@madarco/agentbox 0.8.0 → 0.9.0

package/dist/{prepared-state-CL4CWXQA-ME4HSKDE.js → prepared-state-CL4CWXQA-H5THETIM.js}

@@ -6,7 +6,7 @@ import {
   readPreparedDockerState,
   resolveContextFiles,
   writePreparedDockerState
-} from "./chunk-BGK32PZE.js";
+} from "./chunk-KL36BRN4.js";
 export {
   DOCKERFILE_PATH,
   computeDockerContextFingerprint,
@@ -15,4 +15,4 @@ export {
   resolveContextFiles,
   writePreparedDockerState
 };
-//# sourceMappingURL=prepared-state-CL4CWXQA-ME4HSKDE.js.map
+//# sourceMappingURL=prepared-state-CL4CWXQA-H5THETIM.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@madarco/agentbox",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Launch Claude Code, Codex, and other coding agents in isolated sandboxes",
   "license": "MIT",
   "author": "Marco D'Alia",
@@ -42,6 +42,7 @@
   "dependencies": {
     "@clack/prompts": "^0.9.0",
     "@daytonaio/sdk": "^0.179.0",
+    "@vercel/sandbox": "^2.0.1",
     "@xterm/headless": "^5.5.0",
     "commander": "^12.1.0",
     "execa": "^9.5.2",
@@ -56,14 +57,15 @@
     "tsup": "^8.3.5",
     "typescript": "^5.7.2",
     "vitest": "^2.1.8",
-    "@agentbox/config": "0.0.0",
+    "@agentbox/sandbox-core": "0.0.0",
+    "@agentbox/core": "0.0.0",
     "@agentbox/relay": "0.0.0",
     "@agentbox/ctl": "0.0.0",
-    "@agentbox/core": "0.0.0",
+    "@agentbox/config": "0.0.0",
+    "@agentbox/sandbox-daytona": "0.0.0",
+    "@agentbox/sandbox-vercel": "0.0.0",
     "@agentbox/sandbox-cloud": "0.0.0",
-    "@agentbox/sandbox-core": "0.0.0",
     "@agentbox/sandbox-docker": "0.0.0",
-    "@agentbox/sandbox-daytona": "0.0.0",
     "@agentbox/sandbox-hetzner": "0.0.0"
   },
   "scripts": {

package/runtime/docker/packages/ctl/dist/bin.cjs

@@ -18469,8 +18469,8 @@ var KEY_REGISTRY = [
   {
     key: "box.provider",
     type: "enum",
-    enumValues: ["docker", "daytona", "hetzner"],
-    description: "Sandbox backend new boxes are created on: local Docker containers, Daytona Cloud sandboxes, or Hetzner Cloud VPSes."
+    enumValues: ["docker", "daytona", "hetzner", "vercel"],
+    description: "Sandbox backend new boxes are created on: local Docker containers, Daytona Cloud sandboxes, Hetzner Cloud VPSes, or Vercel Sandboxes."
   },
   {
     key: "box.hostSnapshot",
@@ -18500,6 +18500,12 @@ var KEY_REGISTRY = [
     description: "Per-provider override of `box.defaultCheckpoint` for hetzner. Wins over the global when set; set via `agentbox checkpoint set-default --provider hetzner`.",
     advanced: true
   },
+  {
+    key: "box.defaultCheckpointVercel",
+    type: "string",
+    description: "Per-provider override of `box.defaultCheckpoint` for vercel. Wins over the global when set; set via `agentbox checkpoint set-default --provider vercel`.",
+    advanced: true
+  },
   {
     key: "checkpoint.maxLayers",
     type: "int",
@@ -18573,6 +18579,21 @@ var KEY_REGISTRY = [
     type: "int",
     description: "Cap git bundle history shipped to cloud sandboxes (daytona, hetzner). 0 = full history. Unset = adaptive default (last 200 commits; re-bundle at 100 if the bundle exceeds 20 MB). Ignored for docker (which bind-mounts .git/)."
   },
+  {
+    key: "box.vercelVcpus",
+    type: "int",
+    description: "vCPUs for new --provider vercel boxes (Vercel couples RAM at 2048 MB/vCPU). Default 2. Vercel only accepts specific counts (e.g. 1, 2, 4, 8) \u2014 an unsupported value fails create with a 400. Vercel-only; ignored by other providers."
+  },
+  {
+    key: "box.vercelTimeoutMs",
+    type: "int",
+    description: "Max session length (ms) for new --provider vercel boxes before the VM auto-snapshots; persistent mode auto-resumes on the next call. Default 2700000 (45 min, the Hobby ceiling). Vercel-only."
+  },
+  {
+    key: "box.vercelNetworkPolicy",
+    type: "string",
+    description: "Egress lock for new --provider vercel boxes: 'allow-all' (default, unset), 'deny-all', or a comma-separated domain allowlist (e.g. 'github.com,*.npmjs.org') that denies everything else. Vercel-only; ignored by other providers."
+  },
   {
     key: "claude.sessionName",
     type: "string",
@@ -18690,6 +18711,21 @@ var KEY_REGISTRY = [
     type: "int",
     description: "Max number of simultaneously-running boxes (across providers) before background `-i` jobs queue up instead of starting immediately. Per-invocation override: `--max-running <n>`."
   },
+  {
+    key: "queue.maxWorking",
+    type: "int",
+    description: "Max agents actively working/thinking (quota-consuming) at once before background `-i` jobs queue. 0 = disabled (use the queue.maxConcurrent running-box gate). Counts all boxes, foreground + queued. Per-invocation override: `--max-working <n>`."
+  },
+  {
+    key: "queue.idleGraceSeconds",
+    type: "int",
+    description: "Seconds an agent must stay non-working before it frees its working slot (debounce against brief idle flaps between turns). Only used when queue.maxWorking > 0."
+  },
+  {
+    key: "cloud.useCurrentBranch",
+    type: "bool",
+    description: "On cloud providers (daytona/hetzner), start new boxes on the host's current branch instead of forking a new agentbox/<box-name> branch. Overridden by an explicit --use-branch / --from-branch."
+  },
   {
     key: "maintenance.pruneProjectConfigs",
     type: "bool",
@@ -19119,6 +19155,23 @@ function isGhPrOp(value) {
   return GH_PR_OPS.includes(value);
 }
 var GH_PR_READ_ONLY_OPS = /* @__PURE__ */ new Set(["view", "list"]);
+function injectPrCreateHead(op, branch, args) {
+  if (op !== "create") return args;
+  if (!branch || branch === "HEAD") return args;
+  if (hasHeadArg(args)) return args;
+  return ["--head", branch, ...args];
+}
+function hasHeadArg(args) {
+  return args.some((a2) => a2 === "--head" || a2.startsWith("--head=") || a2.startsWith("-H"));
+}
+function prCreateNeedsHead(op, args) {
+  return op === "create" && !hasHeadArg(args);
+}
+var PR_CREATE_NO_HEAD_REFUSAL = {
+  exitCode: 65,
+  stdout: "",
+  stderr: "gh pr create: refusing to run without --head \u2014 could not resolve this box's branch, and falling back to the host repo's checked-out branch would open a PR for the wrong branch. Ensure the box branch is pushed, or pass --head <branch> explicitly.\n"
+};
 var GH_RPC_TIMEOUT_MS = 12e4;
 var GH_READY_CACHE_TTL_MS = 6e4;
 var ghReadyCache;
@@ -19320,36 +19373,31 @@ var BoxStatusStore = class {
 async function resolveCloudBackend(name) {
   if (name === "daytona") {
     const pkg = "@agentbox/sandbox-daytona";
-    try {
-      const mod = await import(pkg);
-      return mod.daytonaBackend;
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
-        throw new Error(
-          `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
-        );
-      }
-      throw err;
-    }
+    return loadCloudBackend(pkg, async () => (await import(pkg)).daytonaBackend);
   }
   if (name === "hetzner") {
     const pkg = "@agentbox/sandbox-hetzner";
-    try {
-      const mod = await import(pkg);
-      return mod.hetznerBackend;
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
-        throw new Error(
-          `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
-        );
-      }
-      throw err;
-    }
+    return loadCloudBackend(pkg, async () => (await import(pkg)).hetznerBackend);
+  }
+  if (name === "vercel") {
+    const pkg = "@agentbox/sandbox-vercel";
+    return loadCloudBackend(pkg, async () => (await import(pkg)).vercelBackend);
   }
   throw new Error(`no host executor for cloud backend '${name}'`);
 }
+async function loadCloudBackend(pkg, load2) {
+  try {
+    return await load2();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
+      throw new Error(
+        `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
+      );
+    }
+    throw err;
+  }
+}
 async function refreshCloudPreviewUrl(backendName, boxId, port) {
   try {
     const backend = await resolveCloudBackend(backendName);
@@ -19477,7 +19525,20 @@ async function runGhPrRpc(action, deps) {
       }
     }
   }
-  return runHostGh(["pr", op, ...args], lookup.workspacePath);
+  let finalArgs = args;
+  if (op === "create" && !args.some((a2) => a2 === "--head" || a2.startsWith("--head="))) {
+    const backend = await resolveCloudBackend(deps.backendName);
+    const handle = { sandboxId: lookup.cloudSandboxId };
+    const containerPath = params.path ?? "/workspace";
+    const branchProbe = await backend.exec(
+      handle,
+      `git -C ${shellQuote(containerPath)} rev-parse --abbrev-ref HEAD`
+    );
+    const branch = branchProbe.exitCode === 0 ? (branchProbe.stdout ?? "").trim() : "";
+    finalArgs = injectPrCreateHead(op, branch, args);
+  }
+  if (prCreateNeedsHead(op, finalArgs)) return PR_CREATE_NO_HEAD_REFUSAL;
+  return runHostGh(["pr", op, ...finalArgs], lookup.workspacePath);
 }
 async function runBrowserOpenMirror(action, deps) {
   const params = action.params ?? {};
@@ -19947,7 +20008,13 @@ function createRelayServer(opts) {
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "relay"}`);
     const route = `${req.method ?? "GET"} ${url.pathname}`;
     if (route === "GET /healthz") {
-      send(res, 200, { ok: true, boxes: registry.size(), events: events.size() });
+      send(res, 200, {
+        ok: true,
+        boxes: registry.size(),
+        events: events.size(),
+        pid: process.pid,
+        cliEntry: Boolean(process.env.AGENTBOX_CLI_ENTRY)
+      });
       return;
     }
     if (url.pathname.startsWith("/bridge/")) {
@@ -20605,7 +20672,9 @@ async function handleGhPrRpc(op, reg, params, prompts, subscribers, hostInitiate
       return { exitCode: 10, stdout: "", stderr: "denied by user\n" };
     }
   }
-  return runHostGh(["pr", op, ...args], worktree.hostMainRepo);
+  const finalArgs = injectPrCreateHead(op, worktree.branch, args);
+  if (prCreateNeedsHead(op, finalArgs)) return PR_CREATE_NO_HEAD_REFUSAL;
+  return runHostGh(["pr", op, ...finalArgs], worktree.hostMainRepo);
 }
 async function handleCpRpc(reg, method, params) {
   const entry = process.env.AGENTBOX_CLI_ENTRY;

package/runtime/docker/packages/sandbox-docker/scripts/agentbox-vnc-start

@@ -65,11 +65,25 @@ if ! pgrep -u "$(id -u)" -x autocutsel >/dev/null; then
   DISPLAY=:1 autocutsel -selection PRIMARY -fork >/dev/null 2>&1 || true
 fi
 
+# noVNC's static assets live at different paths per base image: Debian/Ubuntu
+# (docker, hetzner) ship them at /usr/share/novnc via apt; the AL2023 bake
+# (vercel) git-clones them to /usr/local/share/novnc. websockify runs
+# os.chdir(--web) at startup, so a wrong path makes it FileNotFoundError and
+# never bind 6080 — pick the first dir that exists.
+NOVNC_WEB=""
+for _d in /usr/share/novnc /usr/local/share/novnc; do
+  if [[ -d "$_d" ]]; then NOVNC_WEB="$_d"; break; fi
+done
+if [[ -z "$NOVNC_WEB" ]]; then
+  echo "agentbox-vnc-start: noVNC assets not found (looked in /usr/share/novnc, /usr/local/share/novnc)" >&2
+  exit 65
+fi
+
 # websockify serves noVNC at /vnc.html (--web) and tunnels WS frames to Xvnc's
 # RFB. Bind 0.0.0.0:6080 so both Docker `-p` mappings and OrbStack's
 # <name>.orb.local routing reach it.
 websockify \
-  --web=/usr/share/novnc \
+  --web="$NOVNC_WEB" \
   0.0.0.0:6080 \
   127.0.0.1:5901 \
   >/var/log/agentbox/websockify.log 2>&1 &

package/runtime/hetzner/agentbox-vnc-start

@@ -65,11 +65,25 @@ if ! pgrep -u "$(id -u)" -x autocutsel >/dev/null; then
   DISPLAY=:1 autocutsel -selection PRIMARY -fork >/dev/null 2>&1 || true
 fi
 
+# noVNC's static assets live at different paths per base image: Debian/Ubuntu
+# (docker, hetzner) ship them at /usr/share/novnc via apt; the AL2023 bake
+# (vercel) git-clones them to /usr/local/share/novnc. websockify runs
+# os.chdir(--web) at startup, so a wrong path makes it FileNotFoundError and
+# never bind 6080 — pick the first dir that exists.
+NOVNC_WEB=""
+for _d in /usr/share/novnc /usr/local/share/novnc; do
+  if [[ -d "$_d" ]]; then NOVNC_WEB="$_d"; break; fi
+done
+if [[ -z "$NOVNC_WEB" ]]; then
+  echo "agentbox-vnc-start: noVNC assets not found (looked in /usr/share/novnc, /usr/local/share/novnc)" >&2
+  exit 65
+fi
+
 # websockify serves noVNC at /vnc.html (--web) and tunnels WS frames to Xvnc's
 # RFB. Bind 0.0.0.0:6080 so both Docker `-p` mappings and OrbStack's
 # <name>.orb.local routing reach it.
 websockify \
-  --web=/usr/share/novnc \
+  --web="$NOVNC_WEB" \
   0.0.0.0:6080 \
   127.0.0.1:5901 \
   >/var/log/agentbox/websockify.log 2>&1 &

package/runtime/hetzner/ctl.cjs

@@ -18469,8 +18469,8 @@ var KEY_REGISTRY = [
   {
     key: "box.provider",
     type: "enum",
-    enumValues: ["docker", "daytona", "hetzner"],
-    description: "Sandbox backend new boxes are created on: local Docker containers, Daytona Cloud sandboxes, or Hetzner Cloud VPSes."
+    enumValues: ["docker", "daytona", "hetzner", "vercel"],
+    description: "Sandbox backend new boxes are created on: local Docker containers, Daytona Cloud sandboxes, Hetzner Cloud VPSes, or Vercel Sandboxes."
   },
   {
     key: "box.hostSnapshot",
@@ -18500,6 +18500,12 @@ var KEY_REGISTRY = [
     description: "Per-provider override of `box.defaultCheckpoint` for hetzner. Wins over the global when set; set via `agentbox checkpoint set-default --provider hetzner`.",
     advanced: true
   },
+  {
+    key: "box.defaultCheckpointVercel",
+    type: "string",
+    description: "Per-provider override of `box.defaultCheckpoint` for vercel. Wins over the global when set; set via `agentbox checkpoint set-default --provider vercel`.",
+    advanced: true
+  },
   {
     key: "checkpoint.maxLayers",
     type: "int",
@@ -18573,6 +18579,21 @@ var KEY_REGISTRY = [
     type: "int",
     description: "Cap git bundle history shipped to cloud sandboxes (daytona, hetzner). 0 = full history. Unset = adaptive default (last 200 commits; re-bundle at 100 if the bundle exceeds 20 MB). Ignored for docker (which bind-mounts .git/)."
   },
+  {
+    key: "box.vercelVcpus",
+    type: "int",
+    description: "vCPUs for new --provider vercel boxes (Vercel couples RAM at 2048 MB/vCPU). Default 2. Vercel only accepts specific counts (e.g. 1, 2, 4, 8) \u2014 an unsupported value fails create with a 400. Vercel-only; ignored by other providers."
+  },
+  {
+    key: "box.vercelTimeoutMs",
+    type: "int",
+    description: "Max session length (ms) for new --provider vercel boxes before the VM auto-snapshots; persistent mode auto-resumes on the next call. Default 2700000 (45 min, the Hobby ceiling). Vercel-only."
+  },
+  {
+    key: "box.vercelNetworkPolicy",
+    type: "string",
+    description: "Egress lock for new --provider vercel boxes: 'allow-all' (default, unset), 'deny-all', or a comma-separated domain allowlist (e.g. 'github.com,*.npmjs.org') that denies everything else. Vercel-only; ignored by other providers."
+  },
   {
     key: "claude.sessionName",
     type: "string",
@@ -18690,6 +18711,21 @@ var KEY_REGISTRY = [
     type: "int",
     description: "Max number of simultaneously-running boxes (across providers) before background `-i` jobs queue up instead of starting immediately. Per-invocation override: `--max-running <n>`."
   },
+  {
+    key: "queue.maxWorking",
+    type: "int",
+    description: "Max agents actively working/thinking (quota-consuming) at once before background `-i` jobs queue. 0 = disabled (use the queue.maxConcurrent running-box gate). Counts all boxes, foreground + queued. Per-invocation override: `--max-working <n>`."
+  },
+  {
+    key: "queue.idleGraceSeconds",
+    type: "int",
+    description: "Seconds an agent must stay non-working before it frees its working slot (debounce against brief idle flaps between turns). Only used when queue.maxWorking > 0."
+  },
+  {
+    key: "cloud.useCurrentBranch",
+    type: "bool",
+    description: "On cloud providers (daytona/hetzner), start new boxes on the host's current branch instead of forking a new agentbox/<box-name> branch. Overridden by an explicit --use-branch / --from-branch."
+  },
   {
     key: "maintenance.pruneProjectConfigs",
     type: "bool",
@@ -19119,6 +19155,23 @@ function isGhPrOp(value) {
   return GH_PR_OPS.includes(value);
 }
 var GH_PR_READ_ONLY_OPS = /* @__PURE__ */ new Set(["view", "list"]);
+function injectPrCreateHead(op, branch, args) {
+  if (op !== "create") return args;
+  if (!branch || branch === "HEAD") return args;
+  if (hasHeadArg(args)) return args;
+  return ["--head", branch, ...args];
+}
+function hasHeadArg(args) {
+  return args.some((a2) => a2 === "--head" || a2.startsWith("--head=") || a2.startsWith("-H"));
+}
+function prCreateNeedsHead(op, args) {
+  return op === "create" && !hasHeadArg(args);
+}
+var PR_CREATE_NO_HEAD_REFUSAL = {
+  exitCode: 65,
+  stdout: "",
+  stderr: "gh pr create: refusing to run without --head \u2014 could not resolve this box's branch, and falling back to the host repo's checked-out branch would open a PR for the wrong branch. Ensure the box branch is pushed, or pass --head <branch> explicitly.\n"
+};
 var GH_RPC_TIMEOUT_MS = 12e4;
 var GH_READY_CACHE_TTL_MS = 6e4;
 var ghReadyCache;
@@ -19320,36 +19373,31 @@ var BoxStatusStore = class {
 async function resolveCloudBackend(name) {
   if (name === "daytona") {
     const pkg = "@agentbox/sandbox-daytona";
-    try {
-      const mod = await import(pkg);
-      return mod.daytonaBackend;
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
-        throw new Error(
-          `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
-        );
-      }
-      throw err;
-    }
+    return loadCloudBackend(pkg, async () => (await import(pkg)).daytonaBackend);
   }
   if (name === "hetzner") {
     const pkg = "@agentbox/sandbox-hetzner";
-    try {
-      const mod = await import(pkg);
-      return mod.hetznerBackend;
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
-        throw new Error(
-          `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
-        );
-      }
-      throw err;
-    }
+    return loadCloudBackend(pkg, async () => (await import(pkg)).hetznerBackend);
+  }
+  if (name === "vercel") {
+    const pkg = "@agentbox/sandbox-vercel";
+    return loadCloudBackend(pkg, async () => (await import(pkg)).vercelBackend);
   }
   throw new Error(`no host executor for cloud backend '${name}'`);
 }
+async function loadCloudBackend(pkg, load2) {
+  try {
+    return await load2();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/cannot find module|MODULE_NOT_FOUND/i.test(msg)) {
+      throw new Error(
+        `relay: cannot load '${pkg}' at runtime \u2014 install it alongside @agentbox/relay (the @madarco/agentbox CLI normally provides this dependency). Original: ${msg}`
+      );
+    }
+    throw err;
+  }
+}
 async function refreshCloudPreviewUrl(backendName, boxId, port) {
   try {
     const backend = await resolveCloudBackend(backendName);
@@ -19477,7 +19525,20 @@ async function runGhPrRpc(action, deps) {
       }
     }
   }
-  return runHostGh(["pr", op, ...args], lookup.workspacePath);
+  let finalArgs = args;
+  if (op === "create" && !args.some((a2) => a2 === "--head" || a2.startsWith("--head="))) {
+    const backend = await resolveCloudBackend(deps.backendName);
+    const handle = { sandboxId: lookup.cloudSandboxId };
+    const containerPath = params.path ?? "/workspace";
+    const branchProbe = await backend.exec(
+      handle,
+      `git -C ${shellQuote(containerPath)} rev-parse --abbrev-ref HEAD`
+    );
+    const branch = branchProbe.exitCode === 0 ? (branchProbe.stdout ?? "").trim() : "";
+    finalArgs = injectPrCreateHead(op, branch, args);
+  }
+  if (prCreateNeedsHead(op, finalArgs)) return PR_CREATE_NO_HEAD_REFUSAL;
+  return runHostGh(["pr", op, ...finalArgs], lookup.workspacePath);
 }
 async function runBrowserOpenMirror(action, deps) {
   const params = action.params ?? {};
@@ -19947,7 +20008,13 @@ function createRelayServer(opts) {
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "relay"}`);
     const route = `${req.method ?? "GET"} ${url.pathname}`;
     if (route === "GET /healthz") {
-      send(res, 200, { ok: true, boxes: registry.size(), events: events.size() });
+      send(res, 200, {
+        ok: true,
+        boxes: registry.size(),
+        events: events.size(),
+        pid: process.pid,
+        cliEntry: Boolean(process.env.AGENTBOX_CLI_ENTRY)
+      });
       return;
     }
     if (url.pathname.startsWith("/bridge/")) {
@@ -20605,7 +20672,9 @@ async function handleGhPrRpc(op, reg, params, prompts, subscribers, hostInitiate
       return { exitCode: 10, stdout: "", stderr: "denied by user\n" };
     }
   }
-  return runHostGh(["pr", op, ...args], worktree.hostMainRepo);
+  const finalArgs = injectPrCreateHead(op, worktree.branch, args);
+  if (prCreateNeedsHead(op, finalArgs)) return PR_CREATE_NO_HEAD_REFUSAL;
+  return runHostGh(["pr", op, ...finalArgs], worktree.hostMainRepo);
 }
 async function handleCpRpc(reg, method, params) {
   const entry = process.env.AGENTBOX_CLI_ENTRY;