@tangle-network/sandbox 0.0.0-develop.20260519182220.e7047bf → 0.0.0-develop.20260530132002.87cf9f6

package/dist/{sandbox-B7-dr4K1.d.ts → sandbox-CBmfYqMQ.d.ts}

@@ -1,87 +1,3 @@
-import { IntegrationActor, IntegrationManifest } from "@tangle-network/agent-integrations";
-
-//#region src/mcp.d.ts
-/**
- * MCP (Model Context Protocol) helpers for sandbox capabilities.
- *
- * The sandbox exposes capabilities (currently `computer_use`, more
- * later) as MCP tools over Streamable HTTP. Any MCP-capable client —
- * Claude Desktop, Cursor, claude-code, codex, opencode, raw
- * `@modelcontextprotocol/sdk` apps — can consume this surface by
- * pasting the JSON returned from `Sandbox#getMcpEndpoint()` (or
- * `buildSandboxMcpConfig` if you already have the URL + token) into
- * the client's MCP config.
- *
- * Security model:
- *   - Tokens are capability-scoped JWTs (claim `cap: ["computer_use"]`).
- *   - Full sandbox runtime tokens are rejected on `/mcp`; only
- *     capability-scoped tokens work there.
- *   - A scoped token cannot pivot to admin endpoints (`/exec`, `/files`,
- *     etc.) — those routes reject scoped tokens.
- *   - Tokens are short-lived. Rotate via `Sandbox#getMcpEndpoint()`,
- *     which mints a fresh token each call.
- */
-/** Default name of the MCP server entry — surfaces in the host UI. */
-declare const SANDBOX_MCP_SERVER_NAME = "tangle-sandbox";
-/**
- * MCP HTTP server entry — matches the Anthropic MCP HTTP transport
- * schema (`type: "http"`, `url`, optional `headers`). Compatible with
- * every MCP host that implements the spec.
- */
-interface SandboxMcpServerEntry {
-  type: "http";
-  url: string;
-  headers: Record<string, string>;
-}
-/**
- * `.mcp.json`-shaped config any MCP host accepts. Drop the contents of
- * `mcpServers` into your host's `mcpServers` block (Claude Desktop,
- * Cursor, claude-code's `--mcp-config`, etc.) — no host-specific
- * fields, no provider lock-in.
- */
-interface SandboxMcpConfig {
-  mcpServers: Record<string, SandboxMcpServerEntry>;
-}
-/**
- * Endpoint payload returned by `GET /v1/sandboxes/:id/mcp`. Includes
- * the canonical config plus token expiry so callers can plan
- * refreshes.
- */
-interface SandboxMcpEndpoint {
-  /** MCP host config — paste this into Cursor/Claude Desktop/etc. */
-  config: SandboxMcpConfig;
-  /** Server entry name used inside `config.mcpServers`. */
-  serverName: string;
-  /** Reachable URL for the MCP HTTP transport. */
-  url: string;
-  /** Bearer token sent by the MCP host on every request. */
-  authToken: string;
-  /** ISO-8601 expiry — the host should refresh before this. */
-  expiresAt: string;
-  /** Capabilities the token is scoped to. */
-  capabilities: ReadonlyArray<"computer_use">;
-}
-interface BuildSandboxMcpConfigOptions {
-  /** Public sandbox URL where `/mcp` is reachable. No trailing slash. */
-  sandboxUrl: string;
-  /** Capability-scoped JWT minted by the Sandbox API. */
-  authToken: string;
-  /** Override the entry name. Defaults to SANDBOX_MCP_SERVER_NAME. */
-  serverName?: string;
-}
-/**
- * Build the canonical `mcpServers` config for a sandbox MCP endpoint.
- * Pure function — no I/O, no crypto. Use this when you already have a
- * `{ url, authToken }` pair from the API and just want the JSON shape
- * to paste into a host. Most callers should use
- * `Sandbox#getMcpEndpoint()` instead, which fetches a freshly-minted
- * token from the API.
- */
-declare function buildSandboxMcpConfig(options: BuildSandboxMcpConfigOptions): {
-  serverName: string;
-  config: SandboxMcpConfig;
-};
-//#endregion
 //#region src/agent-profile.d.ts
 /**
  * Provider-neutral agent profile types for public SDK consumers.
@@ -776,37 +692,6 @@ interface CreateSandboxOptions {
   resources?: SandboxResources;
   /** Environment variables injected into the sandbox */
   env?: Record<string, string>;
-  /**
-   * Integration requirements the sandbox app needs at launch.
-   *
-   * The sandbox API resolves this manifest through id.tangle.tools,
-   * creates owner-scoped grants, and injects only a short-lived
-   * `TANGLE_INTEGRATION_BUNDLE` capability payload. Raw provider OAuth
-   * tokens and API keys never enter the sandbox environment.
-   */
-  integrationManifest?: IntegrationManifest;
-  /**
-   * Existing platform grant ids to bind to this launch.
-   *
-   * Use this for installed templates or pre-consented apps where the
-   * installer owns the connection. The sandbox API still requires
-   * `integrationManifest` so platform can fail closed if a grant does not
-   * match the declared requirements.
-   */
-  integrationGrantIds?: string[];
-  /**
-   * Grant durability for `integrationManifest`.
-   *
-   * `preview` scopes consent to this sandbox preview/session,
-   * `durable-app` is for installed/generated app instances, and
-   * `one-shot` is for a single workflow run.
-   */
-  integrationGrantMode?: "preview" | "durable-app" | "one-shot";
-  /**
-   * Logical app/agent subject receiving the grant. When omitted, the
-   * sandbox itself is the grantee and runtime subject.
-   */
-  integrationSubject?: IntegrationActor;
   /**
    * Maximum lifetime in seconds.
    * Sandbox is automatically deleted after this time.
@@ -1157,7 +1042,7 @@ interface ExecOptions {
  *
  * @example Search TypeScript files
  * ```typescript
- * const matches = await box.search("TODO", {
+ * const matches = await box.search("export function", {
  *   glob: "**\/*.ts",
  *   maxResults: 100,
  * });
@@ -1332,6 +1217,31 @@ interface PromptOptions {
   context?: Record<string, unknown>;
   /** AbortSignal for cancellation */
   signal?: AbortSignal;
+  /**
+   * Stable execution id for cross-process reconnect. When passed, the same
+   * id on a retry lands on the same substrate execution — the platform
+   * replays its buffered event stream instead of spawning a duplicate run.
+   * Forwarded as the `X-Execution-ID` header. Omit to let the SDK extract
+   * one from the response stream's `execution.started` event (in-call
+   * reconnect only).
+   */
+  executionId?: string;
+  /**
+   * Last event id the caller has already acknowledged. The substrate
+   * replays strictly after this id on reconnect. Forwarded as the
+   * `Last-Event-ID` header. Omit on first attempt.
+   */
+  lastEventId?: string;
+  /**
+   * Caller-supplied turn idempotency key. When set, a retry with the
+   * same `turnId` on the same `sessionId` short-circuits to the cached
+   * result instead of re-issuing the upstream LLM call. Generate a
+   * fresh `turnId` per logical attempt (a different user message gets
+   * a new id) and reuse it only for retries of the same intent
+   * (Stripe-style idempotency). Combine with `box.findCompletedTurn`
+   * to check completion before re-dispatching.
+   */
+  turnId?: string;
 }
 /**
  * SSE event from sandbox streaming.
@@ -1403,12 +1313,22 @@ interface SandboxTraceOptions {
    */
   includeIntelligence?: boolean;
 }
-type IntelligenceReportSubjectType = "sandbox" | "fleet" | "dispatch" | "trace_set";
+/**
+ * Subject types for an Intelligence Report.
+ *
+ * - `sandbox`: one container's run.
+ * - `fleet`: one managed grouping of sandboxes. Add `subject.dispatchId`
+ *   to narrow to a single coordinated command within the fleet
+ *   (previously a standalone `dispatch` subject type — now expressed
+ *   as a fleet refinement).
+ */
+type IntelligenceReportSubjectType = "sandbox" | "fleet";
 interface IntelligenceReport {
   jobId: string;
   subject: {
     type: IntelligenceReportSubjectType;
-    id: string;
+    id: string; /** Present when the report was narrowed to a single fleet dispatch. */
+    dispatchId?: string;
   };
   mode: "deterministic" | "agentic";
   status: "queued" | "running" | "completed" | "failed";
@@ -1429,10 +1349,41 @@ interface IntelligenceReportBudget {
   maxUsd?: number;
   billTo?: "customer" | "platform";
 }
+/**
+ * Time window for an intelligence report. Both bounds are millisecond
+ * epochs. Omit `since` to mean "from the subject's first observation";
+ * omit `until` to mean "now". `since` must be <= `until` when both are
+ * set; the server enforces this at the schema layer.
+ */
+interface IntelligenceReportWindow {
+  since?: number;
+  until?: number;
+}
+/**
+ * Comparison baseline. When present, the report includes an explicit
+ * delta between the primary subject and this baseline. Must be the
+ * same `type` as the primary subject — the analyzer rejects mixed
+ * subject-type comparisons because the delta would be meaningless.
+ *
+ * `dispatchId` is only valid when `type === "fleet"`.
+ */
+interface IntelligenceReportCompareTo {
+  type: IntelligenceReportSubjectType;
+  id: string;
+  /** Narrow the baseline to a single dispatch within the fleet. */
+  dispatchId?: string;
+}
 interface CreateIntelligenceReportOptions {
   subject: {
     type: IntelligenceReportSubjectType;
     id: string;
+    /**
+     * Narrow the analysis to a single coordinated command within a
+     * fleet. Only valid when `type === "fleet"`.
+     */
+    dispatchId?: string; /** Bound the analysis to a time window. */
+    window?: IntelligenceReportWindow; /** Compare the primary subject against a same-type baseline. */
+    compareTo?: IntelligenceReportCompareTo;
   };
   mode?: "deterministic" | "agentic";
   acknowledgeCost?: boolean;
@@ -1706,6 +1657,67 @@ interface DispatchPromptOptions extends PromptOptions {
    * by construction. */
   sessionId?: string;
 }
+/**
+ * Options for `box.messages()` — list messages on a session including
+ * mid-turn partial assistant content.
+ */
+interface ListMessagesOptions {
+  /** Session id whose messages to return (required). */
+  sessionId: string;
+  /** Max entries, default 100. Server caps at 1000. */
+  limit?: number;
+  /** Skip this many entries from the start. */
+  offset?: number;
+  /** Only return messages newer than this Unix-ms timestamp. */
+  since?: number;
+}
+/**
+ * One message on a session — user, assistant, or system. The metadata
+ * field carries the durability marker set by the sidecar:
+ *   - `status: "streaming"` and no `completed`/`interrupted` flag → turn
+ *      is in flight, OR the sidecar died before stamping a marker
+ *      (SIGKILL, OOM). The partial parts are the partial assistant
+ *      content the recorder flushed before death.
+ *   - `completed: true` + `completedAt` → turn finished normally. If a
+ *      `turnId` was supplied, its result is cached for idempotent retry.
+ *   - `interrupted: true` + `interruptedAt` + `interruptReason` → graceful
+ *      abort, timeout, or upstream error. Partial content is preserved
+ *      but not billable as a completion.
+ */
+interface SessionMessage {
+  id: string;
+  role: "user" | "assistant" | "system";
+  /** ISO timestamp string. */
+  timestamp: string;
+  /** Message parts (text, tool calls, reasoning, files). Same shape as
+   *  events emitted by `streamPrompt`. */
+  parts: unknown[];
+  /** Durability + idempotency metadata. See class doc above. */
+  metadata?: {
+    status?: "streaming" | "completed" | "interrupted";
+    completed?: boolean;
+    completedAt?: string;
+    interrupted?: boolean;
+    interruptedAt?: string;
+    interruptReason?: string;
+    turnId?: string;
+    startedAt?: string;
+    [extra: string]: unknown;
+  };
+}
+/**
+ * Returned by `box.findCompletedTurn()` — the cached result of a
+ * previously-completed turn, keyed on the caller's `turnId`.
+ */
+interface CompletedTurnResult {
+  turnId: string;
+  sessionId: string;
+  /** ISO timestamp when the turn finished. */
+  completedAt: string;
+  /** The cached AgentExecutionResult-shape payload (text, toolInvocations,
+   *  sessionId, tokenUsage, etc.). */
+  result: Record<string, unknown>;
+}
 /**
  * Returned by `box.dispatchPrompt()` — minimum the caller needs to track
  * the session afterward. The sandbox keeps running the prompt; use
@@ -3882,8 +3894,183 @@ interface FileSystem {
    */
   exists(path: string): Promise<boolean>;
 }
+/** Languages supported by the persistent code kernel. */
+type CodeLanguage = "python" | "node" | "typescript" | "bash";
+/**
+ * One structured result produced by a runCode() call. The kernel emits these
+ * alongside stdout — matplotlib figures arrive as `image`, pandas DataFrames
+ * as `dataframe`, explicit `display(value)` calls as `json` or `html`, and
+ * uncaught exceptions as `error` plus an `error` field on the result.
+ */
+type CodeResultPart = {
+  type: "text";
+  value: string;
+} | {
+  type: "json";
+  value: unknown;
+} | {
+  type: "image";
+  format: "png" | "jpeg" | "svg"; /** base64-encoded image bytes (no `data:` prefix). */
+  data: string;
+} | {
+  type: "html";
+  value: string;
+} | {
+  type: "dataframe";
+  columns: {
+    name: string;
+    dtype: string;
+  }[];
+  rows: unknown[][];
+  truncated: boolean;
+} | {
+  type: "error";
+  name: string;
+  message: string;
+  traceback?: string;
+};
+/**
+ * Outcome of a single runCode() call.
+ *
+ * `stdout`/`stderr` are the user-visible streams with frame markers stripped.
+ * `results` is the structured-result list. `error` is set when user code
+ * raised; the kernel itself stays alive and the next call reuses its state.
+ */
+interface CodeExecutionResult {
+  exitCode: number;
+  stdout: string;
+  stderr: string;
+  durationMs: number;
+  results: CodeResultPart[];
+  error?: {
+    name: string;
+    message: string;
+    traceback?: string;
+  };
+}
+/** Options for `box.runCode()`. */
+interface CodeExecutionOptions {
+  /** Session scope: kernels persist variables across calls with the same id. */
+  sessionId?: string;
+  /** Per-call timeout in ms. 0 disables. Default 60_000. */
+  timeoutMs?: number;
+  /** Extra env vars merged in for this call only. */
+  env?: Record<string, string>;
+  /** Working directory override (honored on kernel creation only). */
+  cwd?: string;
+  /**
+   * Caller-supplied dedup key. Two `runCode` calls with the same key and
+   * the same `sessionId` within a 15-minute window return the same result
+   * without re-executing — including the case where the second call arrives
+   * while the first is still running (it awaits the in-flight result).
+   *
+   * Scoped per `sessionId` so two sessions reusing the same key stay
+   * isolated. A failed execution is not cached; a retry with the same key
+   * gets a fresh attempt.
+   *
+   * For exactly-once across an outer agent loop (multi-turn tool use), pair
+   * with `box.dispatchPrompt({ sessionId, turnId })` — the agent layer
+   * dedups the whole loop, this one dedups a single code-exec call.
+   */
+  idempotencyKey?: string;
+}
+//#endregion
+//#region src/mcp.d.ts
+/**
+ * MCP (Model Context Protocol) helpers for sandbox capabilities.
+ *
+ * The sandbox exposes capabilities (currently `computer_use`, more
+ * later) as MCP tools over Streamable HTTP. Any MCP-capable client —
+ * Claude Desktop, Cursor, claude-code, codex, opencode, raw
+ * `@modelcontextprotocol/sdk` apps — can consume this surface by
+ * pasting the JSON returned from `Sandbox#getMcpEndpoint()` (or
+ * `buildSandboxMcpConfig` if you already have the URL + token) into
+ * the client's MCP config.
+ *
+ * Security model:
+ *   - Tokens are capability-scoped JWTs (claim `cap: ["computer_use"]`).
+ *   - Full sandbox runtime tokens are rejected on `/mcp`; only
+ *     capability-scoped tokens work there.
+ *   - A scoped token cannot pivot to admin endpoints (`/exec`, `/files`,
+ *     etc.) — those routes reject scoped tokens.
+ *   - Tokens are short-lived. Rotate via `Sandbox#getMcpEndpoint()`,
+ *     which mints a fresh token each call.
+ */
+/** Default name of the MCP server entry — surfaces in the host UI. */
+declare const SANDBOX_MCP_SERVER_NAME = "tangle-sandbox";
+/**
+ * MCP HTTP server entry — matches the Anthropic MCP HTTP transport
+ * schema (`type: "http"`, `url`, optional `headers`). Compatible with
+ * every MCP host that implements the spec.
+ */
+interface SandboxMcpServerEntry {
+  type: "http";
+  url: string;
+  headers: Record<string, string>;
+}
+/**
+ * `.mcp.json`-shaped config any MCP host accepts. Drop the contents of
+ * `mcpServers` into your host's `mcpServers` block (Claude Desktop,
+ * Cursor, claude-code's `--mcp-config`, etc.) — no host-specific
+ * fields, no provider lock-in.
+ */
+interface SandboxMcpConfig {
+  mcpServers: Record<string, SandboxMcpServerEntry>;
+}
+/**
+ * Endpoint payload returned by `GET /v1/sandboxes/:id/mcp`. Includes
+ * the canonical config plus token expiry so callers can plan
+ * refreshes.
+ */
+interface SandboxMcpEndpoint {
+  /** MCP host config — paste this into Cursor/Claude Desktop/etc. */
+  config: SandboxMcpConfig;
+  /** Server entry name used inside `config.mcpServers`. */
+  serverName: string;
+  /** Reachable URL for the MCP HTTP transport. */
+  url: string;
+  /** Bearer token sent by the MCP host on every request. */
+  authToken: string;
+  /** ISO-8601 expiry — the host should refresh before this. */
+  expiresAt: string;
+  /** Capabilities the token is scoped to. */
+  capabilities: ReadonlyArray<"computer_use">;
+}
+interface BuildSandboxMcpConfigOptions {
+  /** Public sandbox URL where `/mcp` is reachable. No trailing slash. */
+  sandboxUrl: string;
+  /** Capability-scoped JWT minted by the Sandbox API. */
+  authToken: string;
+  /** Override the entry name. Defaults to SANDBOX_MCP_SERVER_NAME. */
+  serverName?: string;
+}
+/**
+ * Build the canonical `mcpServers` config for a sandbox MCP endpoint.
+ * Pure function — no I/O, no crypto. Use this when you already have a
+ * `{ url, authToken }` pair from the API and just want the JSON shape
+ * to paste into a host. Most callers should use
+ * `Sandbox#getMcpEndpoint()` instead, which fetches a freshly-minted
+ * token from the API.
+ */
+declare function buildSandboxMcpConfig(options: BuildSandboxMcpConfigOptions): {
+  serverName: string;
+  config: SandboxMcpConfig;
+};
 //#endregion
 //#region src/session.d.ts
+/**
+ * The subset of `SandboxInstance` a `SandboxSession` drives. Declared here
+ * (rather than importing the concrete class) so `session.ts` stays a leaf
+ * of `sandbox.ts` — `sandbox.ts` constructs `SandboxSession`, so the reverse
+ * import would form a cycle. `SandboxInstance` satisfies this structurally.
+ */
+interface SandboxSessionHost {
+  prompt(message: string | PromptInputPart[], options?: PromptOptions): Promise<PromptResult>;
+  _sessionStatus(id: string): Promise<SessionInfo | null>;
+  _sessionEvents(id: string, opts?: SessionEventStreamOptions): AsyncGenerator<SandboxEvent>;
+  _sessionResult(id: string): Promise<PromptResult>;
+  _sessionCancel(id: string): Promise<void>;
+}
 /**
  * A single agent session inside a sandbox. Created via
  * `box.session(id)` — does not hit the network until a method is called.
@@ -3895,7 +4082,7 @@ declare class SandboxSession {
   /**
    * @internal SDK-internal constructor — apps should call `box.session(id)`.
    */
-  constructor(box: SandboxInstance, /** Stable session id assigned by the sandbox runtime. */
+  constructor(box: SandboxSessionHost, /** Stable session id assigned by the sandbox runtime. */
 
   id: string);
   /**
@@ -4166,6 +4353,34 @@ declare class SandboxInstance {
    * Execute a command in the sandbox.
    */
   exec(command: string, options?: ExecOptions): Promise<ExecResult>;
+  /**
+   * Run code in a persistent language kernel.
+   *
+   * Each `(sessionId, language)` pair gets its own long-lived kernel that
+   * keeps variable state across calls — like Jupyter cells. Without a
+   * `sessionId`, calls share a process-wide kernel per language.
+   *
+   * Returns typed results: stdout/stderr text plus a `results` array of
+   * structured outputs (matplotlib images as base64 PNG, pandas DataFrames,
+   * explicit `display(value)` calls as JSON/HTML, errors with traceback).
+   *
+   * @example Persistent Python session
+   * ```ts
+   * await box.runCode("python", "import pandas as pd; df = pd.DataFrame({'x': range(5)})", { sessionId: "s1" });
+   * const r = await box.runCode("python", "df.describe()", { sessionId: "s1" });
+   * // r.results[0] is a `dataframe` part with columns + rows from the describe()
+   * ```
+   *
+   * @example Matplotlib chart
+   * ```ts
+   * const r = await box.runCode("python",
+   *   "import matplotlib.pyplot as plt; plt.plot([1,2,3,4]); plt.show()",
+   *   { sessionId: "s1" });
+   * const png = r.results.find(p => p.type === "image");
+   * // png.data is a base64 PNG ready to render or hand back to an LLM
+   * ```
+   */
+  runCode(language: CodeLanguage, source: string, options?: CodeExecutionOptions): Promise<CodeExecutionResult>;
   /**
    * Read a file from the sandbox.
    *
@@ -4221,7 +4436,9 @@ declare class SandboxInstance {
     mode?: "deterministic" | "agentic";
     acknowledgeCost?: boolean;
     budget?: IntelligenceReportBudget;
-    metadata?: Record<string, unknown>;
+    metadata?: Record<string, unknown>; /** Bound the analysis to a time window. */
+    window?: IntelligenceReportWindow; /** Compare this sandbox against a same-type baseline sandbox. */
+    compareTo?: IntelligenceReportCompareTo;
   }): Promise<IntelligenceReport>;
   createAgenticIntelligenceReport(options: {
     maxUsd: number;
@@ -4850,6 +5067,34 @@ declare class SandboxInstance {
    * construction.
    */
   dispatchPrompt(message: string | PromptInputPart[], opts?: DispatchPromptOptions): Promise<DispatchedSession>;
+  /**
+   * List messages for a session, including in-flight assistant content
+   * the agent is still streaming. Each entry's `metadata` carries the
+   * durability marker — `status: "streaming" | "completed" | "interrupted"`,
+   * `completed/interrupted` booleans, and the caller-supplied `turnId`
+   * when one was set. See `SessionMessage` for the full contract.
+   *
+   * Polling this is the right way to detect "did the sidecar die mid-
+   * turn?" — a SIGKILL leaves the assistant message with `status:
+   * "streaming"` and no `completed`/`interrupted` marker; a graceful
+   * abort stamps `interrupted: true` explicitly.
+   */
+  messages(opts: ListMessagesOptions): Promise<SessionMessage[]>;
+  /**
+   * Look up a cached turn result by idempotency key. Returns the cached
+   * payload if a turn with this `turnId` previously completed on the
+   * given session; returns `null` if no such turn has finished yet
+   * (either it never started, or it interrupted before completion).
+   *
+   * Call this before re-issuing a `streamPrompt` / `prompt` / `task`
+   * that you might be retrying — a non-null result means the original
+   * attempt finished and you can return that to your caller instead of
+   * running the agent a second time. Only turns that reach the
+   * `completed` terminal state are cached; interrupted turns are not.
+   */
+  findCompletedTurn(turnId: string, opts: {
+    sessionId: string;
+  }): Promise<CompletedTurnResult | null>;
   /**
    * Mint a scoped, time-bounded JWT for direct browser access to this
    * sandbox (Issue #913 Gap 1). Authority is the caller's
@@ -4872,4 +5117,4 @@ declare class SandboxInstance {
   _sessionCancel(id: string): Promise<void>;
 }
 //#endregion
-export { FleetExecDispatchOptions as $, SshKeysManager as $n, SandboxClientConfig as $t, CreateIntelligenceReportOptions as A, SandboxInfo as An, defineGitHubResource as Ar, ProcessLogEntry as At, DownloadProgress as B, ScopedToken as Bn, ProvisionStatus as Bt, BatchResult as C, SandboxFleetTraceExport as Cn, AgentProfilePrompt as Cr, NetworkManager as Ct, CheckpointOptions as D, SandboxFleetWorkspaceReconcileResult as Dn, AgentProfileValidationResult as Dr, PreviewLinkManager as Dt, CheckpointInfo as E, SandboxFleetWorkspace as En, AgentProfileValidationIssue as Er, PreviewLinkInfo as Et, DeleteOptions as F, SandboxTraceBundle as Fn, SandboxMcpConfig as Fr, PromptInputPart as Ft, ExecOptions as G, SecretsManager as Gn, PublishPublicTemplateVersionOptions as Gt, DriverInfo as H, SearchMatch as Hn, PublicTemplateInfo as Ht, DirectoryPermission as I, SandboxTraceEvent as In, SandboxMcpEndpoint as Ir, PromptOptions as It, FileSystem as J, SessionListOptions as Jn, ReconcileSandboxFleetsOptions as Jt, ExecResult as K, SessionEventStreamOptions as Kn, ReapExpiredSandboxFleetsOptions as Kt, DispatchPromptOptions as L, SandboxTraceExport as Ln, SandboxMcpServerEntry as Lr, PromptResult as Lt, CreateSandboxFleetTokenOptions as M, SandboxPermissionsConfig as Mn, mergeAgentProfiles as Mr, ProcessSignal as Mt, CreateSandboxFleetWithCoordinatorOptions as N, SandboxResources as Nn, BuildSandboxMcpConfigOptions as Nr, ProcessSpawnOptions as Nt, CheckpointResult as O, SandboxFleetWorkspaceRestoreResult as On, AgentSubagentProfile as Or, Process as Ot, CreateSandboxOptions as P, SandboxStatus as Pn, SANDBOX_MCP_SERVER_NAME as Pr, ProcessStatus as Pt, FleetDispatchStreamOptions as Q, SnapshotResult as Qn, SSHCredentials as Qt, DispatchedSession as R, SandboxTraceOptions as Rn, buildSandboxMcpConfig as Rr, ProvisionEvent as Rt, BatchOptions as S, SandboxFleetTraceEvent as Sn, AgentProfilePermissionValue as Sr, NetworkConfig as St, BatchTaskResult as T, SandboxFleetUsage as Tn, AgentProfileResources as Tr, PermissionsManager as Tt, DriverType as U, SearchOptions as Un, PublicTemplateVersionInfo as Ut, DriverConfig as V, ScopedTokenScope as Vn, ProvisionStep as Vt, EventStreamOptions as W, SecretInfo as Wn, PublishPublicTemplateOptions as Wt, FleetDispatchResultBuffer as X, SnapshotInfo as Xn, RunCodeOptions as Xt, FleetDispatchCancelResult as Y, SessionStatus as Yn, ReconcileSandboxFleetsResult as Yt, FleetDispatchResultBufferOptions as Z, SnapshotOptions as Zn, SSHCommandDescriptor as Zt, BackendInfo as _, SandboxFleetManifestMachine as _n, AgentProfileCapabilities as _r, ListSandboxFleetOptions as _t, TraceExportSink as a, SandboxFleetCostEstimate as an, TeeAttestationReport as ar, ForkResult as at, BackendType as b, SandboxFleetToken as bn, AgentProfileMcpServer as br, MintScopedTokenOptions as bt, otelTraceIdForTangleTrace as c, SandboxFleetDriverCapability as cn, TeePublicKeyResponse as cr, GitCommit as ct, AcceleratorKind as d, SandboxFleetIntelligenceEnvelope as dn, UpdateUserOptions as dr, GitStatus as dt, SandboxConnection as en, StorageConfig as er, FleetExecDispatchResult as et, AccessPolicyRule as f, SandboxFleetMachine as fn, UploadOptions as fr, GpuType as ft, BackendConfig as g, SandboxFleetManifest as gn, AgentProfile as gr, ListOptions as gt, BackendCapabilities as h, SandboxFleetMachineSpec as hn, WaitForOptions as hr, IntelligenceReportBudget as ht, TraceExportResult as i, SandboxFleetArtifactSpec as in, TeeAttestationOptions as ir, ForkOptions as it, CreateSandboxFleetOptions as j, SandboxIntelligenceEnvelope as jn, defineInlineResource as jr, ProcessManager as jt, CodeResult as k, SandboxFleetWorkspaceSnapshotResult as kn, defineAgentProfile as kr, ProcessInfo as kt, toOtelJson as l, SandboxFleetDriverTimings as ln, TokenRefreshHandler as lr, GitConfig as lt, AttachSandboxFleetMachineOptions as m, SandboxFleetMachineRecord as mn, UsageInfo as mr, IntelligenceReport as mt, SandboxInstance as n, SandboxEvent as nn, TaskOptions as nr, FleetPromptDispatchOptions as nt, buildTraceExportPayload as o, SandboxFleetDispatchFailureClass as on, TeeAttestationResponse as or, GitAuth as ot, AddUserOptions as p, SandboxFleetMachineMeteredUsage as pn, UploadProgress as pr, InstalledTool as pt, FileInfo as q, SessionInfo as qn, ReapExpiredSandboxFleetsResult as qt, TraceExportFormat as r, SandboxFleetArtifact as rn, TaskResult as rr, FleetPromptDispatchResult as rt, exportTraceBundle as s, SandboxFleetDispatchResponse as sn, TeePublicKey as sr, GitBranch as st, HttpClient as t, SandboxEnvironment as tn, SubscriptionInfo as tr, FleetMachineId as tt, SandboxSession as u, SandboxFleetInfo as un, ToolsConfig as ur, GitDiff as ut, BackendManager as v, SandboxFleetOperationsSummary as vn, AgentProfileConfidential as vr, ListSandboxOptions as vt, BatchTask as w, SandboxFleetTraceOptions as wn, AgentProfileResourceRef as wr, PermissionLevel as wt, BatchEvent as x, SandboxFleetTraceBundle as xn, AgentProfileModelHints as xr, MkdirOptions as xt, BackendStatus as y, SandboxFleetPolicy as yn, AgentProfileFileMount as yr, McpServerConfig as yt, DownloadOptions as z, SandboxUser as zn, ProvisionResult as zt };
+export { DriverInfo as $, SandboxTraceOptions as $n, ProvisionEvent as $t, BatchTask as A, SandboxFleetMachineSpec as An, UsageInfo as Ar, ListMessagesOptions as At, CompletedTurnResult as B, SandboxFleetUsage as Bn, AgentProfileResourceRef as Br, PermissionsManager as Bt, BackendInfo as C, SandboxFleetDriverCapability as Cn, TeePublicKey as Cr, GpuType as Ct, BatchEvent as D, SandboxFleetMachine as Dn, UpdateUserOptions as Dr, IntelligenceReportCompareTo as Dt, BackendType as E, SandboxFleetIntelligenceEnvelope as En, ToolsConfig as Er, IntelligenceReportBudget as Et, CodeExecutionOptions as F, SandboxFleetToken as Fn, AgentProfileFileMount as Fr, MintScopedTokenOptions as Ft, CreateSandboxOptions as G, SandboxInfo as Gn, defineAgentProfile as Gr, ProcessLogEntry as Gt, CreateSandboxFleetOptions as H, SandboxFleetWorkspaceReconcileResult as Hn, AgentProfileValidationIssue as Hr, PreviewLinkManager as Ht, CodeExecutionResult as I, SandboxFleetTraceBundle as In, AgentProfileMcpServer as Ir, MkdirOptions as It, DispatchPromptOptions as J, SandboxResources as Jn, mergeAgentProfiles as Jr, ProcessSpawnOptions as Jt, DeleteOptions as K, SandboxIntelligenceEnvelope as Kn, defineGitHubResource as Kr, ProcessManager as Kt, CodeLanguage as L, SandboxFleetTraceEvent as Ln, AgentProfileModelHints as Lr, NetworkConfig as Lt, CheckpointInfo as M, SandboxFleetManifestMachine as Mn, AgentProfile as Mr, ListSandboxFleetOptions as Mt, CheckpointOptions as N, SandboxFleetOperationsSummary as Nn, AgentProfileCapabilities as Nr, ListSandboxOptions as Nt, BatchOptions as O, SandboxFleetMachineMeteredUsage as On, UploadOptions as Or, IntelligenceReportSubjectType as Ot, CheckpointResult as P, SandboxFleetPolicy as Pn, AgentProfileConfidential as Pr, McpServerConfig as Pt, DriverConfig as Q, SandboxTraceExport as Qn, PromptResult as Qt, CodeResult as R, SandboxFleetTraceExport as Rn, AgentProfilePermissionValue as Rr, NetworkManager as Rt, BackendConfig as S, SandboxFleetDispatchResponse as Sn, TeeAttestationResponse as Sr, GitStatus as St, BackendStatus as T, SandboxFleetInfo as Tn, TokenRefreshHandler as Tr, IntelligenceReport as Tt, CreateSandboxFleetTokenOptions as U, SandboxFleetWorkspaceRestoreResult as Un, AgentProfileValidationResult as Ur, Process as Ut, CreateIntelligenceReportOptions as V, SandboxFleetWorkspace as Vn, AgentProfileResources as Vr, PreviewLinkInfo as Vt, CreateSandboxFleetWithCoordinatorOptions as W, SandboxFleetWorkspaceSnapshotResult as Wn, AgentSubagentProfile as Wr, ProcessInfo as Wt, DownloadOptions as X, SandboxTraceBundle as Xn, PromptInputPart as Xt, DispatchedSession as Y, SandboxStatus as Yn, ProcessStatus as Yt, DownloadProgress as Z, SandboxTraceEvent as Zn, PromptOptions as Zt, AcceleratorKind as _, SandboxEvent as _n, SubscriptionInfo as _r, GitAuth as _t, TraceExportSink as a, PublishPublicTemplateOptions as an, SecretInfo as ar, FileSystem as at, AttachSandboxFleetMachineOptions as b, SandboxFleetCostEstimate as bn, TeeAttestationOptions as br, GitConfig as bt, otelTraceIdForTangleTrace as c, ReapExpiredSandboxFleetsResult as cn, SessionInfo as cr, FleetDispatchResultBufferOptions as ct, BuildSandboxMcpConfigOptions as d, RunCodeOptions as dn, SessionStatus as dr, FleetExecDispatchResult as dt, ProvisionResult as en, SandboxUser as er, DriverType as et, SANDBOX_MCP_SERVER_NAME as f, SSHCommandDescriptor as fn, SnapshotInfo as fr, FleetMachineId as ft, buildSandboxMcpConfig as g, SandboxEnvironment as gn, StorageConfig as gr, ForkResult as gt, SandboxMcpServerEntry as h, SandboxConnection as hn, SshKeysManager as hr, ForkOptions as ht, TraceExportResult as i, PublicTemplateVersionInfo as in, SearchOptions as ir, FileInfo as it, BatchTaskResult as j, SandboxFleetManifest as jn, WaitForOptions as jr, ListOptions as jt, BatchResult as k, SandboxFleetMachineRecord as kn, UploadProgress as kr, IntelligenceReportWindow as kt, toOtelJson as l, ReconcileSandboxFleetsOptions as ln, SessionListOptions as lr, FleetDispatchStreamOptions as lt, SandboxMcpEndpoint as m, SandboxClientConfig as mn, SnapshotResult as mr, FleetPromptDispatchResult as mt, SandboxInstance as n, ProvisionStep as nn, ScopedTokenScope as nr, ExecOptions as nt, buildTraceExportPayload as o, PublishPublicTemplateVersionOptions as on, SecretsManager as or, FleetDispatchCancelResult as ot, SandboxMcpConfig as p, SSHCredentials as pn, SnapshotOptions as pr, FleetPromptDispatchOptions as pt, DirectoryPermission as q, SandboxPermissionsConfig as qn, defineInlineResource as qr, ProcessSignal as qt, TraceExportFormat as r, PublicTemplateInfo as rn, SearchMatch as rr, ExecResult as rt, exportTraceBundle as s, ReapExpiredSandboxFleetsOptions as sn, SessionEventStreamOptions as sr, FleetDispatchResultBuffer as st, HttpClient as t, ProvisionStatus as tn, ScopedToken as tr, EventStreamOptions as tt, SandboxSession as u, ReconcileSandboxFleetsResult as un, SessionMessage as ur, FleetExecDispatchOptions as ut, AccessPolicyRule as v, SandboxFleetArtifact as vn, TaskOptions as vr, GitBranch as vt, BackendManager as w, SandboxFleetDriverTimings as wn, TeePublicKeyResponse as wr, InstalledTool as wt, BackendCapabilities as x, SandboxFleetDispatchFailureClass as xn, TeeAttestationReport as xr, GitDiff as xt, AddUserOptions as y, SandboxFleetArtifactSpec as yn, TaskResult as yr, GitCommit as yt, CodeResultPart as z, SandboxFleetTraceOptions as zn, AgentProfilePrompt as zr, PermissionLevel as zt };