@madarco/agentbox 0.8.0 → 0.10.0

package/runtime/hetzner/ctl.cjs

@@ -18469,8 +18469,8 @@ var KEY_REGISTRY = [
   {
     key: "box.provider",
     type: "enum",
-    enumValues: ["docker", "daytona", "hetzner"],
-    description: "Sandbox backend new boxes are created on: local Docker containers, Daytona Cloud sandboxes, or Hetzner Cloud VPSes."
+    enumValues: ["docker", "daytona", "hetzner", "vercel"],
+    description: "Sandbox backend new boxes are created on: local Docker containers, Daytona Cloud sandboxes, Hetzner Cloud VPSes, or Vercel Sandboxes."
   },
   {
     key: "box.hostSnapshot",
@@ -18500,6 +18500,12 @@ var KEY_REGISTRY = [
     description: "Per-provider override of `box.defaultCheckpoint` for hetzner. Wins over the global when set; set via `agentbox checkpoint set-default --provider hetzner`.",
     advanced: true
   },
+  {
+    key: "box.defaultCheckpointVercel",
+    type: "string",
+    description: "Per-provider override of `box.defaultCheckpoint` for vercel. Wins over the global when set; set via `agentbox checkpoint set-default --provider vercel`.",
+    advanced: true
+  },
   {
     key: "checkpoint.maxLayers",
     type: "int",
@@ -18573,16 +18579,41 @@ var KEY_REGISTRY = [
     type: "int",
     description: "Cap git bundle history shipped to cloud sandboxes (daytona, hetzner). 0 = full history. Unset = adaptive default (last 200 commits; re-bundle at 100 if the bundle exceeds 20 MB). Ignored for docker (which bind-mounts .git/)."
   },
+  {
+    key: "box.vercelVcpus",
+    type: "int",
+    description: "vCPUs for new --provider vercel boxes (Vercel couples RAM at 2048 MB/vCPU). Default 2. Vercel only accepts specific counts (e.g. 1, 2, 4, 8) \u2014 an unsupported value fails create with a 400. Vercel-only; ignored by other providers."
+  },
+  {
+    key: "box.vercelTimeoutMs",
+    type: "int",
+    description: "Max session length (ms) for new --provider vercel boxes before the VM auto-snapshots; persistent mode auto-resumes on the next call. Default 2700000 (45 min, the Hobby ceiling). Vercel-only."
+  },
+  {
+    key: "box.vercelNetworkPolicy",
+    type: "string",
+    description: "Egress lock for new --provider vercel boxes: 'allow-all' (default, unset), 'deny-all', or a comma-separated domain allowlist (e.g. 'github.com,*.npmjs.org') that denies everything else. Vercel-only; ignored by other providers."
+  },
   {
     key: "claude.sessionName",
     type: "string",
     description: "tmux session name for `agentbox claude`."
   },
+  {
+    key: "claude.dangerouslySkipPermissions",
+    type: "bool",
+    description: "Launch claude in new boxes with --dangerously-skip-permissions (auto-accept tool use). Safe because boxes are isolated; on by default. Override per-box with --no-dangerously-skip-permissions."
+  },
   {
     key: "codex.sessionName",
     type: "string",
     description: "tmux session name for `agentbox codex`."
   },
+  {
+    key: "codex.dangerouslySkipPermissions",
+    type: "bool",
+    description: "Launch codex in new boxes with --dangerously-bypass-approvals-and-sandbox (never prompt for approval). Safe because boxes are isolated; on by default. Override per-box with --no-dangerously-skip-permissions."
+  },
   {
     key: "opencode.sessionName",
     type: "string",
@@ -18690,6 +18721,21 @@ var KEY_REGISTRY = [
     type: "int",
     description: "Max number of simultaneously-running boxes (across providers) before background `-i` jobs queue up instead of starting immediately. Per-invocation override: `--max-running <n>`."
   },
+  {
+    key: "queue.maxWorking",
+    type: "int",
+    description: "Max agents actively working/thinking (quota-consuming) at once before background `-i` jobs queue. 0 = disabled (use the queue.maxConcurrent running-box gate). Counts all boxes, foreground + queued. Per-invocation override: `--max-working <n>`."
+  },
+  {
+    key: "queue.idleGraceSeconds",
+    type: "int",
+    description: "Seconds an agent must stay non-working before it frees its working slot (debounce against brief idle flaps between turns). Only used when queue.maxWorking > 0."
+  },
+  {
+    key: "cloud.useCurrentBranch",
+    type: "bool",
+    description: "On cloud providers (daytona/hetzner), start new boxes on the host's current branch instead of forking a new agentbox/<box-name> branch. Overridden by an explicit --use-branch / --from-branch."
+  },
   {
     key: "maintenance.pruneProjectConfigs",
     type: "bool",
@@ -19119,6 +19165,23 @@ function isGhPrOp(value) {
   return GH_PR_OPS.includes(value);
 }
 var GH_PR_READ_ONLY_OPS = /* @__PURE__ */ new Set(["view", "list"]);
+function injectPrCreateHead(op, branch, args) {
+  if (op !== "create") return args;
+  if (!branch || branch === "HEAD") return args;
+  if (hasHeadArg(args)) return args;
+  return ["--head", branch, ...args];
+}
+function hasHeadArg(args) {
+  return args.some((a2) => a2 === "--head" || a2.startsWith("--head=") || a2.startsWith("-H"));
+}
+function prCreateNeedsHead(op, args) {
+  return op === "create" && !hasHeadArg(args);
+}
+var PR_CREATE_NO_HEAD_REFUSAL = {
+  exitCode: 65,
+  stdout: "",
+  stderr: "gh pr create: refusing to run without --head \u2014 could not resolve this box's branch, and falling back to the host repo's checked-out branch would open a PR for the wrong branch. Ensure the box branch is pushed, or pass --head <branch> explicitly.\n"
+};
 var GH_RPC_TIMEOUT_MS = 12e4;
 var GH_READY_CACHE_TTL_MS = 6e4;
 var ghReadyCache;
@@ -19320,36 +19383,31 @@ var BoxStatusStore = class {
 async function resolveCloudBackend(name) {
   if (name === "daytona") {
     const pkg = "@agentbox/sandbox-daytona";
-    try {
-      const mod = await import(pkg);
-      return mod.daytonaBackend;
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
-        throw new Error(
-          `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
-        );
-      }
-      throw err;
-    }
+    return loadCloudBackend(pkg, async () => (await import(pkg)).daytonaBackend);
   }
   if (name === "hetzner") {
     const pkg = "@agentbox/sandbox-hetzner";
-    try {
-      const mod = await import(pkg);
-      return mod.hetznerBackend;
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
-        throw new Error(
-          `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
-        );
-      }
-      throw err;
-    }
+    return loadCloudBackend(pkg, async () => (await import(pkg)).hetznerBackend);
+  }
+  if (name === "vercel") {
+    const pkg = "@agentbox/sandbox-vercel";
+    return loadCloudBackend(pkg, async () => (await import(pkg)).vercelBackend);
   }
   throw new Error(`no host executor for cloud backend '${name}'`);
 }
+async function loadCloudBackend(pkg, load2) {
+  try {
+    return await load2();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
+      throw new Error(
+        `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
+      );
+    }
+    throw err;
+  }
+}
 async function refreshCloudPreviewUrl(backendName, boxId, port) {
   try {
     const backend = await resolveCloudBackend(backendName);
@@ -19477,7 +19535,20 @@ async function runGhPrRpc(action, deps) {
       }
     }
   }
-  return runHostGh(["pr", op, ...args], lookup.workspacePath);
+  let finalArgs = args;
+  if (op === "create" && !args.some((a2) => a2 === "--head" || a2.startsWith("--head="))) {
+    const backend = await resolveCloudBackend(deps.backendName);
+    const handle = { sandboxId: lookup.cloudSandboxId };
+    const containerPath = params.path ?? "/workspace";
+    const branchProbe = await backend.exec(
+      handle,
+      `git -C ${shellQuote(containerPath)} rev-parse --abbrev-ref HEAD`
+    );
+    const branch = branchProbe.exitCode === 0 ? (branchProbe.stdout ?? "").trim() : "";
+    finalArgs = injectPrCreateHead(op, branch, args);
+  }
+  if (prCreateNeedsHead(op, finalArgs)) return PR_CREATE_NO_HEAD_REFUSAL;
+  return runHostGh(["pr", op, ...finalArgs], lookup.workspacePath);
 }
 async function runBrowserOpenMirror(action, deps) {
   const params = action.params ?? {};
@@ -19596,6 +19667,18 @@ async function runCheckpointRpc(action, deps) {
       stderr: "relay: AGENTBOX_CLI_ENTRY not set; cannot run checkpoint host-side\n"
     };
   }
+  if (deps.backendName === "vercel" && deps.prompts && deps.subscribers && deps.subscribers.forBox(deps.boxId).length > 0) {
+    const verdict = await askPrompt(deps.prompts, deps.subscribers, deps.boxId, {
+      kind: "confirm",
+      message: `Create checkpoint on ${deps.boxName ?? deps.boxId}? The vercel box will stop and reboot.`,
+      detail: params.name ? `checkpoint: ${params.name}` : "(auto-named)",
+      defaultAnswer: "n",
+      context: { command: "checkpoint create", argv: params.name ? [params.name] : [] }
+    });
+    if (verdict.answer !== "y") {
+      return { exitCode: 10, stdout: "", stderr: "checkpoint denied by user\n" };
+    }
+  }
   const argv = [process.execPath, entry, "checkpoint", "create", deps.boxId];
   if (params.name) argv.push("--name", params.name);
   if (params.merged === true) argv.push("--merged");
@@ -19947,7 +20030,18 @@ function createRelayServer(opts) {
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "relay"}`);
     const route = `${req.method ?? "GET"} ${url.pathname}`;
     if (route === "GET /healthz") {
-      send(res, 200, { ok: true, boxes: registry.size(), events: events.size() });
+      send(res, 200, {
+        ok: true,
+        boxes: registry.size(),
+        events: events.size(),
+        pid: process.pid,
+        cliEntry: Boolean(process.env.AGENTBOX_CLI_ENTRY),
+        // The spawning CLI's version/commit (inherited via env at spawn time).
+        // `version` lets host-side ensureRelay reclaim a relay left over from a
+        // different agentbox version; `commit` is observability-only.
+        version: process.env.AGENTBOX_CLI_VERSION || void 0,
+        commit: process.env.AGENTBOX_CLI_COMMIT || void 0
+      });
       return;
     }
     if (url.pathname.startsWith("/bridge/")) {
@@ -20605,7 +20699,9 @@ async function handleGhPrRpc(op, reg, params, prompts, subscribers, hostInitiate
       return { exitCode: 10, stdout: "", stderr: "denied by user\n" };
     }
   }
-  return runHostGh(["pr", op, ...args], worktree.hostMainRepo);
+  const finalArgs = injectPrCreateHead(op, worktree.branch, args);
+  if (prCreateNeedsHead(op, finalArgs)) return PR_CREATE_NO_HEAD_REFUSAL;
+  return runHostGh(["pr", op, ...finalArgs], worktree.hostMainRepo);
 }
 async function handleCpRpc(reg, method, params) {
   const entry = process.env.AGENTBOX_CLI_ENTRY;
@@ -21888,6 +21984,7 @@ var Supervisor = class extends import_node_events15.EventEmitter {
     super();
     this.opts = opts;
     this.relay = new RelayClient();
+    this.webProxy = new WebProxy(opts.webProxyPort);
   }
   opts;
   units = /* @__PURE__ */ new Map();
@@ -21897,7 +21994,7 @@ var Supervisor = class extends import_node_events15.EventEmitter {
   scheduling = false;
   rescheduleDirty = false;
   relay;
-  webProxy = new WebProxy();
+  webProxy;
   /** The relay client the supervisor pushes state events on. Shared with the
    * status reporter so both use the same fire-and-forget channel. */
   get relayClient() {
@@ -22824,7 +22921,8 @@ function resolveBoxRelayPort() {
 }
 var daemonCommand = new Command("daemon").description("Run the agentbox-ctl supervisor in the foreground").option("--socket <path>", "unix socket path", DEFAULT_SOCKET_PATH).option("--config <path>", "path to agentbox.yaml", DEFAULT_CONFIG_PATH).option("--log-dir <path>", "where per-service log files are written", DEFAULT_LOG_DIR).option("--workspace <path>", "cwd for service processes", "/workspace").action(async (opts) => {
   const cfg = await loadConfig(opts.config);
-  const sup = new Supervisor({ workspace: opts.workspace, logDir: opts.logDir });
+  const webProxyPort = Number(process.env.AGENTBOX_WEB_PROXY_PORT) || void 0;
+  const sup = new Supervisor({ workspace: opts.workspace, logDir: opts.logDir, webProxyPort });
   await sup.init(cfg);
   const reporter = new StatusReporter({
     supervisor: sup,