@shadowob/cloud 1.1.6 → 1.1.8

package/dist/index.js

@@ -1,15 +1,3 @@
-import {
-  createConsoleCommand
-} from "./chunk-HRTBOZ7O.js";
-import {
-  createInitCommand
-} from "./chunk-2FWJSE6Z.js";
-import {
-  formatProvisionState,
-  loadProvisionState,
-  mergeProvisionState,
-  saveProvisionState
-} from "./chunk-7VMRQ7MG.js";
 import {
   CLOUD_SAAS_RUNTIME_KEY,
   attachCloudSaasProvisionState,
@@ -26,7 +14,13 @@ import {
   toProviderSecretEnvKey,
   validateCloudSaasConfigSnapshot,
   withLegacyEnvAliases
-} from "./chunk-I3NRNCDR.js";
+} from "./chunk-X2SREECR.js";
+import {
+  createConsoleCommand
+} from "./chunk-PYJRFKPN.js";
+import {
+  createInitCommand
+} from "./chunk-EVV774KS.js";
 import {
   RUNNER_AGENTS_VOLUME_NAME,
   RUNNER_CONFIG_MOUNT_PATH,
@@ -39,6 +33,7 @@ import {
   applyRuntimeEnvRefPolicy,
   buildOpenClawConfig,
   collectPluginBuildEnvVars,
+  collectPluginRuntimeEnvOmitKeys,
   collectPluginRuntimeExtensions,
   collectRuntimeEnvFields,
   collectRuntimeEnvRefPolicy,
@@ -56,11 +51,17 @@ import {
   runtimeContextEnv,
   runtimeStatePvcName,
   validateCloudConfig
-} from "./chunk-FSW4TNHN.js";
+} from "./chunk-P5Y6F2NH.js";
 import {
   deepMerge,
   getPluginRegistry
-} from "./chunk-JUPAE5IA.js";
+} from "./chunk-OL5VH6RN.js";
+import {
+  formatProvisionState,
+  loadProvisionState,
+  mergeProvisionState,
+  saveProvisionState
+} from "./chunk-7VMRQ7MG.js";
 import {
   log
 } from "./chunk-HUICDC56.js";
@@ -206,9 +207,9 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
             "type": "array",
             "description": "Binding rules connecting buddies to agents and channels"
           },
-          "playLaunch": {
+          "greeting": {
             "type": "object",
-            "description": "Landing behavior for play launch flows, including default channel and greeting"
+            "description": "Greeting and entry-channel behavior for provisioned Shadow spaces"
           }
         }
       },
@@ -247,7 +248,7 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
   {
     "id": "lark",
     "name": "Lark / Feishu",
-    "description": "Lark and Feishu workspace operations for messages, docs, Base, sheets, calendar, mail, tasks, meetings, approvals, and weekly execution workflows.",
+    "description": "Lark, Feishu, and Meegle workspace operations for messages, docs, Base, sheets, calendar, mail, tasks, meetings, approvals, projects, and weekly execution workflows.",
     "version": "1.0.0",
     "category": "communication",
     "capabilities": [
@@ -255,18 +256,19 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
       "data-source",
       "action",
       "cli",
-      "mcp",
       "skill"
     ],
     "tags": [
       "lark",
       "feishu",
+      "meegle",
       "docs",
       "base",
       "calendar",
       "messenger",
+      "projects",
       "skills",
-      "mcp"
+      "cli"
     ],
     "authType": "api-key",
     "website": "https://open.feishu.cn",
@@ -275,7 +277,7 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
     "manifest": {
       "id": "lark",
       "name": "Lark / Feishu",
-      "description": "Lark and Feishu workspace operations for messages, docs, Base, sheets, calendar, mail, tasks, meetings, approvals, and weekly execution workflows.",
+      "description": "Lark, Feishu, and Meegle workspace operations for messages, docs, Base, sheets, calendar, mail, tasks, meetings, approvals, projects, and weekly execution workflows.",
       "version": "1.0.0",
       "category": "communication",
       "icon": "messages-square",
@@ -287,20 +289,20 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
           {
             "key": "LARKSUITE_CLI_APP_ID",
             "label": "App ID",
-            "description": "Feishu or Lark app ID used by lark-cli and Lark MCP.",
+            "description": "Feishu or Lark app ID used by lark-cli. Get it from the app console.",
             "required": true,
             "sensitive": false,
             "placeholder": "cli_xxx",
-            "helpUrl": "https://open.feishu.cn/document/home/introduction-to-custom-app-development/self-built-application-development-process"
+            "helpUrl": "https://open.feishu.cn/app"
           },
           {
             "key": "LARKSUITE_CLI_APP_SECRET",
             "label": "App secret",
-            "description": "App secret from the Feishu or Lark developer console.",
+            "description": "App secret from the Feishu or Lark app console. Cloud writes this into lark-cli config.json instead of raw app env vars so bot CLI calls can mint tenant tokens correctly.",
             "required": true,
             "sensitive": true,
             "placeholder": "App secret",
-            "helpUrl": "https://open.feishu.cn/document/home/introduction-to-custom-app-development/self-built-application-development-process"
+            "helpUrl": "https://open.feishu.cn/app"
           },
           {
             "key": "LARKSUITE_CLI_BRAND",
@@ -308,7 +310,60 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
             "description": "Use feishu for China tenants or lark for global tenants.",
             "required": false,
             "sensitive": false,
-            "placeholder": "feishu"
+            "placeholder": "feishu",
+            "helpUrl": "https://open.feishu.cn/app"
+          },
+          {
+            "key": "LARKSUITE_CLI_DEFAULT_AS",
+            "label": "Default identity",
+            "description": "Default lark-cli identity: bot, user, or auto. Defaults to bot.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "bot"
+          },
+          {
+            "key": "LARKSUITE_CLI_STRICT_MODE",
+            "label": "Strict mode",
+            "description": "Restrict lark-cli to bot, user, or off. Defaults to bot.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "bot"
+          },
+          {
+            "key": "MEEGLE_HOST",
+            "label": "Meegle host",
+            "description": "Meegle site domain, such as project.feishu.cn, meegle.com, or a tenant host.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "project.feishu.cn",
+            "helpUrl": "https://github.com/larksuite/meegle-cli#configuration"
+          },
+          {
+            "key": "MEEGLE_USER_ACCESS_TOKEN",
+            "label": "Meegle user access token",
+            "description": "Optional Meegle user access token for direct CLI auth. Rotate this token when Meegle returns 401.",
+            "required": false,
+            "sensitive": true,
+            "placeholder": "u-...",
+            "helpUrl": "https://github.com/larksuite/meegle-cli#configuration"
+          },
+          {
+            "key": "MEEGLE_ACCESS_TOKEN_HEADER",
+            "label": "Meegle token header",
+            "description": "Optional custom Meegle token header. Empty uses Authorization: Bearer <token>.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "x-meegle-auth",
+            "helpUrl": "https://github.com/larksuite/meegle-cli#configuration"
+          },
+          {
+            "key": "MEEGLE_USER_AGENT",
+            "label": "Meegle user agent suffix",
+            "description": "Optional caller suffix appended to the Meegle CLI User-Agent.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "shadow-cloud",
+            "helpUrl": "https://github.com/larksuite/meegle-cli#configuration"
           }
         ]
       },
@@ -317,18 +372,19 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
         "data-source",
         "action",
         "cli",
-        "mcp",
         "skill"
       ],
       "tags": [
         "lark",
         "feishu",
+        "meegle",
         "docs",
         "base",
         "calendar",
         "messenger",
+        "projects",
         "skills",
-        "mcp"
+        "cli"
       ],
       "popularity": 99
     },
@@ -336,28 +392,32 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
       {
         "key": "LARKSUITE_CLI_APP_ID",
         "label": "App ID",
-        "description": "Feishu or Lark app ID used by lark-cli and Lark MCP.",
+        "description": "Feishu or Lark app ID used by lark-cli. Get it from the app console.",
         "sensitive": false
       },
       {
         "key": "LARKSUITE_CLI_APP_SECRET",
         "label": "App secret",
-        "description": "App secret from the Feishu or Lark developer console.",
+        "description": "App secret from the Feishu or Lark app console. Cloud writes this into lark-cli config.json instead of raw app env vars so bot CLI calls can mint tenant tokens correctly.",
         "sensitive": true
       }
     ],
     "readme": {
       "title": "Lark / Feishu Plugin",
-      "excerpt": "Lark / Feishu Plugin\n\nLark / Feishu connects a Buddy to workspace operations across messages, Docs, Base, Sheets, Calendar, Mail, Tasks, Meetings, approvals, and weekly execution workflows.\n\nConfiguration Keys\n\n Key Required Sensitive Description \n \n LARKSUITE CLI APP ID Yes No Feishu or Lark app ID used by lark cli and Lark MCP. \n LARKSUITE CLI APP SECRET Yes Yes App secret from the Feishu or Lark developer console. \n LARKSUITE CLI BRAND No No Use feishu for China tenants or lark for global tenants. Defaults to feishu. \n\nSetup\n\n1. Open the Feishu or Lark developer console.\n2. Create a self built application.\n3. Grant the APIs needed by the Buddy, such as Messenger, Docs, Base, Sheets, Calendar, Mail, Tasks, Meetings, or approvals.\n4. Copy the app ID into LARKSUITE CLI APP ID.\n5. Copy the app secret into LARKSUITE CLI APP SECRET.\n6. Set LARKSUITE CLI BRAND to match the tenant.\n7. Deploy the Buddy and verify with a read only document, Base, or calendar lookup.\n\nRuntime Assets\n\n Installs the official @larksuite/cli package.\n Registers the official @larksuiteoapi/lark mcp MCP server through npx.\n Mounts official Lark CLI agent skills under /workspace/.agents/plugin skills/lark.\n Adds verification checks for the CLI and mounted skills.\n\nReferences\n\n Lark CLI\n Lark custom application development",
+      "excerpt": "Lark / Feishu Plugin\n\nLark / Feishu connects a Buddy to workspace operations across messages, Docs, Base, Sheets, Calendar, Mail, Tasks, Meetings, approvals, Meegle work items, and weekly execution workflows.\n\nConfiguration Keys\n\n Key Required Sensitive Description \n \n LARKSUITE CLI APP ID Yes No Feishu or Lark app ID used by lark cli. \n LARKSUITE CLI APP SECRET Yes Yes App secret from the Feishu or Lark developer console. \n LARKSUITE CLI BRAND No No Use feishu for China tenants or lark for global tenants. Defaults to feishu. \n LARKSUITE CLI DEFAULT AS No No Default lark cli identity: bot, user, or auto. Defaults to bot. \n LARKSUITE CLI STRICT MODE No No Restrict lark cli to bot, user, or off. Defaults to bot. \n MEEGLE HOST No No Meegle site domain, such as project.feishu.cn, meegle.com, or a tenant host. \n MEEGLE USER ACCESS TOKEN No Yes Optional Meegle user access token for direct CLI auth. \n MEEGLE ACCESS TOKEN HEADER No No Optional custom Meegle token header. Empty uses Authorization: Bearer <token . \n MEEGLE USER AGENT No No Optional caller suffix appended to the Meegle CLI User Agent. \n\nCredential Source URLs\n\n Environment variable Where to get it \n \n LARKSUITE CLI APP ID Feishu China app console: <https://open.feishu.cn/app \n LARKSUITE CLI APP SECRET Feishu China app console: <https://open.feishu.cn/app \n LARKSUITE CLI BRAND Use feishu for apps from <https://open.feishu.cn/app ; use lark for global Lark tenants. \n MEEGLE HOST The Meegle/Lark Project tenant host, for example <https://project.feishu.cn . \n MEEGLE USER ACCESS TOKEN Meegle CLI direct env token configurat",
       "headings": [
         "Lark / Feishu Plugin",
         "Configuration Keys",
+        "Credential Source URLs",
         "Setup",
+        "Lark CLI Credential Model",
+        "Knowledge Base Access",
+        "Local Plugin Test",
         "Runtime Assets",
         "References"
       ]
     },
-    "searchText": "lark\nlark / feishu\nlark and feishu workspace operations for messages, docs, base, sheets, calendar, mail, tasks, meetings, approvals, and weekly execution workflows.\ncommunication\ntool data-source action cli mcp skill\nlark feishu docs base calendar messenger skills mcp\nlarksuite_cli_app_id app id feishu or lark app id used by lark-cli and lark mcp. larksuite_cli_app_secret app secret app secret from the feishu or lark developer console. larksuite_cli_brand workspace brand use feishu for china tenants or lark for global tenants.\nlark / feishu plugin\nlark / feishu plugin configuration keys setup runtime assets references\nlark / feishu plugin\n\nlark / feishu connects a buddy to workspace operations across messages, docs, base, sheets, calendar, mail, tasks, meetings, approvals, and weekly execution workflows.\n\nconfiguration keys\n\n key required sensitive description \n \n larksuite cli app id yes no feishu or lark app id used by lark cli and lark mcp. \n larksuite cli app secret yes yes app secret from the feishu or lark developer console. \n larksuite cli brand no no use feishu for china tenants or lark for global tenants. defaults to feishu. \n\nsetup\n\n1. open the feishu or lark developer console.\n2. create a self built application.\n3. grant the apis needed by the buddy, such as messenger, docs, base, sheets, calendar, mail, tasks, meetings, or approvals.\n4. copy the app id into larksuite cli app id.\n5. copy the app secret into larksuite cli app secret.\n6. set larksuite cli brand to match the tenant.\n7. deploy the buddy and verify with a read only document, base, or calendar lookup.\n\nruntime assets\n\n installs the official @larksuite/cli package.\n registers the official @larksuiteoapi/lark mcp mcp server through npx.\n mounts official lark cli agent skills under /workspace/.agents/plugin skills/lark.\n adds verification checks for the cli and mounted skills.\n\nreferences\n\n lark cli\n lark custom application development"
+    "searchText": "lark\nlark / feishu\nlark, feishu, and meegle workspace operations for messages, docs, base, sheets, calendar, mail, tasks, meetings, approvals, projects, and weekly execution workflows.\ncommunication\ntool data-source action cli skill\nlark feishu meegle docs base calendar messenger projects skills cli\nlarksuite_cli_app_id app id feishu or lark app id used by lark-cli. get it from the app console. larksuite_cli_app_secret app secret app secret from the feishu or lark app console. cloud writes this into lark-cli config.json instead of raw app env vars so bot cli calls can mint tenant tokens correctly. larksuite_cli_brand workspace brand use feishu for china tenants or lark for global tenants. larksuite_cli_default_as default identity default lark-cli identity: bot, user, or auto. defaults to bot. larksuite_cli_strict_mode strict mode restrict lark-cli to bot, user, or off. defaults to bot. meegle_host meegle host meegle site domain, such as project.feishu.cn, meegle.com, or a tenant host. meegle_user_access_token meegle user access token optional meegle user access token for direct cli auth. rotate this token when meegle returns 401. meegle_access_token_header meegle token header optional custom meegle token header. empty uses authorization: bearer <token>. meegle_user_agent meegle user agent suffix optional caller suffix appended to the meegle cli user-agent.\nlark / feishu plugin\nlark / feishu plugin configuration keys credential source urls setup lark cli credential model knowledge base access local plugin test runtime assets references\nlark / feishu plugin\n\nlark / feishu connects a buddy to workspace operations across messages, docs, base, sheets, calendar, mail, tasks, meetings, approvals, meegle work items, and weekly execution workflows.\n\nconfiguration keys\n\n key required sensitive description \n \n larksuite cli app id yes no feishu or lark app id used by lark cli. \n larksuite cli app secret yes yes app secret from the feishu or lark developer console. \n larksuite cli brand no no use feishu for china tenants or lark for global tenants. defaults to feishu. \n larksuite cli default as no no default lark cli identity: bot, user, or auto. defaults to bot. \n larksuite cli strict mode no no restrict lark cli to bot, user, or off. defaults to bot. \n meegle host no no meegle site domain, such as project.feishu.cn, meegle.com, or a tenant host. \n meegle user access token no yes optional meegle user access token for direct cli auth. \n meegle access token header no no optional custom meegle token header. empty uses authorization: bearer <token . \n meegle user agent no no optional caller suffix appended to the meegle cli user agent. \n\ncredential source urls\n\n environment variable where to get it \n \n larksuite cli app id feishu china app console: <https://open.feishu.cn/app \n larksuite cli app secret feishu china app console: <https://open.feishu.cn/app \n larksuite cli brand use feishu for apps from <https://open.feishu.cn/app ; use lark for global lark tenants. \n meegle host the meegle/lark project tenant host, for example <https://project.feishu.cn . \n meegle user access token meegle cli direct env token configurat"
   },
   {
     "id": "figma",
@@ -4206,6 +4266,79 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
     },
     "searchText": "inference-sh\ninference.sh\ninference.sh lets buddies run cloud ai apps for images, videos, llms, search, audio, 3d, and automation through the belt cli.\nautomation\ntool data-source action cli skill\ninference-sh belt ai-apps image video llm search skills\ninfsh_api_key inference.sh api key api key used by the belt cli.\ninference.sh plugin\ninference.sh plugin configuration keys setup runtime assets references\ninference.sh plugin\n\ninference.sh lets a buddy run cloud ai apps for images, videos, llms, search, audio, 3d, and automation through the belt cli.\n\nconfiguration keys\n\n key required sensitive description \n \n infsh api key yes yes api key used by the belt cli. \n\nsetup\n\n1. sign in to inference.sh.\n2. create or copy an api key from your inference.sh account settings.\n3. add the key as infsh api key in the deployment form or secret group.\n4. deploy the buddy.\n5. run the verification check to confirm belt help works inside the runtime.\n\nruntime assets\n\n installs system prerequisites for the official installer.\n installs the belt cli with https://cli.inference.sh.\n mounts the infsh cli skill from infsh skills/skills.\n\nreferences\n\n inference.sh skills\n inference.sh cli setup\n inference.sh authentication\n infsh skills repository"
   },
+  {
+    "id": "text-to-cad",
+    "name": "CAD Skills",
+    "description": "CAD Skills mounts text-to-cad workflows for STEP-first CAD generation, inspection, rendering, robot descriptions, standard parts, and fabrication preflight.",
+    "version": "1.0.0",
+    "category": "automation",
+    "capabilities": [
+      "tool",
+      "data-source",
+      "action",
+      "cli",
+      "skill"
+    ],
+    "tags": [
+      "cad",
+      "step",
+      "stl",
+      "dxf",
+      "robotics",
+      "urdf",
+      "sdf",
+      "srdf",
+      "hardware"
+    ],
+    "authType": "none",
+    "website": "https://www.cadskills.xyz",
+    "docs": "https://github.com/earthtojake/text-to-cad",
+    "popularity": 88,
+    "manifest": {
+      "id": "text-to-cad",
+      "name": "CAD Skills",
+      "description": "CAD Skills mounts text-to-cad workflows for STEP-first CAD generation, inspection, rendering, robot descriptions, standard parts, and fabrication preflight.",
+      "version": "1.0.0",
+      "category": "automation",
+      "icon": "boxes",
+      "website": "https://www.cadskills.xyz",
+      "docs": "https://github.com/earthtojake/text-to-cad",
+      "auth": {
+        "type": "none",
+        "fields": []
+      },
+      "capabilities": [
+        "tool",
+        "data-source",
+        "action",
+        "cli",
+        "skill"
+      ],
+      "tags": [
+        "cad",
+        "step",
+        "stl",
+        "dxf",
+        "robotics",
+        "urdf",
+        "sdf",
+        "srdf",
+        "hardware"
+      ],
+      "popularity": 88
+    },
+    "requiredFields": [],
+    "readme": {
+      "title": "CAD Skills",
+      "excerpt": "CAD Skills\n\nMounts the earthtojake/text to cad agent skills for CAD, robotics, and\nhardware design workflows.\n\nRuntime\n\n Pulls the repository skills/ tree into\n /workspace/.agents/plugin skills/text to cad.\n Installs Python CAD dependencies into the plugin runtime dependency volume\n from a Debian based Node init image so binary Python wheels are available.\n Installs the CAD Explorer viewer dependencies after the skills have been\n copied into the init container staging volume.\n Patches the bundled step.parts downloader to use the currently live\n https://www.step.parts/v1 API origin.\n Exposes cad step, cad inspect, and cad dxf wrappers on PATH.\n\nNotes\n\nThe upstream repository excludes LFS heavy benchmark assets from normal use.\nThis plugin mounts only the skill tree and keeps CAD outputs in the active\nworkspace as ordinary derived artifacts.",
+      "headings": [
+        "CAD Skills",
+        "Runtime",
+        "Notes"
+      ]
+    },
+    "searchText": "text-to-cad\ncad skills\ncad skills mounts text-to-cad workflows for step-first cad generation, inspection, rendering, robot descriptions, standard parts, and fabrication preflight.\nautomation\ntool data-source action cli skill\ncad step stl dxf robotics urdf sdf srdf hardware\n\ncad skills\ncad skills runtime notes\ncad skills\n\nmounts the earthtojake/text to cad agent skills for cad, robotics, and\nhardware design workflows.\n\nruntime\n\n pulls the repository skills/ tree into\n /workspace/.agents/plugin skills/text to cad.\n installs python cad dependencies into the plugin runtime dependency volume\n from a debian based node init image so binary python wheels are available.\n installs the cad explorer viewer dependencies after the skills have been\n copied into the init container staging volume.\n patches the bundled step.parts downloader to use the currently live\n https://www.step.parts/v1 api origin.\n exposes cad step, cad inspect, and cad dxf wrappers on path.\n\nnotes\n\nthe upstream repository excludes lfs heavy benchmark assets from normal use.\nthis plugin mounts only the skill tree and keeps cad outputs in the active\nworkspace as ordinary derived artifacts."
+  },
   {
     "id": "claude-plugin",
     "name": "Claude Plugin Importer",
@@ -6387,6 +6520,107 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
     },
     "searchText": "vercel\nvercel\nvercel operations for deployments, domains, logs, project settings, environment variables, and next.js production diagnostics.\ndevops\ntool data-source action cli mcp skill\nvercel deployments nextjs logs domains mcp\nvercel_token vercel token vercel access token. vercel_team_id team id default vercel team id. vercel_project_id project id default vercel project id.\nvercel plugin\nvercel plugin configuration keys setup runtime assets references\nvercel plugin\n\nvercel launchops supports preview deploys, deployment logs, domain configuration, project settings, environment variables, and next.js production diagnostics.\n\nconfiguration keys\n\n key required sensitive description \n \n vercel token yes yes vercel access token for project and deployment operations. \n vercel team id no no optional default vercel team id. \n vercel project id no no optional default vercel project id. \n\nsetup\n\n1. open vercel account settings.\n2. create an access token.\n3. add the token as vercel token.\n4. copy vercel team id from team settings if the buddy should operate under a team.\n5. copy vercel project id from project settings if the buddy should default to one project.\n6. deploy the buddy and verify vercel version.\n\nruntime assets\n\n installs the vercel cli.\n registers hosted vercel mcp metadata.\n\nreferences\n\n vercel agent resources\n vercel mcp\n vercel cli\n creating a vercel access token"
   },
+  {
+    "id": "nature-skills",
+    "name": "Nature Skills",
+    "description": "Nature Skills mounts academic writing, polishing, citation, paper reading, figure, reviewer response, paper-to-PPT, data availability, and literature search workflows.",
+    "version": "1.0.0",
+    "category": "productivity",
+    "capabilities": [
+      "tool",
+      "data-source",
+      "action",
+      "cli",
+      "mcp",
+      "skill"
+    ],
+    "tags": [
+      "nature",
+      "academic-writing",
+      "paper-reading",
+      "citation",
+      "figures",
+      "literature-search",
+      "review-response",
+      "ppt"
+    ],
+    "authType": "none",
+    "website": "https://github.com/Yuan1z0825/nature-skills",
+    "docs": "https://github.com/Yuan1z0825/nature-skills",
+    "popularity": 84,
+    "manifest": {
+      "id": "nature-skills",
+      "name": "Nature Skills",
+      "description": "Nature Skills mounts academic writing, polishing, citation, paper reading, figure, reviewer response, paper-to-PPT, data availability, and literature search workflows.",
+      "version": "1.0.0",
+      "category": "productivity",
+      "icon": "microscope",
+      "website": "https://github.com/Yuan1z0825/nature-skills",
+      "docs": "https://github.com/Yuan1z0825/nature-skills",
+      "auth": {
+        "type": "none",
+        "fields": [
+          {
+            "key": "PUBMED_EMAIL",
+            "label": "PubMed email",
+            "description": "Optional email used by NCBI E-utilities for academic search workflows.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "researcher@example.com",
+            "helpUrl": "https://www.ncbi.nlm.nih.gov/books/NBK25497/"
+          },
+          {
+            "key": "NCBI_API_KEY",
+            "label": "NCBI API key",
+            "description": "Optional NCBI API key for higher PubMed rate limits.",
+            "required": false,
+            "sensitive": true,
+            "placeholder": "ncbi_...",
+            "helpUrl": "https://www.ncbi.nlm.nih.gov/account/settings/"
+          },
+          {
+            "key": "SEMANTIC_SCHOLAR_API_KEY",
+            "label": "Semantic Scholar API key",
+            "description": "Optional Semantic Scholar API key for literature search workflows.",
+            "required": false,
+            "sensitive": true,
+            "placeholder": "sk-...",
+            "helpUrl": "https://api.semanticscholar.org/"
+          }
+        ]
+      },
+      "capabilities": [
+        "tool",
+        "data-source",
+        "action",
+        "cli",
+        "mcp",
+        "skill"
+      ],
+      "tags": [
+        "nature",
+        "academic-writing",
+        "paper-reading",
+        "citation",
+        "figures",
+        "literature-search",
+        "review-response",
+        "ppt"
+      ],
+      "popularity": 84
+    },
+    "requiredFields": [],
+    "readme": {
+      "title": "Nature Skills",
+      "excerpt": "Nature Skills\n\nMounts Yuan1z0825/nature skills into Cloud agents as a bundled academic\nresearch and publication workflow plugin.\n\nRuntime\n\n Pulls all skills/nature folders into\n /workspace/.agents/plugin skills/nature skills.\n Installs the Python dependencies needed by the bundled academic search MCP\n server into the plugin runtime dependency volume from a Debian based Node init\n image.\n Registers the nature academic search stdio MCP server.\n\nOptional Credentials\n\n PUBMED EMAIL improves compliance with NCBI E utilities guidance.\n NCBI API KEY raises PubMed rate limits.\n SEMANTIC SCHOLAR API KEY can improve Semantic Scholar search throughput.\n\nThe non search skills can be used without credentials.",
+      "headings": [
+        "Nature Skills",
+        "Runtime",
+        "Optional Credentials"
+      ]
+    },
+    "searchText": "nature-skills\nnature skills\nnature skills mounts academic writing, polishing, citation, paper reading, figure, reviewer response, paper-to-ppt, data availability, and literature search workflows.\nproductivity\ntool data-source action cli mcp skill\nnature academic-writing paper-reading citation figures literature-search review-response ppt\npubmed_email pubmed email optional email used by ncbi e-utilities for academic search workflows. ncbi_api_key ncbi api key optional ncbi api key for higher pubmed rate limits. semantic_scholar_api_key semantic scholar api key optional semantic scholar api key for literature search workflows.\nnature skills\nnature skills runtime optional credentials\nnature skills\n\nmounts yuan1z0825/nature skills into cloud agents as a bundled academic\nresearch and publication workflow plugin.\n\nruntime\n\n pulls all skills/nature folders into\n /workspace/.agents/plugin skills/nature skills.\n installs the python dependencies needed by the bundled academic search mcp\n server into the plugin runtime dependency volume from a debian based node init\n image.\n registers the nature academic search stdio mcp server.\n\noptional credentials\n\n pubmed email improves compliance with ncbi e utilities guidance.\n ncbi api key raises pubmed rate limits.\n semantic scholar api key can improve semantic scholar search throughput.\n\nthe non search skills can be used without credentials."
+  },
   {
     "id": "atlassian",
     "name": "Atlassian",
@@ -6698,6 +6932,103 @@ var RAW_PLUGIN_LIBRARY = String.raw`[
     },
     "searchText": "posthog\nposthog\nposthog productops covers funnels, retention, feature flags, experiments, session replay, hogql, logs, and product-growth diagnostics.\nanalytics\ntool data-source action cli mcp skill\nposthog analytics feature-flags funnels hogql experiments\nposthog_api_key posthog api key personal or project api key for posthog. posthog_project_id project id optional default project. posthog_host posthog host optional posthog host.\nposthog plugin\nposthog plugin configuration keys setup runtime assets references\nposthog plugin\n\nposthog productops covers funnels, retention, feature flags, experiments, session replay, hogql, logs, and product growth diagnostics.\n\nconfiguration keys\n\n key required sensitive description \n \n posthog api key yes yes posthog personal or project api key. \n posthog project id no no optional default posthog project id. \n posthog host no no optional posthog host, for example https://app.posthog.com or a self hosted url. \n\nsetup\n\n1. open posthog project or personal api settings.\n2. create an api key with the minimum scopes needed by the buddy.\n3. add the key as posthog api key.\n4. add posthog project id if the buddy should default to one project.\n5. add posthog host for eu cloud or self hosted installations.\n6. deploy the buddy and run the cli verification check.\n\nruntime assets\n\n installs the experimental posthog cli package.\n registers hosted posthog mcp metadata.\n\nreferences\n\n posthog mcp\n posthog api overview\n posthog endpoints cli"
   },
+  {
+    "id": "agentmemory",
+    "name": "AgentMemory",
+    "description": "AgentMemory adds persistent, searchable memory for coding agents through its MCP server, CLI, and optional local/remote memory service.",
+    "version": "1.0.0",
+    "category": "automation",
+    "capabilities": [
+      "tool",
+      "data-source",
+      "action",
+      "cli",
+      "mcp",
+      "skill"
+    ],
+    "tags": [
+      "memory",
+      "mcp",
+      "coding-agent",
+      "context",
+      "search",
+      "persistence"
+    ],
+    "authType": "none",
+    "website": "https://agent-memory.dev",
+    "docs": "https://github.com/rohitg00/agentmemory",
+    "popularity": 82,
+    "manifest": {
+      "id": "agentmemory",
+      "name": "AgentMemory",
+      "description": "AgentMemory adds persistent, searchable memory for coding agents through its MCP server, CLI, and optional local/remote memory service.",
+      "version": "1.0.0",
+      "category": "automation",
+      "icon": "brain",
+      "website": "https://agent-memory.dev",
+      "docs": "https://github.com/rohitg00/agentmemory",
+      "auth": {
+        "type": "none",
+        "fields": [
+          {
+            "key": "AGENTMEMORY_URL",
+            "label": "AgentMemory service URL",
+            "description": "Optional remote AgentMemory service URL. Omit to use the local runtime store.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "http://127.0.0.1:7331",
+            "helpUrl": "https://github.com/rohitg00/agentmemory"
+          },
+          {
+            "key": "AGENTMEMORY_API_KEY",
+            "label": "AgentMemory API key",
+            "description": "Optional API key for a protected AgentMemory service.",
+            "required": false,
+            "sensitive": true,
+            "placeholder": "am_...",
+            "helpUrl": "https://github.com/rohitg00/agentmemory"
+          },
+          {
+            "key": "AGENTMEMORY_PROJECT_ID",
+            "label": "AgentMemory project id",
+            "description": "Optional project/workspace id used to partition memories.",
+            "required": false,
+            "sensitive": false,
+            "placeholder": "shadow-cloud"
+          }
+        ]
+      },
+      "capabilities": [
+        "tool",
+        "data-source",
+        "action",
+        "cli",
+        "mcp",
+        "skill"
+      ],
+      "tags": [
+        "memory",
+        "mcp",
+        "coding-agent",
+        "context",
+        "search",
+        "persistence"
+      ],
+      "popularity": 82
+    },
+    "requiredFields": [],
+    "readme": {
+      "title": "AgentMemory",
+      "excerpt": "AgentMemory\n\nAgentMemory adds persistent, searchable memory to Shadow Cloud agents through\nthe @agentmemory/mcp MCP server and the agentmemory CLI.\n\nCapabilities\n\n Registers the AgentMemory MCP server for every supported runtime.\n Installs the AgentMemory CLI and MCP package into the runtime dependency\n volume.\n Supports an optional remote AgentMemory service via AGENTMEMORY URL and\n AGENTMEMORY API KEY.\n\nConfiguration\n\n \n\nOptional environment fields:\n\n AGENTMEMORY URL: remote service URL. Omit to use the local runtime store.\n AGENTMEMORY API KEY: key for a protected remote service.\n AGENTMEMORY PROJECT ID: project/workspace partition id.\n\nSafety\n\nAgents should only store durable project context, decisions, and user approved\nfacts. Do not store secrets, tokens, credentials, or private personal data.",
+      "headings": [
+        "AgentMemory",
+        "Capabilities",
+        "Configuration",
+        "Safety"
+      ]
+    },
+    "searchText": "agentmemory\nagentmemory\nagentmemory adds persistent, searchable memory for coding agents through its mcp server, cli, and optional local/remote memory service.\nautomation\ntool data-source action cli mcp skill\nmemory mcp coding-agent context search persistence\nagentmemory_url agentmemory service url optional remote agentmemory service url. omit to use the local runtime store. agentmemory_api_key agentmemory api key optional api key for a protected agentmemory service. agentmemory_project_id agentmemory project id optional project/workspace id used to partition memories.\nagentmemory\nagentmemory capabilities configuration safety\nagentmemory\n\nagentmemory adds persistent, searchable memory to shadow cloud agents through\nthe @agentmemory/mcp mcp server and the agentmemory cli.\n\ncapabilities\n\n registers the agentmemory mcp server for every supported runtime.\n installs the agentmemory cli and mcp package into the runtime dependency\n volume.\n supports an optional remote agentmemory service via agentmemory url and\n agentmemory api key.\n\nconfiguration\n\n \n\noptional environment fields:\n\n agentmemory url: remote service url. omit to use the local runtime store.\n agentmemory api key: key for a protected remote service.\n agentmemory project id: project/workspace partition id.\n\nsafety\n\nagents should only store durable project context, decisions, and user approved\nfacts. do not store secrets, tokens, credentials, or private personal data."
+  },
   {
     "id": "baidu-smartprogram",
     "name": "Baidu Smart Program",
@@ -7583,6 +7914,43 @@ var RAW_TEMPLATE_LIBRARY = String.raw`[
     },
     "searchText": "code-arena\n代码擂台\n用于出题、限时挑战、提示和代码复盘的编程对战 buddy 模板。\ngeneral\nmodel-provider shadowob\nproblems arena review\narena buddy\ngenerate coding challenges, set constraints, track attempts, give hints, and review solutions. prefer concise test cases and actionable feedback."
   },
+  {
+    "slug": "code-trainer",
+    "title": "Code Trainer 算法训练",
+    "description": "基于 Code Trainer Server App 授权的单 Buddy 算法训练模板，用多个频道承载自动复盘、题目推荐、学习计划、技巧推送、错题回炉和进度报告。",
+    "category": "general",
+    "plugins": [
+      "model-provider",
+      "shadowob"
+    ],
+    "channels": [
+      "助教资讯",
+      "题目推荐",
+      "学习规划",
+      "代码复盘",
+      "错题回炉",
+      "算法小技巧"
+    ],
+    "buddyNames": [
+      "算法教练"
+    ],
+    "agentCount": 1,
+    "systemPromptExcerpt": "You are the single Code Trainer Buddy. Use the mounted shadowob CLI skill as the source of truth: run \u0060shadowob app discover --server \"$SHADOW_SERVER_APP_SERVER_CODE_TRAINER_APP\" --json\u0060, then call \u0060shadowob app call \"$SHADOW_SERVER_APP_KEY_CODE_TRAINER_APP\" <command> --server \"$SHADOW_SERVER_APP_SERVER_CODE_TRAINER_APP\" --json-input '<raw-command-input-json>' --json\u0060.\n\nUse channels as modes, not separate identities:\n- #代码复盘: claim Inbox tasks immediately, acknowledge within 60 seconds, run visible examples plus hidden/edge cases, then write submissions.analyze with verdict, score, complexity, diagnosis, and next steps. If review takes more than 3 minutes, post one brief progress note.\n- #题目推荐: recommend the next problem from learning.overview using reinforcement, diversity, review, and popular coverage. Include predicted ACK rate when available and offer a lighter fallback.\n- #学习规划: maintain daily/weekly lists, deadline target, and first concrete action.\n- #算法小技巧: post compact templates, pitfalls, complexity reminders, and short checks tied to current weak or active tags.\n- #错题回炉: schedule spaced review for wrong or nearly forgotten problems and suggest one similar variation.\n- #助",
+    "valid": true,
+    "validation": {
+      "valid": true,
+      "agents": 1,
+      "configurations": 0,
+      "violations": [],
+      "extendsErrors": [],
+      "templateRefs": {
+        "env": 1,
+        "secret": 0,
+        "file": 0
+      }
+    },
+    "searchText": "code-trainer\ncode trainer 算法训练\n基于 code trainer server app 授权的单 buddy 算法训练模板，用多个频道承载自动复盘、题目推荐、学习计划、技巧推送、错题回炉和进度报告。\ngeneral\nmodel-provider shadowob\n助教资讯 题目推荐 学习规划 代码复盘 错题回炉 算法小技巧\n算法教练\nyou are the single code trainer buddy. use the mounted shadowob cli skill as the source of truth: run \u0060shadowob app discover --server \"$shadow_server_app_server_code_trainer_app\" --json\u0060, then call \u0060shadowob app call \"$shadow_server_app_key_code_trainer_app\" <command> --server \"$shadow_server_app_server_code_trainer_app\" --json-input '<raw-command-input-json>' --json\u0060.\n\nuse channels as modes, not separate identities:\n- #代码复盘: claim inbox tasks immediately, acknowledge within 60 seconds, run visible examples plus hidden/edge cases, then write submissions.analyze with verdict, score, complexity, diagnosis, and next steps. if review takes more than 3 minutes, post one brief progress note.\n- #题目推荐: recommend the next problem from learning.overview using reinforcement, diversity, review, and popular coverage. include predicted ack rate when available and offer a lighter fallback.\n- #学习规划: maintain daily/weekly lists, deadline target, and first concrete action.\n- #算法小技巧: post compact templates, pitfalls, complexity reminders, and short checks tied to current weak or active tags.\n- #错题回炉: schedule spaced review for wrong or nearly forgotten problems and suggest one similar variation.\n- #助"
+  },
   {
     "slug": "daily-brief",
     "title": "晨间简报",
@@ -8682,15 +9050,75 @@ function summarizeCostOverview(summaries, billingUnit) {
 
 // src/clients/kubectl-runtime.ts
 import { execFileSync, spawn, spawnSync } from "child_process";
-import { existsSync as existsSync2, mkdtempSync as mkdtempSync2, readFileSync as readFileSync2, rmSync as rmSync2, writeFileSync as writeFileSync2 } from "fs";
-import { homedir as homedir2, tmpdir as tmpdir2 } from "os";
-import { delimiter as delimiter2, join as join2 } from "path";
+import { existsSync as existsSync3, mkdtempSync as mkdtempSync2, rmSync as rmSync2, writeFileSync as writeFileSync2 } from "fs";
+import { tmpdir as tmpdir2 } from "os";
+import { delimiter as delimiter2, join as join3 } from "path";
 
 // src/services/deployment-runtime.service.ts
 import { createHash } from "crypto";
-import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "fs";
-import { homedir, tmpdir } from "os";
-import { delimiter, join } from "path";
+import { existsSync as existsSync2, mkdirSync, mkdtempSync, rmSync, writeFileSync } from "fs";
+import { homedir as homedir2, tmpdir } from "os";
+import { delimiter, join as join2 } from "path";
+
+// src/utils/kubeconfig-file.ts
+import { existsSync, readFileSync, statSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+function defaultKubeconfigPath() {
+  return join(homedir(), ".kube", "config");
+}
+function kubeconfigSetupHint() {
+  return "Configure KUBECONFIG_HOST_PATH or CLOUD_SAAS_CLUSTER_KUBECONFIG_HOST_PATH to an existing host kubeconfig file, or initialize/import a cluster before deploying.";
+}
+function assertReadableKubeconfigFile(kubeconfigPath, label = "Kubernetes kubeconfig") {
+  if (!existsSync(kubeconfigPath)) {
+    throw new Error(`${label} not found at ${kubeconfigPath}. ${kubeconfigSetupHint()}`);
+  }
+  let stat3;
+  try {
+    stat3 = statSync(kubeconfigPath);
+  } catch (err) {
+    throw new Error(
+      `Failed to inspect ${label} at ${kubeconfigPath}: ${err.message}. ` + kubeconfigSetupHint()
+    );
+  }
+  if (stat3.isDirectory()) {
+    throw new Error(
+      `${label} path ${kubeconfigPath} is a directory, not a file. This usually means Docker created the bind-mount target because the host kubeconfig file is missing. ` + kubeconfigSetupHint()
+    );
+  }
+  if (!stat3.isFile()) {
+    throw new Error(
+      `${label} path ${kubeconfigPath} is not a regular file. ${kubeconfigSetupHint()}`
+    );
+  }
+  if (stat3.size === 0) {
+    throw new Error(`${label} at ${kubeconfigPath} is empty. ${kubeconfigSetupHint()}`);
+  }
+}
+function readKubeconfigFile(kubeconfigPath, label = "Kubernetes kubeconfig") {
+  assertReadableKubeconfigFile(kubeconfigPath, label);
+  try {
+    return readFileSync(kubeconfigPath, "utf8");
+  } catch (err) {
+    throw new Error(
+      `Failed to read ${label} at ${kubeconfigPath}: ${err.message}. ` + kubeconfigSetupHint()
+    );
+  }
+}
+function findReadableKubeconfigPath(candidates, label = "Kubernetes kubeconfig") {
+  const uniqueCandidates = [
+    ...new Set(candidates.filter((candidate) => Boolean(candidate)))
+  ];
+  for (const candidate of uniqueCandidates) {
+    if (!existsSync(candidate)) continue;
+    assertReadableKubeconfigFile(candidate, label);
+    return candidate;
+  }
+  return void 0;
+}
+
+// src/services/deployment-runtime.service.ts
 function extractKubeContext(kubeconfigYaml) {
   const match = kubeconfigYaml.match(/current-context:\s*(\S+)/);
   return match?.[1];
@@ -8727,24 +9155,24 @@ function normalizeRuntimeEnvVars(envVars) {
   return normalized;
 }
 function getStableRuntimeKubeconfigPath(kubeconfigYaml) {
-  const runtimeDir = join(homedir(), ".shadowob", "kubeconfigs");
+  const runtimeDir = join2(homedir2(), ".shadowob", "kubeconfigs");
   mkdirSync(runtimeDir, { recursive: true });
   const hash = createHash("sha256").update(kubeconfigYaml).digest("hex");
-  const kubeconfigPath = join(runtimeDir, `${hash}.yaml`);
-  if (!existsSync(kubeconfigPath)) {
+  const kubeconfigPath = join2(runtimeDir, `${hash}.yaml`);
+  if (!existsSync2(kubeconfigPath)) {
     writeFileSync(kubeconfigPath, kubeconfigYaml, { mode: 384 });
   }
   return kubeconfigPath;
 }
 function isContainerizedRuntime() {
-  return process.env.SHADOW_CONTAINERIZED === "1" || existsSync("/.dockerenv");
+  return process.env.SHADOW_CONTAINERIZED === "1" || existsSync2("/.dockerenv");
 }
 function getHostLocalRuntimeKubeconfigPaths() {
   const candidates = [process.env.KUBECONFIG_HOST_PATH?.trim()];
   if (!isContainerizedRuntime()) {
     candidates.push(
       ...process.env.KUBECONFIG?.split(delimiter).map((candidate) => candidate.trim()).filter((candidate) => candidate.length > 0) ?? [],
-      join(homedir(), ".kube", "config")
+      defaultKubeconfigPath()
     );
   }
   return [...new Set(candidates.filter((candidate) => Boolean(candidate)))];
@@ -8757,17 +9185,17 @@ function resolveAmbientRuntimeKubeconfigPath() {
   const candidates = [
     ...process.env.KUBECONFIG?.split(delimiter).map((candidate) => candidate.trim()).filter((candidate) => candidate.length > 0) ?? [],
     process.env.KUBECONFIG_HOST_PATH?.trim(),
-    join(homedir(), ".kube", "config")
+    defaultKubeconfigPath()
   ].filter((candidate) => Boolean(candidate));
-  return candidates.find((candidate) => existsSync(candidate));
+  return findReadableKubeconfigPath(candidates, "Cloud SaaS Kubernetes kubeconfig");
 }
 var DeploymentRuntimeService = class {
   constructor(deployService) {
     this.deployService = deployService;
   }
   async deployFromSnapshot(options) {
-    const configDir = mkdtempSync(join(tmpdir(), "sc-cfg-"));
-    const configPath = join(configDir, "shadowob-cloud.json");
+    const configDir = mkdtempSync(join2(tmpdir(), "sc-cfg-"));
+    const configPath = join2(configDir, "shadowob-cloud.json");
     writeFileSync(configPath, JSON.stringify(options.configSnapshot, null, 2), "utf-8");
     const {
       configSnapshot: _configSnapshot,
@@ -8820,7 +9248,7 @@ var DeploymentRuntimeService = class {
     let k8sContext;
     let kubeConfigPath;
     const activeKubeconfigPath = resolveAmbientRuntimeKubeconfigPath();
-    const activeKubeconfig = cluster?.kubeconfig ? cluster.kubeconfig : activeKubeconfigPath ? readFileSync(activeKubeconfigPath, "utf8") : void 0;
+    const activeKubeconfig = cluster?.kubeconfig ? cluster.kubeconfig : activeKubeconfigPath ? readKubeconfigFile(activeKubeconfigPath, "Cloud SaaS Kubernetes kubeconfig") : void 0;
     if (activeKubeconfig) {
       const shouldRewriteLoopback = Boolean(
         cluster?.kubeconfig || activeKubeconfigPath && !isHostLocalRuntimeKubeconfigPath(activeKubeconfigPath)
@@ -8845,14 +9273,14 @@ function volumeSnapshotApiAvailableFromOutput(output2) {
   );
 }
 function isContainerizedRuntime2() {
-  return process.env.SHADOW_CONTAINERIZED === "1" || existsSync2("/.dockerenv");
+  return process.env.SHADOW_CONTAINERIZED === "1" || existsSync3("/.dockerenv");
 }
 function getHostLocalKubeconfigPaths() {
   const candidates = [process.env.KUBECONFIG_HOST_PATH?.trim()];
   if (!isContainerizedRuntime2()) {
     candidates.push(
       ...process.env.KUBECONFIG?.split(delimiter2).map((candidate) => candidate.trim()).filter((candidate) => candidate.length > 0) ?? [],
-      join2(homedir2(), ".kube", "config")
+      defaultKubeconfigPath()
     );
   }
   return [...new Set(candidates.filter((candidate) => Boolean(candidate)))];
@@ -8866,22 +9294,23 @@ function extractCurrentContext(kubeconfigYaml) {
 }
 function resolveAmbientKubeconfig() {
   const envCandidates = process.env.KUBECONFIG?.split(delimiter2).map((candidate) => candidate.trim()).filter((candidate) => candidate.length > 0) ?? [];
-  const kubeconfigPath = [
+  const candidates = [
     ...envCandidates,
     process.env.KUBECONFIG_HOST_PATH?.trim(),
-    join2(homedir2(), ".kube", "config")
-  ].filter((candidate) => Boolean(candidate)).find((candidate) => existsSync2(candidate));
+    defaultKubeconfigPath()
+  ].filter((candidate) => Boolean(candidate));
+  const kubeconfigPath = findReadableKubeconfigPath(candidates, "Kubernetes kubectl kubeconfig");
   if (!kubeconfigPath) {
     return void 0;
   }
   return {
-    kubeconfig: readFileSync2(kubeconfigPath, "utf-8"),
+    kubeconfig: readKubeconfigFile(kubeconfigPath, "Kubernetes kubectl kubeconfig"),
     shouldRewriteLoopback: !isHostLocalKubeconfigPath(kubeconfigPath)
   };
 }
 function createTempKubeconfig(kubeconfig, includeAmbientContext = false, rewriteLoopback = true) {
-  const dir = mkdtempSync2(join2(tmpdir2(), "sc-saas-kube-"));
-  const path = join2(dir, "kubeconfig");
+  const dir = mkdtempSync2(join3(tmpdir2(), "sc-saas-kube-"));
+  const path = join3(dir, "kubeconfig");
   const rewritten = rewriteLoopback ? rewriteLoopbackKubeconfig(kubeconfig, process.env.KUBECONFIG_LOOPBACK_HOST) : kubeconfig;
   writeFileSync2(path, rewritten, { mode: 384 });
   const args = ["--kubeconfig", path];
@@ -8944,6 +9373,83 @@ function execKubectl(args, kubeconfig, timeout = 3e3) {
     })
   );
 }
+function tryExecKubectl(args, kubeconfig, timeout = 5e3) {
+  try {
+    return execKubectl(args, kubeconfig, timeout);
+  } catch {
+    return null;
+  }
+}
+function resourceOutputHas(output2, resourceName) {
+  return Boolean(
+    output2?.split(/\s+/).map((item) => item.trim()).some((item) => item === resourceName)
+  );
+}
+function checkAgentSandboxPreflight(options) {
+  const missing = [];
+  const warnings = [];
+  const kubeconfig = options?.kubeconfig;
+  const extensionResources = tryExecKubectl(
+    ["api-resources", "--api-group", "extensions.agents.x-k8s.io", "-o", "name"],
+    kubeconfig
+  );
+  if (!resourceOutputHas(extensionResources, "sandboxtemplates")) {
+    missing.push("CRD sandboxtemplates.extensions.agents.x-k8s.io");
+  }
+  if (!resourceOutputHas(extensionResources, "sandboxclaims")) {
+    missing.push("CRD sandboxclaims.extensions.agents.x-k8s.io");
+  }
+  const coreResources = tryExecKubectl(
+    ["api-resources", "--api-group", "agents.x-k8s.io", "-o", "name"],
+    kubeconfig
+  );
+  if (!resourceOutputHas(coreResources, "sandboxes")) {
+    missing.push("CRD sandboxes.agents.x-k8s.io");
+  }
+  const controllerOutput = tryExecKubectl(
+    ["-n", "agent-sandbox-system", "get", "deployment", "agent-sandbox-controller", "-o", "json"],
+    kubeconfig,
+    1e4
+  );
+  if (!controllerOutput) {
+    missing.push("deployment/agent-sandbox-controller in namespace agent-sandbox-system");
+  } else {
+    try {
+      const controller = JSON.parse(controllerOutput);
+      const status = controller.status ?? {};
+      if ((status.availableReplicas ?? 0) < 1) {
+        missing.push("Ready agent-sandbox controller");
+      }
+    } catch {
+      missing.push("Readable agent-sandbox controller status");
+    }
+  }
+  const runtimeClassNames = [
+    ...new Set(
+      [options?.runtimeClassName, ...options?.runtimeClassNames ?? []].map((name) => name?.trim()).filter((name) => Boolean(name))
+    )
+  ];
+  for (const runtimeClassName of runtimeClassNames) {
+    const runtimeClass = tryExecKubectl(["get", "runtimeclass", runtimeClassName], kubeconfig);
+    if (!runtimeClass) {
+      missing.push(`RuntimeClass ${runtimeClassName}`);
+    }
+  }
+  const sandboxNodes = tryExecKubectl(
+    ["get", "nodes", "-l", "shadowob.com/sandbox-ready=true", "-o", "name"],
+    kubeconfig
+  );
+  if (!sandboxNodes?.trim()) {
+    warnings.push("No nodes are labeled shadowob.com/sandbox-ready=true");
+  }
+  return {
+    ok: missing.length === 0,
+    missing,
+    warnings,
+    runtimeClassName: runtimeClassNames[0],
+    runtimeClassNames
+  };
+}
 function execKubectlAsync(args, kubeconfig, timeout = 3e3) {
   return withKubeconfigAsync(
     kubeconfig,
@@ -9594,25 +10100,25 @@ function deleteNamespace(namespace, kubeconfig) {
 
 // src/cluster/kubeconfig.ts
 import {
-  existsSync as existsSync3,
+  existsSync as existsSync4,
   mkdirSync as mkdirSync2,
   readdirSync,
-  readFileSync as readFileSync3,
+  readFileSync as readFileSync2,
   unlinkSync,
   writeFileSync as writeFileSync3
 } from "fs";
 import { homedir as homedir3 } from "os";
-import { join as join3, resolve } from "path";
+import { join as join4, resolve } from "path";
 function getClustersDir() {
   return resolve(homedir3(), ".shadow-cloud", "clusters");
 }
 function getKubeconfigPath(clusterName) {
-  return join3(getClustersDir(), `${clusterName}.yaml`);
+  return join4(getClustersDir(), `${clusterName}.yaml`);
 }
 function getMetaPath(clusterName) {
-  return join3(getClustersDir(), `${clusterName}.json`);
+  return join4(getClustersDir(), `${clusterName}.json`);
 }
-function storeKubeconfig(clusterName, rawKubeconfig, masterPublicIp, nodeCount) {
+function storeKubeconfig(clusterName, rawKubeconfig, masterPublicIp, nodeCount, options) {
   const dir = getClustersDir();
   mkdirSync2(dir, { recursive: true });
   const kubeconfig = rawKubeconfig.replace(/https?:\/\/127\.0\.0\.1/g, `https://${masterPublicIp}`);
@@ -9623,14 +10129,16 @@ function storeKubeconfig(clusterName, rawKubeconfig, masterPublicIp, nodeCount)
     masterHost: masterPublicIp,
     nodeCount,
     createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-    kubeconfigPath
+    kubeconfigPath,
+    ...options?.configHash ? { configHash: options.configHash } : {},
+    ...options?.features ? { features: options.features } : {}
   };
   writeFileSync3(getMetaPath(clusterName), JSON.stringify(meta, null, 2), { mode: 384 });
   return meta;
 }
 function loadKubeconfigPath(clusterName) {
   const path = getKubeconfigPath(clusterName);
-  if (!existsSync3(path)) {
+  if (!existsSync4(path)) {
     throw new Error(
       `Cluster "${clusterName}" not found.
 Run: shadowob-cloud cluster init --config cluster.json`
@@ -9638,12 +10146,21 @@ Run: shadowob-cloud cluster init --config cluster.json`
   }
   return path;
 }
+function loadClusterMeta(clusterName) {
+  const path = getMetaPath(clusterName);
+  if (!existsSync4(path)) return null;
+  try {
+    return JSON.parse(readFileSync2(path, "utf8"));
+  } catch {
+    return null;
+  }
+}
 function listRegisteredClusters() {
   const dir = getClustersDir();
-  if (!existsSync3(dir)) return [];
+  if (!existsSync4(dir)) return [];
   return readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => {
     try {
-      return JSON.parse(readFileSync3(join3(dir, f), "utf8"));
+      return JSON.parse(readFileSync2(join4(dir, f), "utf8"));
     } catch {
       return null;
     }
@@ -9652,7 +10169,7 @@ function listRegisteredClusters() {
 function importKubeconfig(clusterName, kubeconfigFilePath) {
   const dir = getClustersDir();
   mkdirSync2(dir, { recursive: true });
-  const raw = readFileSync3(kubeconfigFilePath, "utf8");
+  const raw = readFileSync2(kubeconfigFilePath, "utf8");
   const serverMatch = raw.match(/server:\s*https?:\/\/([^/\s]+)/);
   const rawHost = serverMatch?.[1] ?? "unknown";
   const masterHost = rawHost.replace(/:\d+$/, "");
@@ -9672,33 +10189,52 @@ function importKubeconfig(clusterName, kubeconfigFilePath) {
 function removeClusterFiles(clusterName) {
   const kubeconfig = getKubeconfigPath(clusterName);
   const meta = getMetaPath(clusterName);
-  if (existsSync3(kubeconfig)) unlinkSync(kubeconfig);
-  if (existsSync3(meta)) unlinkSync(meta);
+  if (existsSync4(kubeconfig)) unlinkSync(kubeconfig);
+  if (existsSync4(meta)) unlinkSync(meta);
 }
 
 // src/cluster/parser.ts
-import { readFileSync as readFileSync4 } from "fs";
+import { readFileSync as readFileSync3 } from "fs";
 import { homedir as homedir4 } from "os";
 import { resolve as resolve2 } from "path";
 
 // src/cluster/schema.ts
 import { z } from "zod";
-var NodeRoleSchema = z.enum(["master", "worker"]);
-var NodeConfigSchema = z.object({
-  /** Node role in the cluster */
-  role: NodeRoleSchema,
-  /** Public IP or hostname */
-  host: z.string().min(1),
-  /** SSH port (default: 22) */
-  port: z.number().int().min(1).max(65535).default(22),
-  /** SSH username */
-  user: z.string().min(1),
-  /** Path to SSH private key (supports ~) — mutually inclusive with or exclusive of password */
-  sshKeyPath: z.string().optional(),
-  /** SSH password — use ${env:VAR} to avoid storing plaintext */
-  password: z.string().optional()
-}).refine((n) => n.sshKeyPath !== void 0 || n.password !== void 0, {
-  message: "Each node must have either sshKeyPath or password"
+var K8S_LABEL_KEY_RE = /^([A-Za-z0-9][-A-Za-z0-9_.]*[A-Za-z0-9]\/)?[A-Za-z0-9]([-A-Za-z0-9_.]*[A-Za-z0-9])?$/;
+var K8S_LABEL_VALUE_RE = /^(([A-Za-z0-9][-A-Za-z0-9_.]*[A-Za-z0-9])?)$/;
+var KubernetesLabelMapSchema = z.record(
+  z.string().min(1).regex(K8S_LABEL_KEY_RE, "Invalid Kubernetes label key"),
+  z.string().max(63).regex(K8S_LABEL_VALUE_RE, "Invalid Kubernetes label value")
+);
+var ImageReferenceSchema = z.string().min(1).regex(/^\S+$/, "image must not contain whitespace");
+var ClusterContainerdRegistriesSchema = z.object({
+  /**
+   * k3s containerd mirrors. Written to /etc/rancher/k3s/registries.yaml as JSON/YAML.
+   * Example: { "docker.io": { "endpoint": ["https://registry-1.docker.io"] } }
+   */
+  mirrors: z.record(
+    z.string().min(1),
+    z.object({
+      endpoint: z.array(z.string().url()).min(1)
+    })
+  ).optional(),
+  configs: z.record(
+    z.string().min(1),
+    z.object({
+      auth: z.object({
+        username: z.string().optional(),
+        password: z.string().optional(),
+        auth: z.string().optional(),
+        identityToken: z.string().optional()
+      }).optional(),
+      tls: z.object({
+        caFile: z.string().optional(),
+        certFile: z.string().optional(),
+        keyFile: z.string().optional(),
+        insecureSkipVerify: z.boolean().optional()
+      }).optional()
+    })
+  ).optional()
 });
 var ClusterInstallConfigSchema = z.object({
   /** k3s release version. Example: v1.35.4+k3s1 */
@@ -9714,7 +10250,86 @@ var ClusterInstallConfigSchema = z.object({
   /** Registry prefix used by k3s for bundled system images. */
   systemDefaultRegistry: z.string().min(1).regex(/^\S+$/, "systemDefaultRegistry must not contain whitespace").optional(),
   /** Sandbox pause image used by k3s/containerd. Useful when Docker Hub is unreachable. */
-  pauseImage: z.string().min(1).regex(/^\S+$/, "pauseImage must not contain whitespace").optional()
+  pauseImage: z.string().min(1).regex(/^\S+$/, "pauseImage must not contain whitespace").optional(),
+  /** Optional k3s containerd registry mirrors/auth config for workload images. */
+  registries: ClusterContainerdRegistriesSchema.optional()
+});
+var AGENT_SANDBOX_DEFAULT_VERSION = "v0.4.5";
+var AGENT_SANDBOX_DEFAULT_RUNTIME_CLASS = "shadow-runc";
+var AGENT_SANDBOX_DEFAULT_RUNTIME_HANDLER = "runc";
+var RuntimeClassNameSchema = z.string().min(1).regex(/^[a-z0-9]([-a-z0-9]*[a-z0-9])?$/, "runtimeClassName must be a Kubernetes DNS label");
+var ClusterSandboxFeatureConfigSchema = z.object({
+  /** Enable agent-sandbox as a cluster capability. */
+  enabled: z.boolean().default(true),
+  /** Install/upgrade the upstream CRDs and controller during cluster init/apply. */
+  install: z.boolean().default(true),
+  /** Pinned upstream agent-sandbox release used to build default manifest URLs. */
+  version: z.string().min(1).regex(/^v\d+\.\d+\.\d+(?:[-+][A-Za-z0-9._-]+)?$/, "version must look like v0.4.5").default(AGENT_SANDBOX_DEFAULT_VERSION),
+  /**
+   * Optional manifest URLs. Defaults to the upstream release manifest.yaml and extensions.yaml.
+   * Use mirrored URLs for restricted networks.
+   */
+  manifestUrls: z.array(z.string().url()).min(1).optional(),
+  /** Optional controller image override, useful for domestic/private registries. */
+  controllerImage: ImageReferenceSchema.optional(),
+  /** RuntimeClass injected into generated Cloud SaaS sandbox configs. */
+  runtimeClassName: RuntimeClassNameSchema.default(AGENT_SANDBOX_DEFAULT_RUNTIME_CLASS),
+  /** Create RuntimeClass automatically. Disable when the cluster already provides gvisor/runsc. */
+  createRuntimeClass: z.boolean().default(true),
+  /** RuntimeClass handler used when createRuntimeClass is true. */
+  runtimeClassHandler: z.string().min(1).regex(/^\S+$/, "runtimeClassHandler must not contain whitespace").default(AGENT_SANDBOX_DEFAULT_RUNTIME_HANDLER),
+  /** Wait timeout for CRDs/controller readiness. */
+  waitTimeoutSeconds: z.number().int().min(30).max(1200).default(300),
+  /** Fail cluster init/apply when sandbox cannot be verified. */
+  required: z.boolean().default(true),
+  /** Label selector injected into sandbox workloads unless templates override it. */
+  nodeSelector: KubernetesLabelMapSchema.default({ "shadowob.com/sandbox-ready": "true" }),
+  /** Run a real SandboxTemplate/SandboxClaim smoke after install/verify. */
+  smokeTest: z.boolean().default(false),
+  /** Image used by the optional smoke test. Mirror this for restricted networks. */
+  smokeImage: ImageReferenceSchema.default("busybox:1.36")
+}).refine((sandbox) => !sandbox.createRuntimeClass || Boolean(sandbox.runtimeClassHandler), {
+  path: ["runtimeClassHandler"],
+  message: "runtimeClassHandler is required when createRuntimeClass is true"
+});
+var ClusterSandboxFeatureSchema = z.union([z.boolean(), ClusterSandboxFeatureConfigSchema]);
+var ClusterFeaturesSchema = z.object({
+  /** agent-sandbox CRDs/controller/runtime-class management. */
+  sandbox: ClusterSandboxFeatureSchema.optional()
+});
+var NodeRoleSchema = z.enum(["master", "worker"]);
+var NodeConfigSchema = z.object({
+  /** Node role in the cluster */
+  role: NodeRoleSchema,
+  /** Public IP or hostname */
+  host: z.string().min(1),
+  /** SSH port (default: 22) */
+  port: z.number().int().min(1).max(65535).default(22),
+  /** SSH username */
+  user: z.string().min(1),
+  /** Path to SSH private key (supports ~) — mutually inclusive with or exclusive of password */
+  sshKeyPath: z.string().optional(),
+  /** SSH private key passphrase — use ${env:VAR} to avoid storing plaintext */
+  sshKeyPassphrase: z.string().optional(),
+  /**
+   * SSH agent socket. Use true for SSH_AUTH_SOCK, or a socket path/template.
+   * Useful for encrypted private keys already loaded into an agent.
+   */
+  sshAgent: z.union([z.boolean(), z.string().min(1)]).optional(),
+  /** SSH password — use ${env:VAR} to avoid storing plaintext */
+  password: z.string().optional(),
+  /** Optional per-node k3s installer overrides for mixed-region clusters. */
+  install: ClusterInstallConfigSchema.optional(),
+  /** Region label applied during cluster init/apply, e.g. cn or us. */
+  region: z.string().min(1).max(63).regex(K8S_LABEL_VALUE_RE).optional(),
+  /** Extra Kubernetes node labels applied during cluster init/apply. */
+  labels: KubernetesLabelMapSchema.optional(),
+  /** Per-node feature flags used for mixed-capability clusters. */
+  features: z.object({
+    sandbox: z.boolean().optional()
+  }).optional()
+}).refine((n) => n.sshKeyPath !== void 0 || n.password !== void 0 || n.sshAgent, {
+  message: "Each node must have either sshKeyPath, password, or sshAgent"
 });
 var ClusterProviderSchema = z.enum(["ssh"]);
 var ClusterConfigSchema = z.object({
@@ -9726,7 +10341,9 @@ var ClusterConfigSchema = z.object({
   /** List of nodes */
   nodes: z.array(NodeConfigSchema).min(1),
   /** Optional k3s installer settings for restricted networks or pinned versions. */
-  install: ClusterInstallConfigSchema.optional()
+  install: ClusterInstallConfigSchema.optional(),
+  /** Optional cluster capabilities managed by cluster init/apply. */
+  features: ClusterFeaturesSchema.optional()
 }).refine((c) => c.nodes.filter((n) => n.role === "master").length === 1, {
   message: "Cluster must have exactly one master node"
 });
@@ -9749,7 +10366,7 @@ function readClusterConfig(filePath) {
   const abs = resolve2(filePath);
   let raw;
   try {
-    raw = JSON.parse(readFileSync4(abs, "utf8"));
+    raw = JSON.parse(readFileSync3(abs, "utf8"));
   } catch (err) {
     throw new Error(`Failed to read cluster config at ${abs}: ${err.message}`);
   }
@@ -9762,14 +10379,57 @@ ${issues.join("\n")}`);
   return result.data;
 }
 function resolveNodeCredentials(node) {
+  let sshAgent;
+  if (node.sshAgent === true) {
+    sshAgent = process.env.SSH_AUTH_SOCK;
+    if (!sshAgent) {
+      throw new Error("SSH_AUTH_SOCK is not set (required by cluster.json sshAgent=true)");
+    }
+  } else if (typeof node.sshAgent === "string") {
+    sshAgent = resolveEnvTemplate(node.sshAgent);
+  }
   return {
     host: node.host,
     port: node.port,
     user: node.user,
     sshKeyPath: node.sshKeyPath ? expandHome(node.sshKeyPath) : void 0,
+    sshKeyPassphrase: node.sshKeyPassphrase ? resolveEnvTemplate(node.sshKeyPassphrase) : void 0,
+    sshAgent,
     password: node.password ? resolveEnvTemplate(node.password) : void 0
   };
 }
+function resolveNodeInstallConfig(clusterInstall, node) {
+  const merged = { ...clusterInstall, ...node.install };
+  return Object.keys(merged).length > 0 ? merged : void 0;
+}
+function defaultAgentSandboxManifestUrls(version = AGENT_SANDBOX_DEFAULT_VERSION) {
+  return [
+    `https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${version}/manifest.yaml`,
+    `https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${version}/extensions.yaml`
+  ];
+}
+function resolveClusterSandboxConfig(config) {
+  const sandbox = config.features?.sandbox;
+  if (sandbox === void 0 || sandbox === false) return null;
+  const normalized = sandbox === true ? {
+    enabled: true,
+    install: true,
+    version: AGENT_SANDBOX_DEFAULT_VERSION,
+    runtimeClassName: AGENT_SANDBOX_DEFAULT_RUNTIME_CLASS,
+    createRuntimeClass: true,
+    runtimeClassHandler: AGENT_SANDBOX_DEFAULT_RUNTIME_HANDLER,
+    waitTimeoutSeconds: 300,
+    required: true,
+    nodeSelector: { "shadowob.com/sandbox-ready": "true" },
+    smokeTest: false,
+    smokeImage: "busybox:1.36"
+  } : sandbox;
+  if (!normalized.enabled) return null;
+  return {
+    ...normalized,
+    manifestUrls: normalized.manifestUrls && normalized.manifestUrls.length > 0 ? normalized.manifestUrls : defaultAgentSandboxManifestUrls(normalized.version)
+  };
+}
 function getMasterNode(config) {
   const master = config.nodes.find((n) => n.role === "master");
   if (!master) throw new Error("No master node found in cluster config");
@@ -9831,14 +10491,14 @@ import chalk2 from "chalk";
 import { Command as Command17 } from "commander";
 
 // src/utils/env.ts
-import { existsSync as existsSync4 } from "fs";
+import { existsSync as existsSync5 } from "fs";
 import { resolve as resolve3 } from "path";
 function loadEnvFiles(paths) {
   const loaded = [];
   if (paths && paths.length > 0) {
     for (const p of paths) {
       const abs = resolve3(p);
-      if (!existsSync4(abs)) {
+      if (!existsSync5(abs)) {
         throw new Error(`Env file not found: ${abs}`);
       }
       process.loadEnvFile(abs);
@@ -9846,7 +10506,7 @@ function loadEnvFiles(paths) {
     }
   } else {
     const defaultPath = resolve3(".env");
-    if (existsSync4(defaultPath)) {
+    if (existsSync5(defaultPath)) {
       process.loadEnvFile(defaultPath);
       loaded.push(defaultPath);
     }
@@ -9856,12 +10516,51 @@ function loadEnvFiles(paths) {
 
 // src/interfaces/cli/build.command.ts
 import { spawn as spawn2 } from "child_process";
-import { existsSync as existsSync5, mkdtempSync as mkdtempSync3, rmSync as rmSync3, writeFileSync as writeFileSync4 } from "fs";
+import { existsSync as existsSync6, mkdtempSync as mkdtempSync3, rmSync as rmSync3, writeFileSync as writeFileSync4 } from "fs";
 import { tmpdir as tmpdir3 } from "os";
-import { join as join4, resolve as resolve4 } from "path";
+import { join as join5, resolve as resolve4 } from "path";
 import { Command } from "commander";
 
 // src/infra/plugin-k8s.ts
+var COLON_SEPARATED_ENV_KEYS = /* @__PURE__ */ new Set(["PATH", "PYTHONPATH", "NODE_PATH"]);
+var DEFAULT_CONTAINER_PATH_PARTS = [
+  "/usr/local/sbin",
+  "/usr/local/bin",
+  "/usr/sbin",
+  "/usr/bin",
+  "/sbin",
+  "/bin"
+];
+function uniquePathParts(parts) {
+  const out = [];
+  for (const part of parts) {
+    if (!part || out.includes(part)) continue;
+    out.push(part);
+  }
+  return out;
+}
+function mergeColonSeparatedEnvValue(key, current, next) {
+  const parts = [...current.split(":"), ...next.split(":")];
+  if (key !== "PATH") return uniquePathParts(parts).join(":");
+  const defaults = new Set(DEFAULT_CONTAINER_PATH_PARTS);
+  const pluginParts = parts.filter((part) => part && !defaults.has(part));
+  const defaultParts = parts.filter((part) => defaults.has(part));
+  return uniquePathParts([...pluginParts, ...defaultParts]).join(":");
+}
+function mergePluginEnvVars(target, incoming) {
+  for (const envVar of incoming) {
+    if (typeof envVar.name === "string" && typeof envVar.value === "string" && COLON_SEPARATED_ENV_KEYS.has(envVar.name)) {
+      const existing = target.find(
+        (candidate) => candidate.name === envVar.name && typeof candidate.value === "string"
+      );
+      if (existing && typeof existing.value === "string") {
+        existing.value = mergeColonSeparatedEnvValue(envVar.name, existing.value, envVar.value);
+        continue;
+      }
+    }
+    target.push(envVar);
+  }
+}
 function collectPluginK8sArtifacts(agent, config, namespace) {
   const result = {
     initContainers: [],
@@ -9899,9 +10598,7 @@ function collectPluginK8sArtifacts(agent, config, namespace) {
     if (artifacts.volumeMounts?.length) {
       result.volumeMounts.push(...artifacts.volumeMounts);
     }
-    if (artifacts.envVars?.length) {
-      result.envVars.push(...artifacts.envVars);
-    }
+    if (artifacts.envVars?.length) mergePluginEnvVars(result.envVars, artifacts.envVars);
     if (artifacts.labels) {
       Object.assign(result.labels, artifacts.labels);
     }
@@ -9932,7 +10629,7 @@ function createBuildCommand(container) {
   return new Command("build").description("Build Docker images for agents using build-image git source strategy").option("-f, --file <path>", "Config file path", "shadowob-cloud.json").option("-a, --agent <id>", "Build a specific agent (default: all build-image agents)").option("--push", "Push image(s) after building").option("--no-cache", "Pass --no-cache to docker build").option("--platform <platform>", "Target platform(s) e.g. linux/amd64,linux/arm64").option("--tag <tag>", "Override image tag (only valid with --agent)").option("--output-dockerfile", "Print generated Dockerfile(s) to stdout, skip building").action(
     async (options) => {
       const filePath = resolve4(options.file);
-      if (!existsSync5(filePath)) {
+      if (!existsSync6(filePath)) {
         container.logger.error(`Config file not found: ${filePath}`);
         process.exit(1);
       }
@@ -9972,8 +10669,8 @@ function createBuildCommand(container) {
           continue;
         }
         container.logger.step(`Building image for ${agent.id}: ${imageTag2}`);
-        const tmpDir = mkdtempSync3(join4(tmpdir3(), `shadowob-cloud-build-${agent.id}-`));
-        const dockerfilePath = join4(tmpDir, "Dockerfile");
+        const tmpDir = mkdtempSync3(join5(tmpdir3(), `shadowob-cloud-build-${agent.id}-`));
+        const dockerfilePath = join5(tmpDir, "Dockerfile");
         writeFileSync4(dockerfilePath, dockerfile, "utf-8");
         try {
           const buildArgs = ["build", "-t", imageTag2, "-f", dockerfilePath, tmpDir];
@@ -10013,21 +10710,35 @@ import chalk from "chalk";
 import { Command as Command2 } from "commander";
 function createClusterCommand(container) {
   const cluster = new Command2("cluster").description(
-    "Manage bare-server k3s clusters (init, status, list, destroy)"
+    "Manage bare-server k3s clusters (init, apply, status, list, destroy)"
   );
-  cluster.command("init").description("Bootstrap a k3s cluster on bare servers").option("-c, --config <path>", "Path to cluster.json", "cluster.json").option("--force", "Reinstall k3s even if already installed on nodes").action(async (options) => {
+  async function applyClusterConfig(options) {
+    const config = readClusterConfig(options.config);
+    container.logger.info(`Applying cluster "${config.name}" from ${options.config}...`);
+    const meta = await container.cluster.init(
+      config,
+      (msg) => {
+        container.logger.dim(msg);
+      },
+      options.force
+    );
+    container.logger.success(`Cluster "${meta.name}" ready! Kubeconfig: ${meta.kubeconfigPath}`);
+    container.logger.info(
+      `Edit ${options.config} and run this command again to add newly listed nodes.`
+    );
+    container.logger.info(`Deploy agents: shadowob-cloud up --cluster ${meta.name}`);
+  }
+  cluster.command("init").description("Bootstrap or update a k3s cluster on bare servers").option("-c, --config <path>", "Path to cluster.json", "cluster.json").option("--force", "Reinstall k3s even if already installed on nodes").action(async (options) => {
     try {
-      const config = readClusterConfig(options.config);
-      container.logger.info(`Initializing cluster "${config.name}"...`);
-      const meta = await container.cluster.init(
-        config,
-        (msg) => {
-          container.logger.dim(msg);
-        },
-        options.force
-      );
-      container.logger.success(`Cluster "${meta.name}" ready! Kubeconfig: ${meta.kubeconfigPath}`);
-      container.logger.info(`Deploy agents: shadowob-cloud up --cluster ${meta.name}`);
+      await applyClusterConfig(options);
+    } catch (err) {
+      container.logger.error(err.message);
+      process.exit(1);
+    }
+  });
+  cluster.command("apply").description("Apply cluster.json idempotently and add newly listed nodes").option("-c, --config <path>", "Path to cluster.json", "cluster.json").option("--force", "Reinstall k3s even if already installed on nodes").action(async (options) => {
+    try {
+      await applyClusterConfig(options);
     } catch (err) {
       container.logger.error(err.message);
       process.exit(1);
@@ -10144,13 +10855,13 @@ function createClusterCommand(container) {
 }
 
 // src/interfaces/cli/costs.command.ts
-import { existsSync as existsSync6 } from "fs";
+import { existsSync as existsSync7 } from "fs";
 import { resolve as resolve5 } from "path";
 import { Command as Command3 } from "commander";
 async function resolveNamespace(container, file, namespace) {
   if (namespace) return namespace;
   const filePath = resolve5(file);
-  if (!existsSync6(filePath)) return "shadowob-cloud";
+  if (!existsSync7(filePath)) return "shadowob-cloud";
   try {
     const config = await container.config.parseFile(filePath);
     return config.deployments?.namespace ?? "shadowob-cloud";
@@ -10220,7 +10931,7 @@ function createCostsCommand(container) {
 
 // src/interfaces/cli/doctor.command.ts
 import { execSync } from "child_process";
-import { existsSync as existsSync7, readFileSync as readFileSync5 } from "fs";
+import { existsSync as existsSync8, readFileSync as readFileSync4 } from "fs";
 import { platform } from "os";
 import { Command as Command4 } from "commander";
 function getVersion(cmd, versionFlag = "--version") {
@@ -10374,10 +11085,10 @@ function createDoctorCommand(container) {
           });
         }
       }
-      if (existsSync7(".env")) {
+      if (existsSync8(".env")) {
         let inGitignore = false;
-        if (existsSync7(".gitignore")) {
-          const gitignore = readFileSync5(".gitignore", "utf-8");
+        if (existsSync8(".gitignore")) {
+          const gitignore = readFileSync4(".gitignore", "utf-8");
           inGitignore = gitignore.split("\n").some((line) => line.trim() === ".env");
         }
         secResults.push({
@@ -10432,7 +11143,7 @@ function createDoctorCommand(container) {
 }
 
 // src/interfaces/cli/down.command.ts
-import { existsSync as existsSync8 } from "fs";
+import { existsSync as existsSync9 } from "fs";
 import { resolve as resolve6 } from "path";
 import { Command as Command5 } from "commander";
 function createDownCommand(container) {
@@ -10441,7 +11152,7 @@ function createDownCommand(container) {
       const filePath = resolve6(options.file);
       let namespace = options.namespace;
       let config;
-      if (existsSync8(filePath)) {
+      if (existsSync9(filePath)) {
         try {
           config = await container.config.parseFile(filePath);
           namespace = namespace ?? config.deployments?.namespace;
@@ -10510,7 +11221,7 @@ function createDownCommand(container) {
 }
 
 // src/interfaces/cli/generate.command.ts
-import { existsSync as existsSync9, mkdirSync as mkdirSync3, readFileSync as readFileSync6, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync10, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync5 } from "fs";
 import { dirname, resolve as resolve7 } from "path";
 import { fileURLToPath } from "url";
 import { Command as Command6 } from "commander";
@@ -10520,7 +11231,7 @@ function createGenerateCommand(container) {
     new Command6("manifests").description("Generate K8s YAML/JSON manifests").option("-f, --file <path>", "Config file path", "shadowob-cloud.json").option("-o, --output <dir>", "Output directory", ".shadowob-manifests").option("-n, --namespace <ns>", "Kubernetes namespace").option("--provision-url <url>", "Shadow server URL (for NetworkPolicy egress)").action(
       async (options) => {
         const filePath = resolve7(options.file);
-        if (!existsSync9(filePath)) {
+        if (!existsSync10(filePath)) {
           container.logger.error(`Config file not found: ${filePath}`);
           process.exit(1);
         }
@@ -10553,11 +11264,11 @@ function createGenerateCommand(container) {
   cmd.addCommand(
     new Command6("openclaw-config").description("Generate OpenClaw config.json for a specific agent").argument("<agent>", "Agent ID").option("-f, --file <path>", "Config file path", "shadowob-cloud.json").option("-o, --output <path>", "Output file path").action(async (agent, options) => {
       const filePath = resolve7(options.file);
-      if (!existsSync9(filePath)) {
+      if (!existsSync10(filePath)) {
         container.logger.error(`Config file not found: ${filePath}`);
         process.exit(1);
       }
-      const { loadAllPlugins, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-HZBWK3WQ.js");
+      const { loadAllPlugins, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-2MITZ4ZD.js");
       await loadAllPlugins(getPluginRegistry2());
       const outputPath = options.output ? resolve7(options.output) : void 0;
       const configCwd = dirname(filePath);
@@ -10589,13 +11300,13 @@ function createGenerateCommand(container) {
         "schemas",
         "config.schema.json"
       );
-      if (!existsSync9(schemaPath)) {
+      if (!existsSync10(schemaPath)) {
         container.logger.error(
           "Schema file not found. Run `pnpm generate:schema` in the cloud package first."
         );
         process.exit(1);
       }
-      const schema = readFileSync6(schemaPath, "utf-8");
+      const schema = readFileSync5(schemaPath, "utf-8");
       const outPath = resolve7(options.output);
       mkdirSync3(dirname(outPath), { recursive: true });
       writeFileSync5(outPath, schema, "utf-8");
@@ -10613,7 +11324,7 @@ import { Command as Command7 } from "commander";
 
 // src/services/image.service.ts
 import { execFileSync as execFileSync2, spawn as spawn3 } from "child_process";
-import { existsSync as existsSync10 } from "fs";
+import { existsSync as existsSync11 } from "fs";
 import { resolve as resolve8 } from "path";
 var IMAGES = [
   "openclaw-runner",
@@ -10650,7 +11361,7 @@ var ImageService = class {
     const { name, tag = "latest", noCache, intoK8s, push, platform: platform3 } = options;
     const dockerfilePath = resolve8(this.imagesDir, name, "Dockerfile");
     const buildContext = this.getBuildContext(name);
-    if (!existsSync10(dockerfilePath)) {
+    if (!existsSync11(dockerfilePath)) {
       throw new Error(`Dockerfile not found: ${dockerfilePath}`);
     }
     if (!IMAGES.includes(name)) {
@@ -10691,14 +11402,14 @@ var ImageService = class {
   list() {
     return IMAGES.map((name) => ({
       name,
-      hasDockerfile: existsSync10(resolve8(this.imagesDir, name, "Dockerfile"))
+      hasDockerfile: existsSync11(resolve8(this.imagesDir, name, "Dockerfile"))
     }));
   }
   getBuildContext(name) {
     if (name !== "openclaw-runner") return resolve8(this.imagesDir, name);
     const repoRoot = resolve8(this.imagesDir, "../../..");
     const localShadowobPlugin = resolve8(repoRoot, "packages", "openclaw-shadowob", "package.json");
-    return existsSync10(localShadowobPlugin) ? repoRoot : resolve8(this.imagesDir, name);
+    return existsSync11(localShadowobPlugin) ? repoRoot : resolve8(this.imagesDir, name);
   }
   dockerBuild(args) {
     return this.spawnProcess("docker", ["build", ...args]);
@@ -10780,7 +11491,7 @@ function createImagesCommand(container) {
 }
 
 // src/interfaces/cli/logs.command.ts
-import { existsSync as existsSync11 } from "fs";
+import { existsSync as existsSync12 } from "fs";
 import { resolve as resolve9 } from "path";
 import { Command as Command8 } from "commander";
 function createLogsCommand(container) {
@@ -10789,7 +11500,7 @@ function createLogsCommand(container) {
       let namespace = options.namespace;
       if (!namespace) {
         const filePath = resolve9(options.file);
-        if (existsSync11(filePath)) {
+        if (existsSync12(filePath)) {
           try {
             const config = await container.config.parseFile(filePath);
             namespace = config.deployments?.namespace;
@@ -10835,7 +11546,7 @@ function createLogsCommand(container) {
 
 // src/interfaces/cli/onboard.command.ts
 import { execSync as execSync2 } from "child_process";
-import { existsSync as existsSync12 } from "fs";
+import { existsSync as existsSync13 } from "fs";
 import { platform as platform2 } from "os";
 import { createInterface } from "readline";
 import { Command as Command9 } from "commander";
@@ -10960,12 +11671,12 @@ function createOnboardCommand(container) {
     container.logger.step("Step 3/4 \u2014 Configuration...");
     console.log();
     const configPath = "shadowob-cloud.json";
-    if (existsSync12(configPath)) {
+    if (existsSync13(configPath)) {
       container.logger.success(`Config file found: ${configPath}`);
     } else {
       const answer = await ask(`  No ${configPath} found. Create one from template? [Y/n] `);
       if (!answer || answer.toLowerCase() !== "n") {
-        const { createInitCommand: createInitCommand2 } = await import("./init.command-775GLXTC.js");
+        const { createInitCommand: createInitCommand2 } = await import("./init.command-UNL66BMR.js");
         const init = createInitCommand2(container);
         await init.parseAsync(["--quick"], { from: "user" });
       } else {
@@ -10982,14 +11693,14 @@ function createOnboardCommand(container) {
     }
     container.logger.success("Onboarding complete! Starting console...");
     console.log();
-    const { createConsoleCommand: createConsoleCommand2 } = await import("./dashboard.command-H5DIGLUR.js");
+    const { createConsoleCommand: createConsoleCommand2 } = await import("./dashboard.command-GUHSJ2CN.js");
     const console_ = createConsoleCommand2(container);
     await console_.parseAsync([], { from: "user" });
   });
 }
 
 // src/interfaces/cli/provision.command.ts
-import { existsSync as existsSync13 } from "fs";
+import { existsSync as existsSync14 } from "fs";
 import { resolve as resolve10 } from "path";
 import { Command as Command10 } from "commander";
 function shadowBuddyTokenEnvKey(id) {
@@ -10999,7 +11710,7 @@ function createProvisionCommand(container) {
   return new Command10("provision").description("Provision Shadow resources (servers, channels, buddies) without deploying").option("-f, --file <path>", "Config file path", "shadowob-cloud.json").option("--provision-url <url>", "Shadow server URL").option("--provision-token <token>", "Shadow user token").option("--dry-run", "Preview what would be provisioned").option("--output <path>", "Write provisioned tokens to file").option("--force", "Force re-provisioning even if state shows resources exist").option("--state-dir <dir>", "Subdirectory for provision state (default: .shadowob)").action(
     async (options) => {
       const filePath = resolve10(options.file);
-      if (!existsSync13(filePath)) {
+      if (!existsSync14(filePath)) {
         container.logger.error(`Config file not found: ${filePath}`);
         process.exit(1);
       }
@@ -11020,14 +11731,14 @@ function createProvisionCommand(container) {
         process.exit(1);
       }
       try {
-        const { executePluginProvisions, loadAllPlugins, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-HZBWK3WQ.js");
+        const { executePluginProvisions, loadAllPlugins, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-2MITZ4ZD.js");
         try {
           await loadAllPlugins(getPluginRegistry2());
         } catch {
         }
         const agents = resolved.deployments?.agents ?? [];
         const namespace = resolved.deployments?.namespace ?? "shadowob-cloud";
-        const existing = loadProvisionState(filePath, options.stateDir);
+        const existing = options.force ? null : loadProvisionState(filePath, options.stateDir);
         const extraSecrets = {
           SHADOW_SERVER_URL: shadowUrl,
           SHADOW_USER_TOKEN: shadowToken
@@ -11121,13 +11832,13 @@ function createProvisionCommand(container) {
 }
 
 // src/interfaces/cli/sandbox.command.ts
-import { existsSync as existsSync14 } from "fs";
+import { existsSync as existsSync15 } from "fs";
 import { resolve as resolve11 } from "path";
 import { Command as Command11 } from "commander";
 async function resolveNamespace2(container, options) {
   if (options.namespace) return options.namespace;
   const filePath = resolve11(options.file ?? "shadowob-cloud.json");
-  if (existsSync14(filePath)) {
+  if (existsSync15(filePath)) {
     try {
       const config = await container.config.parseFile(filePath);
       return config.deployments?.namespace ?? "shadowob-cloud";
@@ -11228,7 +11939,7 @@ function createSandboxCommand(container) {
 }
 
 // src/interfaces/cli/scale.command.ts
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync16 } from "fs";
 import { resolve as resolve12 } from "path";
 import { Command as Command12 } from "commander";
 function createScaleCommand(container) {
@@ -11237,7 +11948,7 @@ function createScaleCommand(container) {
       let namespace = options.namespace;
       if (!namespace) {
         const filePath = resolve12(options.file);
-        if (existsSync15(filePath)) {
+        if (existsSync16(filePath)) {
           try {
             const config = await container.config.parseFile(filePath);
             namespace = config.deployments?.namespace;
@@ -11264,7 +11975,7 @@ function createScaleCommand(container) {
 }
 
 // src/interfaces/cli/status.command.ts
-import { existsSync as existsSync16 } from "fs";
+import { existsSync as existsSync17 } from "fs";
 import { resolve as resolve13 } from "path";
 import { Command as Command13 } from "commander";
 function createStatusCommand(container) {
@@ -11273,7 +11984,7 @@ function createStatusCommand(container) {
       let namespace = options.namespace;
       let config;
       const filePath = resolve13(options.file);
-      if (existsSync16(filePath)) {
+      if (existsSync17(filePath)) {
         try {
           config = await container.config.parseFile(filePath);
           namespace = namespace ?? config.deployments?.namespace;
@@ -11486,13 +12197,13 @@ function createUpCommand(container) {
 }
 
 // src/interfaces/cli/validate.command.ts
-import { existsSync as existsSync17 } from "fs";
+import { existsSync as existsSync18 } from "fs";
 import { resolve as resolve15 } from "path";
 import { Command as Command16 } from "commander";
 function createValidateCommand(container) {
   return new Command16("validate").description("Validate an shadowob-cloud.json config file").option("-f, --file <path>", "Config file path", "shadowob-cloud.json").option("--strict", "Fail on unresolvable env vars").option("--dry-run", "Validate structure without requiring env vars to be set").action(async (options) => {
     const filePath = resolve15(options.file);
-    if (!existsSync17(filePath)) {
+    if (!existsSync18(filePath)) {
       container.logger.error(`Config file not found: ${filePath}`);
       process.exit(1);
     }
@@ -11606,7 +12317,7 @@ function createCLI(container) {
 
 // src/dao/template.dao.ts
 import { cp, mkdir as mkdir2, readdir, readFile, stat } from "fs/promises";
-import { join as join5 } from "path";
+import { join as join6 } from "path";
 var TemplateDao = class {
   constructor(templatesDir) {
     this.templatesDir = templatesDir;
@@ -11622,7 +12333,7 @@ var TemplateDao = class {
     const seenSlugs = /* @__PURE__ */ new Set();
     const records = [];
     for (const name of dirEntries) {
-      const fullPath = join5(this.templatesDir, name);
+      const fullPath = join6(this.templatesDir, name);
       let isDir = false;
       try {
         isDir = (await stat(fullPath)).isDirectory();
@@ -11631,24 +12342,24 @@ var TemplateDao = class {
       }
       if (!isDir) continue;
       const slug = name;
-      const configPath = join5(this.templatesDir, slug, "shadowob-cloud.json");
+      const configPath = join6(this.templatesDir, slug, "shadowob-cloud.json");
       if (!await this.exists(configPath)) continue;
       seenSlugs.add(slug);
-      const indexPath = join5(this.templatesDir, slug, "index.json");
+      const indexPath = join6(this.templatesDir, slug, "index.json");
       const hasIndex = await this.exists(indexPath);
       records.push({
         slug,
         isFolder: true,
         configPath,
         indexPath: hasIndex ? indexPath : null,
-        dir: join5(this.templatesDir, slug)
+        dir: join6(this.templatesDir, slug)
       });
     }
     for (const name of dirEntries) {
       if (!name.endsWith(".template.json")) continue;
       const slug = name.replace(/\.template\.json$/, "");
       if (seenSlugs.has(slug)) continue;
-      const configPath = join5(this.templatesDir, name);
+      const configPath = join6(this.templatesDir, name);
       records.push({
         slug,
         isFolder: false,
@@ -11661,19 +12372,19 @@ var TemplateDao = class {
   }
   /** Find a single template by slug. Returns null if not found. */
   async findBySlug(slug) {
-    const folderConfig = join5(this.templatesDir, slug, "shadowob-cloud.json");
+    const folderConfig = join6(this.templatesDir, slug, "shadowob-cloud.json");
     if (await this.exists(folderConfig)) {
-      const indexPath = join5(this.templatesDir, slug, "index.json");
+      const indexPath = join6(this.templatesDir, slug, "index.json");
       const hasIndex = await this.exists(indexPath);
       return {
         slug,
         isFolder: true,
         configPath: folderConfig,
         indexPath: hasIndex ? indexPath : null,
-        dir: join5(this.templatesDir, slug)
+        dir: join6(this.templatesDir, slug)
       };
     }
-    const flatConfig = join5(this.templatesDir, `${slug}.template.json`);
+    const flatConfig = join6(this.templatesDir, `${slug}.template.json`);
     if (await this.exists(flatConfig)) {
       return {
         slug,
@@ -11710,7 +12421,7 @@ var TemplateDao = class {
     if (record.isFolder) {
       await cp(record.dir, destDir, { recursive: true });
     } else {
-      await cp(record.configPath, join5(destDir, "shadowob-cloud.json"));
+      await cp(record.configPath, join6(destDir, "shadowob-cloud.json"));
     }
   }
   async exists(path) {
@@ -11724,7 +12435,7 @@ var TemplateDao = class {
 };
 
 // src/cluster/ssh.ts
-import { readFileSync as readFileSync7 } from "fs";
+import { readFileSync as readFileSync6 } from "fs";
 import { NodeSSH } from "node-ssh";
 var SSHClient = class {
   ssh = new NodeSSH();
@@ -11734,7 +12445,7 @@ var SSHClient = class {
       host: opts.host,
       port: opts.port,
       username: opts.user,
-      ...opts.sshKeyPath ? { privateKey: readFileSync7(opts.sshKeyPath, "utf8") } : { password: opts.password },
+      ...opts.sshAgent ? { agent: opts.sshAgent } : opts.sshKeyPath ? { privateKey: readFileSync6(opts.sshKeyPath, "utf8"), passphrase: opts.sshKeyPassphrase } : { password: opts.password },
       // Reasonable timeout for WAN SSH
       readyTimeout: 3e4
     });
@@ -11820,9 +12531,14 @@ async function destroyCluster(options) {
 }
 
 // src/cluster/init.ts
-var K3S_INSTALL_URL = "https://get.k3s.io";
-var CN_PAUSE_IMAGE = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6";
-var CN_SYSTEM_DEFAULT_REGISTRY = "registry.cn-hangzhou.aliyuncs.com";
+import { createHash as createHash2 } from "crypto";
+
+// src/cluster/sandbox.ts
+var REQUIRED_AGENT_SANDBOX_CRDS = [
+  "sandboxes.agents.x-k8s.io",
+  "sandboxtemplates.extensions.agents.x-k8s.io",
+  "sandboxclaims.extensions.agents.x-k8s.io"
+];
 function log2(onLog, msg) {
   onLog?.(msg);
 }
@@ -11833,6 +12549,291 @@ function asRoot2(shellCommand) {
   const quoted = shellQuote2(shellCommand);
   return `if [ "$(id -u)" -eq 0 ]; then sh -c ${quoted}; else sudo -n sh -c ${quoted}; fi`;
 }
+async function hasAgentSandboxCrds(client) {
+  const result = await client.exec(
+    asRoot2(
+      `k3s kubectl get crd ${REQUIRED_AGENT_SANDBOX_CRDS.map(shellQuote2).join(" ")} >/dev/null`
+    )
+  );
+  return result.code === 0;
+}
+async function applyManifestUrl(client, url, onLog) {
+  log2(onLog, `[sandbox] Applying ${url}`);
+  await client.execOrThrow(asRoot2(`k3s kubectl apply -f ${shellQuote2(url)}`), {
+    onStdout: (chunk) => log2(onLog, `[sandbox] ${chunk.trimEnd()}`),
+    onStderr: (chunk) => log2(onLog, `[sandbox] ${chunk.trimEnd()}`),
+    errorMessage: `Failed to apply agent-sandbox manifest ${url}. If this node cannot reach GitHub, set features.sandbox.manifestUrls to mirrored URLs.`
+  });
+}
+async function createOrVerifyRuntimeClass(client, options) {
+  if (options.create) {
+    const yaml = [
+      "apiVersion: node.k8s.io/v1",
+      "kind: RuntimeClass",
+      "metadata:",
+      `  name: ${options.name}`,
+      `handler: ${options.handler}`,
+      ""
+    ].join("\n");
+    log2(
+      options.onLog,
+      `[sandbox] Ensuring RuntimeClass ${options.name} uses handler ${options.handler}`
+    );
+    await client.execOrThrow(asRoot2(`cat <<'EOF' | k3s kubectl apply -f -
+${yaml}EOF`), {
+      errorMessage: `Failed to create RuntimeClass ${options.name}`
+    });
+    return;
+  }
+  log2(options.onLog, `[sandbox] Verifying RuntimeClass ${options.name}`);
+  await client.execOrThrow(asRoot2(`k3s kubectl get runtimeclass ${shellQuote2(options.name)}`), {
+    errorMessage: `RuntimeClass ${options.name} was not found. Install the runtime handler first, or set features.sandbox.createRuntimeClass=true with an explicit runtimeClassHandler.`
+  });
+}
+async function waitForAgentSandboxReady2(client, timeoutSeconds, onLog) {
+  const crdNames = REQUIRED_AGENT_SANDBOX_CRDS.map((name) => `crd/${name}`).join(" ");
+  log2(onLog, "[sandbox] Waiting for agent-sandbox CRDs to become Established");
+  await client.execOrThrow(
+    asRoot2(`k3s kubectl wait --for=condition=Established ${crdNames} --timeout=${timeoutSeconds}s`),
+    { errorMessage: "agent-sandbox CRDs did not become Established" }
+  );
+  log2(onLog, "[sandbox] Waiting for agent-sandbox controller rollout");
+  await client.execOrThrow(
+    asRoot2(
+      `k3s kubectl -n agent-sandbox-system rollout status deployment/agent-sandbox-controller --timeout=${timeoutSeconds}s`
+    ),
+    { errorMessage: "agent-sandbox controller did not become Ready" }
+  );
+}
+function nodeLabelArgs(labels) {
+  return Object.entries(labels).map(([key, value]) => `${key}=${value}`).map(shellQuote2).join(" ");
+}
+function kubeNodeMatchesConfigNode(kubeNode, node) {
+  const metadata = kubeNode.metadata ?? {};
+  const status = kubeNode.status ?? {};
+  const addresses = Array.isArray(status.addresses) ? status.addresses : [];
+  const candidates = /* @__PURE__ */ new Set([
+    typeof metadata.name === "string" ? metadata.name : "",
+    ...addresses.map((address) => address.address).filter((address) => typeof address === "string")
+  ]);
+  return candidates.has(node.host);
+}
+async function labelConfiguredNodes(client, config, sandboxReady, onLog) {
+  const output2 = await client.execOrThrow(asRoot2("k3s kubectl get nodes -o json"), {
+    errorMessage: "Failed to list Kubernetes nodes for labeling"
+  });
+  const kubeNodes = JSON.parse(output2.stdout).items ?? [];
+  for (const node of config.nodes) {
+    const kubeNode = kubeNodes.find((candidate) => kubeNodeMatchesConfigNode(candidate, node));
+    if (!kubeNode) {
+      log2(onLog, `[sandbox] Could not match cluster.json node ${node.host} to a Kubernetes node`);
+      continue;
+    }
+    const metadata = kubeNode.metadata;
+    const nodeName = metadata.name;
+    if (typeof nodeName !== "string" || !nodeName) continue;
+    const nodeSandboxReady = sandboxReady && (node.features?.sandbox ?? true);
+    const labels = {
+      "shadowob.com/sandbox-ready": nodeSandboxReady ? "true" : "false",
+      ...node.region ? { "shadowob.com/region": node.region } : {},
+      ...node.labels ?? {}
+    };
+    log2(onLog, `[sandbox] Labeling node ${nodeName}`);
+    await client.execOrThrow(
+      asRoot2(`k3s kubectl label node ${shellQuote2(nodeName)} ${nodeLabelArgs(labels)} --overwrite`),
+      { errorMessage: `Failed to label Kubernetes node ${nodeName}` }
+    );
+  }
+}
+async function runAgentSandboxSmoke(client, options) {
+  const namespace = `shadow-sandbox-smoke-${Date.now().toString(36)}`;
+  const manifest = [
+    {
+      apiVersion: "v1",
+      kind: "Namespace",
+      metadata: { name: namespace }
+    },
+    {
+      apiVersion: "extensions.agents.x-k8s.io/v1alpha1",
+      kind: "SandboxTemplate",
+      metadata: { name: "smoke-template", namespace },
+      spec: {
+        networkPolicyManagement: "Unmanaged",
+        envVarsInjectionPolicy: "Disallowed",
+        podTemplate: {
+          metadata: { labels: { app: "shadow-sandbox-smoke" } },
+          spec: {
+            runtimeClassName: options.runtimeClassName,
+            containers: [
+              {
+                name: "smoke",
+                image: options.image,
+                command: ["sh", "-c", "echo shadow-sandbox-smoke && sleep 30"]
+              }
+            ],
+            restartPolicy: "Always"
+          }
+        },
+        volumeClaimTemplates: []
+      }
+    },
+    {
+      apiVersion: "extensions.agents.x-k8s.io/v1alpha1",
+      kind: "SandboxClaim",
+      metadata: { name: "smoke", namespace },
+      spec: {
+        sandboxTemplateRef: { name: "smoke-template" },
+        warmpool: "none",
+        lifecycle: { shutdownPolicy: "Delete" }
+      }
+    }
+  ];
+  const yaml = JSON.stringify({ apiVersion: "v1", kind: "List", items: manifest }, null, 2);
+  log2(options.onLog, `[sandbox] Running smoke test in namespace ${namespace}`);
+  try {
+    await client.execOrThrow(asRoot2(`cat <<'EOF' | k3s kubectl apply -f -
+${yaml}
+EOF`), {
+      errorMessage: "Failed to create agent-sandbox smoke resources"
+    });
+    await client.execOrThrow(
+      asRoot2(
+        `timeout ${options.timeoutSeconds} sh -c ` + shellQuote2(
+          'until [ "$(k3s kubectl -n ' + namespace + ' get sandboxclaim smoke -o jsonpath="{.status.conditions[?(@.type==\\"Ready\\")].status}" 2>/dev/null)" = "True" ]; do sleep 3; done'
+        )
+      ),
+      { errorMessage: "agent-sandbox smoke SandboxClaim did not become Ready" }
+    );
+    log2(options.onLog, "[sandbox] Smoke test passed");
+  } finally {
+    await client.exec(
+      asRoot2(`k3s kubectl delete namespace ${shellQuote2(namespace)} --ignore-not-found=true`)
+    );
+  }
+}
+async function installClusterSandbox(options) {
+  const sandbox = resolveClusterSandboxConfig(options.config);
+  if (!sandbox) return false;
+  const master = getMasterNode(options.config);
+  const creds = resolveNodeCredentials(master);
+  const client = new SSHClient();
+  log2(options.onLog, `[sandbox ${creds.host}] Connecting via SSH...`);
+  await client.connect(creds);
+  try {
+    const alreadyInstalled = await hasAgentSandboxCrds(client);
+    if (!sandbox.install && !alreadyInstalled) {
+      const message = "features.sandbox.enabled=true but the required agent-sandbox CRDs are not installed. Set features.sandbox.install=true or apply the CRDs/controller before using sandbox.";
+      if (sandbox.required) throw new Error(message);
+      log2(options.onLog, `[sandbox] ${message}`);
+      return false;
+    }
+    if (sandbox.install) {
+      log2(options.onLog, `[sandbox] Installing agent-sandbox ${sandbox.version}`);
+      for (const url of sandbox.manifestUrls) {
+        await applyManifestUrl(client, url, options.onLog);
+      }
+      if (sandbox.controllerImage) {
+        log2(options.onLog, `[sandbox] Setting controller image ${sandbox.controllerImage}`);
+        await client.execOrThrow(
+          asRoot2(
+            `k3s kubectl -n agent-sandbox-system set image deployment/agent-sandbox-controller agent-sandbox-controller=${shellQuote2(sandbox.controllerImage)}`
+          ),
+          { errorMessage: "Failed to set agent-sandbox controller image" }
+        );
+      }
+    }
+    await createOrVerifyRuntimeClass(client, {
+      name: sandbox.runtimeClassName,
+      handler: sandbox.runtimeClassHandler,
+      create: sandbox.createRuntimeClass,
+      onLog: options.onLog
+    });
+    await waitForAgentSandboxReady2(client, sandbox.waitTimeoutSeconds, options.onLog);
+    await labelConfiguredNodes(client, options.config, true, options.onLog);
+    if (sandbox.smokeTest) {
+      await runAgentSandboxSmoke(client, {
+        runtimeClassName: sandbox.runtimeClassName,
+        image: sandbox.smokeImage,
+        timeoutSeconds: sandbox.waitTimeoutSeconds,
+        onLog: options.onLog
+      });
+    }
+    log2(
+      options.onLog,
+      `[sandbox] Ready with RuntimeClass ${sandbox.runtimeClassName}; new deployments can use agent-sandbox`
+    );
+    return true;
+  } catch (err) {
+    if (sandbox.required) throw err;
+    log2(
+      options.onLog,
+      `[sandbox] Not ready; deployment fallback remains available: ${err.message}`
+    );
+    return false;
+  } finally {
+    await client.dispose();
+  }
+}
+
+// src/cluster/init.ts
+var K3S_INSTALL_URL = "https://get.k3s.io";
+var CN_PAUSE_IMAGE = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6";
+var CN_SYSTEM_DEFAULT_REGISTRY = "registry.cn-hangzhou.aliyuncs.com";
+function log3(onLog, msg) {
+  onLog?.(msg);
+}
+function shellQuote3(value) {
+  return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function asRoot3(shellCommand) {
+  const quoted = shellQuote3(shellCommand);
+  return `if [ "$(id -u)" -eq 0 ]; then sh -c ${quoted}; else sudo -n sh -c ${quoted}; fi`;
+}
+function resolveEnvTemplates(value) {
+  if (typeof value === "string") {
+    return value.replace(/\$\{env:([^}]+)\}/g, (_match, envKey) => {
+      const envVal = process.env[envKey];
+      if (envVal === void 0) {
+        throw new Error(`Environment variable "${envKey}" is not set (required by cluster.json)`);
+      }
+      return envVal;
+    });
+  }
+  if (Array.isArray(value)) return value.map(resolveEnvTemplates);
+  if (value && typeof value === "object") {
+    return Object.fromEntries(
+      Object.entries(value).map(([key, child]) => [key, resolveEnvTemplates(child)])
+    );
+  }
+  return value;
+}
+function clusterConfigHash(config) {
+  return createHash2("sha256").update(stableStringify(config)).digest("hex");
+}
+function stableStringify(value) {
+  if (Array.isArray(value)) return `[${value.map(stableStringify).join(",")}]`;
+  if (value && typeof value === "object") {
+    return `{${Object.entries(value).sort(([left], [right]) => left.localeCompare(right)).map(([key, child]) => `${JSON.stringify(key)}:${stableStringify(child)}`).join(",")}}`;
+  }
+  return JSON.stringify(value);
+}
+async function ensureK3sRegistriesConfig(client, install2, serviceName, onLog) {
+  if (!install2?.registries) return;
+  const registries = JSON.stringify(resolveEnvTemplates(install2.registries), null, 2);
+  log3(onLog, `[${serviceName}] Writing k3s containerd registries.yaml`);
+  await client.execOrThrow(
+    asRoot3(
+      [
+        "mkdir -p /etc/rancher/k3s",
+        `cat > /etc/rancher/k3s/registries.yaml <<'EOF'
+${registries}
+EOF`,
+        `if command -v systemctl >/dev/null 2>&1 && systemctl is-active --quiet ${serviceName}; then systemctl restart ${serviceName}; fi`
+      ].join("\n")
+    ),
+    { errorMessage: `Failed to write k3s registries.yaml for ${serviceName}` }
+  );
+}
 function resolveK3sMirror(install2) {
   return process.env.INSTALL_K3S_MIRROR ?? process.env.K3S_INSTALL_MIRROR ?? install2?.k3sMirror;
 }
@@ -11901,7 +12902,7 @@ function k3sInstallEnv(extra, install2) {
     INSTALL_K3S_VERSION: version,
     ...extra
   };
-  return Object.entries(env).filter((entry) => Boolean(entry[1])).map(([key, value]) => `${key}=${shellQuote2(value)}`).join(" ");
+  return Object.entries(env).filter((entry) => Boolean(entry[1])).map(([key, value]) => `${key}=${shellQuote3(value)}`).join(" ");
 }
 async function isK3sInstalled(client) {
   const result = await client.exec("which k3s");
@@ -11910,25 +12911,26 @@ async function isK3sInstalled(client) {
 async function installMaster(master, install2, force, onLog) {
   const creds = resolveNodeCredentials(master);
   const client = new SSHClient();
-  log2(onLog, `[master ${creds.host}] Connecting via SSH...`);
+  log3(onLog, `[master ${creds.host}] Connecting via SSH...`);
   await client.connect(creds);
   try {
+    await ensureK3sRegistriesConfig(client, install2, "k3s", onLog);
     const alreadyInstalled = await isK3sInstalled(client);
     if (alreadyInstalled && !force) {
-      log2(
+      log3(
         onLog,
         `[master ${creds.host}] k3s already installed \u2014 skipping install (use --force to reinstall)`
       );
-      log2(onLog, `[master ${creds.host}] Reading existing token and kubeconfig...`);
+      log3(onLog, `[master ${creds.host}] Reading existing token and kubeconfig...`);
     } else {
       if (alreadyInstalled && force) {
-        log2(onLog, `[master ${creds.host}] k3s already installed \u2014 reinstalling (--force)`);
-        await client.exec(asRoot2("/usr/local/bin/k3s-uninstall.sh 2>/dev/null || true"));
+        log3(onLog, `[master ${creds.host}] k3s already installed \u2014 reinstalling (--force)`);
+        await client.exec(asRoot3("/usr/local/bin/k3s-uninstall.sh 2>/dev/null || true"));
       }
-      log2(onLog, `[master ${creds.host}] Installing k3s server...`);
+      log3(onLog, `[master ${creds.host}] Installing k3s server...`);
       await client.execOrThrow(
-        asRoot2(
-          `curl -sfL ${shellQuote2(K3S_INSTALL_URL)} | ${k3sInstallEnv(
+        asRoot3(
+          `curl -sfL ${shellQuote3(K3S_INSTALL_URL)} | ${k3sInstallEnv(
             {
               INSTALL_K3S_EXEC: k3sExec(["server", "--tls-san", creds.host], install2)
             },
@@ -11936,28 +12938,28 @@ async function installMaster(master, install2, force, onLog) {
           )} sh -`
         ),
         {
-          onStdout: (c) => log2(onLog, `[master] ${c.trimEnd()}`),
-          onStderr: (c) => log2(onLog, `[master] ${c.trimEnd()}`),
+          onStdout: (c) => log3(onLog, `[master] ${c.trimEnd()}`),
+          onStderr: (c) => log3(onLog, `[master] ${c.trimEnd()}`),
           errorMessage: `Failed to install k3s on master ${creds.host}`
         }
       );
     }
-    log2(onLog, `[master ${creds.host}] Waiting for k3s to be ready...`);
+    log3(onLog, `[master ${creds.host}] Waiting for k3s to be ready...`);
     await client.execOrThrow(
-      asRoot2(`timeout 120 sh -c 'until k3s kubectl get nodes > /dev/null 2>&1; do sleep 3; done'`),
+      asRoot3(`timeout 120 sh -c 'until k3s kubectl get nodes > /dev/null 2>&1; do sleep 3; done'`),
       { errorMessage: "k3s master did not become ready within 120s" }
     );
-    log2(onLog, `[master ${creds.host}] Reading node token...`);
+    log3(onLog, `[master ${creds.host}] Reading node token...`);
     const tokenResult = await client.execOrThrow(
-      asRoot2("cat /var/lib/rancher/k3s/server/node-token"),
+      asRoot3("cat /var/lib/rancher/k3s/server/node-token"),
       {
         errorMessage: "Failed to read k3s node token"
       }
     );
     const token = tokenResult.stdout.trim();
     if (!token) throw new Error("k3s node token is empty");
-    log2(onLog, `[master ${creds.host}] Reading kubeconfig...`);
-    const kubeconfigResult = await client.execOrThrow(asRoot2("cat /etc/rancher/k3s/k3s.yaml"), {
+    log3(onLog, `[master ${creds.host}] Reading kubeconfig...`);
+    const kubeconfigResult = await client.execOrThrow(asRoot3("cat /etc/rancher/k3s/k3s.yaml"), {
       errorMessage: "Failed to read k3s kubeconfig"
     });
     return { token, kubeconfig: kubeconfigResult.stdout };
@@ -11968,25 +12970,26 @@ async function installMaster(master, install2, force, onLog) {
 async function installWorker(worker, masterHost, token, install2, force, onLog) {
   const creds = resolveNodeCredentials(worker);
   const client = new SSHClient();
-  log2(onLog, `[worker ${creds.host}] Connecting via SSH...`);
+  log3(onLog, `[worker ${creds.host}] Connecting via SSH...`);
   await client.connect(creds);
   try {
+    await ensureK3sRegistriesConfig(client, install2, "k3s-agent", onLog);
     const alreadyInstalled = await isK3sInstalled(client);
     if (alreadyInstalled && !force) {
-      log2(
+      log3(
         onLog,
         `[worker ${creds.host}] k3s already installed \u2014 skipping install (use --force to reinstall)`
       );
       return;
     }
     if (alreadyInstalled && force) {
-      log2(onLog, `[worker ${creds.host}] k3s already installed \u2014 reinstalling (--force)`);
-      await client.exec(asRoot2("/usr/local/bin/k3s-agent-uninstall.sh 2>/dev/null || true"));
+      log3(onLog, `[worker ${creds.host}] k3s already installed \u2014 reinstalling (--force)`);
+      await client.exec(asRoot3("/usr/local/bin/k3s-agent-uninstall.sh 2>/dev/null || true"));
     }
-    log2(onLog, `[worker ${creds.host}] Installing k3s agent and joining cluster...`);
+    log3(onLog, `[worker ${creds.host}] Installing k3s agent and joining cluster...`);
     await client.execOrThrow(
-      asRoot2(
-        `curl -sfL ${shellQuote2(K3S_INSTALL_URL)} | ${k3sInstallEnv(
+      asRoot3(
+        `curl -sfL ${shellQuote3(K3S_INSTALL_URL)} | ${k3sInstallEnv(
           {
             K3S_URL: `https://${masterHost}:6443`,
             K3S_TOKEN: token,
@@ -11996,12 +12999,12 @@ async function installWorker(worker, masterHost, token, install2, force, onLog)
         )} sh -`
       ),
       {
-        onStdout: (c) => log2(onLog, `[worker ${creds.host}] ${c.trimEnd()}`),
-        onStderr: (c) => log2(onLog, `[worker ${creds.host}] ${c.trimEnd()}`),
+        onStdout: (c) => log3(onLog, `[worker ${creds.host}] ${c.trimEnd()}`),
+        onStderr: (c) => log3(onLog, `[worker ${creds.host}] ${c.trimEnd()}`),
         errorMessage: `Failed to install k3s agent on worker ${creds.host}`
       }
     );
-    log2(onLog, `[worker ${creds.host}] Agent joined cluster \u2713`);
+    log3(onLog, `[worker ${creds.host}] Agent joined cluster \u2713`);
   } finally {
     await client.dispose();
   }
@@ -12010,17 +13013,39 @@ async function initCluster(options) {
   const { config, force = false, onLog } = options;
   const master = getMasterNode(config);
   const workers = getWorkerNodes(config);
-  log2(onLog, `Initializing cluster "${config.name}" with ${config.nodes.length} nodes...`);
-  const { token, kubeconfig } = await installMaster(master, config.install, force, onLog);
+  log3(onLog, `Initializing cluster "${config.name}" with ${config.nodes.length} nodes...`);
+  const masterInstall = resolveNodeInstallConfig(config.install, master);
+  const { token, kubeconfig } = await installMaster(master, masterInstall, force, onLog);
   if (workers.length > 0) {
-    log2(onLog, `Installing ${workers.length} worker(s) in parallel...`);
+    log3(onLog, `Installing ${workers.length} worker(s) in parallel...`);
     await Promise.all(
-      workers.map((w) => installWorker(w, master.host, token, config.install, force, onLog))
+      workers.map(
+        (worker) => installWorker(
+          worker,
+          master.host,
+          token,
+          resolveNodeInstallConfig(config.install, worker),
+          force,
+          onLog
+        )
+      )
     );
   }
-  const meta = storeKubeconfig(config.name, kubeconfig, master.host, config.nodes.length);
-  log2(onLog, `Kubeconfig stored at ${meta.kubeconfigPath}`);
-  log2(onLog, `Cluster "${config.name}" is ready. Use: shadowob-cloud up --cluster ${config.name}`);
+  const sandboxConfig = resolveClusterSandboxConfig(config);
+  const sandboxEnabled = await installClusterSandbox({ config, onLog });
+  const meta = storeKubeconfig(config.name, kubeconfig, master.host, config.nodes.length, {
+    configHash: clusterConfigHash(config),
+    features: {
+      sandbox: sandboxConfig ? {
+        enabled: sandboxEnabled,
+        version: sandboxConfig.version,
+        runtimeClassName: sandboxConfig.runtimeClassName,
+        nodeSelector: sandboxConfig.nodeSelector
+      } : { enabled: false }
+    }
+  });
+  log3(onLog, `Kubeconfig stored at ${meta.kubeconfigPath}`);
+  log3(onLog, `Cluster "${config.name}" is ready. Use: shadowob-cloud up --cluster ${config.name}`);
   return meta;
 }
 
@@ -12139,7 +13164,7 @@ var ConfigService = class {
 };
 
 // src/services/deploy.service.ts
-import { existsSync as existsSync18, mkdirSync as mkdirSync4, readFileSync as readFileSync8, writeFileSync as writeFileSync6 } from "fs";
+import { existsSync as existsSync19, mkdirSync as mkdirSync4, writeFileSync as writeFileSync6 } from "fs";
 import { dirname as dirname3, resolve as resolve16 } from "path";
 function deploymentReadyTimeoutMs() {
   const raw = Number(process.env.CLOUD_DEPLOYMENT_READY_TIMEOUT_MS);
@@ -12148,13 +13173,22 @@ function deploymentReadyTimeoutMs() {
 function isAgentSandboxBackend(config) {
   return (config.deployments?.backend ?? "agent-sandbox") === "agent-sandbox";
 }
+function workloadBackendPolicy(config) {
+  if (config.deployments?.backendPolicy) return config.deployments.backendPolicy;
+  return isAgentSandboxBackend(config) ? "sandbox-required" : "deployment-only";
+}
+function sandboxRuntimeClassNames(config) {
+  const deployments = config.deployments;
+  if (!deployments) return [];
+  const defaultRuntimeClassName = deployments.sandbox?.runtimeClassName ?? "gvisor";
+  const names = deployments.agents.map(
+    (agent) => agent.sandbox?.runtimeClassName ?? defaultRuntimeClassName
+  );
+  return [...new Set(names)];
+}
 function readKubeconfigForRuntimeWait(kubeConfigPath) {
   if (!kubeConfigPath) return void 0;
-  try {
-    return readFileSync8(kubeConfigPath, "utf8");
-  } catch {
-    return void 0;
-  }
+  return readKubeconfigFile(kubeConfigPath);
 }
 function resolveStackName(namespace, stack) {
   return stack ?? `dev-${namespace}`;
@@ -12196,7 +13230,7 @@ function configUsesPlugins(value, depth = 0) {
 }
 async function ensureBuiltInPluginsLoaded() {
   try {
-    const { loadAllPlugins, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-HZBWK3WQ.js");
+    const { loadAllPlugins, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-2MITZ4ZD.js");
     const registry = getPluginRegistry2();
     if (registry.size === 0) await loadAllPlugins(registry);
   } catch {
@@ -12205,7 +13239,7 @@ async function ensureBuiltInPluginsLoaded() {
 function readKubeconfigCurrentContext(kubeConfigPath) {
   if (!kubeConfigPath) return void 0;
   try {
-    return readFileSync8(kubeConfigPath, "utf8").match(/current-context:\s*(\S+)/)?.[1];
+    return readKubeconfigFile(kubeConfigPath).match(/current-context:\s*(\S+)/)?.[1];
   } catch {
     return void 0;
   }
@@ -12218,6 +13252,39 @@ function summarizeK8sTarget(options, kubeConfigPath) {
   const kubeconfig = kubeConfigPath ?? process.env.KUBECONFIG ?? "~/.kube/config";
   return `Kubernetes target: cluster=${cluster} context=${context} kubeconfig=${kubeconfig}`;
 }
+function applyManagedClusterDefaults(config, clusterName) {
+  if (!clusterName || !config.deployments) return;
+  const sandbox = loadClusterMeta(clusterName)?.features?.sandbox;
+  if (!config.deployments.backendPolicy) {
+    config.deployments.backendPolicy = sandbox?.enabled ? "sandbox-preferred" : config.deployments.backend === "agent-sandbox" ? "sandbox-required" : "deployment-only";
+  }
+  if (!config.deployments.backend) {
+    config.deployments.backend = config.deployments.backendPolicy === "deployment-only" ? "deployment" : sandbox?.enabled ? "agent-sandbox" : "deployment";
+  }
+  if (config.deployments.backend === "agent-sandbox" && sandbox?.enabled && sandbox.runtimeClassName) {
+    config.deployments.sandbox = {
+      ...config.deployments.sandbox ?? {},
+      runtimeClassName: config.deployments.sandbox?.runtimeClassName ?? sandbox.runtimeClassName
+    };
+  }
+  if (config.deployments.backend === "agent-sandbox" && sandbox?.enabled && sandbox.nodeSelector) {
+    config.deployments.scheduling = {
+      ...config.deployments.scheduling ?? {},
+      nodeSelector: {
+        ...sandbox.nodeSelector,
+        ...config.deployments.scheduling?.nodeSelector ?? {}
+      }
+    };
+  }
+}
+function describeSandboxPreflightFailure(missing, warnings) {
+  return [
+    "agent-sandbox preflight failed.",
+    missing.length > 0 ? `Missing: ${missing.join(", ")}.` : "",
+    warnings.length > 0 ? `Warnings: ${warnings.join(", ")}.` : "",
+    'Run "shadowob-cloud cluster apply --config cluster.json" to install/verify sandbox, or set deployments.backendPolicy="deployment-only" for fallback.'
+  ].filter(Boolean).join(" ");
+}
 var DeployService = class {
   constructor(configService, manifestService, k8s6, logger) {
     this.configService = configService;
@@ -12237,10 +13304,13 @@ var DeployService = class {
     });
     const runtimeContext = normalizeDeploymentRuntimeContext(options.runtimeContext);
     const effectiveEnv = buildEffectiveEnv(options.runtimeEnvVars, runtimeContext);
-    if (!existsSync18(filePath)) {
+    if (!existsSync19(filePath)) {
       throw new Error(`Config file not found: ${filePath}`);
     }
     const kubeConfigPath = options.kubeConfigPath ?? (options.cluster ? loadKubeconfigPath(options.cluster) : void 0);
+    if (kubeConfigPath) {
+      assertReadableKubeconfigFile(kubeConfigPath);
+    }
     const k8sTargetSummary = summarizeK8sTarget(options, kubeConfigPath);
     this.logger.info(k8sTargetSummary);
     emit(`${k8sTargetSummary}
@@ -12253,6 +13323,7 @@ var DeployService = class {
       await this.configService.parseFile(filePath),
       runtimeContext
     );
+    applyManagedClusterDefaults(config, options.cluster);
     const namespace = options.namespace ?? config.deployments?.namespace ?? "shadowob-cloud";
     const stackName = resolveStackName(namespace, options.stack);
     const agents = config.deployments?.agents ?? [];
@@ -12297,10 +13368,31 @@ var DeployService = class {
     const usesPlugins = configUsesPlugins(config);
     if (usesPlugins) await ensureBuiltInPluginsLoaded();
     const resolved = await this.configService.resolve(config, configCwd, { env: effectiveEnv });
+    if (resolved.deployments && isAgentSandboxBackend(resolved)) {
+      const policy = workloadBackendPolicy(resolved);
+      const preflight = this.k8s.checkAgentSandboxPreflight({
+        kubeconfig: readKubeconfigForRuntimeWait(kubeConfigPath),
+        runtimeClassNames: sandboxRuntimeClassNames(resolved)
+      });
+      if (!preflight.ok) {
+        const message = describeSandboxPreflightFailure(preflight.missing, preflight.warnings);
+        if (policy === "sandbox-preferred") {
+          this.logger.warn(`${message} Falling back to Kubernetes Deployment.`);
+          emit(`${message} Falling back to Kubernetes Deployment.
+`);
+          resolved.deployments.backend = "deployment";
+          resolved.deployments.backendPolicy = "deployment-only";
+        } else {
+          throw new Error(message);
+        }
+      } else if (preflight.warnings.length > 0) {
+        this.logger.warn(`agent-sandbox preflight warnings: ${preflight.warnings.join(", ")}`);
+      }
+    }
     if (usesPlugins) await ensureBuiltInPluginsLoaded();
     if (!options.skipProvision) {
       try {
-        const { executePluginProvisions, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-HZBWK3WQ.js");
+        const { executePluginProvisions, getPluginRegistry: getPluginRegistry2 } = await import("./plugins-2MITZ4ZD.js");
         for (const agent of agents) {
           const provisionResults = await executePluginProvisions(
             agent,
@@ -12315,6 +13407,9 @@ var DeployService = class {
             for (const e of provisionResults.errors) {
               this.logger.warn(`Plugin provision error (${e.pluginId}): ${e.error}`);
             }
+            throw new Error(
+              `Plugin provisioning failed: ${provisionResults.errors.map((e) => `${e.pluginId}: ${e.error}`).join("; ")}`
+            );
           }
           if (Object.keys(provisionResults.secrets).length > 0) {
             agent.env = { ...agent.env ?? {}, ...provisionResults.secrets };
@@ -12338,7 +13433,10 @@ var DeployService = class {
             await options.onProvisionState?.(merged);
           }
         }
-      } catch {
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        this.logger.warn(`Plugin provisioning failed; aborting deploy: ${message}`);
+        throw err;
       }
     }
     const k8sShadowUrl = options.k8sShadowUrl ?? effectiveEnv.SHADOW_AGENT_SERVER_URL ?? options.shadowUrl ?? effectiveEnv.K8S_SHADOW_URL ?? effectiveEnv.SHADOW_SERVER_URL;
@@ -12411,11 +13509,11 @@ var DeployService = class {
             emit("Lock canceled, retrying...\n");
           }
         } catch {
-          const { join: join7 } = await import("path");
+          const { join: join8 } = await import("path");
           const { homedir: homedir6 } = await import("os");
-          const { rmSync: rmSync4, existsSync: existsSync19 } = await import("fs");
-          const lockDir = join7(homedir6(), ".shadowob", "pulumi", ".pulumi", "locks");
-          if (existsSync19(lockDir)) {
+          const { rmSync: rmSync4, existsSync: existsSync20 } = await import("fs");
+          const lockDir = join8(homedir6(), ".shadowob", "pulumi", ".pulumi", "locks");
+          if (existsSync20(lockDir)) {
             try {
               rmSync4(lockDir, { recursive: true });
               this.logger.info("Lock files removed, retrying...");
@@ -12515,6 +13613,9 @@ var DeployService = class {
         `Cannot destroy namespace "${namespace}" without a Pulumi config snapshot. Destroy must run through the deployment stack state.`
       );
     }
+    if (options.kubeConfigPath) {
+      assertReadableKubeconfigFile(options.kubeConfigPath);
+    }
     const stack = await this.k8s.getOrCreateStack({
       stackName,
       config: options.config,
@@ -12856,7 +13957,7 @@ function rolloutUndoAll(namespace) {
 import { execFileSync as execFileSync3 } from "child_process";
 import { mkdir as mkdir3 } from "fs/promises";
 import { homedir as homedir5 } from "os";
-import { delimiter as delimiter3, join as join6 } from "path";
+import { delimiter as delimiter3, join as join7 } from "path";
 import * as automation from "@pulumi/pulumi/automation/index.js";
 import { PulumiCommand } from "@pulumi/pulumi/automation/index.js";
 
@@ -13077,6 +14178,29 @@ function baseVolumes(configMapName) {
     { name: RUNNER_AGENTS_VOLUME_NAME, emptyDir: {} }
   ];
 }
+function isAgentSandboxBackend2(config) {
+  return (config.deployments?.backend ?? "agent-sandbox") === "agent-sandbox";
+}
+function hasKeys(value) {
+  return Boolean(value && typeof value === "object" && Object.keys(value).length > 0);
+}
+function resolveSchedulingConfig(config, agent) {
+  const defaults = isAgentSandboxBackend2(config) ? { nodeSelector: { "shadowob.com/sandbox-ready": "true" } } : {};
+  const globalScheduling = config.deployments?.scheduling ?? {};
+  const agentScheduling = agent.scheduling ?? {};
+  const nodeSelector = {
+    ...defaults.nodeSelector ?? {},
+    ...globalScheduling.nodeSelector ?? {},
+    ...agentScheduling.nodeSelector ?? {}
+  };
+  const affinity = agentScheduling.affinity ?? globalScheduling.affinity;
+  const tolerations = agentScheduling.tolerations ?? globalScheduling.tolerations;
+  return {
+    ...Object.keys(nodeSelector).length > 0 ? { nodeSelector } : {},
+    ...hasKeys(affinity) ? { affinity } : {},
+    ...tolerations && tolerations.length > 0 ? { tolerations } : {}
+  };
+}
 function buildAgentPodSpec(options) {
   const runtime = getRuntime(options.agent.runtime);
   const image = options.agent.image ?? runtime.defaultImage;
@@ -13171,6 +14295,7 @@ function buildAgentPodSpec(options) {
     initContainers,
     containers,
     volumes,
+    scheduling: resolveSchedulingConfig(options.config, options.agent),
     pluginArtifacts
   };
 }
@@ -13268,6 +14393,9 @@ function createAgentDeployment(options) {
             securityContext: buildSecurityContext(),
             containers: pod.containers,
             volumes: pod.volumes,
+            nodeSelector: pod.scheduling.nodeSelector,
+            affinity: pod.scheduling.affinity,
+            tolerations: pod.scheduling.tolerations,
             restartPolicy: "Always"
           }
         }
@@ -13473,6 +14601,9 @@ function buildAgentSandboxTemplateManifest(options) {
           securityContext: buildSecurityContext(),
           containers: options.pod.containers,
           volumes: options.pod.volumes,
+          nodeSelector: options.pod.scheduling.nodeSelector,
+          affinity: options.pod.scheduling.affinity,
+          tolerations: options.pod.scheduling.tolerations,
           restartPolicy: "Always"
         }
       },
@@ -13560,18 +14691,18 @@ function createConfigResources(options) {
 }
 
 // src/infra/hash.ts
-import { createHash as createHash2 } from "crypto";
-function stableStringify(value) {
+import { createHash as createHash3 } from "crypto";
+function stableStringify2(value) {
   if (Array.isArray(value)) {
-    return `[${value.map((item) => stableStringify(item)).join(",")}]`;
+    return `[${value.map((item) => stableStringify2(item)).join(",")}]`;
   }
   if (value && typeof value === "object") {
-    return `{${Object.entries(value).sort(([a], [b]) => a.localeCompare(b)).map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`).join(",")}}`;
+    return `{${Object.entries(value).sort(([a], [b]) => a.localeCompare(b)).map(([key, item]) => `${JSON.stringify(key)}:${stableStringify2(item)}`).join(",")}}`;
   }
   return JSON.stringify(value);
 }
 function stableHash(value) {
-  return createHash2("sha256").update(stableStringify(value)).digest("hex");
+  return createHash3("sha256").update(stableStringify2(value)).digest("hex");
 }
 
 // src/infra/networking.ts
@@ -13671,6 +14802,9 @@ function classifyEnv(registrySecretEnv, mergedEnv) {
   }
   return { plainEnv, secretData };
 }
+function omitEnvKeys(env, keys) {
+  for (const key of keys) delete env[key];
+}
 function runtimePackageEnvDefaults(options) {
   const env = {};
   if (!options.currentEnv.SHADOW_SLASH_COMMANDS_PATH) {
@@ -13693,6 +14827,7 @@ function buildAgentRuntimePackage(options) {
     ...agent.env ?? {},
     ...extraEnv ?? {}
   };
+  const runtimeEnvOmitKeys = collectPluginRuntimeEnvOmitKeys(agent, config, cwd, runtimeEnv);
   const runtimeExtensions = collectPluginRuntimeExtensions(agent, config, cwd, runtimeEnv);
   const mergedEnv = {
     ...collectPluginBuildEnvVars(agent, config, cwd, runtimeEnv),
@@ -13718,6 +14853,7 @@ function buildAgentRuntimePackage(options) {
   if (runtimeArtifacts.provisionSecrets) {
     Object.assign(mergedEnv, runtimeArtifacts.provisionSecrets);
   }
+  omitEnvKeys(mergedEnv, runtimeEnvOmitKeys);
   const { plainEnv, secretData } = classifyEnv(registrySecretEnv, mergedEnv);
   return {
     runtimeKind: runtime.runtimeKind,
@@ -13730,10 +14866,9 @@ function buildAgentRuntimePackage(options) {
 }
 
 // src/infra/shared.ts
-import { readFileSync as readFileSync9 } from "fs";
 import * as k8s5 from "@pulumi/kubernetes";
 function createSharedResources(options) {
-  const providerConfig = options.kubeConfigPath ? { kubeconfig: readFileSync9(options.kubeConfigPath, "utf8") } : {
+  const providerConfig = options.kubeConfigPath ? { kubeconfig: readKubeconfigFile(options.kubeConfigPath) } : {
     context: options.kubeContext ?? process.env.KUBECONFIG_CONTEXT ?? process.env.K8S_CONTEXT ?? "rancher-desktop"
   };
   const provider = new k8s5.Provider("k8s-provider", providerConfig);
@@ -14125,13 +15260,13 @@ function getNonEmptyEnv(name) {
   return trimmed.length > 0 ? trimmed : void 0;
 }
 function getDefaultStateDir() {
-  return getNonEmptyEnv("PULUMI_BACKEND_URL") ? "" : join6(homedir5(), ".shadowob", "pulumi");
+  return getNonEmptyEnv("PULUMI_BACKEND_URL") ? "" : join7(homedir5(), ".shadowob", "pulumi");
 }
 function resolvePulumiBackendUrl(stateDir) {
   return getNonEmptyEnv("PULUMI_BACKEND_URL") ?? (stateDir ? `file://${stateDir}` : void 0);
 }
 function ensurePulumiCliOnPath(cliRoot) {
-  const binDir = join6(cliRoot, "bin");
+  const binDir = join7(cliRoot, "bin");
   const currentPath = process.env.PATH ?? "";
   const parts = currentPath.split(delimiter3).filter(Boolean);
   if (!parts.includes(binDir)) {
@@ -14161,8 +15296,8 @@ ${stderr}` : ""}`
   }
 }
 async function getOrCreateStack(options) {
-  const cliRoot = join6(homedir5(), ".shadowob", "pulumi", "cli");
-  const pulumiHome = join6(homedir5(), ".shadowob", "pulumi", "home");
+  const cliRoot = join7(homedir5(), ".shadowob", "pulumi", "cli");
+  const pulumiHome = join7(homedir5(), ".shadowob", "pulumi", "home");
   const infraOpts = {
     config: options.config,
     namespace: options.namespace,
@@ -14358,6 +15493,9 @@ var K8sService = class {
   async waitForAgentSandboxPaused(options) {
     return waitForAgentSandboxPaused(options);
   }
+  checkAgentSandboxPreflight(options) {
+    return checkAgentSandboxPreflight(options);
+  }
   async restorePvcFromVolumeSnapshot(options) {
     await restorePvcFromVolumeSnapshot(options);
   }