWorkspace,
+  seedWorkspaceFromDir,
+  removeInBoxWorktree,
   SNAPSHOTS_ROOT,
   snapshotPathFor,
   createSnapshot,
   launchCtlDaemon,
+  ensureHomeOwnedByVscode,
   ensureRelay,
   stopRelay,
+  getRelayStatus,
   generateRelayToken,
   registerBoxWithRelay,
   forgetBoxFromRelay,
+  setRelayNotice,
+  clearRelayNotice,
   rehydrateRelayRegistry,
   ideProfile,
   SHARED_VSCODE_EXTENSIONS_VOLUME,
@@ -2236,4 +2652,4 @@ export {
   ConfigError,
   loadConfig
 };
-//# sourceMappingURL=chunk-NSIECUCS.js.map
+//# sourceMappingURL=chunk-HTTKML3C.js.map