@tangle-network/sandbox 0.2.1 → 0.4.0

package/dist/{sandbox-aBpWqler.d.ts → sandbox-CBmfYqMQ.d.ts}

@@ -1,87 +1,3 @@
-import { IntegrationActor, IntegrationManifest } from "@tangle-network/agent-integrations";
-
-//#region src/mcp.d.ts
-/**
- * MCP (Model Context Protocol) helpers for sandbox capabilities.
- *
- * The sandbox exposes capabilities (currently `computer_use`, more
- * later) as MCP tools over Streamable HTTP. Any MCP-capable client —
- * Claude Desktop, Cursor, claude-code, codex, opencode, raw
- * `@modelcontextprotocol/sdk` apps — can consume this surface by
- * pasting the JSON returned from `Sandbox#getMcpEndpoint()` (or
- * `buildSandboxMcpConfig` if you already have the URL + token) into
- * the client's MCP config.
- *
- * Security model:
- *   - Tokens are capability-scoped JWTs (claim `cap: ["computer_use"]`).
- *   - Full sandbox runtime tokens are rejected on `/mcp`; only
- *     capability-scoped tokens work there.
- *   - A scoped token cannot pivot to admin endpoints (`/exec`, `/files`,
- *     etc.) — those routes reject scoped tokens.
- *   - Tokens are short-lived. Rotate via `Sandbox#getMcpEndpoint()`,
- *     which mints a fresh token each call.
- */
-/** Default name of the MCP server entry — surfaces in the host UI. */
-declare const SANDBOX_MCP_SERVER_NAME = "tangle-sandbox";
-/**
- * MCP HTTP server entry — matches the Anthropic MCP HTTP transport
- * schema (`type: "http"`, `url`, optional `headers`). Compatible with
- * every MCP host that implements the spec.
- */
-interface SandboxMcpServerEntry {
-  type: "http";
-  url: string;
-  headers: Record<string, string>;
-}
-/**
- * `.mcp.json`-shaped config any MCP host accepts. Drop the contents of
- * `mcpServers` into your host's `mcpServers` block (Claude Desktop,
- * Cursor, claude-code's `--mcp-config`, etc.) — no host-specific
- * fields, no provider lock-in.
- */
-interface SandboxMcpConfig {
-  mcpServers: Record<string, SandboxMcpServerEntry>;
-}
-/**
- * Endpoint payload returned by `GET /v1/sandboxes/:id/mcp`. Includes
- * the canonical config plus token expiry so callers can plan
- * refreshes.
- */
-interface SandboxMcpEndpoint {
-  /** MCP host config — paste this into Cursor/Claude Desktop/etc. */
-  config: SandboxMcpConfig;
-  /** Server entry name used inside `config.mcpServers`. */
-  serverName: string;
-  /** Reachable URL for the MCP HTTP transport. */
-  url: string;
-  /** Bearer token sent by the MCP host on every request. */
-  authToken: string;
-  /** ISO-8601 expiry — the host should refresh before this. */
-  expiresAt: string;
-  /** Capabilities the token is scoped to. */
-  capabilities: ReadonlyArray<"computer_use">;
-}
-interface BuildSandboxMcpConfigOptions {
-  /** Public sandbox URL where `/mcp` is reachable. No trailing slash. */
-  sandboxUrl: string;
-  /** Capability-scoped JWT minted by the Sandbox API. */
-  authToken: string;
-  /** Override the entry name. Defaults to SANDBOX_MCP_SERVER_NAME. */
-  serverName?: string;
-}
-/**
- * Build the canonical `mcpServers` config for a sandbox MCP endpoint.
- * Pure function — no I/O, no crypto. Use this when you already have a
- * `{ url, authToken }` pair from the API and just want the JSON shape
- * to paste into a host. Most callers should use
- * `Sandbox#getMcpEndpoint()` instead, which fetches a freshly-minted
- * token from the API.
- */
-declare function buildSandboxMcpConfig(options: BuildSandboxMcpConfigOptions): {
-  serverName: string;
-  config: SandboxMcpConfig;
-};
-//#endregion
 //#region src/agent-profile.d.ts
 /**
  * Provider-neutral agent profile types for public SDK consumers.
@@ -776,37 +692,6 @@ interface CreateSandboxOptions {
   resources?: SandboxResources;
   /** Environment variables injected into the sandbox */
   env?: Record<string, string>;
-  /**
-   * Integration requirements the sandbox app needs at launch.
-   *
-   * The sandbox API resolves this manifest through id.tangle.tools,
-   * creates owner-scoped grants, and injects only a short-lived
-   * `TANGLE_INTEGRATION_BUNDLE` capability payload. Raw provider OAuth
-   * tokens and API keys never enter the sandbox environment.
-   */
-  integrationManifest?: IntegrationManifest;
-  /**
-   * Existing platform grant ids to bind to this launch.
-   *
-   * Use this for installed templates or pre-consented apps where the
-   * installer owns the connection. The sandbox API still requires
-   * `integrationManifest` so platform can fail closed if a grant does not
-   * match the declared requirements.
-   */
-  integrationGrantIds?: string[];
-  /**
-   * Grant durability for `integrationManifest`.
-   *
-   * `preview` scopes consent to this sandbox preview/session,
-   * `durable-app` is for installed/generated app instances, and
-   * `one-shot` is for a single workflow run.
-   */
-  integrationGrantMode?: "preview" | "durable-app" | "one-shot";
-  /**
-   * Logical app/agent subject receiving the grant. When omitted, the
-   * sandbox itself is the grantee and runtime subject.
-   */
-  integrationSubject?: IntegrationActor;
   /**
    * Maximum lifetime in seconds.
    * Sandbox is automatically deleted after this time.
@@ -1334,7 +1219,7 @@ interface PromptOptions {
   signal?: AbortSignal;
   /**
    * Stable execution id for cross-process reconnect. When passed, the same
-   * id on a retry lands on the same substrate execution — the orchestrator
+   * id on a retry lands on the same substrate execution — the platform
    * replays its buffered event stream instead of spawning a duplicate run.
    * Forwarded as the `X-Execution-ID` header. Omit to let the SDK extract
    * one from the response stream's `execution.started` event (in-call
@@ -1347,6 +1232,16 @@ interface PromptOptions {
    * `Last-Event-ID` header. Omit on first attempt.
    */
   lastEventId?: string;
+  /**
+   * Caller-supplied turn idempotency key. When set, a retry with the
+   * same `turnId` on the same `sessionId` short-circuits to the cached
+   * result instead of re-issuing the upstream LLM call. Generate a
+   * fresh `turnId` per logical attempt (a different user message gets
+   * a new id) and reuse it only for retries of the same intent
+   * (Stripe-style idempotency). Combine with `box.findCompletedTurn`
+   * to check completion before re-dispatching.
+   */
+  turnId?: string;
 }
 /**
  * SSE event from sandbox streaming.
@@ -1762,6 +1657,67 @@ interface DispatchPromptOptions extends PromptOptions {
    * by construction. */
   sessionId?: string;
 }
+/**
+ * Options for `box.messages()` — list messages on a session including
+ * mid-turn partial assistant content.
+ */
+interface ListMessagesOptions {
+  /** Session id whose messages to return (required). */
+  sessionId: string;
+  /** Max entries, default 100. Server caps at 1000. */
+  limit?: number;
+  /** Skip this many entries from the start. */
+  offset?: number;
+  /** Only return messages newer than this Unix-ms timestamp. */
+  since?: number;
+}
+/**
+ * One message on a session — user, assistant, or system. The metadata
+ * field carries the durability marker set by the sidecar:
+ *   - `status: "streaming"` and no `completed`/`interrupted` flag → turn
+ *      is in flight, OR the sidecar died before stamping a marker
+ *      (SIGKILL, OOM). The partial parts are the partial assistant
+ *      content the recorder flushed before death.
+ *   - `completed: true` + `completedAt` → turn finished normally. If a
+ *      `turnId` was supplied, its result is cached for idempotent retry.
+ *   - `interrupted: true` + `interruptedAt` + `interruptReason` → graceful
+ *      abort, timeout, or upstream error. Partial content is preserved
+ *      but not billable as a completion.
+ */
+interface SessionMessage {
+  id: string;
+  role: "user" | "assistant" | "system";
+  /** ISO timestamp string. */
+  timestamp: string;
+  /** Message parts (text, tool calls, reasoning, files). Same shape as
+   *  events emitted by `streamPrompt`. */
+  parts: unknown[];
+  /** Durability + idempotency metadata. See class doc above. */
+  metadata?: {
+    status?: "streaming" | "completed" | "interrupted";
+    completed?: boolean;
+    completedAt?: string;
+    interrupted?: boolean;
+    interruptedAt?: string;
+    interruptReason?: string;
+    turnId?: string;
+    startedAt?: string;
+    [extra: string]: unknown;
+  };
+}
+/**
+ * Returned by `box.findCompletedTurn()` — the cached result of a
+ * previously-completed turn, keyed on the caller's `turnId`.
+ */
+interface CompletedTurnResult {
+  turnId: string;
+  sessionId: string;
+  /** ISO timestamp when the turn finished. */
+  completedAt: string;
+  /** The cached AgentExecutionResult-shape payload (text, toolInvocations,
+   *  sessionId, tokenUsage, etc.). */
+  result: Record<string, unknown>;
+}
 /**
  * Returned by `box.dispatchPrompt()` — minimum the caller needs to track
  * the session afterward. The sandbox keeps running the prompt; use
@@ -3938,6 +3894,168 @@ interface FileSystem {
    */
   exists(path: string): Promise<boolean>;
 }
+/** Languages supported by the persistent code kernel. */
+type CodeLanguage = "python" | "node" | "typescript" | "bash";
+/**
+ * One structured result produced by a runCode() call. The kernel emits these
+ * alongside stdout — matplotlib figures arrive as `image`, pandas DataFrames
+ * as `dataframe`, explicit `display(value)` calls as `json` or `html`, and
+ * uncaught exceptions as `error` plus an `error` field on the result.
+ */
+type CodeResultPart = {
+  type: "text";
+  value: string;
+} | {
+  type: "json";
+  value: unknown;
+} | {
+  type: "image";
+  format: "png" | "jpeg" | "svg"; /** base64-encoded image bytes (no `data:` prefix). */
+  data: string;
+} | {
+  type: "html";
+  value: string;
+} | {
+  type: "dataframe";
+  columns: {
+    name: string;
+    dtype: string;
+  }[];
+  rows: unknown[][];
+  truncated: boolean;
+} | {
+  type: "error";
+  name: string;
+  message: string;
+  traceback?: string;
+};
+/**
+ * Outcome of a single runCode() call.
+ *
+ * `stdout`/`stderr` are the user-visible streams with frame markers stripped.
+ * `results` is the structured-result list. `error` is set when user code
+ * raised; the kernel itself stays alive and the next call reuses its state.
+ */
+interface CodeExecutionResult {
+  exitCode: number;
+  stdout: string;
+  stderr: string;
+  durationMs: number;
+  results: CodeResultPart[];
+  error?: {
+    name: string;
+    message: string;
+    traceback?: string;
+  };
+}
+/** Options for `box.runCode()`. */
+interface CodeExecutionOptions {
+  /** Session scope: kernels persist variables across calls with the same id. */
+  sessionId?: string;
+  /** Per-call timeout in ms. 0 disables. Default 60_000. */
+  timeoutMs?: number;
+  /** Extra env vars merged in for this call only. */
+  env?: Record<string, string>;
+  /** Working directory override (honored on kernel creation only). */
+  cwd?: string;
+  /**
+   * Caller-supplied dedup key. Two `runCode` calls with the same key and
+   * the same `sessionId` within a 15-minute window return the same result
+   * without re-executing — including the case where the second call arrives
+   * while the first is still running (it awaits the in-flight result).
+   *
+   * Scoped per `sessionId` so two sessions reusing the same key stay
+   * isolated. A failed execution is not cached; a retry with the same key
+   * gets a fresh attempt.
+   *
+   * For exactly-once across an outer agent loop (multi-turn tool use), pair
+   * with `box.dispatchPrompt({ sessionId, turnId })` — the agent layer
+   * dedups the whole loop, this one dedups a single code-exec call.
+   */
+  idempotencyKey?: string;
+}
+//#endregion
+//#region src/mcp.d.ts
+/**
+ * MCP (Model Context Protocol) helpers for sandbox capabilities.
+ *
+ * The sandbox exposes capabilities (currently `computer_use`, more
+ * later) as MCP tools over Streamable HTTP. Any MCP-capable client —
+ * Claude Desktop, Cursor, claude-code, codex, opencode, raw
+ * `@modelcontextprotocol/sdk` apps — can consume this surface by
+ * pasting the JSON returned from `Sandbox#getMcpEndpoint()` (or
+ * `buildSandboxMcpConfig` if you already have the URL + token) into
+ * the client's MCP config.
+ *
+ * Security model:
+ *   - Tokens are capability-scoped JWTs (claim `cap: ["computer_use"]`).
+ *   - Full sandbox runtime tokens are rejected on `/mcp`; only
+ *     capability-scoped tokens work there.
+ *   - A scoped token cannot pivot to admin endpoints (`/exec`, `/files`,
+ *     etc.) — those routes reject scoped tokens.
+ *   - Tokens are short-lived. Rotate via `Sandbox#getMcpEndpoint()`,
+ *     which mints a fresh token each call.
+ */
+/** Default name of the MCP server entry — surfaces in the host UI. */
+declare const SANDBOX_MCP_SERVER_NAME = "tangle-sandbox";
+/**
+ * MCP HTTP server entry — matches the Anthropic MCP HTTP transport
+ * schema (`type: "http"`, `url`, optional `headers`). Compatible with
+ * every MCP host that implements the spec.
+ */
+interface SandboxMcpServerEntry {
+  type: "http";
+  url: string;
+  headers: Record<string, string>;
+}
+/**
+ * `.mcp.json`-shaped config any MCP host accepts. Drop the contents of
+ * `mcpServers` into your host's `mcpServers` block (Claude Desktop,
+ * Cursor, claude-code's `--mcp-config`, etc.) — no host-specific
+ * fields, no provider lock-in.
+ */
+interface SandboxMcpConfig {
+  mcpServers: Record<string, SandboxMcpServerEntry>;
+}
+/**
+ * Endpoint payload returned by `GET /v1/sandboxes/:id/mcp`. Includes
+ * the canonical config plus token expiry so callers can plan
+ * refreshes.
+ */
+interface SandboxMcpEndpoint {
+  /** MCP host config — paste this into Cursor/Claude Desktop/etc. */
+  config: SandboxMcpConfig;
+  /** Server entry name used inside `config.mcpServers`. */
+  serverName: string;
+  /** Reachable URL for the MCP HTTP transport. */
+  url: string;
+  /** Bearer token sent by the MCP host on every request. */
+  authToken: string;
+  /** ISO-8601 expiry — the host should refresh before this. */
+  expiresAt: string;
+  /** Capabilities the token is scoped to. */
+  capabilities: ReadonlyArray<"computer_use">;
+}
+interface BuildSandboxMcpConfigOptions {
+  /** Public sandbox URL where `/mcp` is reachable. No trailing slash. */
+  sandboxUrl: string;
+  /** Capability-scoped JWT minted by the Sandbox API. */
+  authToken: string;
+  /** Override the entry name. Defaults to SANDBOX_MCP_SERVER_NAME. */
+  serverName?: string;
+}
+/**
+ * Build the canonical `mcpServers` config for a sandbox MCP endpoint.
+ * Pure function — no I/O, no crypto. Use this when you already have a
+ * `{ url, authToken }` pair from the API and just want the JSON shape
+ * to paste into a host. Most callers should use
+ * `Sandbox#getMcpEndpoint()` instead, which fetches a freshly-minted
+ * token from the API.
+ */
+declare function buildSandboxMcpConfig(options: BuildSandboxMcpConfigOptions): {
+  serverName: string;
+  config: SandboxMcpConfig;
+};
 //#endregion
 //#region src/session.d.ts
 /**
@@ -4235,6 +4353,34 @@ declare class SandboxInstance {
    * Execute a command in the sandbox.
    */
   exec(command: string, options?: ExecOptions): Promise<ExecResult>;
+  /**
+   * Run code in a persistent language kernel.
+   *
+   * Each `(sessionId, language)` pair gets its own long-lived kernel that
+   * keeps variable state across calls — like Jupyter cells. Without a
+   * `sessionId`, calls share a process-wide kernel per language.
+   *
+   * Returns typed results: stdout/stderr text plus a `results` array of
+   * structured outputs (matplotlib images as base64 PNG, pandas DataFrames,
+   * explicit `display(value)` calls as JSON/HTML, errors with traceback).
+   *
+   * @example Persistent Python session
+   * ```ts
+   * await box.runCode("python", "import pandas as pd; df = pd.DataFrame({'x': range(5)})", { sessionId: "s1" });
+   * const r = await box.runCode("python", "df.describe()", { sessionId: "s1" });
+   * // r.results[0] is a `dataframe` part with columns + rows from the describe()
+   * ```
+   *
+   * @example Matplotlib chart
+   * ```ts
+   * const r = await box.runCode("python",
+   *   "import matplotlib.pyplot as plt; plt.plot([1,2,3,4]); plt.show()",
+   *   { sessionId: "s1" });
+   * const png = r.results.find(p => p.type === "image");
+   * // png.data is a base64 PNG ready to render or hand back to an LLM
+   * ```
+   */
+  runCode(language: CodeLanguage, source: string, options?: CodeExecutionOptions): Promise<CodeExecutionResult>;
   /**
    * Read a file from the sandbox.
    *
@@ -4921,6 +5067,34 @@ declare class SandboxInstance {
    * construction.
    */
   dispatchPrompt(message: string | PromptInputPart[], opts?: DispatchPromptOptions): Promise<DispatchedSession>;
+  /**
+   * List messages for a session, including in-flight assistant content
+   * the agent is still streaming. Each entry's `metadata` carries the
+   * durability marker — `status: "streaming" | "completed" | "interrupted"`,
+   * `completed/interrupted` booleans, and the caller-supplied `turnId`
+   * when one was set. See `SessionMessage` for the full contract.
+   *
+   * Polling this is the right way to detect "did the sidecar die mid-
+   * turn?" — a SIGKILL leaves the assistant message with `status:
+   * "streaming"` and no `completed`/`interrupted` marker; a graceful
+   * abort stamps `interrupted: true` explicitly.
+   */
+  messages(opts: ListMessagesOptions): Promise<SessionMessage[]>;
+  /**
+   * Look up a cached turn result by idempotency key. Returns the cached
+   * payload if a turn with this `turnId` previously completed on the
+   * given session; returns `null` if no such turn has finished yet
+   * (either it never started, or it interrupted before completion).
+   *
+   * Call this before re-issuing a `streamPrompt` / `prompt` / `task`
+   * that you might be retrying — a non-null result means the original
+   * attempt finished and you can return that to your caller instead of
+   * running the agent a second time. Only turns that reach the
+   * `completed` terminal state are cached; interrupted turns are not.
+   */
+  findCompletedTurn(turnId: string, opts: {
+    sessionId: string;
+  }): Promise<CompletedTurnResult | null>;
   /**
    * Mint a scoped, time-bounded JWT for direct browser access to this
    * sandbox (Issue #913 Gap 1). Authority is the caller's
@@ -4943,4 +5117,4 @@ declare class SandboxInstance {
   _sessionCancel(id: string): Promise<void>;
 }
 //#endregion
-export { FleetExecDispatchOptions as $, SnapshotInfo as $n, RunCodeOptions as $t, CreateIntelligenceReportOptions as A, SandboxFleetWorkspaceReconcileResult as An, AgentProfileValidationResult as Ar, PreviewLinkManager as At, DownloadProgress as B, SandboxTraceExport as Bn, SandboxMcpServerEntry as Br, PromptResult as Bt, BatchResult as C, SandboxFleetToken as Cn, AgentProfileMcpServer as Cr, MintScopedTokenOptions as Ct, CheckpointOptions as D, SandboxFleetTraceOptions as Dn, AgentProfileResourceRef as Dr, PermissionLevel as Dt, CheckpointInfo as E, SandboxFleetTraceExport as En, AgentProfilePrompt as Er, NetworkManager as Et, DeleteOptions as F, SandboxPermissionsConfig as Fn, mergeAgentProfiles as Fr, ProcessSignal as Ft, ExecOptions as G, SearchMatch as Gn, PublicTemplateInfo as Gt, DriverInfo as H, SandboxUser as Hn, ProvisionResult as Ht, DirectoryPermission as I, SandboxResources as In, BuildSandboxMcpConfigOptions as Ir, ProcessSpawnOptions as It, FileSystem as J, SecretsManager as Jn, PublishPublicTemplateVersionOptions as Jt, ExecResult as K, SearchOptions as Kn, PublicTemplateVersionInfo as Kt, DispatchPromptOptions as L, SandboxStatus as Ln, SANDBOX_MCP_SERVER_NAME as Lr, ProcessStatus as Lt, CreateSandboxFleetTokenOptions as M, SandboxFleetWorkspaceSnapshotResult as Mn, defineAgentProfile as Mr, ProcessInfo as Mt, CreateSandboxFleetWithCoordinatorOptions as N, SandboxInfo as Nn, defineGitHubResource as Nr, ProcessLogEntry as Nt, CheckpointResult as O, SandboxFleetUsage as On, AgentProfileResources as Or, PermissionsManager as Ot, CreateSandboxOptions as P, SandboxIntelligenceEnvelope as Pn, defineInlineResource as Pr, ProcessManager as Pt, FleetDispatchStreamOptions as Q, SessionStatus as Qn, ReconcileSandboxFleetsResult as Qt, DispatchedSession as R, SandboxTraceBundle as Rn, SandboxMcpConfig as Rr, PromptInputPart as Rt, BatchOptions as S, SandboxFleetPolicy as Sn, AgentProfileFileMount as Sr, McpServerConfig as St, BatchTaskResult as T, SandboxFleetTraceEvent as Tn, AgentProfilePermissionValue as Tr, NetworkConfig as Tt, DriverType as U, ScopedToken as Un, ProvisionStatus as Ut, DriverConfig as V, SandboxTraceOptions as Vn, buildSandboxMcpConfig as Vr, ProvisionEvent as Vt, EventStreamOptions as W, ScopedTokenScope as Wn, ProvisionStep as Wt, FleetDispatchResultBuffer as X, SessionInfo as Xn, ReapExpiredSandboxFleetsResult as Xt, FleetDispatchCancelResult as Y, SessionEventStreamOptions as Yn, ReapExpiredSandboxFleetsOptions as Yt, FleetDispatchResultBufferOptions as Z, SessionListOptions as Zn, ReconcileSandboxFleetsOptions as Zt, BackendInfo as _, SandboxFleetMachineRecord as _n, UsageInfo as _r, IntelligenceReportSubjectType as _t, TraceExportSink as a, SandboxEvent as an, TaskOptions as ar, ForkResult as at, BackendType as b, SandboxFleetManifestMachine as bn, AgentProfileCapabilities as br, ListSandboxFleetOptions as bt, otelTraceIdForTangleTrace as c, SandboxFleetCostEstimate as cn, TeeAttestationReport as cr, GitCommit as ct, AcceleratorKind as d, SandboxFleetDriverCapability as dn, TeePublicKeyResponse as dr, GitStatus as dt, SSHCommandDescriptor as en, SnapshotOptions as er, FleetExecDispatchResult as et, AccessPolicyRule as f, SandboxFleetDriverTimings as fn, TokenRefreshHandler as fr, GpuType as ft, BackendConfig as g, SandboxFleetMachineMeteredUsage as gn, UploadProgress as gr, IntelligenceReportCompareTo as gt, BackendCapabilities as h, SandboxFleetMachine as hn, UploadOptions as hr, IntelligenceReportBudget as ht, TraceExportResult as i, SandboxEnvironment as in, SubscriptionInfo as ir, ForkOptions as it, CreateSandboxFleetOptions as j, SandboxFleetWorkspaceRestoreResult as jn, AgentSubagentProfile as jr, Process as jt, CodeResult as k, SandboxFleetWorkspace as kn, AgentProfileValidationIssue as kr, PreviewLinkInfo as kt, toOtelJson as l, SandboxFleetDispatchFailureClass as ln, TeeAttestationResponse as lr, GitConfig as lt, AttachSandboxFleetMachineOptions as m, SandboxFleetIntelligenceEnvelope as mn, UpdateUserOptions as mr, IntelligenceReport as mt, SandboxInstance as n, SandboxClientConfig as nn, SshKeysManager as nr, FleetPromptDispatchOptions as nt, buildTraceExportPayload as o, SandboxFleetArtifact as on, TaskResult as or, GitAuth as ot, AddUserOptions as p, SandboxFleetInfo as pn, ToolsConfig as pr, InstalledTool as pt, FileInfo as q, SecretInfo as qn, PublishPublicTemplateOptions as qt, TraceExportFormat as r, SandboxConnection as rn, StorageConfig as rr, FleetPromptDispatchResult as rt, exportTraceBundle as s, SandboxFleetArtifactSpec as sn, TeeAttestationOptions as sr, GitBranch as st, HttpClient as t, SSHCredentials as tn, SnapshotResult as tr, FleetMachineId as tt, SandboxSession as u, SandboxFleetDispatchResponse as un, TeePublicKey as ur, GitDiff as ut, BackendManager as v, SandboxFleetMachineSpec as vn, WaitForOptions as vr, IntelligenceReportWindow as vt, BatchTask as w, SandboxFleetTraceBundle as wn, AgentProfileModelHints as wr, MkdirOptions as wt, BatchEvent as x, SandboxFleetOperationsSummary as xn, AgentProfileConfidential as xr, ListSandboxOptions as xt, BackendStatus as y, SandboxFleetManifest as yn, AgentProfile as yr, ListOptions as yt, DownloadOptions as z, SandboxTraceEvent as zn, SandboxMcpEndpoint as zr, PromptOptions as zt };
+export { DriverInfo as $, SandboxTraceOptions as $n, ProvisionEvent as $t, BatchTask as A, SandboxFleetMachineSpec as An, UsageInfo as Ar, ListMessagesOptions as At, CompletedTurnResult as B, SandboxFleetUsage as Bn, AgentProfileResourceRef as Br, PermissionsManager as Bt, BackendInfo as C, SandboxFleetDriverCapability as Cn, TeePublicKey as Cr, GpuType as Ct, BatchEvent as D, SandboxFleetMachine as Dn, UpdateUserOptions as Dr, IntelligenceReportCompareTo as Dt, BackendType as E, SandboxFleetIntelligenceEnvelope as En, ToolsConfig as Er, IntelligenceReportBudget as Et, CodeExecutionOptions as F, SandboxFleetToken as Fn, AgentProfileFileMount as Fr, MintScopedTokenOptions as Ft, CreateSandboxOptions as G, SandboxInfo as Gn, defineAgentProfile as Gr, ProcessLogEntry as Gt, CreateSandboxFleetOptions as H, SandboxFleetWorkspaceReconcileResult as Hn, AgentProfileValidationIssue as Hr, PreviewLinkManager as Ht, CodeExecutionResult as I, SandboxFleetTraceBundle as In, AgentProfileMcpServer as Ir, MkdirOptions as It, DispatchPromptOptions as J, SandboxResources as Jn, mergeAgentProfiles as Jr, ProcessSpawnOptions as Jt, DeleteOptions as K, SandboxIntelligenceEnvelope as Kn, defineGitHubResource as Kr, ProcessManager as Kt, CodeLanguage as L, SandboxFleetTraceEvent as Ln, AgentProfileModelHints as Lr, NetworkConfig as Lt, CheckpointInfo as M, SandboxFleetManifestMachine as Mn, AgentProfile as Mr, ListSandboxFleetOptions as Mt, CheckpointOptions as N, SandboxFleetOperationsSummary as Nn, AgentProfileCapabilities as Nr, ListSandboxOptions as Nt, BatchOptions as O, SandboxFleetMachineMeteredUsage as On, UploadOptions as Or, IntelligenceReportSubjectType as Ot, CheckpointResult as P, SandboxFleetPolicy as Pn, AgentProfileConfidential as Pr, McpServerConfig as Pt, DriverConfig as Q, SandboxTraceExport as Qn, PromptResult as Qt, CodeResult as R, SandboxFleetTraceExport as Rn, AgentProfilePermissionValue as Rr, NetworkManager as Rt, BackendConfig as S, SandboxFleetDispatchResponse as Sn, TeeAttestationResponse as Sr, GitStatus as St, BackendStatus as T, SandboxFleetInfo as Tn, TokenRefreshHandler as Tr, IntelligenceReport as Tt, CreateSandboxFleetTokenOptions as U, SandboxFleetWorkspaceRestoreResult as Un, AgentProfileValidationResult as Ur, Process as Ut, CreateIntelligenceReportOptions as V, SandboxFleetWorkspace as Vn, AgentProfileResources as Vr, PreviewLinkInfo as Vt, CreateSandboxFleetWithCoordinatorOptions as W, SandboxFleetWorkspaceSnapshotResult as Wn, AgentSubagentProfile as Wr, ProcessInfo as Wt, DownloadOptions as X, SandboxTraceBundle as Xn, PromptInputPart as Xt, DispatchedSession as Y, SandboxStatus as Yn, ProcessStatus as Yt, DownloadProgress as Z, SandboxTraceEvent as Zn, PromptOptions as Zt, AcceleratorKind as _, SandboxEvent as _n, SubscriptionInfo as _r, GitAuth as _t, TraceExportSink as a, PublishPublicTemplateOptions as an, SecretInfo as ar, FileSystem as at, AttachSandboxFleetMachineOptions as b, SandboxFleetCostEstimate as bn, TeeAttestationOptions as br, GitConfig as bt, otelTraceIdForTangleTrace as c, ReapExpiredSandboxFleetsResult as cn, SessionInfo as cr, FleetDispatchResultBufferOptions as ct, BuildSandboxMcpConfigOptions as d, RunCodeOptions as dn, SessionStatus as dr, FleetExecDispatchResult as dt, ProvisionResult as en, SandboxUser as er, DriverType as et, SANDBOX_MCP_SERVER_NAME as f, SSHCommandDescriptor as fn, SnapshotInfo as fr, FleetMachineId as ft, buildSandboxMcpConfig as g, SandboxEnvironment as gn, StorageConfig as gr, ForkResult as gt, SandboxMcpServerEntry as h, SandboxConnection as hn, SshKeysManager as hr, ForkOptions as ht, TraceExportResult as i, PublicTemplateVersionInfo as in, SearchOptions as ir, FileInfo as it, BatchTaskResult as j, SandboxFleetManifest as jn, WaitForOptions as jr, ListOptions as jt, BatchResult as k, SandboxFleetMachineRecord as kn, UploadProgress as kr, IntelligenceReportWindow as kt, toOtelJson as l, ReconcileSandboxFleetsOptions as ln, SessionListOptions as lr, FleetDispatchStreamOptions as lt, SandboxMcpEndpoint as m, SandboxClientConfig as mn, SnapshotResult as mr, FleetPromptDispatchResult as mt, SandboxInstance as n, ProvisionStep as nn, ScopedTokenScope as nr, ExecOptions as nt, buildTraceExportPayload as o, PublishPublicTemplateVersionOptions as on, SecretsManager as or, FleetDispatchCancelResult as ot, SandboxMcpConfig as p, SSHCredentials as pn, SnapshotOptions as pr, FleetPromptDispatchOptions as pt, DirectoryPermission as q, SandboxPermissionsConfig as qn, defineInlineResource as qr, ProcessSignal as qt, TraceExportFormat as r, PublicTemplateInfo as rn, SearchMatch as rr, ExecResult as rt, exportTraceBundle as s, ReapExpiredSandboxFleetsOptions as sn, SessionEventStreamOptions as sr, FleetDispatchResultBuffer as st, HttpClient as t, ProvisionStatus as tn, ScopedToken as tr, EventStreamOptions as tt, SandboxSession as u, ReconcileSandboxFleetsResult as un, SessionMessage as ur, FleetExecDispatchOptions as ut, AccessPolicyRule as v, SandboxFleetArtifact as vn, TaskOptions as vr, GitBranch as vt, BackendManager as w, SandboxFleetDriverTimings as wn, TeePublicKeyResponse as wr, InstalledTool as wt, BackendCapabilities as x, SandboxFleetDispatchFailureClass as xn, TeeAttestationReport as xr, GitDiff as xt, AddUserOptions as y, SandboxFleetArtifactSpec as yn, TaskResult as yr, GitCommit as yt, CodeResultPart as z, SandboxFleetTraceOptions as zn, AgentProfilePrompt as zr, PermissionLevel as zt };