@vm0/runner 2.8.5 → 2.10.0

package/index.js

@@ -188,7 +188,6 @@ async function completeJob(apiUrl, context, exitCode, error) {
 
 // src/lib/executor.ts
 import path4 from "path";
-import fs6 from "fs";
 
 // src/lib/firecracker/vm.ts
 import { execSync as execSync2, spawn } from "child_process";
@@ -5016,15 +5015,33 @@ var volumeConfigSchema = z5.object({
   version: z5.string().min(1, "Volume version is required")
 });
 var SUPPORTED_APPS = ["github"];
-var appStringSchema = z5.string().regex(
-  /^[a-z]+(:(?:latest|dev))?$/,
-  "App must be in format 'app' or 'app:tag' (e.g., 'github', 'github:dev')"
-).refine(
-  (val) => {
-    const [app] = val.split(":");
-    return SUPPORTED_APPS.includes(app);
-  },
-  `Unsupported app. Supported apps: ${SUPPORTED_APPS.join(", ")}`
+var SUPPORTED_APP_TAGS = ["latest", "dev"];
+var APP_NAME_REGEX = /^[a-z0-9-]+$/;
+var appStringSchema = z5.string().superRefine((val, ctx) => {
+  const [appName, tag] = val.split(":");
+  if (!appName || !APP_NAME_REGEX.test(appName)) {
+    ctx.addIssue({
+      code: z5.ZodIssueCode.custom,
+      message: "App name must contain only lowercase letters, numbers, and hyphens"
+    });
+    return;
+  }
+  if (!SUPPORTED_APPS.includes(appName)) {
+    ctx.addIssue({
+      code: z5.ZodIssueCode.custom,
+      message: `Invalid app: "${appName}". Supported apps: ${SUPPORTED_APPS.join(", ")}`
+    });
+    return;
+  }
+  if (tag !== void 0 && !SUPPORTED_APP_TAGS.includes(tag)) {
+    ctx.addIssue({
+      code: z5.ZodIssueCode.custom,
+      message: `Invalid app tag: "${tag}". Supported tags: ${SUPPORTED_APP_TAGS.join(", ")}`
+    });
+  }
+});
+var nonEmptyStringArraySchema = z5.array(
+  z5.string().min(1, "Array entries cannot be empty strings")
 );
 var agentDefinitionSchema = z5.object({
   description: z5.string().optional(),
@@ -5049,7 +5066,7 @@ var agentDefinitionSchema = z5.object({
    * Path to instructions file (e.g., AGENTS.md).
    * Auto-uploaded as volume and mounted at /home/user/.claude/CLAUDE.md
    */
-  instructions: z5.string().optional(),
+  instructions: z5.string().min(1, "Instructions path cannot be empty").optional(),
   /**
    * Array of GitHub tree URLs for agent skills.
    * Each skill is auto-downloaded and mounted at /home/user/.claude/skills/{skillName}/
@@ -5070,7 +5087,17 @@ var agentDefinitionSchema = z5.object({
    * Requires experimental_runner to be configured.
    * When enabled, filters outbound traffic by domain/IP rules.
    */
-  experimental_firewall: experimentalFirewallSchema.optional()
+  experimental_firewall: experimentalFirewallSchema.optional(),
+  /**
+   * Array of secret names to inject from the scope's secret store.
+   * Each entry must be a non-empty string.
+   */
+  experimental_secrets: nonEmptyStringArraySchema.optional(),
+  /**
+   * Array of variable names to inject from the scope's variable store.
+   * Each entry must be a non-empty string.
+   */
+  experimental_vars: nonEmptyStringArraySchema.optional()
 });
 var agentComposeContentSchema = z5.object({
   version: z5.string().min(1, "Version is required"),
@@ -7091,2769 +7118,269 @@ var publicVolumeDownloadContract = c15.router({
   }
 });
 
-// ../../packages/core/src/sandbox/scripts/lib/__init__.py.ts
-var INIT_SCRIPT = `#!/usr/bin/env python3
-"""
-VM0 Agent Scripts Library
-
-This package contains utility modules for the VM0 agent execution in E2B sandbox.
-"""
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/common.py.ts
-var COMMON_SCRIPT = `#!/usr/bin/env python3
-"""
-Common environment variables and utilities for VM0 agent scripts.
-This module should be imported by other scripts.
-"""
-import os
+// ../../packages/core/src/sandbox/scripts/dist/bundled.ts
+var RUN_AGENT_SCRIPT = '#!/usr/bin/env node\n\n// src/sandbox/scripts/src/run-agent.ts\nimport * as fs7 from "fs";\nimport { spawn, execSync as execSync4 } from "child_process";\nimport * as readline from "readline";\n\n// src/sandbox/scripts/src/lib/common.ts\nimport * as fs from "fs";\nvar RUN_ID = process.env.VM0_RUN_ID ?? "";\nvar API_URL = process.env.VM0_API_URL ?? "";\nvar API_TOKEN = process.env.VM0_API_TOKEN ?? "";\nvar PROMPT = process.env.VM0_PROMPT ?? "";\nvar VERCEL_BYPASS = process.env.VERCEL_PROTECTION_BYPASS ?? "";\nvar RESUME_SESSION_ID = process.env.VM0_RESUME_SESSION_ID ?? "";\nvar CLI_AGENT_TYPE = process.env.CLI_AGENT_TYPE ?? "claude-code";\nvar OPENAI_MODEL = process.env.OPENAI_MODEL ?? "";\nvar WORKING_DIR = process.env.VM0_WORKING_DIR ?? "";\nvar ARTIFACT_DRIVER = process.env.VM0_ARTIFACT_DRIVER ?? "";\nvar ARTIFACT_MOUNT_PATH = process.env.VM0_ARTIFACT_MOUNT_PATH ?? "";\nvar ARTIFACT_VOLUME_NAME = process.env.VM0_ARTIFACT_VOLUME_NAME ?? "";\nvar ARTIFACT_VERSION_ID = process.env.VM0_ARTIFACT_VERSION_ID ?? "";\nvar WEBHOOK_URL = `${API_URL}/api/webhooks/agent/events`;\nvar CHECKPOINT_URL = `${API_URL}/api/webhooks/agent/checkpoints`;\nvar COMPLETE_URL = `${API_URL}/api/webhooks/agent/complete`;\nvar HEARTBEAT_URL = `${API_URL}/api/webhooks/agent/heartbeat`;\nvar TELEMETRY_URL = `${API_URL}/api/webhooks/agent/telemetry`;\nvar PROXY_URL = `${API_URL}/api/webhooks/agent/proxy`;\nvar STORAGE_PREPARE_URL = `${API_URL}/api/webhooks/agent/storages/prepare`;\nvar STORAGE_COMMIT_URL = `${API_URL}/api/webhooks/agent/storages/commit`;\nvar HEARTBEAT_INTERVAL = 60;\nvar TELEMETRY_INTERVAL = 30;\nvar HTTP_CONNECT_TIMEOUT = 10;\nvar HTTP_MAX_TIME = 30;\nvar HTTP_MAX_TIME_UPLOAD = 60;\nvar HTTP_MAX_RETRIES = 3;\nvar SESSION_ID_FILE = `/tmp/vm0-session-${RUN_ID}.txt`;\nvar SESSION_HISTORY_PATH_FILE = `/tmp/vm0-session-history-${RUN_ID}.txt`;\nvar EVENT_ERROR_FLAG = `/tmp/vm0-event-error-${RUN_ID}`;\nvar SYSTEM_LOG_FILE = `/tmp/vm0-main-${RUN_ID}.log`;\nvar AGENT_LOG_FILE = `/tmp/vm0-agent-${RUN_ID}.log`;\nvar METRICS_LOG_FILE = `/tmp/vm0-metrics-${RUN_ID}.jsonl`;\nvar NETWORK_LOG_FILE = `/tmp/vm0-network-${RUN_ID}.jsonl`;\nvar TELEMETRY_LOG_POS_FILE = `/tmp/vm0-telemetry-log-pos-${RUN_ID}.txt`;\nvar TELEMETRY_METRICS_POS_FILE = `/tmp/vm0-telemetry-metrics-pos-${RUN_ID}.txt`;\nvar TELEMETRY_NETWORK_POS_FILE = `/tmp/vm0-telemetry-network-pos-${RUN_ID}.txt`;\nvar TELEMETRY_SANDBOX_OPS_POS_FILE = `/tmp/vm0-telemetry-sandbox-ops-pos-${RUN_ID}.txt`;\nvar SANDBOX_OPS_LOG_FILE = `/tmp/vm0-sandbox-ops-${RUN_ID}.jsonl`;\nvar METRICS_INTERVAL = 5;\nfunction validateConfig() {\n  if (!WORKING_DIR) {\n    throw new Error("VM0_WORKING_DIR is required but not set");\n  }\n  return true;\n}\nfunction recordSandboxOp(actionType, durationMs, success, error) {\n  const entry = {\n    ts: (/* @__PURE__ */ new Date()).toISOString(),\n    action_type: actionType,\n    duration_ms: durationMs,\n    success\n  };\n  if (error) {\n    entry.error = error;\n  }\n  fs.appendFileSync(SANDBOX_OPS_LOG_FILE, JSON.stringify(entry) + "\\n");\n}\n\n// src/sandbox/scripts/src/lib/log.ts\nvar SCRIPT_NAME = process.env.LOG_SCRIPT_NAME ?? "run-agent";\nvar DEBUG_MODE = process.env.VM0_DEBUG === "1";\nfunction timestamp() {\n  return (/* @__PURE__ */ new Date()).toISOString().replace(/\\.\\d{3}Z$/, "Z");\n}\nfunction logInfo(msg) {\n  console.error(`[${timestamp()}] [INFO] [sandbox:${SCRIPT_NAME}] ${msg}`);\n}\nfunction logWarn(msg) {\n  console.error(`[${timestamp()}] [WARN] [sandbox:${SCRIPT_NAME}] ${msg}`);\n}\nfunction logError(msg) {\n  console.error(`[${timestamp()}] [ERROR] [sandbox:${SCRIPT_NAME}] ${msg}`);\n}\nfunction logDebug(msg) {\n  if (DEBUG_MODE) {\n    console.error(`[${timestamp()}] [DEBUG] [sandbox:${SCRIPT_NAME}] ${msg}`);\n  }\n}\n\n// src/sandbox/scripts/src/lib/events.ts\nimport * as fs2 from "fs";\n\n// src/sandbox/scripts/src/lib/http-client.ts\nimport { execSync } from "child_process";\nfunction sleep(ms) {\n  return new Promise((resolve) => setTimeout(resolve, ms));\n}\nasync function httpPostJson(url, data, maxRetries = HTTP_MAX_RETRIES) {\n  const headers = {\n    "Content-Type": "application/json",\n    Authorization: `Bearer ${API_TOKEN}`\n  };\n  if (VERCEL_BYPASS) {\n    headers["x-vercel-protection-bypass"] = VERCEL_BYPASS;\n  }\n  for (let attempt = 1; attempt <= maxRetries; attempt++) {\n    logDebug(`HTTP POST attempt ${attempt}/${maxRetries} to ${url}`);\n    try {\n      const controller = new AbortController();\n      const timeoutId = setTimeout(\n        () => controller.abort(),\n        HTTP_MAX_TIME * 1e3\n      );\n      const response = await fetch(url, {\n        method: "POST",\n        headers,\n        body: JSON.stringify(data),\n        signal: controller.signal\n      });\n      clearTimeout(timeoutId);\n      if (response.ok) {\n        const text = await response.text();\n        if (text) {\n          return JSON.parse(text);\n        }\n        return {};\n      }\n      logWarn(\n        `HTTP POST failed (attempt ${attempt}/${maxRetries}): HTTP ${response.status}`\n      );\n      if (attempt < maxRetries) {\n        await sleep(1e3);\n      }\n    } catch (error) {\n      const errorMsg = error instanceof Error ? error.message : String(error);\n      if (errorMsg.includes("abort")) {\n        logWarn(`HTTP POST failed (attempt ${attempt}/${maxRetries}): Timeout`);\n      } else {\n        logWarn(\n          `HTTP POST failed (attempt ${attempt}/${maxRetries}): ${errorMsg}`\n        );\n      }\n      if (attempt < maxRetries) {\n        await sleep(1e3);\n      }\n    }\n  }\n  logError(`HTTP POST failed after ${maxRetries} attempts to ${url}`);\n  return null;\n}\nasync function httpPutPresigned(presignedUrl, filePath, contentType = "application/octet-stream", maxRetries = HTTP_MAX_RETRIES) {\n  for (let attempt = 1; attempt <= maxRetries; attempt++) {\n    logDebug(`HTTP PUT presigned attempt ${attempt}/${maxRetries}`);\n    try {\n      const curlCmd = [\n        "curl",\n        "-f",\n        "-X",\n        "PUT",\n        "-H",\n        `Content-Type: ${contentType}`,\n        "--data-binary",\n        `@${filePath}`,\n        "--connect-timeout",\n        String(HTTP_CONNECT_TIMEOUT),\n        "--max-time",\n        String(HTTP_MAX_TIME_UPLOAD),\n        "--silent",\n        `"${presignedUrl}"`\n      ].join(" ");\n      execSync(curlCmd, {\n        timeout: HTTP_MAX_TIME_UPLOAD * 1e3,\n        stdio: ["pipe", "pipe", "pipe"]\n      });\n      return true;\n    } catch (error) {\n      const errorMsg = error instanceof Error ? error.message : String(error);\n      if (errorMsg.includes("ETIMEDOUT") || errorMsg.includes("timeout")) {\n        logWarn(\n          `HTTP PUT presigned failed (attempt ${attempt}/${maxRetries}): Timeout`\n        );\n      } else {\n        logWarn(\n          `HTTP PUT presigned failed (attempt ${attempt}/${maxRetries}): ${errorMsg}`\n        );\n      }\n      if (attempt < maxRetries) {\n        await sleep(1e3);\n      }\n    }\n  }\n  logError(`HTTP PUT presigned failed after ${maxRetries} attempts`);\n  return false;\n}\n\n// src/sandbox/scripts/src/lib/secret-masker.ts\nvar MASK_PLACEHOLDER = "***";\nvar MIN_SECRET_LENGTH = 5;\nvar _masker = null;\nvar SecretMasker = class {\n  patterns;\n  /**\n   * Initialize masker with secret values.\n   *\n   * @param secretValues - List of secret values to mask\n   */\n  constructor(secretValues) {\n    this.patterns = /* @__PURE__ */ new Set();\n    for (const secret of secretValues) {\n      if (!secret || secret.length < MIN_SECRET_LENGTH) {\n        continue;\n      }\n      this.patterns.add(secret);\n      try {\n        const b64 = Buffer.from(secret).toString("base64");\n        if (b64.length >= MIN_SECRET_LENGTH) {\n          this.patterns.add(b64);\n        }\n      } catch {\n      }\n      try {\n        const urlEnc = encodeURIComponent(secret);\n        if (urlEnc !== secret && urlEnc.length >= MIN_SECRET_LENGTH) {\n          this.patterns.add(urlEnc);\n        }\n      } catch {\n      }\n    }\n  }\n  /**\n   * Recursively mask all occurrences of secrets in the data.\n   *\n   * @param data - Data to mask (string, list, dict, or primitive)\n   * @returns Masked data with the same structure\n   */\n  mask(data) {\n    return this.deepMask(data);\n  }\n  deepMask(data) {\n    if (typeof data === "string") {\n      let result = data;\n      for (const pattern of this.patterns) {\n        result = result.split(pattern).join(MASK_PLACEHOLDER);\n      }\n      return result;\n    }\n    if (Array.isArray(data)) {\n      return data.map((item) => this.deepMask(item));\n    }\n    if (data !== null && typeof data === "object") {\n      const result = {};\n      for (const [key, value] of Object.entries(\n        data\n      )) {\n        result[key] = this.deepMask(value);\n      }\n      return result;\n    }\n    return data;\n  }\n};\nfunction createMasker() {\n  const secretValuesStr = process.env.VM0_SECRET_VALUES ?? "";\n  if (!secretValuesStr) {\n    return new SecretMasker([]);\n  }\n  const secretValues = [];\n  for (const encodedValue of secretValuesStr.split(",")) {\n    const trimmed = encodedValue.trim();\n    if (trimmed) {\n      try {\n        const decoded = Buffer.from(trimmed, "base64").toString("utf-8");\n        if (decoded) {\n          secretValues.push(decoded);\n        }\n      } catch {\n      }\n    }\n  }\n  return new SecretMasker(secretValues);\n}\nfunction getMasker() {\n  if (_masker === null) {\n    _masker = createMasker();\n  }\n  return _masker;\n}\nfunction maskData(data) {\n  return getMasker().mask(data);\n}\n\n// src/sandbox/scripts/src/lib/events.ts\nasync function sendEvent(event, sequenceNumber) {\n  const eventType = event.type ?? "";\n  const eventSubtype = event.subtype ?? "";\n  let sessionId = null;\n  if (CLI_AGENT_TYPE === "codex") {\n    if (eventType === "thread.started") {\n      sessionId = event.thread_id ?? "";\n    }\n  } else {\n    if (eventType === "system" && eventSubtype === "init") {\n      sessionId = event.session_id ?? "";\n    }\n  }\n  if (sessionId && !fs2.existsSync(SESSION_ID_FILE)) {\n    logInfo(`Captured session ID: ${sessionId}`);\n    fs2.writeFileSync(SESSION_ID_FILE, sessionId);\n    const homeDir = process.env.HOME ?? "/home/user";\n    let sessionHistoryPath;\n    if (CLI_AGENT_TYPE === "codex") {\n      const codexHome = process.env.CODEX_HOME ?? `${homeDir}/.codex`;\n      sessionHistoryPath = `CODEX_SEARCH:${codexHome}/sessions:${sessionId}`;\n    } else {\n      const projectName = WORKING_DIR.replace(/^\\//, "").replace(/\\//g, "-");\n      sessionHistoryPath = `${homeDir}/.claude/projects/-${projectName}/${sessionId}.jsonl`;\n    }\n    fs2.writeFileSync(SESSION_HISTORY_PATH_FILE, sessionHistoryPath);\n    logInfo(`Session history will be at: ${sessionHistoryPath}`);\n  }\n  const eventWithSequence = {\n    ...event,\n    sequenceNumber\n  };\n  const maskedEvent = maskData(eventWithSequence);\n  const payload = {\n    runId: RUN_ID,\n    events: [maskedEvent]\n  };\n  const result = await httpPostJson(WEBHOOK_URL, payload);\n  if (result === null) {\n    logError("Failed to send event after retries");\n    fs2.writeFileSync(EVENT_ERROR_FLAG, "1");\n    return false;\n  }\n  return true;\n}\n\n// src/sandbox/scripts/src/lib/checkpoint.ts\nimport * as fs4 from "fs";\nimport * as path2 from "path";\n\n// src/sandbox/scripts/src/lib/direct-upload.ts\nimport * as fs3 from "fs";\nimport * as path from "path";\nimport * as crypto from "crypto";\nimport { execSync as execSync2 } from "child_process";\nfunction computeFileHash(filePath) {\n  const hash = crypto.createHash("sha256");\n  const buffer = fs3.readFileSync(filePath);\n  hash.update(buffer);\n  return hash.digest("hex");\n}\nfunction collectFileMetadata(dirPath) {\n  const files = [];\n  function walkDir(currentPath, relativePath) {\n    const items = fs3.readdirSync(currentPath);\n    for (const item of items) {\n      if (item === ".git" || item === ".vm0") {\n        continue;\n      }\n      const fullPath = path.join(currentPath, item);\n      const relPath = relativePath ? path.join(relativePath, item) : item;\n      const stat = fs3.statSync(fullPath);\n      if (stat.isDirectory()) {\n        walkDir(fullPath, relPath);\n      } else if (stat.isFile()) {\n        try {\n          const fileHash = computeFileHash(fullPath);\n          files.push({\n            path: relPath,\n            hash: fileHash,\n            size: stat.size\n          });\n        } catch (error) {\n          logWarn(`Could not process file ${relPath}: ${error}`);\n        }\n      }\n    }\n  }\n  walkDir(dirPath, "");\n  return files;\n}\nfunction createArchive(dirPath, tarPath) {\n  try {\n    execSync2(\n      `tar -czf "${tarPath}" --exclude=\'.git\' --exclude=\'.vm0\' -C "${dirPath}" .`,\n      { stdio: ["pipe", "pipe", "pipe"] }\n    );\n    return true;\n  } catch (error) {\n    logError(`Failed to create archive: ${error}`);\n    return false;\n  }\n}\nfunction createManifest(files, manifestPath) {\n  try {\n    const manifest = {\n      version: 1,\n      files,\n      createdAt: (/* @__PURE__ */ new Date()).toISOString()\n    };\n    fs3.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));\n    return true;\n  } catch (error) {\n    logError(`Failed to create manifest: ${error}`);\n    return false;\n  }\n}\nasync function createDirectUploadSnapshot(mountPath, storageName, storageType = "artifact", runId, message) {\n  logInfo(\n    `Creating direct upload snapshot for \'${storageName}\' (type: ${storageType})`\n  );\n  logInfo("Computing file hashes...");\n  const hashStart = Date.now();\n  const files = collectFileMetadata(mountPath);\n  recordSandboxOp("artifact_hash_compute", Date.now() - hashStart, true);\n  logInfo(`Found ${files.length} files`);\n  if (files.length === 0) {\n    logInfo("No files to upload, creating empty version");\n  }\n  logInfo("Calling prepare endpoint...");\n  const prepareStart = Date.now();\n  const preparePayload = {\n    storageName,\n    storageType,\n    files\n  };\n  if (runId) {\n    preparePayload.runId = runId;\n  }\n  const prepareResponse = await httpPostJson(\n    STORAGE_PREPARE_URL,\n    preparePayload\n  );\n  if (!prepareResponse) {\n    logError("Failed to call prepare endpoint");\n    recordSandboxOp("artifact_prepare_api", Date.now() - prepareStart, false);\n    return null;\n  }\n  const versionId = prepareResponse.versionId;\n  if (!versionId) {\n    logError(`Invalid prepare response: ${JSON.stringify(prepareResponse)}`);\n    recordSandboxOp("artifact_prepare_api", Date.now() - prepareStart, false);\n    return null;\n  }\n  recordSandboxOp("artifact_prepare_api", Date.now() - prepareStart, true);\n  if (prepareResponse.existing) {\n    logInfo(`Version already exists (deduplicated): ${versionId.slice(0, 8)}`);\n    logInfo("Updating HEAD pointer...");\n    const commitPayload = {\n      storageName,\n      storageType,\n      versionId,\n      files\n    };\n    if (runId) {\n      commitPayload.runId = runId;\n    }\n    const commitResponse = await httpPostJson(\n      STORAGE_COMMIT_URL,\n      commitPayload\n    );\n    if (!commitResponse || !commitResponse.success) {\n      logError(`Failed to update HEAD: ${JSON.stringify(commitResponse)}`);\n      return null;\n    }\n    return { versionId, deduplicated: true };\n  }\n  const uploads = prepareResponse.uploads;\n  if (!uploads) {\n    logError("No upload URLs in prepare response");\n    return null;\n  }\n  const archiveInfo = uploads.archive;\n  const manifestInfo = uploads.manifest;\n  if (!archiveInfo || !manifestInfo) {\n    logError("Missing archive or manifest upload info");\n    return null;\n  }\n  const tempDir = fs3.mkdtempSync(`/tmp/direct-upload-${storageName}-`);\n  try {\n    logInfo("Creating archive...");\n    const archiveStart = Date.now();\n    const archivePath = path.join(tempDir, "archive.tar.gz");\n    if (!createArchive(mountPath, archivePath)) {\n      logError("Failed to create archive");\n      recordSandboxOp(\n        "artifact_archive_create",\n        Date.now() - archiveStart,\n        false\n      );\n      return null;\n    }\n    recordSandboxOp("artifact_archive_create", Date.now() - archiveStart, true);\n    logInfo("Creating manifest...");\n    const manifestPath = path.join(tempDir, "manifest.json");\n    if (!createManifest(files, manifestPath)) {\n      logError("Failed to create manifest");\n      return null;\n    }\n    logInfo("Uploading archive to S3...");\n    const s3UploadStart = Date.now();\n    if (!await httpPutPresigned(\n      archiveInfo.presignedUrl,\n      archivePath,\n      "application/gzip"\n    )) {\n      logError("Failed to upload archive to S3");\n      recordSandboxOp("artifact_s3_upload", Date.now() - s3UploadStart, false);\n      return null;\n    }\n    logInfo("Uploading manifest to S3...");\n    if (!await httpPutPresigned(\n      manifestInfo.presignedUrl,\n      manifestPath,\n      "application/json"\n    )) {\n      logError("Failed to upload manifest to S3");\n      recordSandboxOp("artifact_s3_upload", Date.now() - s3UploadStart, false);\n      return null;\n    }\n    recordSandboxOp("artifact_s3_upload", Date.now() - s3UploadStart, true);\n    logInfo("Calling commit endpoint...");\n    const commitStart = Date.now();\n    const commitPayload = {\n      storageName,\n      storageType,\n      versionId,\n      files\n    };\n    if (runId) {\n      commitPayload.runId = runId;\n    }\n    if (message) {\n      commitPayload.message = message;\n    }\n    const commitResponse = await httpPostJson(\n      STORAGE_COMMIT_URL,\n      commitPayload\n    );\n    if (!commitResponse) {\n      logError("Failed to call commit endpoint");\n      recordSandboxOp("artifact_commit_api", Date.now() - commitStart, false);\n      return null;\n    }\n    if (!commitResponse.success) {\n      logError(`Commit failed: ${JSON.stringify(commitResponse)}`);\n      recordSandboxOp("artifact_commit_api", Date.now() - commitStart, false);\n      return null;\n    }\n    recordSandboxOp("artifact_commit_api", Date.now() - commitStart, true);\n    logInfo(`Direct upload snapshot created: ${versionId.slice(0, 8)}`);\n    return { versionId };\n  } finally {\n    try {\n      fs3.rmSync(tempDir, { recursive: true, force: true });\n    } catch {\n    }\n  }\n}\n\n// src/sandbox/scripts/src/lib/checkpoint.ts\nfunction findJsonlFiles(dir) {\n  const files = [];\n  function walk(currentDir) {\n    try {\n      const items = fs4.readdirSync(currentDir);\n      for (const item of items) {\n        const fullPath = path2.join(currentDir, item);\n        const stat = fs4.statSync(fullPath);\n        if (stat.isDirectory()) {\n          walk(fullPath);\n        } else if (item.endsWith(".jsonl")) {\n          files.push(fullPath);\n        }\n      }\n    } catch {\n    }\n  }\n  walk(dir);\n  return files;\n}\nfunction findCodexSessionFile(sessionsDir, sessionId) {\n  const files = findJsonlFiles(sessionsDir);\n  logInfo(`Searching for Codex session ${sessionId} in ${files.length} files`);\n  for (const filepath of files) {\n    const filename = path2.basename(filepath);\n    if (filename.includes(sessionId) || filename.replace(/-/g, "").includes(sessionId.replace(/-/g, ""))) {\n      logInfo(`Found Codex session file: ${filepath}`);\n      return filepath;\n    }\n  }\n  if (files.length > 0) {\n    files.sort((a, b) => {\n      const statA = fs4.statSync(a);\n      const statB = fs4.statSync(b);\n      return statB.mtimeMs - statA.mtimeMs;\n    });\n    const mostRecent = files[0] ?? null;\n    if (mostRecent) {\n      logInfo(\n        `Session ID not found in filenames, using most recent: ${mostRecent}`\n      );\n    }\n    return mostRecent;\n  }\n  return null;\n}\nasync function createCheckpoint() {\n  const checkpointStart = Date.now();\n  logInfo("Creating checkpoint...");\n  const sessionIdStart = Date.now();\n  if (!fs4.existsSync(SESSION_ID_FILE)) {\n    logError("No session ID found, checkpoint creation failed");\n    recordSandboxOp(\n      "session_id_read",\n      Date.now() - sessionIdStart,\n      false,\n      "Session ID file not found"\n    );\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n    return false;\n  }\n  const cliAgentSessionId = fs4.readFileSync(SESSION_ID_FILE, "utf-8").trim();\n  recordSandboxOp("session_id_read", Date.now() - sessionIdStart, true);\n  const sessionHistoryStart = Date.now();\n  if (!fs4.existsSync(SESSION_HISTORY_PATH_FILE)) {\n    logError("No session history path found, checkpoint creation failed");\n    recordSandboxOp(\n      "session_history_read",\n      Date.now() - sessionHistoryStart,\n      false,\n      "Session history path file not found"\n    );\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n    return false;\n  }\n  const sessionHistoryPathRaw = fs4.readFileSync(SESSION_HISTORY_PATH_FILE, "utf-8").trim();\n  let sessionHistoryPath;\n  if (sessionHistoryPathRaw.startsWith("CODEX_SEARCH:")) {\n    const parts = sessionHistoryPathRaw.split(":");\n    if (parts.length !== 3) {\n      logError(`Invalid Codex search marker format: ${sessionHistoryPathRaw}`);\n      recordSandboxOp(\n        "session_history_read",\n        Date.now() - sessionHistoryStart,\n        false,\n        "Invalid Codex search marker"\n      );\n      recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n      return false;\n    }\n    const sessionsDir = parts[1] ?? "";\n    const codexSessionId = parts[2] ?? "";\n    logInfo(`Searching for Codex session in ${sessionsDir}`);\n    const foundPath = findCodexSessionFile(sessionsDir, codexSessionId);\n    if (!foundPath) {\n      logError(\n        `Could not find Codex session file for ${codexSessionId} in ${sessionsDir}`\n      );\n      recordSandboxOp(\n        "session_history_read",\n        Date.now() - sessionHistoryStart,\n        false,\n        "Codex session file not found"\n      );\n      recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n      return false;\n    }\n    sessionHistoryPath = foundPath;\n  } else {\n    sessionHistoryPath = sessionHistoryPathRaw;\n  }\n  if (!fs4.existsSync(sessionHistoryPath)) {\n    logError(\n      `Session history file not found at ${sessionHistoryPath}, checkpoint creation failed`\n    );\n    recordSandboxOp(\n      "session_history_read",\n      Date.now() - sessionHistoryStart,\n      false,\n      "Session history file not found"\n    );\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n    return false;\n  }\n  let cliAgentSessionHistory;\n  try {\n    cliAgentSessionHistory = fs4.readFileSync(sessionHistoryPath, "utf-8");\n  } catch (error) {\n    logError(`Failed to read session history: ${error}`);\n    recordSandboxOp(\n      "session_history_read",\n      Date.now() - sessionHistoryStart,\n      false,\n      String(error)\n    );\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n    return false;\n  }\n  if (!cliAgentSessionHistory.trim()) {\n    logError("Session history is empty, checkpoint creation failed");\n    recordSandboxOp(\n      "session_history_read",\n      Date.now() - sessionHistoryStart,\n      false,\n      "Session history empty"\n    );\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n    return false;\n  }\n  const lineCount = cliAgentSessionHistory.trim().split("\\n").length;\n  logInfo(`Session history loaded (${lineCount} lines)`);\n  recordSandboxOp(\n    "session_history_read",\n    Date.now() - sessionHistoryStart,\n    true\n  );\n  let artifactSnapshot = null;\n  if (ARTIFACT_DRIVER && ARTIFACT_VOLUME_NAME) {\n    logInfo(`Processing artifact with driver: ${ARTIFACT_DRIVER}`);\n    if (ARTIFACT_DRIVER !== "vas") {\n      logError(\n        `Unknown artifact driver: ${ARTIFACT_DRIVER} (only \'vas\' is supported)`\n      );\n      recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n      return false;\n    }\n    logInfo(\n      `Creating VAS snapshot for artifact \'${ARTIFACT_VOLUME_NAME}\' at ${ARTIFACT_MOUNT_PATH}`\n    );\n    logInfo("Using direct S3 upload...");\n    const snapshot = await createDirectUploadSnapshot(\n      ARTIFACT_MOUNT_PATH,\n      ARTIFACT_VOLUME_NAME,\n      "artifact",\n      RUN_ID,\n      `Checkpoint from run ${RUN_ID}`\n    );\n    if (!snapshot) {\n      logError("Failed to create VAS snapshot for artifact");\n      recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n      return false;\n    }\n    const artifactVersion = snapshot.versionId;\n    if (!artifactVersion) {\n      logError("Failed to extract versionId from snapshot");\n      recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n      return false;\n    }\n    artifactSnapshot = {\n      artifactName: ARTIFACT_VOLUME_NAME,\n      artifactVersion\n    };\n    logInfo(\n      `VAS artifact snapshot created: ${ARTIFACT_VOLUME_NAME}@${artifactVersion}`\n    );\n  } else {\n    logInfo(\n      "No artifact configured, creating checkpoint without artifact snapshot"\n    );\n  }\n  logInfo("Calling checkpoint API...");\n  const checkpointPayload = {\n    runId: RUN_ID,\n    cliAgentType: CLI_AGENT_TYPE,\n    cliAgentSessionId,\n    cliAgentSessionHistory\n  };\n  if (artifactSnapshot) {\n    checkpointPayload.artifactSnapshot = artifactSnapshot;\n  }\n  const apiCallStart = Date.now();\n  const result = await httpPostJson(\n    CHECKPOINT_URL,\n    checkpointPayload\n  );\n  if (result && result.checkpointId) {\n    const checkpointId = result.checkpointId;\n    logInfo(`Checkpoint created successfully: ${checkpointId}`);\n    recordSandboxOp("checkpoint_api_call", Date.now() - apiCallStart, true);\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, true);\n    return true;\n  } else {\n    logError(\n      `Checkpoint API returned invalid response: ${JSON.stringify(result)}`\n    );\n    recordSandboxOp(\n      "checkpoint_api_call",\n      Date.now() - apiCallStart,\n      false,\n      "Invalid API response"\n    );\n    recordSandboxOp("checkpoint_total", Date.now() - checkpointStart, false);\n    return false;\n  }\n}\n\n// src/sandbox/scripts/src/lib/metrics.ts\nimport * as fs5 from "fs";\nimport { execSync as execSync3 } from "child_process";\nvar shutdownRequested = false;\nfunction getCpuPercent() {\n  try {\n    const content = fs5.readFileSync("/proc/stat", "utf-8");\n    const line = content.split("\\n")[0];\n    if (!line) {\n      return 0;\n    }\n    const parts = line.split(/\\s+/);\n    if (parts[0] !== "cpu") {\n      return 0;\n    }\n    const values = parts.slice(1).map((x) => parseInt(x, 10));\n    const idleVal = values[3];\n    const iowaitVal = values[4];\n    if (idleVal === void 0 || iowaitVal === void 0) {\n      return 0;\n    }\n    const idle = idleVal + iowaitVal;\n    const total = values.reduce((a, b) => a + b, 0);\n    if (total === 0) {\n      return 0;\n    }\n    const cpuPercent = 100 * (1 - idle / total);\n    return Math.round(cpuPercent * 100) / 100;\n  } catch (error) {\n    logDebug(`Failed to get CPU percent: ${error}`);\n    return 0;\n  }\n}\nfunction getMemoryInfo() {\n  try {\n    const result = execSync3("free -b", {\n      encoding: "utf-8",\n      timeout: 5e3,\n      stdio: ["pipe", "pipe", "pipe"]\n    });\n    const lines = result.trim().split("\\n");\n    for (const line of lines) {\n      if (line.startsWith("Mem:")) {\n        const parts = line.split(/\\s+/);\n        const totalStr = parts[1];\n        const usedStr = parts[2];\n        if (!totalStr || !usedStr) {\n          return [0, 0];\n        }\n        const total = parseInt(totalStr, 10);\n        const used = parseInt(usedStr, 10);\n        return [used, total];\n      }\n    }\n    return [0, 0];\n  } catch (error) {\n    logDebug(`Failed to get memory info: ${error}`);\n    return [0, 0];\n  }\n}\nfunction getDiskInfo() {\n  try {\n    const result = execSync3("df -B1 /", {\n      encoding: "utf-8",\n      timeout: 5e3,\n      stdio: ["pipe", "pipe", "pipe"]\n    });\n    const lines = result.trim().split("\\n");\n    if (lines.length < 2) {\n      return [0, 0];\n    }\n    const dataLine = lines[1];\n    if (!dataLine) {\n      return [0, 0];\n    }\n    const parts = dataLine.split(/\\s+/);\n    const totalStr = parts[1];\n    const usedStr = parts[2];\n    if (!totalStr || !usedStr) {\n      return [0, 0];\n    }\n    const total = parseInt(totalStr, 10);\n    const used = parseInt(usedStr, 10);\n    return [used, total];\n  } catch (error) {\n    logDebug(`Failed to get disk info: ${error}`);\n    return [0, 0];\n  }\n}\nfunction collectMetrics() {\n  const cpu = getCpuPercent();\n  const [memUsed, memTotal] = getMemoryInfo();\n  const [diskUsed, diskTotal] = getDiskInfo();\n  return {\n    ts: (/* @__PURE__ */ new Date()).toISOString(),\n    cpu,\n    mem_used: memUsed,\n    mem_total: memTotal,\n    disk_used: diskUsed,\n    disk_total: diskTotal\n  };\n}\nfunction metricsCollectorLoop() {\n  logInfo(`Metrics collector started, writing to ${METRICS_LOG_FILE}`);\n  const writeMetrics = () => {\n    if (shutdownRequested) {\n      logInfo("Metrics collector stopped");\n      return;\n    }\n    try {\n      const metrics = collectMetrics();\n      fs5.appendFileSync(METRICS_LOG_FILE, JSON.stringify(metrics) + "\\n");\n      logDebug(\n        `Metrics collected: cpu=${metrics.cpu}%, mem=${metrics.mem_used}/${metrics.mem_total}`\n      );\n    } catch (error) {\n      logError(`Failed to collect/write metrics: ${error}`);\n    }\n    setTimeout(writeMetrics, METRICS_INTERVAL * 1e3);\n  };\n  writeMetrics();\n}\nfunction startMetricsCollector() {\n  shutdownRequested = false;\n  setTimeout(metricsCollectorLoop, 0);\n}\nfunction stopMetricsCollector() {\n  shutdownRequested = true;\n}\n\n// src/sandbox/scripts/src/lib/upload-telemetry.ts\nimport * as fs6 from "fs";\nvar shutdownRequested2 = false;\nfunction readFileFromPosition(filePath, posFile) {\n  let lastPos = 0;\n  if (fs6.existsSync(posFile)) {\n    try {\n      const content = fs6.readFileSync(posFile, "utf-8").trim();\n      lastPos = parseInt(content, 10) || 0;\n    } catch {\n      lastPos = 0;\n    }\n  }\n  let newContent = "";\n  let newPos = lastPos;\n  if (fs6.existsSync(filePath)) {\n    try {\n      const fd = fs6.openSync(filePath, "r");\n      const stats = fs6.fstatSync(fd);\n      const bufferSize = stats.size - lastPos;\n      if (bufferSize > 0) {\n        const buffer = Buffer.alloc(bufferSize);\n        fs6.readSync(fd, buffer, 0, bufferSize, lastPos);\n        newContent = buffer.toString("utf-8");\n        newPos = stats.size;\n      }\n      fs6.closeSync(fd);\n    } catch (error) {\n      logDebug(`Failed to read ${filePath}: ${error}`);\n    }\n  }\n  return [newContent, newPos];\n}\nfunction savePosition(posFile, position) {\n  try {\n    fs6.writeFileSync(posFile, String(position));\n  } catch (error) {\n    logDebug(`Failed to save position to ${posFile}: ${error}`);\n  }\n}\nfunction readJsonlFromPosition(filePath, posFile) {\n  const [content, newPos] = readFileFromPosition(filePath, posFile);\n  const entries = [];\n  if (content) {\n    for (const line of content.trim().split("\\n")) {\n      if (line) {\n        try {\n          entries.push(JSON.parse(line));\n        } catch {\n        }\n      }\n    }\n  }\n  return [entries, newPos];\n}\nfunction readMetricsFromPosition(posFile) {\n  return readJsonlFromPosition(METRICS_LOG_FILE, posFile);\n}\nfunction readNetworkLogsFromPosition(posFile) {\n  return readJsonlFromPosition(NETWORK_LOG_FILE, posFile);\n}\nfunction readSandboxOpsFromPosition(posFile) {\n  return readJsonlFromPosition(SANDBOX_OPS_LOG_FILE, posFile);\n}\nasync function uploadTelemetry() {\n  const [systemLog, logPos] = readFileFromPosition(\n    SYSTEM_LOG_FILE,\n    TELEMETRY_LOG_POS_FILE\n  );\n  const [metrics, metricsPos] = readMetricsFromPosition(\n    TELEMETRY_METRICS_POS_FILE\n  );\n  const [networkLogs, networkPos] = readNetworkLogsFromPosition(\n    TELEMETRY_NETWORK_POS_FILE\n  );\n  const [sandboxOps, sandboxOpsPos] = readSandboxOpsFromPosition(\n    TELEMETRY_SANDBOX_OPS_POS_FILE\n  );\n  if (!systemLog && metrics.length === 0 && networkLogs.length === 0 && sandboxOps.length === 0) {\n    logDebug("No new telemetry data to upload");\n    return true;\n  }\n  const maskedSystemLog = systemLog ? maskData(systemLog) : "";\n  const maskedNetworkLogs = networkLogs.length > 0 ? maskData(networkLogs) : [];\n  const payload = {\n    runId: RUN_ID,\n    systemLog: maskedSystemLog,\n    metrics,\n    // Metrics don\'t contain secrets (just numbers)\n    networkLogs: maskedNetworkLogs,\n    sandboxOperations: sandboxOps\n    // Sandbox ops don\'t contain secrets (just timing data)\n  };\n  logDebug(\n    `Uploading telemetry: ${systemLog.length} bytes log, ${metrics.length} metrics, ${networkLogs.length} network logs, ${sandboxOps.length} sandbox ops`\n  );\n  const result = await httpPostJson(TELEMETRY_URL, payload, 1);\n  if (result) {\n    savePosition(TELEMETRY_LOG_POS_FILE, logPos);\n    savePosition(TELEMETRY_METRICS_POS_FILE, metricsPos);\n    savePosition(TELEMETRY_NETWORK_POS_FILE, networkPos);\n    savePosition(TELEMETRY_SANDBOX_OPS_POS_FILE, sandboxOpsPos);\n    logDebug(\n      `Telemetry uploaded successfully: ${result.id ?? "unknown"}`\n    );\n    return true;\n  } else {\n    logWarn("Failed to upload telemetry (will retry next interval)");\n    return false;\n  }\n}\nasync function telemetryUploadLoop() {\n  logInfo(`Telemetry upload started (interval: ${TELEMETRY_INTERVAL}s)`);\n  const runUpload = async () => {\n    if (shutdownRequested2) {\n      logInfo("Telemetry upload stopped");\n      return;\n    }\n    try {\n      await uploadTelemetry();\n    } catch (error) {\n      logError(`Telemetry upload error: ${error}`);\n    }\n    setTimeout(() => void runUpload(), TELEMETRY_INTERVAL * 1e3);\n  };\n  await runUpload();\n}\nfunction startTelemetryUpload() {\n  shutdownRequested2 = false;\n  setTimeout(() => void telemetryUploadLoop(), 0);\n}\nfunction stopTelemetryUpload() {\n  shutdownRequested2 = true;\n}\nasync function finalTelemetryUpload() {\n  logInfo("Performing final telemetry upload...");\n  return uploadTelemetry();\n}\n\n// src/sandbox/scripts/src/run-agent.ts\nvar shutdownRequested3 = false;\nfunction heartbeatLoop() {\n  const sendHeartbeat = async () => {\n    if (shutdownRequested3) {\n      return;\n    }\n    try {\n      if (await httpPostJson(HEARTBEAT_URL, { runId: RUN_ID })) {\n        logInfo("Heartbeat sent");\n      } else {\n        logWarn("Heartbeat failed");\n      }\n    } catch (error) {\n      logWarn(`Heartbeat error: ${error}`);\n    }\n    setTimeout(() => {\n      sendHeartbeat().catch(() => {\n      });\n    }, HEARTBEAT_INTERVAL * 1e3);\n  };\n  sendHeartbeat().catch(() => {\n  });\n}\nasync function cleanup(exitCode, errorMessage) {\n  logInfo("\\u25B7 Cleanup");\n  const telemetryStart = Date.now();\n  let telemetrySuccess = true;\n  try {\n    await finalTelemetryUpload();\n  } catch (error) {\n    telemetrySuccess = false;\n    logError(`Final telemetry upload failed: ${error}`);\n  }\n  recordSandboxOp(\n    "final_telemetry_upload",\n    Date.now() - telemetryStart,\n    telemetrySuccess\n  );\n  logInfo(`Calling complete API with exitCode=${exitCode}`);\n  const completePayload = {\n    runId: RUN_ID,\n    exitCode\n  };\n  if (errorMessage) {\n    completePayload.error = errorMessage;\n  }\n  const completeStart = Date.now();\n  let completeSuccess = false;\n  try {\n    if (await httpPostJson(COMPLETE_URL, completePayload)) {\n      logInfo("Complete API called successfully");\n      completeSuccess = true;\n    } else {\n      logError("Failed to call complete API (sandbox may not be cleaned up)");\n    }\n  } catch (error) {\n    logError(`Complete API call failed: ${error}`);\n  }\n  recordSandboxOp(\n    "complete_api_call",\n    Date.now() - completeStart,\n    completeSuccess\n  );\n  shutdownRequested3 = true;\n  stopMetricsCollector();\n  stopTelemetryUpload();\n  logInfo("Background processes stopped");\n  if (exitCode === 0) {\n    logInfo("\\u2713 Sandbox finished successfully");\n  } else {\n    logInfo(`\\u2717 Sandbox failed (exit code ${exitCode})`);\n  }\n}\nasync function run() {\n  validateConfig();\n  logInfo(`\\u25B6 VM0 Sandbox ${RUN_ID}`);\n  logInfo("\\u25B7 Initialization");\n  const initStartTime = Date.now();\n  logInfo(`Working directory: ${WORKING_DIR}`);\n  const heartbeatStart = Date.now();\n  heartbeatLoop();\n  logInfo("Heartbeat started");\n  recordSandboxOp("heartbeat_start", Date.now() - heartbeatStart, true);\n  const metricsStart = Date.now();\n  startMetricsCollector();\n  logInfo("Metrics collector started");\n  recordSandboxOp("metrics_collector_start", Date.now() - metricsStart, true);\n  const telemetryStart = Date.now();\n  startTelemetryUpload();\n  logInfo("Telemetry upload started");\n  recordSandboxOp("telemetry_upload_start", Date.now() - telemetryStart, true);\n  const workingDirStart = Date.now();\n  try {\n    fs7.mkdirSync(WORKING_DIR, { recursive: true });\n    process.chdir(WORKING_DIR);\n  } catch (error) {\n    recordSandboxOp(\n      "working_dir_setup",\n      Date.now() - workingDirStart,\n      false,\n      String(error)\n    );\n    throw new Error(\n      `Failed to create/change to working directory: ${WORKING_DIR} - ${error}`\n    );\n  }\n  recordSandboxOp("working_dir_setup", Date.now() - workingDirStart, true);\n  if (CLI_AGENT_TYPE === "codex") {\n    const homeDir = process.env.HOME ?? "/home/user";\n    const codexHome = `${homeDir}/.codex`;\n    fs7.mkdirSync(codexHome, { recursive: true });\n    process.env.CODEX_HOME = codexHome;\n    logInfo(`Codex home directory: ${codexHome}`);\n    const codexLoginStart = Date.now();\n    let codexLoginSuccess = false;\n    const apiKey = process.env.OPENAI_API_KEY ?? "";\n    if (apiKey) {\n      try {\n        execSync4("codex login --with-api-key", {\n          input: apiKey,\n          encoding: "utf-8",\n          stdio: ["pipe", "pipe", "pipe"]\n        });\n        logInfo("Codex authenticated with API key");\n        codexLoginSuccess = true;\n      } catch (error) {\n        logError(`Codex login failed: ${error}`);\n      }\n    } else {\n      logError("OPENAI_API_KEY not set");\n    }\n    recordSandboxOp(\n      "codex_login",\n      Date.now() - codexLoginStart,\n      codexLoginSuccess\n    );\n  }\n  const initDurationMs = Date.now() - initStartTime;\n  recordSandboxOp("init_total", initDurationMs, true);\n  logInfo(`\\u2713 Initialization complete (${Math.floor(initDurationMs / 1e3)}s)`);\n  logInfo("\\u25B7 Execution");\n  const execStartTime = Date.now();\n  logInfo(`Starting ${CLI_AGENT_TYPE} execution...`);\n  logInfo(`Prompt: ${PROMPT}`);\n  const useMock = process.env.USE_MOCK_CLAUDE === "true";\n  let cmd;\n  if (CLI_AGENT_TYPE === "codex") {\n    if (useMock) {\n      throw new Error("Mock mode not supported for Codex");\n    }\n    const codexArgs = [\n      "exec",\n      "--json",\n      "--dangerously-bypass-approvals-and-sandbox",\n      "--skip-git-repo-check",\n      "-C",\n      WORKING_DIR\n    ];\n    if (OPENAI_MODEL) {\n      codexArgs.push("-m", OPENAI_MODEL);\n    }\n    if (RESUME_SESSION_ID) {\n      logInfo(`Resuming session: ${RESUME_SESSION_ID}`);\n      codexArgs.push("resume", RESUME_SESSION_ID, PROMPT);\n    } else {\n      logInfo("Starting new session");\n      codexArgs.push(PROMPT);\n    }\n    cmd = ["codex", ...codexArgs];\n  } else {\n    const claudeArgs = [\n      "--print",\n      "--verbose",\n      "--output-format",\n      "stream-json",\n      "--dangerously-skip-permissions"\n    ];\n    if (RESUME_SESSION_ID) {\n      logInfo(`Resuming session: ${RESUME_SESSION_ID}`);\n      claudeArgs.push("--resume", RESUME_SESSION_ID);\n    } else {\n      logInfo("Starting new session");\n    }\n    const claudeBin = useMock ? "/usr/local/bin/vm0-agent/mock-claude.mjs" : "claude";\n    if (useMock) {\n      logInfo("Using mock-claude for testing");\n    }\n    cmd = [claudeBin, ...claudeArgs, PROMPT];\n  }\n  let agentExitCode = 0;\n  const stderrLines = [];\n  let logFile = null;\n  try {\n    logFile = fs7.createWriteStream(AGENT_LOG_FILE);\n    const cmdExe = cmd[0];\n    if (!cmdExe) {\n      throw new Error("Empty command");\n    }\n    const proc = spawn(cmdExe, cmd.slice(1), {\n      stdio: ["pipe", "pipe", "pipe"]\n    });\n    const exitPromise = new Promise((resolve) => {\n      let resolved = false;\n      proc.on("error", (err) => {\n        if (!resolved) {\n          resolved = true;\n          logError(`Failed to spawn ${CLI_AGENT_TYPE}: ${err.message}`);\n          stderrLines.push(`Spawn error: ${err.message}`);\n          resolve(1);\n        }\n      });\n      proc.on("close", (code) => {\n        if (!resolved) {\n          resolved = true;\n          resolve(code ?? 1);\n        }\n      });\n    });\n    if (proc.stderr) {\n      const stderrRl = readline.createInterface({ input: proc.stderr });\n      stderrRl.on("line", (line) => {\n        stderrLines.push(line);\n        if (logFile && !logFile.destroyed) {\n          logFile.write(`[STDERR] ${line}\n`);\n        }\n      });\n    }\n    if (proc.stdout) {\n      const stdoutRl = readline.createInterface({ input: proc.stdout });\n      let eventSequence = 0;\n      for await (const line of stdoutRl) {\n        if (logFile && !logFile.destroyed) {\n          logFile.write(line + "\\n");\n        }\n        const stripped = line.trim();\n        if (!stripped) {\n          continue;\n        }\n        try {\n          const event = JSON.parse(stripped);\n          eventSequence++;\n          await sendEvent(event, eventSequence);\n          if (event.type === "result") {\n            const resultContent = event.result;\n            if (resultContent) {\n              console.log(resultContent);\n            }\n          }\n        } catch {\n          logDebug(`Non-JSON line from agent: ${stripped.slice(0, 100)}`);\n        }\n      }\n    }\n    agentExitCode = await exitPromise;\n  } catch (error) {\n    logError(`Failed to execute ${CLI_AGENT_TYPE}: ${error}`);\n    agentExitCode = 1;\n  } finally {\n    if (logFile && !logFile.destroyed) {\n      logFile.end();\n    }\n  }\n  console.log();\n  let finalExitCode = agentExitCode;\n  let errorMessage = "";\n  if (fs7.existsSync(EVENT_ERROR_FLAG)) {\n    logError("Some events failed to send, marking run as failed");\n    finalExitCode = 1;\n    errorMessage = "Some events failed to send";\n  }\n  const execDurationMs = Date.now() - execStartTime;\n  recordSandboxOp("cli_execution", execDurationMs, agentExitCode === 0);\n  if (agentExitCode === 0 && finalExitCode === 0) {\n    logInfo(`\\u2713 Execution complete (${Math.floor(execDurationMs / 1e3)}s)`);\n  } else {\n    logInfo(`\\u2717 Execution failed (${Math.floor(execDurationMs / 1e3)}s)`);\n  }\n  if (agentExitCode === 0 && finalExitCode === 0) {\n    logInfo(`${CLI_AGENT_TYPE} completed successfully`);\n    logInfo("\\u25B7 Checkpoint");\n    const checkpointStartTime = Date.now();\n    const checkpointSuccess = await createCheckpoint();\n    const checkpointDuration = Math.floor(\n      (Date.now() - checkpointStartTime) / 1e3\n    );\n    if (checkpointSuccess) {\n      logInfo(`\\u2713 Checkpoint complete (${checkpointDuration}s)`);\n    } else {\n      logInfo(`\\u2717 Checkpoint failed (${checkpointDuration}s)`);\n    }\n    if (!checkpointSuccess) {\n      logError("Checkpoint creation failed, marking run as failed");\n      finalExitCode = 1;\n      errorMessage = "Checkpoint creation failed";\n    }\n  } else {\n    if (agentExitCode !== 0) {\n      logInfo(`${CLI_AGENT_TYPE} failed with exit code ${agentExitCode}`);\n      if (stderrLines.length > 0) {\n        errorMessage = stderrLines.map((line) => line.trim()).join(" ");\n        logInfo(`Captured stderr: ${errorMessage}`);\n      } else {\n        errorMessage = `Agent exited with code ${agentExitCode}`;\n      }\n    }\n  }\n  return [finalExitCode, errorMessage];\n}\nasync function main() {\n  let exitCode = 1;\n  let errorMessage = "Unexpected termination";\n  try {\n    [exitCode, errorMessage] = await run();\n  } catch (error) {\n    if (error instanceof Error) {\n      exitCode = 1;\n      errorMessage = error.message;\n      logError(`Error: ${errorMessage}`);\n    } else {\n      exitCode = 1;\n      errorMessage = `Unexpected error: ${error}`;\n      logError(errorMessage);\n    }\n  } finally {\n    await cleanup(exitCode, errorMessage);\n  }\n  return exitCode;\n}\nmain().then((code) => process.exit(code)).catch((error) => {\n  console.error("Fatal error:", error);\n  process.exit(1);\n});\n';
+var DOWNLOAD_SCRIPT = '#!/usr/bin/env node\n\n// src/sandbox/scripts/src/download.ts\nimport * as fs2 from "fs";\nimport * as path from "path";\nimport * as os from "os";\nimport { execSync as execSync2 } from "child_process";\n\n// src/sandbox/scripts/src/lib/common.ts\nimport * as fs from "fs";\nvar RUN_ID = process.env.VM0_RUN_ID ?? "";\nvar API_URL = process.env.VM0_API_URL ?? "";\nvar API_TOKEN = process.env.VM0_API_TOKEN ?? "";\nvar PROMPT = process.env.VM0_PROMPT ?? "";\nvar VERCEL_BYPASS = process.env.VERCEL_PROTECTION_BYPASS ?? "";\nvar RESUME_SESSION_ID = process.env.VM0_RESUME_SESSION_ID ?? "";\nvar CLI_AGENT_TYPE = process.env.CLI_AGENT_TYPE ?? "claude-code";\nvar OPENAI_MODEL = process.env.OPENAI_MODEL ?? "";\nvar WORKING_DIR = process.env.VM0_WORKING_DIR ?? "";\nvar ARTIFACT_DRIVER = process.env.VM0_ARTIFACT_DRIVER ?? "";\nvar ARTIFACT_MOUNT_PATH = process.env.VM0_ARTIFACT_MOUNT_PATH ?? "";\nvar ARTIFACT_VOLUME_NAME = process.env.VM0_ARTIFACT_VOLUME_NAME ?? "";\nvar ARTIFACT_VERSION_ID = process.env.VM0_ARTIFACT_VERSION_ID ?? "";\nvar WEBHOOK_URL = `${API_URL}/api/webhooks/agent/events`;\nvar CHECKPOINT_URL = `${API_URL}/api/webhooks/agent/checkpoints`;\nvar COMPLETE_URL = `${API_URL}/api/webhooks/agent/complete`;\nvar HEARTBEAT_URL = `${API_URL}/api/webhooks/agent/heartbeat`;\nvar TELEMETRY_URL = `${API_URL}/api/webhooks/agent/telemetry`;\nvar PROXY_URL = `${API_URL}/api/webhooks/agent/proxy`;\nvar STORAGE_PREPARE_URL = `${API_URL}/api/webhooks/agent/storages/prepare`;\nvar STORAGE_COMMIT_URL = `${API_URL}/api/webhooks/agent/storages/commit`;\nvar HTTP_MAX_TIME_UPLOAD = 60;\nvar HTTP_MAX_RETRIES = 3;\nvar SESSION_ID_FILE = `/tmp/vm0-session-${RUN_ID}.txt`;\nvar SESSION_HISTORY_PATH_FILE = `/tmp/vm0-session-history-${RUN_ID}.txt`;\nvar EVENT_ERROR_FLAG = `/tmp/vm0-event-error-${RUN_ID}`;\nvar SYSTEM_LOG_FILE = `/tmp/vm0-main-${RUN_ID}.log`;\nvar AGENT_LOG_FILE = `/tmp/vm0-agent-${RUN_ID}.log`;\nvar METRICS_LOG_FILE = `/tmp/vm0-metrics-${RUN_ID}.jsonl`;\nvar NETWORK_LOG_FILE = `/tmp/vm0-network-${RUN_ID}.jsonl`;\nvar TELEMETRY_LOG_POS_FILE = `/tmp/vm0-telemetry-log-pos-${RUN_ID}.txt`;\nvar TELEMETRY_METRICS_POS_FILE = `/tmp/vm0-telemetry-metrics-pos-${RUN_ID}.txt`;\nvar TELEMETRY_NETWORK_POS_FILE = `/tmp/vm0-telemetry-network-pos-${RUN_ID}.txt`;\nvar TELEMETRY_SANDBOX_OPS_POS_FILE = `/tmp/vm0-telemetry-sandbox-ops-pos-${RUN_ID}.txt`;\nvar SANDBOX_OPS_LOG_FILE = `/tmp/vm0-sandbox-ops-${RUN_ID}.jsonl`;\nfunction recordSandboxOp(actionType, durationMs, success, error) {\n  const entry = {\n    ts: (/* @__PURE__ */ new Date()).toISOString(),\n    action_type: actionType,\n    duration_ms: durationMs,\n    success\n  };\n  if (error) {\n    entry.error = error;\n  }\n  fs.appendFileSync(SANDBOX_OPS_LOG_FILE, JSON.stringify(entry) + "\\n");\n}\n\n// src/sandbox/scripts/src/lib/log.ts\nvar SCRIPT_NAME = process.env.LOG_SCRIPT_NAME ?? "run-agent";\nvar DEBUG_MODE = process.env.VM0_DEBUG === "1";\nfunction timestamp() {\n  return (/* @__PURE__ */ new Date()).toISOString().replace(/\\.\\d{3}Z$/, "Z");\n}\nfunction logInfo(msg) {\n  console.error(`[${timestamp()}] [INFO] [sandbox:${SCRIPT_NAME}] ${msg}`);\n}\nfunction logWarn(msg) {\n  console.error(`[${timestamp()}] [WARN] [sandbox:${SCRIPT_NAME}] ${msg}`);\n}\nfunction logError(msg) {\n  console.error(`[${timestamp()}] [ERROR] [sandbox:${SCRIPT_NAME}] ${msg}`);\n}\nfunction logDebug(msg) {\n  if (DEBUG_MODE) {\n    console.error(`[${timestamp()}] [DEBUG] [sandbox:${SCRIPT_NAME}] ${msg}`);\n  }\n}\n\n// src/sandbox/scripts/src/lib/http-client.ts\nimport { execSync } from "child_process";\nfunction sleep(ms) {\n  return new Promise((resolve) => setTimeout(resolve, ms));\n}\nasync function httpDownload(url, destPath, maxRetries = HTTP_MAX_RETRIES) {\n  for (let attempt = 1; attempt <= maxRetries; attempt++) {\n    logDebug(`HTTP download attempt ${attempt}/${maxRetries} from ${url}`);\n    try {\n      const curlCmd = ["curl", "-fsSL", "-o", destPath, `"${url}"`].join(" ");\n      execSync(curlCmd, {\n        timeout: HTTP_MAX_TIME_UPLOAD * 1e3,\n        stdio: ["pipe", "pipe", "pipe"]\n      });\n      return true;\n    } catch (error) {\n      const errorMsg = error instanceof Error ? error.message : String(error);\n      if (errorMsg.includes("ETIMEDOUT") || errorMsg.includes("timeout")) {\n        logWarn(\n          `HTTP download failed (attempt ${attempt}/${maxRetries}): Timeout`\n        );\n      } else {\n        logWarn(\n          `HTTP download failed (attempt ${attempt}/${maxRetries}): ${errorMsg}`\n        );\n      }\n      if (attempt < maxRetries) {\n        await sleep(1e3);\n      }\n    }\n  }\n  logError(`HTTP download failed after ${maxRetries} attempts from ${url}`);\n  return false;\n}\n\n// src/sandbox/scripts/src/download.ts\nasync function downloadStorage(mountPath, archiveUrl) {\n  logInfo(`Downloading storage to ${mountPath}`);\n  const tempTar = path.join(\n    os.tmpdir(),\n    `storage-${Date.now()}-${Math.random().toString(36).slice(2)}.tar.gz`\n  );\n  try {\n    if (!await httpDownload(archiveUrl, tempTar)) {\n      logError(`Failed to download archive for ${mountPath}`);\n      return false;\n    }\n    fs2.mkdirSync(mountPath, { recursive: true });\n    try {\n      execSync2(`tar -xzf "${tempTar}" -C "${mountPath}"`, {\n        stdio: ["pipe", "pipe", "pipe"]\n      });\n    } catch {\n      logInfo(`Archive appears empty for ${mountPath}`);\n    }\n    logInfo(`Successfully extracted to ${mountPath}`);\n    return true;\n  } finally {\n    try {\n      fs2.unlinkSync(tempTar);\n    } catch {\n    }\n  }\n}\nasync function main() {\n  const args = process.argv.slice(2);\n  if (args.length < 1) {\n    logError("Usage: node download.mjs <manifest_path>");\n    process.exit(1);\n  }\n  const manifestPath = args[0] ?? "";\n  if (!manifestPath || !fs2.existsSync(manifestPath)) {\n    logError(`Manifest file not found: ${manifestPath}`);\n    process.exit(1);\n  }\n  logInfo(`Starting storage download from manifest: ${manifestPath}`);\n  let manifest;\n  try {\n    const content = fs2.readFileSync(manifestPath, "utf-8");\n    manifest = JSON.parse(content);\n  } catch (error) {\n    logError(`Failed to load manifest: ${error}`);\n    process.exit(1);\n  }\n  const storages = manifest.storages ?? [];\n  const artifact = manifest.artifact;\n  const storageCount = storages.length;\n  const hasArtifact = artifact !== void 0;\n  logInfo(`Found ${storageCount} storages, artifact: ${hasArtifact}`);\n  const downloadTotalStart = Date.now();\n  let downloadSuccess = true;\n  for (const storage of storages) {\n    const mountPath = storage.mountPath;\n    const archiveUrl = storage.archiveUrl;\n    if (archiveUrl && archiveUrl !== "null") {\n      const storageStart = Date.now();\n      const success = await downloadStorage(mountPath, archiveUrl);\n      recordSandboxOp("storage_download", Date.now() - storageStart, success);\n      if (!success) {\n        downloadSuccess = false;\n      }\n    }\n  }\n  if (artifact) {\n    const artifactMount = artifact.mountPath;\n    const artifactUrl = artifact.archiveUrl;\n    if (artifactUrl && artifactUrl !== "null") {\n      const artifactStart = Date.now();\n      const success = await downloadStorage(artifactMount, artifactUrl);\n      recordSandboxOp("artifact_download", Date.now() - artifactStart, success);\n      if (!success) {\n        downloadSuccess = false;\n      }\n    }\n  }\n  recordSandboxOp(\n    "download_total",\n    Date.now() - downloadTotalStart,\n    downloadSuccess\n  );\n  logInfo("All storages downloaded successfully");\n}\nmain().catch((error) => {\n  logError(`Fatal error: ${error}`);\n  process.exit(1);\n});\n';
+var MOCK_CLAUDE_SCRIPT = '#!/usr/bin/env node\n\n// src/sandbox/scripts/src/mock-claude.ts\nimport * as fs from "fs";\nimport * as path from "path";\nimport { execSync } from "child_process";\nfunction parseArgs(args) {\n  const result = {\n    outputFormat: "text",\n    print: false,\n    verbose: false,\n    dangerouslySkipPermissions: false,\n    resume: null,\n    prompt: ""\n  };\n  const remaining = [];\n  let i = 0;\n  while (i < args.length) {\n    const arg = args[i];\n    if (arg === "--output-format" && i + 1 < args.length) {\n      result.outputFormat = args[i + 1] ?? "text";\n      i += 2;\n    } else if (arg === "--print") {\n      result.print = true;\n      i++;\n    } else if (arg === "--verbose") {\n      result.verbose = true;\n      i++;\n    } else if (arg === "--dangerously-skip-permissions") {\n      result.dangerouslySkipPermissions = true;\n      i++;\n    } else if (arg === "--resume" && i + 1 < args.length) {\n      result.resume = args[i + 1] ?? null;\n      i += 2;\n    } else if (arg) {\n      remaining.push(arg);\n      i++;\n    } else {\n      i++;\n    }\n  }\n  if (remaining.length > 0) {\n    result.prompt = remaining[0] ?? "";\n  }\n  return result;\n}\nfunction createSessionHistory(sessionId, cwd) {\n  const projectName = cwd.replace(/^\\//, "").replace(/\\//g, "-");\n  const homeDir = process.env.HOME ?? "/home/user";\n  const sessionDir = `${homeDir}/.claude/projects/-${projectName}`;\n  fs.mkdirSync(sessionDir, { recursive: true });\n  return path.join(sessionDir, `${sessionId}.jsonl`);\n}\nfunction main() {\n  const sessionId = `mock-${Date.now() * 1e3 + Math.floor(Math.random() * 1e3)}`;\n  const args = parseArgs(process.argv.slice(2));\n  const prompt = args.prompt;\n  const outputFormat = args.outputFormat;\n  if (prompt.startsWith("@fail:")) {\n    const errorMsg = prompt.slice(6);\n    console.error(errorMsg);\n    process.exit(1);\n  }\n  const cwd = process.cwd();\n  if (outputFormat === "stream-json") {\n    const sessionHistoryFile = createSessionHistory(sessionId, cwd);\n    const events = [];\n    const initEvent = {\n      type: "system",\n      subtype: "init",\n      cwd,\n      session_id: sessionId,\n      tools: ["Bash"],\n      model: "mock-claude"\n    };\n    console.log(JSON.stringify(initEvent));\n    events.push(initEvent);\n    const textEvent = {\n      type: "assistant",\n      message: {\n        role: "assistant",\n        content: [{ type: "text", text: "Executing command..." }]\n      },\n      session_id: sessionId\n    };\n    console.log(JSON.stringify(textEvent));\n    events.push(textEvent);\n    const toolUseEvent = {\n      type: "assistant",\n      message: {\n        role: "assistant",\n        content: [\n          {\n            type: "tool_use",\n            id: "toolu_mock_001",\n            name: "Bash",\n            input: { command: prompt }\n          }\n        ]\n      },\n      session_id: sessionId\n    };\n    console.log(JSON.stringify(toolUseEvent));\n    events.push(toolUseEvent);\n    let output;\n    let exitCode;\n    try {\n      output = execSync(`bash -c ${JSON.stringify(prompt)}`, {\n        encoding: "utf-8",\n        stdio: ["pipe", "pipe", "pipe"]\n      });\n      exitCode = 0;\n    } catch (error) {\n      const execError = error;\n      output = (execError.stdout ?? "") + (execError.stderr ?? "");\n      exitCode = execError.status ?? 1;\n    }\n    const isError = exitCode !== 0;\n    const toolResultEvent = {\n      type: "user",\n      message: {\n        role: "user",\n        content: [\n          {\n            type: "tool_result",\n            tool_use_id: "toolu_mock_001",\n            content: output,\n            is_error: isError\n          }\n        ]\n      },\n      session_id: sessionId\n    };\n    console.log(JSON.stringify(toolResultEvent));\n    events.push(toolResultEvent);\n    const resultEvent = {\n      type: "result",\n      subtype: exitCode === 0 ? "success" : "error",\n      is_error: exitCode !== 0,\n      duration_ms: 100,\n      num_turns: 1,\n      result: output,\n      session_id: sessionId,\n      total_cost_usd: 0,\n      usage: { input_tokens: 0, output_tokens: 0 }\n    };\n    console.log(JSON.stringify(resultEvent));\n    events.push(resultEvent);\n    const historyContent = events.map((e) => JSON.stringify(e)).join("\\n") + "\\n";\n    fs.writeFileSync(sessionHistoryFile, historyContent);\n    process.exit(exitCode);\n  } else {\n    try {\n      execSync(`bash -c ${JSON.stringify(prompt)}`, {\n        stdio: "inherit"\n      });\n      process.exit(0);\n    } catch (error) {\n      const execError = error;\n      process.exit(execError.status ?? 1);\n    }\n  }\n}\nvar isMainModule = process.argv[1]?.endsWith("mock-claude.mjs") || process.argv[1]?.endsWith("mock-claude.ts");\nif (isMainModule) {\n  main();\n}\nexport {\n  createSessionHistory,\n  parseArgs\n};\n';
+var ENV_LOADER_SCRIPT = '#!/usr/bin/env node\n\n// src/sandbox/scripts/src/env-loader.ts\nimport * as fs from "fs";\nimport { spawn } from "child_process";\nvar ENV_JSON_PATH = "/tmp/vm0-env.json";\nconsole.log("[env-loader] Starting...");\nif (fs.existsSync(ENV_JSON_PATH)) {\n  console.log(`[env-loader] Loading environment from ${ENV_JSON_PATH}`);\n  try {\n    const content = fs.readFileSync(ENV_JSON_PATH, "utf-8");\n    const envData = JSON.parse(content);\n    for (const [key, value] of Object.entries(envData)) {\n      process.env[key] = value;\n    }\n    console.log(\n      `[env-loader] Loaded ${Object.keys(envData).length} environment variables`\n    );\n  } catch (error) {\n    console.error(`[env-loader] ERROR loading JSON: ${error}`);\n    process.exit(1);\n  }\n} else {\n  console.error(\n    `[env-loader] ERROR: Environment file not found: ${ENV_JSON_PATH}`\n  );\n  process.exit(1);\n}\nvar criticalVars = [\n  "VM0_RUN_ID",\n  "VM0_API_URL",\n  "VM0_WORKING_DIR",\n  "VM0_PROMPT"\n];\nfor (const varName of criticalVars) {\n  const val = process.env[varName] ?? "";\n  if (val) {\n    const display = val.length > 50 ? val.substring(0, 50) + "..." : val;\n    console.log(`[env-loader] ${varName}=${display}`);\n  } else {\n    console.log(`[env-loader] WARNING: ${varName} is empty`);\n  }\n}\nvar runAgentPath = "/usr/local/bin/vm0-agent/run-agent.mjs";\nconsole.log(`[env-loader] Executing ${runAgentPath}`);\nvar child = spawn("node", [runAgentPath], {\n  stdio: "inherit",\n  env: process.env\n});\nchild.on("close", (code) => {\n  process.exit(code ?? 1);\n});\n';
 
-# Environment variables
-RUN_ID = os.environ.get("VM0_RUN_ID", "")
-API_URL = os.environ.get("VM0_API_URL", "")
-API_TOKEN = os.environ.get("VM0_API_TOKEN", "")
-PROMPT = os.environ.get("VM0_PROMPT", "")
-VERCEL_BYPASS = os.environ.get("VERCEL_PROTECTION_BYPASS", "")
-RESUME_SESSION_ID = os.environ.get("VM0_RESUME_SESSION_ID", "")
-
-# CLI agent type - determines which CLI to invoke (claude-code or codex)
-CLI_AGENT_TYPE = os.environ.get("CLI_AGENT_TYPE", "claude-code")
-
-# OpenAI model override - used for OpenRouter/custom endpoints with Codex
-OPENAI_MODEL = os.environ.get("OPENAI_MODEL", "")
-
-# Working directory is required - no fallback allowed
-WORKING_DIR = os.environ.get("VM0_WORKING_DIR", "")
-
-# Artifact configuration (replaces GIT_VOLUMES and VM0_VOLUMES)
-ARTIFACT_DRIVER = os.environ.get("VM0_ARTIFACT_DRIVER", "")
-ARTIFACT_MOUNT_PATH = os.environ.get("VM0_ARTIFACT_MOUNT_PATH", "")
-ARTIFACT_VOLUME_NAME = os.environ.get("VM0_ARTIFACT_VOLUME_NAME", "")
-ARTIFACT_VERSION_ID = os.environ.get("VM0_ARTIFACT_VERSION_ID", "")
-
-# Construct webhook endpoint URLs
-WEBHOOK_URL = f"{API_URL}/api/webhooks/agent/events"
-CHECKPOINT_URL = f"{API_URL}/api/webhooks/agent/checkpoints"
-COMPLETE_URL = f"{API_URL}/api/webhooks/agent/complete"
-HEARTBEAT_URL = f"{API_URL}/api/webhooks/agent/heartbeat"
-TELEMETRY_URL = f"{API_URL}/api/webhooks/agent/telemetry"
-PROXY_URL = f"{API_URL}/api/webhooks/agent/proxy"
+// ../../packages/core/src/sandbox/scripts/index.ts
+var SCRIPT_PATHS = {
+  /** Base directory for agent scripts */
+  baseDir: "/usr/local/bin/vm0-agent",
+  /** Main agent orchestrator - handles CLI execution, events, checkpoints */
+  runAgent: "/usr/local/bin/vm0-agent/run-agent.mjs",
+  /** Storage download - downloads volumes/artifacts from S3 via presigned URLs */
+  download: "/usr/local/bin/vm0-agent/download.mjs",
+  /** Mock Claude CLI for testing - executes prompt as bash, outputs Claude-compatible JSONL */
+  mockClaude: "/usr/local/bin/vm0-agent/mock-claude.mjs",
+  /** Environment loader for runner - loads env from JSON file before running agent */
+  envLoader: "/usr/local/bin/vm0-agent/env-loader.mjs"
+};
 
-# Direct S3 upload endpoints (webhook versions for sandbox - uses JWT auth)
-STORAGE_PREPARE_URL = f"{API_URL}/api/webhooks/agent/storages/prepare"
-STORAGE_COMMIT_URL = f"{API_URL}/api/webhooks/agent/storages/commit"
+// src/lib/scripts/index.ts
+var ENV_LOADER_PATH = "/usr/local/bin/vm0-agent/env-loader.mjs";
 
-# Heartbeat configuration
-HEARTBEAT_INTERVAL = 60  # seconds
+// src/lib/proxy/vm-registry.ts
+import fs4 from "fs";
+var DEFAULT_REGISTRY_PATH = "/tmp/vm0-vm-registry.json";
+var VMRegistry = class {
+  registryPath;
+  data;
+  constructor(registryPath = DEFAULT_REGISTRY_PATH) {
+    this.registryPath = registryPath;
+    this.data = this.load();
+  }
+  /**
+   * Load registry data from file
+   */
+  load() {
+    try {
+      if (fs4.existsSync(this.registryPath)) {
+        const content = fs4.readFileSync(this.registryPath, "utf-8");
+        return JSON.parse(content);
+      }
+    } catch {
+    }
+    return { vms: {}, updatedAt: Date.now() };
+  }
+  /**
+   * Save registry data to file atomically
+   */
+  save() {
+    this.data.updatedAt = Date.now();
+    const content = JSON.stringify(this.data, null, 2);
+    const tempPath = `${this.registryPath}.tmp`;
+    fs4.writeFileSync(tempPath, content, { mode: 420 });
+    fs4.renameSync(tempPath, this.registryPath);
+  }
+  /**
+   * Register a VM with its IP address
+   */
+  register(vmIp, runId, sandboxToken, options) {
+    this.data.vms[vmIp] = {
+      runId,
+      sandboxToken,
+      registeredAt: Date.now(),
+      firewallRules: options?.firewallRules,
+      mitmEnabled: options?.mitmEnabled,
+      sealSecretsEnabled: options?.sealSecretsEnabled
+    };
+    this.save();
+    const firewallInfo = options?.firewallRules ? ` with ${options.firewallRules.length} firewall rules` : "";
+    const mitmInfo = options?.mitmEnabled ? ", MITM enabled" : "";
+    console.log(
+      `[VMRegistry] Registered VM ${vmIp} for run ${runId}${firewallInfo}${mitmInfo}`
+    );
+  }
+  /**
+   * Unregister a VM by IP address
+   */
+  unregister(vmIp) {
+    if (this.data.vms[vmIp]) {
+      const registration = this.data.vms[vmIp];
+      delete this.data.vms[vmIp];
+      this.save();
+      console.log(
+        `[VMRegistry] Unregistered VM ${vmIp} (run ${registration.runId})`
+      );
+    }
+  }
+  /**
+   * Look up registration by VM IP
+   */
+  lookup(vmIp) {
+    return this.data.vms[vmIp];
+  }
+  /**
+   * Get all registered VMs
+   */
+  getAll() {
+    return { ...this.data.vms };
+  }
+  /**
+   * Clear all registrations
+   */
+  clear() {
+    this.data.vms = {};
+    this.save();
+    console.log("[VMRegistry] Cleared all registrations");
+  }
+  /**
+   * Get the path to the registry file
+   */
+  getRegistryPath() {
+    return this.registryPath;
+  }
+};
+var globalRegistry = null;
+function getVMRegistry() {
+  if (!globalRegistry) {
+    globalRegistry = new VMRegistry();
+  }
+  return globalRegistry;
+}
+function initVMRegistry(registryPath) {
+  globalRegistry = new VMRegistry(registryPath);
+  return globalRegistry;
+}
 
-# Telemetry upload configuration
-TELEMETRY_INTERVAL = 30  # seconds
+// src/lib/proxy/proxy-manager.ts
+import { spawn as spawn2 } from "child_process";
+import fs5 from "fs";
+import path3 from "path";
 
-# HTTP request configuration
-HTTP_CONNECT_TIMEOUT = 10
-HTTP_MAX_TIME = 30
-HTTP_MAX_TIME_UPLOAD = 60
-HTTP_MAX_RETRIES = 3
+// src/lib/proxy/mitm-addon-script.ts
+var RUNNER_MITM_ADDON_SCRIPT = `#!/usr/bin/env python3
+"""
+mitmproxy addon for VM0 runner-level network security mode.
 
-# Variables for checkpoint (use temp files to persist across subprocesses)
-SESSION_ID_FILE = f"/tmp/vm0-session-{RUN_ID}.txt"
-SESSION_HISTORY_PATH_FILE = f"/tmp/vm0-session-history-{RUN_ID}.txt"
+This addon runs on the runner HOST (not inside VMs) and:
+1. Intercepts all HTTPS requests from VMs
+2. Looks up the source VM's runId and firewall rules from the VM registry
+3. Evaluates firewall rules (first-match-wins) to ALLOW or DENY
+4. For MITM mode: Rewrites requests to go through VM0 Proxy endpoint
+5. For SNI-only mode: Passes through or blocks without decryption
+6. Logs network activity per-run to JSONL files
+"""
+import os
+import json
+import time
+import urllib.parse
+import ipaddress
+import socket
+from mitmproxy import http, ctx, tls
 
-# Event error flag file - used to track if any events failed to send
-EVENT_ERROR_FLAG = f"/tmp/vm0-event-error-{RUN_ID}"
 
-# Log file for persistent logging (directly in /tmp with vm0- prefix)
-SYSTEM_LOG_FILE = f"/tmp/vm0-main-{RUN_ID}.log"
-AGENT_LOG_FILE = f"/tmp/vm0-agent-{RUN_ID}.log"
+# VM0 Proxy configuration from environment
+API_URL = os.environ.get("VM0_API_URL", "https://www.vm0.ai")
+REGISTRY_PATH = os.environ.get("VM0_REGISTRY_PATH", "/tmp/vm0-vm-registry.json")
+VERCEL_BYPASS = os.environ.get("VERCEL_AUTOMATION_BYPASS_SECRET", "")
 
-# Metrics log file for system resource metrics (JSONL format)
-METRICS_LOG_FILE = f"/tmp/vm0-metrics-{RUN_ID}.jsonl"
+# Construct proxy URL
+PROXY_URL = f"{API_URL}/api/webhooks/agent/proxy"
 
-# Network log file for proxy request logs (JSONL format)
-NETWORK_LOG_FILE = f"/tmp/vm0-network-{RUN_ID}.jsonl"
+# Cache for VM registry (reloaded periodically)
+_registry_cache = {}
+_registry_cache_time = 0
+REGISTRY_CACHE_TTL = 2  # seconds
 
-# Telemetry position tracking files (to avoid duplicate uploads)
-TELEMETRY_LOG_POS_FILE = f"/tmp/vm0-telemetry-log-pos-{RUN_ID}.txt"
-TELEMETRY_METRICS_POS_FILE = f"/tmp/vm0-telemetry-metrics-pos-{RUN_ID}.txt"
-TELEMETRY_NETWORK_POS_FILE = f"/tmp/vm0-telemetry-network-pos-{RUN_ID}.txt"
-TELEMETRY_SANDBOX_OPS_POS_FILE = f"/tmp/vm0-telemetry-sandbox-ops-pos-{RUN_ID}.txt"
+# Track request start times for latency calculation
+request_start_times = {}
 
-# Sandbox operations log file (JSONL format)
-SANDBOX_OPS_LOG_FILE = f"/tmp/vm0-sandbox-ops-{RUN_ID}.jsonl"
 
-# Metrics collection configuration
-METRICS_INTERVAL = 5  # seconds
+def load_registry() -> dict:
+    """Load the VM registry from file, with caching."""
+    global _registry_cache, _registry_cache_time
 
-def validate_config() -> bool:
-    """
-    Validate required configuration.
-    Raises ValueError if configuration is invalid.
-    Returns True if valid.
-    """
-    if not WORKING_DIR:
-        raise ValueError("VM0_WORKING_DIR is required but not set")
-    return True
-
-def record_sandbox_op(
-    action_type: str,
-    duration_ms: int,
-    success: bool,
-    error: str = None
-) -> None:
-    """
-    Record a sandbox operation to JSONL file for telemetry upload.
+    now = time.time()
+    if now - _registry_cache_time < REGISTRY_CACHE_TTL:
+        return _registry_cache
 
-    Args:
-        action_type: Operation name (e.g., "init_total", "storage_download", "cli_execution")
-        duration_ms: Duration in milliseconds
-        success: Whether the operation succeeded
-        error: Optional error message if failed
-    """
-    from datetime import datetime, timezone
-    import json
+    try:
+        if os.path.exists(REGISTRY_PATH):
+            with open(REGISTRY_PATH, "r") as f:
+                data = json.load(f)
+                _registry_cache = data.get("vms", {})
+                _registry_cache_time = now
+                return _registry_cache
+    except Exception as e:
+        ctx.log.warn(f"Failed to load VM registry: {e}")
 
-    entry = {
-        "ts": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
-        "action_type": action_type,
-        "duration_ms": duration_ms,
-        "success": success,
-    }
-    if error:
-        entry["error"] = error
+    return _registry_cache
 
-    with open(SANDBOX_OPS_LOG_FILE, "a") as f:
-        f.write(json.dumps(entry) + "\\n")
-`;
 
-// ../../packages/core/src/sandbox/scripts/lib/log.py.ts
-var LOG_SCRIPT = `#!/usr/bin/env python3
-"""
-Unified logging functions for VM0 agent scripts.
-Format: [TIMESTAMP] [LEVEL] [sandbox:SCRIPT_NAME] message
-"""
-import os
-import sys
-from datetime import datetime, timezone
+def get_vm_info(client_ip: str) -> dict | None:
+    """Look up VM info by client IP address."""
+    registry = load_registry()
+    return registry.get(client_ip)
 
-# Default script name, can be overridden by setting LOG_SCRIPT_NAME env var
-SCRIPT_NAME = os.environ.get("LOG_SCRIPT_NAME", "run-agent")
-DEBUG_MODE = os.environ.get("VM0_DEBUG", "") == "1"
 
+def get_network_log_path(run_id: str) -> str:
+    """Get the network log file path for a run."""
+    return f"/tmp/vm0-network-{run_id}.jsonl"
 
-def _timestamp() -> str:
-    """Get current UTC timestamp in ISO 8601 format."""
-    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
 
+def log_network_entry(run_id: str, entry: dict) -> None:
+    """Write a network log entry to the per-run JSONL file."""
+    if not run_id:
+        return
 
-def log_info(msg: str) -> None:
-    """Log info message to stderr."""
-    print(f"[{_timestamp()}] [INFO] [sandbox:{SCRIPT_NAME}] {msg}", file=sys.stderr)
+    log_path = get_network_log_path(run_id)
+    try:
+        fd = os.open(log_path, os.O_CREAT | os.O_APPEND | os.O_WRONLY, 0o644)
+        try:
+            os.write(fd, (json.dumps(entry) + "\\n").encode())
+        finally:
+            os.close(fd)
+    except Exception as e:
+        ctx.log.warn(f"Failed to write network log: {e}")
 
 
-def log_warn(msg: str) -> None:
-    """Log warning message to stderr."""
-    print(f"[{_timestamp()}] [WARN] [sandbox:{SCRIPT_NAME}] {msg}", file=sys.stderr)
+def get_original_url(flow: http.HTTPFlow) -> str:
+    """Reconstruct the original target URL from the request."""
+    scheme = "https" if flow.request.port == 443 else "http"
+    host = flow.request.pretty_host
+    port = flow.request.port
 
+    if (scheme == "https" and port != 443) or (scheme == "http" and port != 80):
+        host_with_port = f"{host}:{port}"
+    else:
+        host_with_port = host
 
-def log_error(msg: str) -> None:
-    """Log error message to stderr."""
-    print(f"[{_timestamp()}] [ERROR] [sandbox:{SCRIPT_NAME}] {msg}", file=sys.stderr)
+    path = flow.request.path
+    return f"{scheme}://{host_with_port}{path}"
 
 
-def log_debug(msg: str) -> None:
-    """Log debug message to stderr (only if VM0_DEBUG=1)."""
-    if DEBUG_MODE:
-        print(f"[{_timestamp()}] [DEBUG] [sandbox:{SCRIPT_NAME}] {msg}", file=sys.stderr)
-`;
+# ============================================================================
+# Firewall Rule Matching
+# ============================================================================
 
-// ../../packages/core/src/sandbox/scripts/lib/http_client.py.ts
-var HTTP_SCRIPT = `#!/usr/bin/env python3
-"""
-Unified HTTP request functions for VM0 agent scripts.
-Uses urllib (standard library) with retry logic.
-"""
-import json
-import time
-import subprocess
-import os
-from urllib.request import Request, urlopen
-from urllib.error import HTTPError, URLError
-from typing import Optional, Dict, Any
-
-from common import (
-    API_TOKEN, VERCEL_BYPASS,
-    HTTP_CONNECT_TIMEOUT, HTTP_MAX_TIME, HTTP_MAX_TIME_UPLOAD, HTTP_MAX_RETRIES
-)
-from log import log_debug, log_warn, log_error
-
-
-def http_post_json(
-    url: str,
-    data: Dict[str, Any],
-    max_retries: int = HTTP_MAX_RETRIES
-) -> Optional[Dict[str, Any]]:
+def match_domain(pattern: str, hostname: str) -> bool:
+    """
+    Match hostname against domain pattern.
+    Supports exact match and wildcard prefix (*.example.com).
     """
-    HTTP POST with JSON body and retry logic.
+    if not pattern or not hostname:
+        return False
+
+    pattern = pattern.lower()
+    hostname = hostname.lower()
 
-    Args:
-        url: Target URL
-        data: Dictionary to send as JSON
-        max_retries: Maximum retry attempts
+    if pattern.startswith("*."):
+        # Wildcard: *.example.com matches sub.example.com, www.example.com
+        # Also matches example.com itself (without subdomain)
+        suffix = pattern[1:]  # .example.com
+        base = pattern[2:]    # example.com
+        return hostname.endswith(suffix) or hostname == base
 
-    Returns:
-        Response JSON as dict on success, None on failure
-    """
-    headers = {
-        "Content-Type": "application/json",
-        "Authorization": f"Bearer {API_TOKEN}",
-    }
-    if VERCEL_BYPASS:
-        headers["x-vercel-protection-bypass"] = VERCEL_BYPASS
+    return hostname == pattern
 
-    body = json.dumps(data).encode("utf-8")
 
-    for attempt in range(1, max_retries + 1):
-        log_debug(f"HTTP POST attempt {attempt}/{max_retries} to {url}")
-        try:
-            req = Request(url, data=body, headers=headers, method="POST")
-            with urlopen(req, timeout=HTTP_MAX_TIME) as resp:
-                response_body = resp.read().decode("utf-8")
-                if response_body:
-                    return json.loads(response_body)
-                return {}
-        except HTTPError as e:
-            log_warn(f"HTTP POST failed (attempt {attempt}/{max_retries}): HTTP {e.code}")
-            if attempt < max_retries:
-                time.sleep(1)
-        except URLError as e:
-            log_warn(f"HTTP POST failed (attempt {attempt}/{max_retries}): {e.reason}")
-            if attempt < max_retries:
-                time.sleep(1)
-        except TimeoutError:
-            log_warn(f"HTTP POST failed (attempt {attempt}/{max_retries}): Timeout")
-            if attempt < max_retries:
-                time.sleep(1)
-        except Exception as e:
-            log_warn(f"HTTP POST failed (attempt {attempt}/{max_retries}): {e}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-    log_error(f"HTTP POST failed after {max_retries} attempts to {url}")
-    return None
-
-
-def http_post_form(
-    url: str,
-    form_fields: Dict[str, str],
-    file_path: Optional[str] = None,
-    file_field: str = "file",
-    max_retries: int = HTTP_MAX_RETRIES
-) -> Optional[Dict[str, Any]]:
+def match_ip(cidr: str, ip_str: str) -> bool:
     """
-    HTTP POST with multipart form data and retry logic.
-    Uses curl for multipart uploads as urllib doesn't support it well.
-
-    Args:
-        url: Target URL
-        form_fields: Dictionary of form field name -> value
-        file_path: Optional path to file to upload
-        file_field: Form field name for the file
-        max_retries: Maximum retry attempts
-
-    Returns:
-        Response JSON as dict on success, None on failure
-    """
-    for attempt in range(1, max_retries + 1):
-        log_debug(f"HTTP POST form attempt {attempt}/{max_retries} to {url}")
-
-        # Build curl command
-        # -f flag makes curl return non-zero exit code on HTTP 4xx/5xx errors
-        curl_cmd = [
-            "curl", "-f", "-X", "POST", url,
-            "-H", f"Authorization: Bearer {API_TOKEN}",
-            "--connect-timeout", str(HTTP_CONNECT_TIMEOUT),
-            "--max-time", str(HTTP_MAX_TIME_UPLOAD),
-            "--silent"
-        ]
-
-        if VERCEL_BYPASS:
-            curl_cmd.extend(["-H", f"x-vercel-protection-bypass: {VERCEL_BYPASS}"])
-
-        # Add form fields
-        for key, value in form_fields.items():
-            curl_cmd.extend(["-F", f"{key}={value}"])
-
-        # Add file if provided
-        if file_path:
-            curl_cmd.extend(["-F", f"{file_field}=@{file_path}"])
-
-        result = None  # Initialize for use in except blocks
-        try:
-            result = subprocess.run(
-                curl_cmd,
-                capture_output=True,
-                text=True,
-                timeout=HTTP_MAX_TIME_UPLOAD
-            )
-
-            if result.returncode == 0:
-                if result.stdout:
-                    return json.loads(result.stdout)
-                return {}
-
-            # Log curl exit code and stderr for better debugging
-            error_msg = f"curl exit {result.returncode}"
-            if result.stderr:
-                error_msg += f": {result.stderr.strip()}"
-            log_warn(f"HTTP POST form failed (attempt {attempt}/{max_retries}): {error_msg}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-        except subprocess.TimeoutExpired:
-            log_warn(f"HTTP POST form failed (attempt {attempt}/{max_retries}): Timeout")
-            if attempt < max_retries:
-                time.sleep(1)
-        except json.JSONDecodeError as e:
-            log_warn(f"HTTP POST form failed (attempt {attempt}/{max_retries}): Invalid JSON response: {e}")
-            # Log raw response for debugging (truncate to avoid log spam)
-            if result and result.stdout:
-                log_debug(f"Raw response: {result.stdout[:500]}")
-            if attempt < max_retries:
-                time.sleep(1)
-        except Exception as e:
-            log_warn(f"HTTP POST form failed (attempt {attempt}/{max_retries}): {e}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-    log_error(f"HTTP POST form failed after {max_retries} attempts to {url}")
-    return None
-
-
-def http_put_presigned(
-    presigned_url: str,
-    file_path: str,
-    content_type: str = "application/octet-stream",
-    max_retries: int = HTTP_MAX_RETRIES
-) -> bool:
-    """
-    HTTP PUT to a presigned S3 URL with retry logic.
-    Used for direct S3 uploads bypassing Vercel's 4.5MB limit.
-
-    Args:
-        presigned_url: S3 presigned PUT URL
-        file_path: Path to file to upload
-        content_type: Content-Type header value
-        max_retries: Maximum retry attempts
-
-    Returns:
-        True on success, False on failure
-    """
-    for attempt in range(1, max_retries + 1):
-        log_debug(f"HTTP PUT presigned attempt {attempt}/{max_retries}")
-
-        try:
-            # Use curl for reliable large file uploads
-            curl_cmd = [
-                "curl", "-f", "-X", "PUT",
-                "-H", f"Content-Type: {content_type}",
-                "--data-binary", f"@{file_path}",
-                "--connect-timeout", str(HTTP_CONNECT_TIMEOUT),
-                "--max-time", str(HTTP_MAX_TIME_UPLOAD),
-                "--silent",
-                presigned_url
-            ]
-
-            result = subprocess.run(
-                curl_cmd,
-                capture_output=True,
-                text=True,
-                timeout=HTTP_MAX_TIME_UPLOAD
-            )
-
-            if result.returncode == 0:
-                return True
-
-            error_msg = f"curl exit {result.returncode}"
-            if result.stderr:
-                error_msg += f": {result.stderr.strip()}"
-            log_warn(f"HTTP PUT presigned failed (attempt {attempt}/{max_retries}): {error_msg}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-        except subprocess.TimeoutExpired:
-            log_warn(f"HTTP PUT presigned failed (attempt {attempt}/{max_retries}): Timeout")
-            if attempt < max_retries:
-                time.sleep(1)
-        except Exception as e:
-            log_warn(f"HTTP PUT presigned failed (attempt {attempt}/{max_retries}): {e}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-    log_error(f"HTTP PUT presigned failed after {max_retries} attempts")
-    return False
-
-
-def http_download(
-    url: str,
-    dest_path: str,
-    max_retries: int = HTTP_MAX_RETRIES
-) -> bool:
-    """
-    Download a file from URL with retry logic.
-
-    Args:
-        url: Source URL
-        dest_path: Destination file path
-        max_retries: Maximum retry attempts
-
-    Returns:
-        True on success, False on failure
-    """
-    for attempt in range(1, max_retries + 1):
-        log_debug(f"HTTP download attempt {attempt}/{max_retries} from {url}")
-
-        try:
-            curl_cmd = [
-                "curl", "-fsSL",
-                "-o", dest_path,
-                url
-            ]
-
-            result = subprocess.run(
-                curl_cmd,
-                capture_output=True,
-                timeout=HTTP_MAX_TIME_UPLOAD
-            )
-
-            if result.returncode == 0:
-                return True
-
-            log_warn(f"HTTP download failed (attempt {attempt}/{max_retries}): curl exit {result.returncode}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-        except subprocess.TimeoutExpired:
-            log_warn(f"HTTP download failed (attempt {attempt}/{max_retries}): Timeout")
-            if attempt < max_retries:
-                time.sleep(1)
-        except Exception as e:
-            log_warn(f"HTTP download failed (attempt {attempt}/{max_retries}): {e}")
-            if attempt < max_retries:
-                time.sleep(1)
-
-    log_error(f"HTTP download failed after {max_retries} attempts from {url}")
-    return False
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/events.py.ts
-var EVENTS_SCRIPT = `#!/usr/bin/env python3
-"""
-Event sending module for VM0 agent scripts.
-Sends JSONL events to the webhook endpoint.
-Masks secrets before sending using client-side masking.
-"""
-import os
-from typing import Dict, Any
-
-from common import (
-    RUN_ID, WORKING_DIR, WEBHOOK_URL, CLI_AGENT_TYPE,
-    SESSION_ID_FILE, SESSION_HISTORY_PATH_FILE, EVENT_ERROR_FLAG
-)
-from log import log_info, log_error
-from http_client import http_post_json
-from secret_masker import mask_data
-
-
-def send_event(event: Dict[str, Any], sequence_number: int) -> bool:
-    """
-    Send single event immediately to webhook.
-    Masks secrets before sending.
-
-    Args:
-        event: Event dictionary to send
-        sequence_number: Sequence number for this event (1-based, maintained by caller)
-
-    Returns:
-        True on success, False on failure
-    """
-    # Extract session ID from init event based on CLI agent type
-    event_type = event.get("type", "")
-    event_subtype = event.get("subtype", "")
-
-    # Claude Code: session_id from system/init event
-    # Codex: thread_id from thread.started event
-    session_id = None
-    if CLI_AGENT_TYPE == "codex":
-        if event_type == "thread.started":
-            session_id = event.get("thread_id", "")
-    else:
-        if event_type == "system" and event_subtype == "init":
-            session_id = event.get("session_id", "")
-
-    if session_id and not os.path.exists(SESSION_ID_FILE):
-        log_info(f"Captured session ID: {session_id}")
-
-        # Save to temp file to persist across subprocesses
-        with open(SESSION_ID_FILE, "w") as f:
-            f.write(session_id)
-
-        # Calculate session history path based on CLI agent type
-        home_dir = os.environ.get("HOME", "/home/user")
-
-        if CLI_AGENT_TYPE == "codex":
-            # Codex stores sessions in ~/.codex/sessions/YYYY/MM/DD/rollout-*.jsonl
-            # We'll store a marker path here; checkpoint.py will search for the actual file
-            codex_home = os.environ.get("CODEX_HOME", f"{home_dir}/.codex")
-            # Use special marker format that checkpoint.py will recognize
-            session_history_path = f"CODEX_SEARCH:{codex_home}/sessions:{session_id}"
-        else:
-            # Claude Code uses ~/.claude (default, no CLAUDE_CONFIG_DIR override)
-            # Path encoding: e.g., /home/user/workspace -> -home-user-workspace
-            project_name = WORKING_DIR.lstrip("/").replace("/", "-")
-            session_history_path = f"{home_dir}/.claude/projects/-{project_name}/{session_id}.jsonl"
-
-        with open(SESSION_HISTORY_PATH_FILE, "w") as f:
-            f.write(session_history_path)
-
-        log_info(f"Session history will be at: {session_history_path}")
-
-    # Add sequence number to event
-    event["sequenceNumber"] = sequence_number
-
-    # Mask secrets in event data before sending
-    # This ensures secrets are never sent to the server in plaintext
-    masked_event = mask_data(event)
-
-    # Build payload with masked event
-    payload = {
-        "runId": RUN_ID,
-        "events": [masked_event]
-    }
-
-    # Send event using HTTP request function
-    result = http_post_json(WEBHOOK_URL, payload)
-
-    if result is None:
-        log_error("Failed to send event after retries")
-        # Mark that event sending failed - run-agent will check this
-        with open(EVENT_ERROR_FLAG, "w") as f:
-            f.write("1")
-        return False
-
-    return True
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/direct_upload.py.ts
-var DIRECT_UPLOAD_SCRIPT = `#!/usr/bin/env python3
-"""
-Direct S3 upload module for VAS (Versioned Artifact Storage).
-Bypasses Vercel's 4.5MB request body limit by uploading directly to S3.
-
-Flow:
-1. Compute file hashes locally
-2. Call /api/storages/prepare to get presigned URLs
-3. Upload archive and manifest directly to S3
-4. Call /api/storages/commit to finalize
-"""
-import os
-import json
-import hashlib
-import tarfile
-import tempfile
-import shutil
-import time
-from typing import Optional, Dict, Any, List
-from datetime import datetime
-
-from common import RUN_ID, STORAGE_PREPARE_URL, STORAGE_COMMIT_URL, record_sandbox_op
-from log import log_info, log_warn, log_error, log_debug
-from http_client import http_post_json, http_put_presigned
-
-
-def compute_file_hash(file_path: str) -> str:
-    """Compute SHA-256 hash for a file."""
-    sha256_hash = hashlib.sha256()
-    with open(file_path, "rb") as f:
-        for byte_block in iter(lambda: f.read(4096), b""):
-            sha256_hash.update(byte_block)
-    return sha256_hash.hexdigest()
-
-
-def collect_file_metadata(dir_path: str) -> List[Dict[str, Any]]:
-    """
-    Collect file metadata with hashes for a directory.
-
-    Args:
-        dir_path: Directory to scan
-
-    Returns:
-        List of file entries: [{path, hash, size}, ...]
-    """
-    files = []
-    original_dir = os.getcwd()
-
-    try:
-        os.chdir(dir_path)
-
-        for root, dirs, filenames in os.walk("."):
-            # Exclude .git and .vm0 directories
-            dirs[:] = [d for d in dirs if d not in (".git", ".vm0")]
-
-            for filename in filenames:
-                rel_path = os.path.join(root, filename)
-                # Remove leading ./
-                if rel_path.startswith("./"):
-                    rel_path = rel_path[2:]
-
-                full_path = os.path.join(dir_path, rel_path)
-                try:
-                    file_hash = compute_file_hash(full_path)
-                    file_size = os.path.getsize(full_path)
-                    files.append({
-                        "path": rel_path,
-                        "hash": file_hash,
-                        "size": file_size
-                    })
-                except (IOError, OSError) as e:
-                    log_warn(f"Could not process file {rel_path}: {e}")
-
-    finally:
-        os.chdir(original_dir)
-
-    return files
-
-
-def create_archive(dir_path: str, tar_path: str) -> bool:
-    """
-    Create tar.gz archive of directory contents.
-
-    Args:
-        dir_path: Source directory
-        tar_path: Destination tar.gz path
-
-    Returns:
-        True on success, False on failure
-    """
-    original_dir = os.getcwd()
-
-    try:
-        os.chdir(dir_path)
-
-        # Get files to archive (exclude .git and .vm0)
-        items = [item for item in os.listdir(".") if item not in (".git", ".vm0")]
-
-        with tarfile.open(tar_path, "w:gz") as tar:
-            for item in items:
-                tar.add(item)
-
-        return True
-
-    except Exception as e:
-        log_error(f"Failed to create archive: {e}")
-        return False
-
-    finally:
-        os.chdir(original_dir)
-
-
-def create_manifest(files: List[Dict[str, Any]], manifest_path: str) -> bool:
-    """
-    Create manifest JSON file.
-
-    Args:
-        files: List of file entries
-        manifest_path: Destination path for manifest
-
-    Returns:
-        True on success, False on failure
-    """
-    try:
-        manifest = {
-            "version": 1,
-            "files": files,
-            "createdAt": datetime.utcnow().isoformat() + "Z"
-        }
-        with open(manifest_path, "w") as f:
-            json.dump(manifest, f, indent=2)
-        return True
-    except Exception as e:
-        log_error(f"Failed to create manifest: {e}")
-        return False
-
-
-def create_direct_upload_snapshot(
-    mount_path: str,
-    storage_name: str,
-    storage_type: str = "artifact",
-    run_id: str = None,
-    message: str = None
-) -> Optional[Dict[str, Any]]:
-    """
-    Create VAS snapshot using direct S3 upload.
-    Bypasses Vercel's 4.5MB request body limit.
-
-    Args:
-        mount_path: Path to the storage directory
-        storage_name: VAS storage name
-        storage_type: Storage type ("volume" or "artifact")
-        run_id: Optional run ID for sandbox auth
-        message: Optional commit message
-
-    Returns:
-        Dict with versionId on success, None on failure
-    """
-    log_info(f"Creating direct upload snapshot for '{storage_name}' (type: {storage_type})")
-
-    # Step 1: Collect file metadata
-    log_info("Computing file hashes...")
-    hash_start = time.time()
-    files = collect_file_metadata(mount_path)
-    record_sandbox_op("artifact_hash_compute", int((time.time() - hash_start) * 1000), True)
-    log_info(f"Found {len(files)} files")
-
-    if not files:
-        log_info("No files to upload, creating empty version")
-
-    # Step 2: Call prepare endpoint
-    log_info("Calling prepare endpoint...")
-    prepare_start = time.time()
-    prepare_payload = {
-        "storageName": storage_name,
-        "storageType": storage_type,
-        "files": files
-    }
-    if run_id:
-        prepare_payload["runId"] = run_id
-
-    prepare_response = http_post_json(STORAGE_PREPARE_URL, prepare_payload)
-    if not prepare_response:
-        log_error("Failed to call prepare endpoint")
-        record_sandbox_op("artifact_prepare_api", int((time.time() - prepare_start) * 1000), False)
-        return None
-
-    version_id = prepare_response.get("versionId")
-    if not version_id:
-        log_error(f"Invalid prepare response: {prepare_response}")
-        record_sandbox_op("artifact_prepare_api", int((time.time() - prepare_start) * 1000), False)
-        return None
-    record_sandbox_op("artifact_prepare_api", int((time.time() - prepare_start) * 1000), True)
-
-    # Step 3: Check if version already exists (deduplication)
-    # Still call commit to update HEAD pointer (fixes #649)
-    if prepare_response.get("existing"):
-        log_info(f"Version already exists (deduplicated): {version_id[:8]}")
-        log_info("Updating HEAD pointer...")
-
-        commit_payload = {
-            "storageName": storage_name,
-            "storageType": storage_type,
-            "versionId": version_id,
-            "files": files
-        }
-        if run_id:
-            commit_payload["runId"] = run_id
-
-        commit_response = http_post_json(STORAGE_COMMIT_URL, commit_payload)
-        if not commit_response or not commit_response.get("success"):
-            log_error(f"Failed to update HEAD: {commit_response}")
-            return None
-
-        return {"versionId": version_id, "deduplicated": True}
-
-    # Step 4: Get presigned URLs
-    uploads = prepare_response.get("uploads")
-    if not uploads:
-        log_error("No upload URLs in prepare response")
-        return None
-
-    archive_info = uploads.get("archive")
-    manifest_info = uploads.get("manifest")
-
-    if not archive_info or not manifest_info:
-        log_error("Missing archive or manifest upload info")
-        return None
-
-    # Step 5: Create and upload files
-    temp_dir = tempfile.mkdtemp(prefix=f"direct-upload-{storage_name}-")
-
-    try:
-        # Create archive
-        log_info("Creating archive...")
-        archive_start = time.time()
-        archive_path = os.path.join(temp_dir, "archive.tar.gz")
-        if not create_archive(mount_path, archive_path):
-            log_error("Failed to create archive")
-            record_sandbox_op("artifact_archive_create", int((time.time() - archive_start) * 1000), False)
-            return None
-        record_sandbox_op("artifact_archive_create", int((time.time() - archive_start) * 1000), True)
-
-        # Create manifest
-        log_info("Creating manifest...")
-        manifest_path = os.path.join(temp_dir, "manifest.json")
-        if not create_manifest(files, manifest_path):
-            log_error("Failed to create manifest")
-            return None
-
-        # Upload archive to S3
-        log_info("Uploading archive to S3...")
-        s3_upload_start = time.time()
-        if not http_put_presigned(
-            archive_info["presignedUrl"],
-            archive_path,
-            "application/gzip"
-        ):
-            log_error("Failed to upload archive to S3")
-            record_sandbox_op("artifact_s3_upload", int((time.time() - s3_upload_start) * 1000), False)
-            return None
-
-        # Upload manifest to S3
-        log_info("Uploading manifest to S3...")
-        if not http_put_presigned(
-            manifest_info["presignedUrl"],
-            manifest_path,
-            "application/json"
-        ):
-            log_error("Failed to upload manifest to S3")
-            record_sandbox_op("artifact_s3_upload", int((time.time() - s3_upload_start) * 1000), False)
-            return None
-        record_sandbox_op("artifact_s3_upload", int((time.time() - s3_upload_start) * 1000), True)
-
-        # Step 6: Call commit endpoint
-        log_info("Calling commit endpoint...")
-        commit_start = time.time()
-        commit_payload = {
-            "storageName": storage_name,
-            "storageType": storage_type,
-            "versionId": version_id,
-            "files": files
-        }
-        if run_id:
-            commit_payload["runId"] = run_id
-        if message:
-            commit_payload["message"] = message
-
-        commit_response = http_post_json(STORAGE_COMMIT_URL, commit_payload)
-        if not commit_response:
-            log_error("Failed to call commit endpoint")
-            record_sandbox_op("artifact_commit_api", int((time.time() - commit_start) * 1000), False)
-            return None
-
-        if not commit_response.get("success"):
-            log_error(f"Commit failed: {commit_response}")
-            record_sandbox_op("artifact_commit_api", int((time.time() - commit_start) * 1000), False)
-            return None
-        record_sandbox_op("artifact_commit_api", int((time.time() - commit_start) * 1000), True)
-
-        log_info(f"Direct upload snapshot created: {version_id[:8]}")
-        return {"versionId": version_id}
-
-    finally:
-        # Cleanup temp files
-        shutil.rmtree(temp_dir, ignore_errors=True)
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/download.py.ts
-var DOWNLOAD_SCRIPT = `#!/usr/bin/env python3
-"""
-Download storages script for E2B sandbox.
-Downloads tar.gz archives directly from S3 using presigned URLs.
-
-Usage: python download.py <manifest_path>
-"""
-import os
-import sys
-import json
-import tarfile
-import tempfile
-import time
-
-# Add lib to path for imports
-sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-
-from common import validate_config, record_sandbox_op
-from log import log_info, log_error
-from http_client import http_download
-
-
-def download_storage(mount_path: str, archive_url: str) -> bool:
-    """
-    Download and extract a single storage/artifact.
-
-    Args:
-        mount_path: Destination mount path
-        archive_url: Presigned S3 URL for tar.gz archive
-
-    Returns:
-        True on success, False on failure
-    """
-    log_info(f"Downloading storage to {mount_path}")
-
-    # Create temp file for download
-    temp_tar = tempfile.mktemp(suffix=".tar.gz", prefix="storage-")
-
-    try:
-        # Download tar.gz with retry
-        if not http_download(archive_url, temp_tar):
-            log_error(f"Failed to download archive for {mount_path}")
-            return False
-
-        # Create mount path directory
-        os.makedirs(mount_path, exist_ok=True)
-
-        # Extract to mount path (handle empty archive gracefully)
-        try:
-            with tarfile.open(temp_tar, "r:gz") as tar:
-                tar.extractall(path=mount_path)
-        except tarfile.ReadError:
-            # Empty or invalid archive - not a fatal error
-            log_info(f"Archive appears empty for {mount_path}")
-
-        log_info(f"Successfully extracted to {mount_path}")
-        return True
-
-    finally:
-        # Cleanup temp file
-        try:
-            os.remove(temp_tar)
-        except OSError:
-            pass
-
-
-def main():
-    """Main entry point for download storages script."""
-    if len(sys.argv) < 2:
-        log_error("Usage: python download.py <manifest_path>")
-        sys.exit(1)
-
-    manifest_path = sys.argv[1]
-
-    if not os.path.exists(manifest_path):
-        log_error(f"Manifest file not found: {manifest_path}")
-        sys.exit(1)
-
-    log_info(f"Starting storage download from manifest: {manifest_path}")
-
-    # Load manifest
-    try:
-        with open(manifest_path) as f:
-            manifest = json.load(f)
-    except (IOError, json.JSONDecodeError) as e:
-        log_error(f"Failed to load manifest: {e}")
-        sys.exit(1)
-
-    # Count total storages
-    storages = manifest.get("storages", [])
-    artifact = manifest.get("artifact")
-
-    storage_count = len(storages)
-    has_artifact = artifact is not None
-
-    log_info(f"Found {storage_count} storages, artifact: {has_artifact}")
-
-    # Track total download time
-    download_total_start = time.time()
-    download_success = True
-
-    # Process storages
-    for storage in storages:
-        mount_path = storage.get("mountPath")
-        archive_url = storage.get("archiveUrl")
-
-        if archive_url and archive_url != "null":
-            storage_start = time.time()
-            success = download_storage(mount_path, archive_url)
-            record_sandbox_op("storage_download", int((time.time() - storage_start) * 1000), success)
-            if not success:
-                download_success = False
-
-    # Process artifact
-    if artifact:
-        artifact_mount = artifact.get("mountPath")
-        artifact_url = artifact.get("archiveUrl")
-
-        if artifact_url and artifact_url != "null":
-            artifact_start = time.time()
-            success = download_storage(artifact_mount, artifact_url)
-            record_sandbox_op("artifact_download", int((time.time() - artifact_start) * 1000), success)
-            if not success:
-                download_success = False
-
-    # Record total download time
-    record_sandbox_op("download_total", int((time.time() - download_total_start) * 1000), download_success)
-    log_info("All storages downloaded successfully")
-
-
-if __name__ == "__main__":
-    main()
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/checkpoint.py.ts
-var CHECKPOINT_SCRIPT = `#!/usr/bin/env python3
-"""
-Checkpoint creation module.
-Creates checkpoints with conversation history and optional artifact snapshot (VAS only).
-Uses direct S3 upload exclusively (no fallback to legacy methods).
-"""
-import os
-import glob
-import time
-from typing import Optional, Dict, Any
-
-from common import (
-    RUN_ID, CHECKPOINT_URL,
-    SESSION_ID_FILE, SESSION_HISTORY_PATH_FILE,
-    ARTIFACT_DRIVER, ARTIFACT_MOUNT_PATH, ARTIFACT_VOLUME_NAME,
-    record_sandbox_op
-)
-from log import log_info, log_error
-from http_client import http_post_json
-from direct_upload import create_direct_upload_snapshot
-
-
-def find_codex_session_file(sessions_dir: str, session_id: str) -> Optional[str]:
-    """
-    Find Codex session file by searching in date-organized directories.
-    Codex stores sessions in: ~/.codex/sessions/YYYY/MM/DD/rollout-*.jsonl
-
-    Args:
-        sessions_dir: Base sessions directory (e.g., ~/.codex/sessions)
-        session_id: Session ID to find (e.g., 019b3aca-2df2-7573-8f88-4240b7bc350a)
-
-    Returns:
-        Full path to session file, or None if not found
-    """
-    # Search for session file containing the session ID
-    # Pattern: sessions/YYYY/MM/DD/rollout-*-{session_id_parts}.jsonl
-    # The session ID parts may be separated by dashes in the filename
-
-    # First, try searching all JSONL files recursively
-    search_pattern = os.path.join(sessions_dir, "**", "*.jsonl")
-    files = glob.glob(search_pattern, recursive=True)
-
-    log_info(f"Searching for Codex session {session_id} in {len(files)} files")
-
-    # The session ID in Codex filenames uses the format with dashes
-    # e.g., rollout-2025-12-20T08-04-44-019b3aca-2df2-7573-8f88-4240b7bc350a.jsonl
-    for filepath in files:
-        filename = os.path.basename(filepath)
-        # Check if session ID is in the filename
-        if session_id in filename or session_id.replace("-", "") in filename.replace("-", ""):
-            log_info(f"Found Codex session file: {filepath}")
-            return filepath
-
-    # If not found by ID match, get the most recent file (fallback)
-    if files:
-        # Sort by modification time, newest first
-        files.sort(key=lambda x: os.path.getmtime(x), reverse=True)
-        most_recent = files[0]
-        log_info(f"Session ID not found in filenames, using most recent: {most_recent}")
-        return most_recent
-
-    return None
-
-
-def create_checkpoint() -> bool:
-    """
-    Create checkpoint after successful run.
-
-    Returns:
-        True on success, False on failure
-    """
-    checkpoint_start = time.time()
-    log_info("Creating checkpoint...")
-
-    # Read session ID from temp file
-    session_id_start = time.time()
-    if not os.path.exists(SESSION_ID_FILE):
-        log_error("No session ID found, checkpoint creation failed")
-        record_sandbox_op("session_id_read", int((time.time() - session_id_start) * 1000), False, "Session ID file not found")
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-        return False
-
-    with open(SESSION_ID_FILE) as f:
-        cli_agent_session_id = f.read().strip()
-    record_sandbox_op("session_id_read", int((time.time() - session_id_start) * 1000), True)
-
-    # Read session history path from temp file
-    session_history_start = time.time()
-    if not os.path.exists(SESSION_HISTORY_PATH_FILE):
-        log_error("No session history path found, checkpoint creation failed")
-        record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), False, "Session history path file not found")
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-        return False
-
-    with open(SESSION_HISTORY_PATH_FILE) as f:
-        session_history_path_raw = f.read().strip()
-
-    # Handle Codex session search marker format: CODEX_SEARCH:{sessions_dir}:{session_id}
-    if session_history_path_raw.startswith("CODEX_SEARCH:"):
-        parts = session_history_path_raw.split(":", 2)
-        if len(parts) != 3:
-            log_error(f"Invalid Codex search marker format: {session_history_path_raw}")
-            record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), False, "Invalid Codex search marker")
-            record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-            return False
-        sessions_dir = parts[1]
-        codex_session_id = parts[2]
-        log_info(f"Searching for Codex session in {sessions_dir}")
-        session_history_path = find_codex_session_file(sessions_dir, codex_session_id)
-        if not session_history_path:
-            log_error(f"Could not find Codex session file for {codex_session_id} in {sessions_dir}")
-            record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), False, "Codex session file not found")
-            record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-            return False
-    else:
-        session_history_path = session_history_path_raw
-
-    # Check if session history file exists
-    if not os.path.exists(session_history_path):
-        log_error(f"Session history file not found at {session_history_path}, checkpoint creation failed")
-        record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), False, "Session history file not found")
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-        return False
-
-    # Read session history
-    try:
-        with open(session_history_path) as f:
-            cli_agent_session_history = f.read()
-    except IOError as e:
-        log_error(f"Failed to read session history: {e}")
-        record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), False, str(e))
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-        return False
-
-    if not cli_agent_session_history.strip():
-        log_error("Session history is empty, checkpoint creation failed")
-        record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), False, "Session history empty")
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-        return False
-
-    line_count = len(cli_agent_session_history.strip().split("\\n"))
-    log_info(f"Session history loaded ({line_count} lines)")
-    record_sandbox_op("session_history_read", int((time.time() - session_history_start) * 1000), True)
-
-    # CLI agent type (default to claude-code)
-    cli_agent_type = os.environ.get("CLI_AGENT_TYPE", "claude-code")
-
-    # Create artifact snapshot (VAS only, optional)
-    # If artifact is not configured, checkpoint is created without artifact snapshot
-    artifact_snapshot = None
-
-    if ARTIFACT_DRIVER and ARTIFACT_VOLUME_NAME:
-        log_info(f"Processing artifact with driver: {ARTIFACT_DRIVER}")
-
-        if ARTIFACT_DRIVER != "vas":
-            log_error(f"Unknown artifact driver: {ARTIFACT_DRIVER} (only 'vas' is supported)")
-            record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-            return False
-
-        # VAS artifact: create snapshot using direct S3 upload (bypasses Vercel 4.5MB limit)
-        log_info(f"Creating VAS snapshot for artifact '{ARTIFACT_VOLUME_NAME}' at {ARTIFACT_MOUNT_PATH}")
-        log_info("Using direct S3 upload...")
-
-        snapshot = create_direct_upload_snapshot(
-            ARTIFACT_MOUNT_PATH,
-            ARTIFACT_VOLUME_NAME,
-            "artifact",
-            RUN_ID,
-            f"Checkpoint from run {RUN_ID}"
-        )
-
-        if not snapshot:
-            log_error("Failed to create VAS snapshot for artifact")
-            record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-            return False
-
-        # Extract versionId from snapshot response
-        artifact_version = snapshot.get("versionId")
-        if not artifact_version:
-            log_error("Failed to extract versionId from snapshot")
-            record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-            return False
-
-        # Build artifact snapshot JSON with new format (artifactName + artifactVersion)
-        artifact_snapshot = {
-            "artifactName": ARTIFACT_VOLUME_NAME,
-            "artifactVersion": artifact_version
-        }
-
-        log_info(f"VAS artifact snapshot created: {ARTIFACT_VOLUME_NAME}@{artifact_version}")
-    else:
-        log_info("No artifact configured, creating checkpoint without artifact snapshot")
-
-    log_info("Calling checkpoint API...")
-
-    # Build checkpoint payload with new schema
-    checkpoint_payload = {
-        "runId": RUN_ID,
-        "cliAgentType": cli_agent_type,
-        "cliAgentSessionId": cli_agent_session_id,
-        "cliAgentSessionHistory": cli_agent_session_history
-    }
-
-    # Only add artifact snapshot if present
-    if artifact_snapshot:
-        checkpoint_payload["artifactSnapshot"] = artifact_snapshot
-
-    # Call checkpoint API
-    api_call_start = time.time()
-    result = http_post_json(CHECKPOINT_URL, checkpoint_payload)
-
-    # Validate response contains checkpointId to confirm checkpoint was actually created
-    # Note: result can be {} (empty dict) on network issues, which is not None but invalid
-    if result and result.get("checkpointId"):
-        checkpoint_id = result.get("checkpointId")
-        log_info(f"Checkpoint created successfully: {checkpoint_id}")
-        record_sandbox_op("checkpoint_api_call", int((time.time() - api_call_start) * 1000), True)
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), True)
-        return True
-    else:
-        log_error(f"Checkpoint API returned invalid response: {result}")
-        record_sandbox_op("checkpoint_api_call", int((time.time() - api_call_start) * 1000), False, "Invalid API response")
-        record_sandbox_op("checkpoint_total", int((time.time() - checkpoint_start) * 1000), False)
-        return False
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/mock_claude.py.ts
-var MOCK_CLAUDE_SCRIPT = `#!/usr/bin/env python3
-"""
-Mock Claude CLI for testing.
-Executes prompt as bash and outputs Claude-compatible JSONL.
-
-Usage: mock_claude.py [options] <prompt>
-The prompt is executed as a bash command.
-
-Special test prefixes:
-  @fail:<message> - Output message to stderr and exit with code 1
-"""
-import os
-import sys
-import json
-import subprocess
-import time
-import argparse
-
-
-def json_escape(s: str) -> str:
-    """Escape string for JSON."""
-    return json.dumps(s)
-
-
-def create_session_history(session_id: str, cwd: str) -> str:
-    """
-    Create session history file for checkpoint compatibility.
-    Claude Code stores session history at: ~/.claude/projects/-{path}/{session_id}.jsonl
-    """
-    project_name = cwd.lstrip("/").replace("/", "-")
-    home_dir = os.environ.get("HOME", "/home/user")
-    session_dir = f"{home_dir}/.claude/projects/-{project_name}"
-    os.makedirs(session_dir, exist_ok=True)
-    return f"{session_dir}/{session_id}.jsonl"
-
-
-def main():
-    """Main entry point for mock Claude."""
-    # Generate session ID
-    session_id = f"mock-{int(time.time() * 1000000)}"
-
-    # Parse arguments (same as real claude CLI)
-    parser = argparse.ArgumentParser(add_help=False)
-    parser.add_argument("--output-format", default="text")
-    parser.add_argument("--print", action="store_true")
-    parser.add_argument("--verbose", action="store_true")
-    parser.add_argument("--dangerously-skip-permissions", action="store_true")
-    parser.add_argument("--resume", default=None)
-    parser.add_argument("prompt", nargs="?", default="")
-
-    args, unknown = parser.parse_known_args()
-
-    # Get prompt from remaining args if not set
-    prompt = args.prompt
-    if not prompt and unknown:
-        prompt = unknown[0]
-
-    output_format = args.output_format
-
-    # Special test prefix: @fail:<message> - simulate Claude failure with stderr output
-    # Usage: mock-claude "@fail:Session not found"
-    # This outputs the message to stderr and exits with code 1
-    if prompt.startswith("@fail:"):
-        error_msg = prompt[6:]  # Remove "@fail:" prefix
-        print(error_msg, file=sys.stderr)
-        sys.exit(1)
-
-    # Get current working directory
-    cwd = os.getcwd()
-
-    if output_format == "stream-json":
-        # Create session history file path
-        session_history_file = create_session_history(session_id, cwd)
-
-        events = []
-
-        # 1. System init event
-        init_event = {
-            "type": "system",
-            "subtype": "init",
-            "cwd": cwd,
-            "session_id": session_id,
-            "tools": ["Bash"],
-            "model": "mock-claude"
-        }
-        print(json.dumps(init_event))
-        events.append(init_event)
-
-        # 2. Assistant text event
-        text_event = {
-            "type": "assistant",
-            "message": {
-                "role": "assistant",
-                "content": [{"type": "text", "text": "Executing command..."}]
-            },
-            "session_id": session_id
-        }
-        print(json.dumps(text_event))
-        events.append(text_event)
-
-        # 3. Assistant tool_use event
-        tool_use_event = {
-            "type": "assistant",
-            "message": {
-                "role": "assistant",
-                "content": [{
-                    "type": "tool_use",
-                    "id": "toolu_mock_001",
-                    "name": "Bash",
-                    "input": {"command": prompt}
-                }]
-            },
-            "session_id": session_id
-        }
-        print(json.dumps(tool_use_event))
-        events.append(tool_use_event)
-
-        # 4. Execute prompt as bash and capture output
-        try:
-            result = subprocess.run(
-                ["bash", "-c", prompt],
-                capture_output=True,
-                text=True
-            )
-            output = result.stdout + result.stderr
-            exit_code = result.returncode
-        except Exception as e:
-            output = str(e)
-            exit_code = 1
-
-        # 5. User tool_result event
-        is_error = exit_code != 0
-        tool_result_event = {
-            "type": "user",
-            "message": {
-                "role": "user",
-                "content": [{
-                    "type": "tool_result",
-                    "tool_use_id": "toolu_mock_001",
-                    "content": output,
-                    "is_error": is_error
-                }]
-            },
-            "session_id": session_id
-        }
-        print(json.dumps(tool_result_event))
-        events.append(tool_result_event)
-
-        # 6. Result event
-        if exit_code == 0:
-            result_event = {
-                "type": "result",
-                "subtype": "success",
-                "is_error": False,
-                "duration_ms": 100,
-                "num_turns": 1,
-                "result": output,
-                "session_id": session_id,
-                "total_cost_usd": 0,
-                "usage": {"input_tokens": 0, "output_tokens": 0}
-            }
-        else:
-            result_event = {
-                "type": "result",
-                "subtype": "error",
-                "is_error": True,
-                "duration_ms": 100,
-                "num_turns": 1,
-                "result": output,
-                "session_id": session_id,
-                "total_cost_usd": 0,
-                "usage": {"input_tokens": 0, "output_tokens": 0}
-            }
-        print(json.dumps(result_event))
-        events.append(result_event)
-
-        # Write all events to session history file
-        with open(session_history_file, "w") as f:
-            for event in events:
-                f.write(json.dumps(event) + "\\n")
-
-        sys.exit(exit_code)
-
-    else:
-        # Plain text output - just execute the prompt
-        try:
-            result = subprocess.run(
-                ["bash", "-c", prompt],
-                capture_output=False
-            )
-            sys.exit(result.returncode)
-        except Exception as e:
-            print(str(e), file=sys.stderr)
-            sys.exit(1)
-
-
-if __name__ == "__main__":
-    main()
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/metrics.py.ts
-var METRICS_SCRIPT = `#!/usr/bin/env python3
-"""
-Metrics collection module for VM0 sandbox.
-Collects system resource metrics (CPU, memory, disk) and writes to JSONL file.
-"""
-import json
-import subprocess
-import threading
-from datetime import datetime, timezone
-
-from common import METRICS_LOG_FILE, METRICS_INTERVAL
-from log import log_info, log_error, log_debug
-
-
-def get_cpu_percent() -> float:
-    """
-    Get CPU usage percentage by parsing /proc/stat.
-    Returns the CPU usage as a percentage (0-100).
-    """
-    try:
-        with open("/proc/stat", "r") as f:
-            line = f.readline()
-
-        # cpu  user nice system idle iowait irq softirq steal guest guest_nice
-        parts = line.split()
-        if parts[0] != "cpu":
-            return 0.0
-
-        values = [int(x) for x in parts[1:]]
-        idle = values[3] + values[4]  # idle + iowait
-        total = sum(values)
-
-        # Store for next calculation (we need delta)
-        # For simplicity, just return instantaneous value based on idle ratio
-        # This gives a rough estimate; for accurate CPU%, we'd need to track deltas
-        if total == 0:
-            return 0.0
-
-        cpu_percent = 100.0 * (1.0 - idle / total)
-        return round(cpu_percent, 2)
-    except Exception as e:
-        log_debug(f"Failed to get CPU percent: {e}")
-        return 0.0
-
-
-def get_memory_info() -> tuple[int, int]:
-    """
-    Get memory usage using 'free -b' command.
-    Returns (used, total) in bytes.
-    """
-    try:
-        result = subprocess.run(
-            ["free", "-b"],
-            capture_output=True,
-            text=True,
-            timeout=5
-        )
-
-        if result.returncode != 0:
-            return (0, 0)
-
-        # Parse output:
-        # Mem:  total  used  free  shared  buff/cache  available
-        lines = result.stdout.strip().split("\\n")
-        for line in lines:
-            if line.startswith("Mem:"):
-                parts = line.split()
-                total = int(parts[1])
-                used = int(parts[2])
-                return (used, total)
-
-        return (0, 0)
-    except Exception as e:
-        log_debug(f"Failed to get memory info: {e}")
-        return (0, 0)
-
-
-def get_disk_info() -> tuple[int, int]:
-    """
-    Get disk usage using 'df -B1 /' command.
-    Returns (used, total) in bytes.
-    """
-    try:
-        result = subprocess.run(
-            ["df", "-B1", "/"],
-            capture_output=True,
-            text=True,
-            timeout=5
-        )
-
-        if result.returncode != 0:
-            return (0, 0)
-
-        # Parse output:
-        # Filesystem  1B-blocks  Used  Available  Use%  Mounted
-        lines = result.stdout.strip().split("\\n")
-        if len(lines) < 2:
-            return (0, 0)
-
-        # Skip header, parse data line
-        parts = lines[1].split()
-        total = int(parts[1])
-        used = int(parts[2])
-        return (used, total)
-    except Exception as e:
-        log_debug(f"Failed to get disk info: {e}")
-        return (0, 0)
-
-
-def collect_metrics() -> dict:
-    """
-    Collect all system metrics and return as a dictionary.
-    """
-    cpu = get_cpu_percent()
-    mem_used, mem_total = get_memory_info()
-    disk_used, disk_total = get_disk_info()
-
-    return {
-        "ts": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
-        "cpu": cpu,
-        "mem_used": mem_used,
-        "mem_total": mem_total,
-        "disk_used": disk_used,
-        "disk_total": disk_total
-    }
-
-
-def metrics_collector_loop(shutdown_event: threading.Event) -> None:
-    """
-    Background loop that collects metrics every METRICS_INTERVAL seconds.
-    Writes metrics as JSONL to METRICS_LOG_FILE.
-    """
-    log_info(f"Metrics collector started, writing to {METRICS_LOG_FILE}")
-
-    try:
-        with open(METRICS_LOG_FILE, "a") as f:
-            while not shutdown_event.is_set():
-                try:
-                    metrics = collect_metrics()
-                    f.write(json.dumps(metrics) + "\\n")
-                    f.flush()
-                    log_debug(f"Metrics collected: cpu={metrics['cpu']}%, mem={metrics['mem_used']}/{metrics['mem_total']}")
-                except Exception as e:
-                    log_error(f"Failed to collect/write metrics: {e}")
-
-                # Wait for interval or shutdown
-                shutdown_event.wait(METRICS_INTERVAL)
-    except Exception as e:
-        log_error(f"Metrics collector error: {e}")
-
-    log_info("Metrics collector stopped")
-
-
-def start_metrics_collector(shutdown_event: threading.Event) -> threading.Thread:
-    """
-    Start the metrics collector as a daemon thread.
-
-    Args:
-        shutdown_event: Threading event to signal shutdown
-
-    Returns:
-        The started thread (for joining if needed)
-    """
-    thread = threading.Thread(
-        target=metrics_collector_loop,
-        args=(shutdown_event,),
-        daemon=True,
-        name="metrics-collector"
-    )
-    thread.start()
-    return thread
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/upload_telemetry.py.ts
-var UPLOAD_TELEMETRY_SCRIPT = `#!/usr/bin/env python3
-"""
-Telemetry upload module for VM0 sandbox.
-Reads system log and metrics files, tracks position to avoid duplicates,
-and uploads to the telemetry webhook endpoint.
-Masks secrets before sending using client-side masking.
-"""
-import json
-import os
-import threading
-from typing import List, Dict, Any
-
-from common import (
-    RUN_ID, TELEMETRY_URL, TELEMETRY_INTERVAL,
-    SYSTEM_LOG_FILE, METRICS_LOG_FILE, NETWORK_LOG_FILE, SANDBOX_OPS_LOG_FILE,
-    TELEMETRY_LOG_POS_FILE, TELEMETRY_METRICS_POS_FILE, TELEMETRY_NETWORK_POS_FILE,
-    TELEMETRY_SANDBOX_OPS_POS_FILE
-)
-from log import log_info, log_error, log_debug, log_warn
-from http_client import http_post_json
-from secret_masker import mask_data
-
-
-def read_file_from_position(file_path: str, pos_file: str) -> tuple[str, int]:
-    """
-    Read new content from file starting from last position.
-
-    Args:
-        file_path: Path to the file to read
-        pos_file: Path to position tracking file
-
-    Returns:
-        Tuple of (new_content, new_position)
-    """
-    # Get last read position
-    last_pos = 0
-    if os.path.exists(pos_file):
-        try:
-            with open(pos_file, "r") as f:
-                last_pos = int(f.read().strip())
-        except (ValueError, IOError):
-            last_pos = 0
-
-    # Read new content
-    new_content = ""
-    new_pos = last_pos
-
-    if os.path.exists(file_path):
-        try:
-            with open(file_path, "r") as f:
-                f.seek(last_pos)
-                new_content = f.read()
-                new_pos = f.tell()
-        except IOError as e:
-            log_debug(f"Failed to read {file_path}: {e}")
-
-    return new_content, new_pos
-
-
-def save_position(pos_file: str, position: int) -> None:
-    """Save file read position for next iteration."""
-    try:
-        with open(pos_file, "w") as f:
-            f.write(str(position))
-    except IOError as e:
-        log_debug(f"Failed to save position to {pos_file}: {e}")
-
-
-def read_jsonl_from_position(file_path: str, pos_file: str) -> tuple[List[Dict[str, Any]], int]:
-    """
-    Read new entries from JSONL file starting from last position.
-
-    Args:
-        file_path: Path to the JSONL file to read
-        pos_file: Path to position tracking file
-
-    Returns:
-        Tuple of (entries list, new_position)
-    """
-    content, new_pos = read_file_from_position(file_path, pos_file)
-
-    entries = []
-    if content:
-        for line in content.strip().split("\\n"):
-            if line:
-                try:
-                    entries.append(json.loads(line))
-                except json.JSONDecodeError:
-                    pass
-
-    return entries, new_pos
-
-
-def read_metrics_from_position(pos_file: str) -> tuple[List[Dict[str, Any]], int]:
-    """
-    Read new metrics from JSONL file starting from last position.
-
-    Args:
-        pos_file: Path to position tracking file
-
-    Returns:
-        Tuple of (metrics list, new_position)
-    """
-    return read_jsonl_from_position(METRICS_LOG_FILE, pos_file)
-
-
-def read_network_logs_from_position(pos_file: str) -> tuple[List[Dict[str, Any]], int]:
-    """
-    Read new network logs from JSONL file starting from last position.
-
-    Args:
-        pos_file: Path to position tracking file
-
-    Returns:
-        Tuple of (network logs list, new_position)
-    """
-    return read_jsonl_from_position(NETWORK_LOG_FILE, pos_file)
-
-
-def read_sandbox_ops_from_position(pos_file: str) -> tuple[List[Dict[str, Any]], int]:
-    """
-    Read new sandbox operations from JSONL file starting from last position.
-
-    Args:
-        pos_file: Path to position tracking file
-
-    Returns:
-        Tuple of (sandbox operations list, new_position)
-    """
-    return read_jsonl_from_position(SANDBOX_OPS_LOG_FILE, pos_file)
-
-
-def upload_telemetry() -> bool:
-    """
-    Upload telemetry data to VM0 API.
-
-    Returns:
-        True if upload succeeded or no data to upload, False on failure
-    """
-    # Read new system log content
-    system_log, log_pos = read_file_from_position(SYSTEM_LOG_FILE, TELEMETRY_LOG_POS_FILE)
-
-    # Read new metrics
-    metrics, metrics_pos = read_metrics_from_position(TELEMETRY_METRICS_POS_FILE)
-
-    # Read new network logs
-    network_logs, network_pos = read_network_logs_from_position(TELEMETRY_NETWORK_POS_FILE)
-
-    # Read new sandbox operations
-    sandbox_ops, sandbox_ops_pos = read_sandbox_ops_from_position(TELEMETRY_SANDBOX_OPS_POS_FILE)
-
-    # Skip if nothing new
-    if not system_log and not metrics and not network_logs and not sandbox_ops:
-        log_debug("No new telemetry data to upload")
-        return True
-
-    # Mask secrets in telemetry data before sending
-    # System log and network logs may contain sensitive information
-    masked_system_log = mask_data(system_log) if system_log else ""
-    masked_network_logs = mask_data(network_logs) if network_logs else []
-
-    # Upload to API
-    payload = {
-        "runId": RUN_ID,
-        "systemLog": masked_system_log,
-        "metrics": metrics,  # Metrics don't contain secrets (just numbers)
-        "networkLogs": masked_network_logs,
-        "sandboxOperations": sandbox_ops  # Sandbox ops don't contain secrets (just timing data)
-    }
-
-    log_debug(f"Uploading telemetry: {len(system_log)} bytes log, {len(metrics)} metrics, {len(network_logs)} network logs, {len(sandbox_ops)} sandbox ops")
-
-    result = http_post_json(TELEMETRY_URL, payload, max_retries=1)
-
-    if result:
-        # Save positions only on successful upload
-        save_position(TELEMETRY_LOG_POS_FILE, log_pos)
-        save_position(TELEMETRY_METRICS_POS_FILE, metrics_pos)
-        save_position(TELEMETRY_NETWORK_POS_FILE, network_pos)
-        save_position(TELEMETRY_SANDBOX_OPS_POS_FILE, sandbox_ops_pos)
-        log_debug(f"Telemetry uploaded successfully: {result.get('id', 'unknown')}")
-        return True
-    else:
-        log_warn("Failed to upload telemetry (will retry next interval)")
-        return False
-
-
-def telemetry_upload_loop(shutdown_event: threading.Event) -> None:
-    """
-    Background loop that uploads telemetry every TELEMETRY_INTERVAL seconds.
-    """
-    log_info(f"Telemetry upload started (interval: {TELEMETRY_INTERVAL}s)")
-
-    while not shutdown_event.is_set():
-        try:
-            upload_telemetry()
-        except Exception as e:
-            log_error(f"Telemetry upload error: {e}")
-
-        # Wait for interval or shutdown
-        shutdown_event.wait(TELEMETRY_INTERVAL)
-
-    log_info("Telemetry upload stopped")
-
-
-def start_telemetry_upload(shutdown_event: threading.Event) -> threading.Thread:
-    """
-    Start the telemetry uploader as a daemon thread.
-
-    Args:
-        shutdown_event: Threading event to signal shutdown
-
-    Returns:
-        The started thread (for joining if needed)
-    """
-    thread = threading.Thread(
-        target=telemetry_upload_loop,
-        args=(shutdown_event,),
-        daemon=True,
-        name="telemetry-upload"
-    )
-    thread.start()
-    return thread
-
-
-def final_telemetry_upload() -> bool:
-    """
-    Perform final telemetry upload before agent completion.
-    This ensures all remaining data is captured.
-
-    Returns:
-        True if upload succeeded, False on failure
-    """
-    log_info("Performing final telemetry upload...")
-    return upload_telemetry()
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/secret_masker.py.ts
-var SECRET_MASKER_SCRIPT = `#!/usr/bin/env python3
-"""
-Secret masking module for VM0 sandbox.
-
-Masks secrets in event data before sending to server.
-Similar to GitHub Actions secret masking.
-"""
-import os
-import base64
-from urllib.parse import quote as url_encode
-from typing import Any, Set, List, Optional
-
-# Placeholder for masked secrets
-MASK_PLACEHOLDER = "***"
-
-# Minimum length for secrets (avoid false positives on short strings)
-MIN_SECRET_LENGTH = 5
-
-# Global masker instance (initialized lazily)
-_masker: Optional["SecretMasker"] = None
-
-
-class SecretMasker:
-    """
-    Masks secret values in data structures.
-    Pre-computes encoding variants for efficient matching.
-    """
-
-    def __init__(self, secret_values: List[str]):
-        """
-        Initialize masker with secret values.
-
-        Args:
-            secret_values: List of secret values to mask
-        """
-        self.patterns: Set[str] = set()
-
-        for secret in secret_values:
-            if not secret or len(secret) < MIN_SECRET_LENGTH:
-                continue
-
-            # Original value
-            self.patterns.add(secret)
-
-            # Base64 encoded
-            try:
-                b64 = base64.b64encode(secret.encode()).decode()
-                if len(b64) >= MIN_SECRET_LENGTH:
-                    self.patterns.add(b64)
-            except Exception:
-                pass
-
-            # URL encoded (only if different from original)
-            try:
-                url_enc = url_encode(secret, safe="")
-                if url_enc != secret and len(url_enc) >= MIN_SECRET_LENGTH:
-                    self.patterns.add(url_enc)
-            except Exception:
-                pass
-
-    def mask(self, data: Any) -> Any:
-        """
-        Recursively mask all occurrences of secrets in the data.
-
-        Args:
-            data: Data to mask (string, list, dict, or primitive)
-
-        Returns:
-            Masked data with the same structure
-        """
-        return self._deep_mask(data)
-
-    def _deep_mask(self, data: Any) -> Any:
-        """Recursively mask data."""
-        if isinstance(data, str):
-            result = data
-            for pattern in self.patterns:
-                # Use split/join for global replacement
-                result = result.replace(pattern, MASK_PLACEHOLDER)
-            return result
-
-        if isinstance(data, list):
-            return [self._deep_mask(item) for item in data]
-
-        if isinstance(data, dict):
-            return {key: self._deep_mask(value) for key, value in data.items()}
-
-        # Primitives (int, float, bool, None) pass through unchanged
-        return data
-
-
-def get_masker() -> SecretMasker:
-    """
-    Get the global masker instance.
-    Initializes on first call using VM0_SECRET_VALUES env var.
-
-    Returns:
-        SecretMasker instance
-    """
-    global _masker
-
-    if _masker is None:
-        _masker = _create_masker()
-
-    return _masker
-
-
-def _create_masker() -> SecretMasker:
-    """
-    Create a masker from VM0_SECRET_VALUES env var.
-
-    VM0_SECRET_VALUES contains comma-separated base64-encoded secret values.
-    This avoids exposing plaintext secrets in environment variable names.
-    """
-    secret_values_str = os.environ.get("VM0_SECRET_VALUES", "")
-
-    if not secret_values_str:
-        # No secrets to mask
-        return SecretMasker([])
-
-    # Parse base64-encoded values
-    secret_values = []
-    for encoded_value in secret_values_str.split(","):
-        encoded_value = encoded_value.strip()
-        if encoded_value:
-            try:
-                decoded = base64.b64decode(encoded_value).decode()
-                if decoded:
-                    secret_values.append(decoded)
-            except Exception:
-                # Skip invalid base64 values
-                pass
-
-    return SecretMasker(secret_values)
-
-
-def mask_data(data: Any) -> Any:
-    """
-    Convenience function to mask data using global masker.
-
-    Args:
-        data: Data to mask
-
-    Returns:
-        Masked data
-    """
-    return get_masker().mask(data)
-`;
-
-// ../../packages/core/src/sandbox/scripts/run-agent.py.ts
-var RUN_AGENT_SCRIPT = `#!/usr/bin/env python3
-"""
-Main agent execution orchestrator for VM0.
-This script coordinates the execution of Claude Code and handles:
-- Working directory setup
-- Claude CLI execution with JSONL streaming
-- Event sending to webhook
-- Checkpoint creation on success
-- Complete API call on finish
-
-Design principles:
-- Never call sys.exit() in the middle of execution - use raise instead
-- Single exit point at the very end of if __name__ == "__main__"
-- finally block guarantees cleanup runs regardless of success/failure
-- Complete API passes error message for CLI to display
-"""
-import os
-import sys
-import subprocess
-import json
-import threading
-import time
-
-# Add lib to path for imports
-sys.path.insert(0, "/usr/local/bin/vm0-agent/lib")
-
-from common import (
-    WORKING_DIR, PROMPT, RESUME_SESSION_ID, COMPLETE_URL, RUN_ID,
-    EVENT_ERROR_FLAG, HEARTBEAT_URL, HEARTBEAT_INTERVAL, AGENT_LOG_FILE,
-    CLI_AGENT_TYPE, OPENAI_MODEL, validate_config, record_sandbox_op
-)
-from log import log_info, log_error, log_warn
-from events import send_event
-from checkpoint import create_checkpoint
-from http_client import http_post_json
-from metrics import start_metrics_collector
-from upload_telemetry import start_telemetry_upload, final_telemetry_upload
-
-# Global shutdown event for heartbeat thread
-shutdown_event = threading.Event()
-
-
-def heartbeat_loop():
-    """Send periodic heartbeat signals to indicate agent is still alive."""
-    while not shutdown_event.is_set():
-        try:
-            if http_post_json(HEARTBEAT_URL, {"runId": RUN_ID}):
-                log_info("Heartbeat sent")
-            else:
-                log_warn("Heartbeat failed")
-        except Exception as e:
-            log_warn(f"Heartbeat error: {e}")
-        # Wait for interval or until shutdown
-        shutdown_event.wait(HEARTBEAT_INTERVAL)
-
-
-def _cleanup(exit_code: int, error_message: str):
-    """
-    Cleanup and notify server.
-    This function is called in the finally block to ensure it always runs.
-    """
-    log_info("\u25B7 Cleanup")
-
-    # Perform final telemetry upload before completion
-    # This ensures all remaining data is captured
-    telemetry_start = time.time()
-    telemetry_success = True
-    try:
-        final_telemetry_upload()
-    except Exception as e:
-        telemetry_success = False
-        log_error(f"Final telemetry upload failed: {e}")
-    record_sandbox_op("final_telemetry_upload", int((time.time() - telemetry_start) * 1000), telemetry_success)
-
-    # Always call complete API at the end
-    # This sends vm0_result (on success) or vm0_error (on failure) and kills the sandbox
-    log_info(f"Calling complete API with exitCode={exit_code}")
-
-    complete_payload = {
-        "runId": RUN_ID,
-        "exitCode": exit_code
-    }
-    if error_message:
-        complete_payload["error"] = error_message
-
-    complete_start = time.time()
-    complete_success = False
-    try:
-        if http_post_json(COMPLETE_URL, complete_payload):
-            log_info("Complete API called successfully")
-            complete_success = True
-        else:
-            log_error("Failed to call complete API (sandbox may not be cleaned up)")
-    except Exception as e:
-        log_error(f"Complete API call failed: {e}")
-    record_sandbox_op("complete_api_call", int((time.time() - complete_start) * 1000), complete_success)
-
-    # Stop heartbeat thread
-    shutdown_event.set()
-    log_info("Heartbeat thread stopped")
-
-    # Log final status
-    if exit_code == 0:
-        log_info("\u2713 Sandbox finished successfully")
-    else:
-        log_info(f"\u2717 Sandbox failed (exit code {exit_code})")
-
-
-def _run() -> tuple[int, str]:
-    """
-    Main execution logic.
-    Raises exceptions on failure instead of calling sys.exit().
-    Returns (exit_code, error_message) tuple on completion.
-    """
-    # Validate configuration - raises ValueError if invalid
-    validate_config()
-
-    # Lifecycle: Header
-    log_info(f"\u25B6 VM0 Sandbox {RUN_ID}")
-
-    # Lifecycle: Initialization
-    log_info("\u25B7 Initialization")
-    init_start_time = time.time()
-
-    log_info(f"Working directory: {WORKING_DIR}")
-
-    # Start heartbeat thread
-    heartbeat_start = time.time()
-    heartbeat_thread = threading.Thread(target=heartbeat_loop, daemon=True)
-    heartbeat_thread.start()
-    log_info("Heartbeat thread started")
-    record_sandbox_op("heartbeat_start", int((time.time() - heartbeat_start) * 1000), True)
-
-    # Start metrics collector thread
-    metrics_start = time.time()
-    start_metrics_collector(shutdown_event)
-    log_info("Metrics collector thread started")
-    record_sandbox_op("metrics_collector_start", int((time.time() - metrics_start) * 1000), True)
-
-    # Start telemetry upload thread
-    telemetry_start = time.time()
-    start_telemetry_upload(shutdown_event)
-    log_info("Telemetry upload thread started")
-    record_sandbox_op("telemetry_upload_start", int((time.time() - telemetry_start) * 1000), True)
-
-    # Create and change to working directory - raises RuntimeError if fails
-    # Directory may not exist if no artifact/storage was downloaded (e.g., first run)
-    working_dir_start = time.time()
-    working_dir_success = True
-    try:
-        os.makedirs(WORKING_DIR, exist_ok=True)
-        os.chdir(WORKING_DIR)
-    except OSError as e:
-        working_dir_success = False
-        record_sandbox_op("working_dir_setup", int((time.time() - working_dir_start) * 1000), False, str(e))
-        raise RuntimeError(f"Failed to create/change to working directory: {WORKING_DIR} - {e}") from e
-    record_sandbox_op("working_dir_setup", int((time.time() - working_dir_start) * 1000), working_dir_success)
-
-    # Set up Codex configuration if using Codex CLI
-    # Claude Code uses ~/.claude by default (no configuration needed)
-    if CLI_AGENT_TYPE == "codex":
-        home_dir = os.environ.get("HOME", "/home/user")
-        # Codex uses ~/.codex for configuration and session storage
-        codex_home = f"{home_dir}/.codex"
-        os.makedirs(codex_home, exist_ok=True)
-        os.environ["CODEX_HOME"] = codex_home
-        log_info(f"Codex home directory: {codex_home}")
-
-        # Login with API key via stdin (recommended method)
-        codex_login_start = time.time()
-        codex_login_success = False
-        api_key = os.environ.get("OPENAI_API_KEY", "")
-        if api_key:
-            result = subprocess.run(
-                ["codex", "login", "--with-api-key"],
-                input=api_key,
-                text=True,
-                capture_output=True
-            )
-            if result.returncode == 0:
-                log_info("Codex authenticated with API key")
-                codex_login_success = True
-            else:
-                log_error(f"Codex login failed: {result.stderr}")
-        else:
-            log_error("OPENAI_API_KEY not set")
-        record_sandbox_op("codex_login", int((time.time() - codex_login_start) * 1000), codex_login_success)
-
-    init_duration_ms = int((time.time() - init_start_time) * 1000)
-    record_sandbox_op("init_total", init_duration_ms, True)
-    log_info(f"\u2713 Initialization complete ({init_duration_ms // 1000}s)")
-
-    # Lifecycle: Execution
-    log_info("\u25B7 Execution")
-    exec_start_time = time.time()
-
-    # Execute CLI agent with JSONL output
-    log_info(f"Starting {CLI_AGENT_TYPE} execution...")
-    log_info(f"Prompt: {PROMPT}")
-
-    # Build command based on CLI agent type
-    use_mock = os.environ.get("USE_MOCK_CLAUDE") == "true"
-
-    if CLI_AGENT_TYPE == "codex":
-        # Build Codex command
-        if use_mock:
-            # Mock mode not yet supported for Codex
-            raise RuntimeError("Mock mode not supported for Codex")
-
-        if RESUME_SESSION_ID:
-            # Codex resume uses subcommand: codex exec resume <session_id> <prompt>
-            log_info(f"Resuming session: {RESUME_SESSION_ID}")
-            codex_args = [
-                "exec",
-                "--json",
-                "--dangerously-bypass-approvals-and-sandbox",
-                "--skip-git-repo-check",
-                "-C", WORKING_DIR,
-            ]
-            if OPENAI_MODEL:
-                codex_args.extend(["-m", OPENAI_MODEL])
-            codex_args.extend(["resume", RESUME_SESSION_ID, PROMPT])
-            cmd = ["codex"] + codex_args
-        else:
-            log_info("Starting new session")
-            codex_args = [
-                "exec",
-                "--json",
-                "--dangerously-bypass-approvals-and-sandbox",
-                "--skip-git-repo-check",
-                "-C", WORKING_DIR,
-            ]
-            if OPENAI_MODEL:
-                log_info(f"Using model: {OPENAI_MODEL}")
-                codex_args.extend(["-m", OPENAI_MODEL])
-            cmd = ["codex"] + codex_args + [PROMPT]
-    else:
-        # Build Claude command - unified for both new and resume sessions
-        claude_args = [
-            "--print", "--verbose",
-            "--output-format", "stream-json",
-            "--dangerously-skip-permissions"
-        ]
-
-        if RESUME_SESSION_ID:
-            log_info(f"Resuming session: {RESUME_SESSION_ID}")
-            claude_args.extend(["--resume", RESUME_SESSION_ID])
-        else:
-            log_info("Starting new session")
-
-        # Select Claude binary - use mock-claude for testing if USE_MOCK_CLAUDE is set
-        if use_mock:
-            claude_bin = "/usr/local/bin/vm0-agent/lib/mock_claude.py"
-            log_info("Using mock-claude for testing")
-        else:
-            claude_bin = "claude"
-
-        # Build full command
-        cmd = [claude_bin] + claude_args + [PROMPT]
-
-    # Execute CLI agent and process output stream
-    # Capture both stdout and stderr, write to log file, keep stderr in memory for error extraction
-    agent_exit_code = 0
-    stderr_lines = []  # Keep stderr in memory for error message extraction
-    log_file = None
-
-    try:
-        # Open log file directly in /tmp (no need to create directory)
-        log_file = open(AGENT_LOG_FILE, "w")
-
-        # Python subprocess.PIPE can deadlock if buffer fills up
-        # Use a background thread to drain stderr while we read stdout
-        proc = subprocess.Popen(
-            cmd,
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-            text=True,
-            bufsize=1  # Line buffered for real-time processing
-        )
-
-        # Read stderr in background to prevent buffer deadlock
-        def read_stderr():
-            try:
-                for line in proc.stderr:
-                    stderr_lines.append(line)
-                    if log_file and not log_file.closed:
-                        log_file.write(f"[STDERR] {line}")
-                        log_file.flush()
-            except Exception:
-                pass  # Ignore errors if file closed
-
-        stderr_thread = threading.Thread(target=read_stderr, daemon=True)
-        stderr_thread.start()
-
-        # Sequence counter for events (1-based)
-        event_sequence = 0
-
-        # Process JSONL output line by line from stdout
-        for line in proc.stdout:
-            # Write raw line to log file
-            if log_file and not log_file.closed:
-                log_file.write(line)
-                log_file.flush()
-
-            stripped = line.strip()
-
-            # Skip empty lines
-            if not stripped:
-                continue
-
-            # Check if line is valid JSON (stdout should only contain JSONL)
-            try:
-                event = json.loads(stripped)
-
-                # Valid JSONL - send immediately with sequence number
-                event_sequence += 1
-                send_event(event, event_sequence)
-
-                # Extract result from "result" event for stdout
-                if event.get("type") == "result":
-                    result_content = event.get("result", "")
-                    if result_content:
-                        print(result_content)
-
-            except json.JSONDecodeError:
-                # Not valid JSON, skip
-                pass
-
-        # Wait for process to complete
-        proc.wait()
-        # Wait for stderr thread to finish (with timeout to avoid hanging)
-        stderr_thread.join(timeout=10)
-        agent_exit_code = proc.returncode
-
-    except Exception as e:
-        log_error(f"Failed to execute {CLI_AGENT_TYPE}: {e}")
-        agent_exit_code = 1
-    finally:
-        if log_file and not log_file.closed:
-            log_file.close()
-
-    # Print newline after output
-    print()
-
-    # Track final exit code for complete API
-    final_exit_code = agent_exit_code
-    error_message = ""
-
-    # Check if any events failed to send
-    if os.path.exists(EVENT_ERROR_FLAG):
-        log_error("Some events failed to send, marking run as failed")
-        final_exit_code = 1
-        error_message = "Some events failed to send"
-
-    # Log execution result and record metric
-    exec_duration_ms = int((time.time() - exec_start_time) * 1000)
-    record_sandbox_op("cli_execution", exec_duration_ms, agent_exit_code == 0)
-    if agent_exit_code == 0 and final_exit_code == 0:
-        log_info(f"\u2713 Execution complete ({exec_duration_ms // 1000}s)")
-    else:
-        log_info(f"\u2717 Execution failed ({exec_duration_ms // 1000}s)")
-
-    # Handle completion
-    if agent_exit_code == 0 and final_exit_code == 0:
-        log_info(f"{CLI_AGENT_TYPE} completed successfully")
-
-        # Lifecycle: Checkpoint
-        log_info("\u25B7 Checkpoint")
-        checkpoint_start_time = time.time()
-
-        # Create checkpoint - this is mandatory for successful runs
-        checkpoint_success = create_checkpoint()
-        checkpoint_duration = int(time.time() - checkpoint_start_time)
-
-        if checkpoint_success:
-            log_info(f"\u2713 Checkpoint complete ({checkpoint_duration}s)")
-        else:
-            log_info(f"\u2717 Checkpoint failed ({checkpoint_duration}s)")
-
-        if not checkpoint_success:
-            log_error("Checkpoint creation failed, marking run as failed")
-            final_exit_code = 1
-            error_message = "Checkpoint creation failed"
-    else:
-        if agent_exit_code != 0:
-            log_info(f"{CLI_AGENT_TYPE} failed with exit code {agent_exit_code}")
-
-            # Get detailed error from captured stderr lines in memory
-            if stderr_lines:
-                error_message = " ".join(line.strip() for line in stderr_lines)
-                log_info(f"Captured stderr: {error_message}")
-            else:
-                error_message = f"Agent exited with code {agent_exit_code}"
-
-    # Note: Keep all temp files for debugging (SESSION_ID_FILE, SESSION_HISTORY_PATH_FILE, EVENT_ERROR_FLAG)
-
-    return final_exit_code, error_message
-
-
-def main() -> int:
-    """
-    Main entry point for agent execution.
-    Uses try/except/finally to ensure cleanup always runs.
-    Returns exit code (0 for success, non-zero for failure).
-    """
-    exit_code = 1  # Default to failure
-    error_message = "Unexpected termination"
-
-    try:
-        exit_code, error_message = _run()
-
-    except ValueError as e:
-        # Configuration validation errors
-        exit_code = 1
-        error_message = str(e)
-        log_error(f"Configuration error: {error_message}")
-
-    except RuntimeError as e:
-        # Runtime errors (e.g., working directory not found)
-        exit_code = 1
-        error_message = str(e)
-        log_error(f"Runtime error: {error_message}")
-
-    except Exception as e:
-        # Catch-all for unexpected exceptions
-        exit_code = 1
-        error_message = f"Unexpected error: {e}"
-        log_error(error_message)
-
-    finally:
-        # Always cleanup and notify server
-        _cleanup(exit_code, error_message)
-
-    return exit_code
-
-
-if __name__ == "__main__":
-    sys.exit(main())
-`;
-
-// ../../packages/core/src/sandbox/scripts/index.ts
-var SCRIPT_PATHS = {
-  baseDir: "/usr/local/bin/vm0-agent",
-  libDir: "/usr/local/bin/vm0-agent/lib",
-  libInit: "/usr/local/bin/vm0-agent/lib/__init__.py",
-  runAgent: "/usr/local/bin/vm0-agent/run-agent.py",
-  common: "/usr/local/bin/vm0-agent/lib/common.py",
-  log: "/usr/local/bin/vm0-agent/lib/log.py",
-  httpClient: "/usr/local/bin/vm0-agent/lib/http_client.py",
-  events: "/usr/local/bin/vm0-agent/lib/events.py",
-  directUpload: "/usr/local/bin/vm0-agent/lib/direct_upload.py",
-  download: "/usr/local/bin/vm0-agent/lib/download.py",
-  checkpoint: "/usr/local/bin/vm0-agent/lib/checkpoint.py",
-  mockClaude: "/usr/local/bin/vm0-agent/lib/mock_claude.py",
-  metrics: "/usr/local/bin/vm0-agent/lib/metrics.py",
-  uploadTelemetry: "/usr/local/bin/vm0-agent/lib/upload_telemetry.py",
-  secretMasker: "/usr/local/bin/vm0-agent/lib/secret_masker.py"
-};
-
-// src/lib/scripts/index.ts
-var ENV_LOADER_PATH = "/usr/local/bin/vm0-agent/env-loader.py";
-var ENV_LOADER_SCRIPT = `#!/usr/bin/env python3
-"""
-Environment loader wrapper for VM0 runner.
-Loads environment variables from JSON file before executing run-agent.py.
-
-This is needed because the runner passes environment variables via SCP (JSON file)
-rather than directly setting them (which E2B sandbox API supports).
-"""
-import os
-import sys
-import json
-
-# Environment JSON file path
-ENV_JSON_PATH = "/tmp/vm0-env.json"
-
-print("[env-loader] Starting...", flush=True)
-
-# Load environment from JSON file
-if os.path.exists(ENV_JSON_PATH):
-    print(f"[env-loader] Loading environment from {ENV_JSON_PATH}", flush=True)
-    try:
-        with open(ENV_JSON_PATH, "r") as f:
-            env_data = json.load(f)
-            for key, value in env_data.items():
-                os.environ[key] = value
-        print(f"[env-loader] Loaded {len(env_data)} environment variables", flush=True)
-    except Exception as e:
-        print(f"[env-loader] ERROR loading JSON: {e}", flush=True)
-        sys.exit(1)
-else:
-    print(f"[env-loader] ERROR: Environment file not found: {ENV_JSON_PATH}", flush=True)
-    sys.exit(1)
-
-# Verify critical environment variables
-critical_vars = ["VM0_RUN_ID", "VM0_API_URL", "VM0_WORKING_DIR", "VM0_PROMPT"]
-for var in critical_vars:
-    val = os.environ.get(var, "")
-    if val:
-        print(f"[env-loader] {var}={val[:50]}{'...' if len(val) > 50 else ''}", flush=True)
-    else:
-        print(f"[env-loader] WARNING: {var} is empty", flush=True)
-
-# Execute run-agent.py in the same process
-# Using exec to replace this process with run-agent.py
-run_agent_path = "/usr/local/bin/vm0-agent/run-agent.py"
-print(f"[env-loader] Executing {run_agent_path}", flush=True)
-
-# Read and execute the script
-with open(run_agent_path, "r") as f:
-    code = f.read()
-
-exec(compile(code, run_agent_path, "exec"))
-`;
-
-// src/lib/scripts/utils.ts
-function getAllScripts() {
-  return [
-    { content: INIT_SCRIPT, path: SCRIPT_PATHS.libInit },
-    { content: COMMON_SCRIPT, path: SCRIPT_PATHS.common },
-    { content: LOG_SCRIPT, path: SCRIPT_PATHS.log },
-    { content: HTTP_SCRIPT, path: SCRIPT_PATHS.httpClient },
-    { content: EVENTS_SCRIPT, path: SCRIPT_PATHS.events },
-    { content: DIRECT_UPLOAD_SCRIPT, path: SCRIPT_PATHS.directUpload },
-    { content: DOWNLOAD_SCRIPT, path: SCRIPT_PATHS.download },
-    { content: CHECKPOINT_SCRIPT, path: SCRIPT_PATHS.checkpoint },
-    { content: MOCK_CLAUDE_SCRIPT, path: SCRIPT_PATHS.mockClaude },
-    { content: METRICS_SCRIPT, path: SCRIPT_PATHS.metrics },
-    { content: UPLOAD_TELEMETRY_SCRIPT, path: SCRIPT_PATHS.uploadTelemetry },
-    { content: SECRET_MASKER_SCRIPT, path: SCRIPT_PATHS.secretMasker },
-    { content: RUN_AGENT_SCRIPT, path: SCRIPT_PATHS.runAgent },
-    // Env loader is runner-specific (loads env from JSON before executing run-agent.py)
-    { content: ENV_LOADER_SCRIPT, path: ENV_LOADER_PATH }
-  ];
-}
-
-// src/lib/proxy/vm-registry.ts
-import fs4 from "fs";
-var DEFAULT_REGISTRY_PATH = "/tmp/vm0-vm-registry.json";
-var VMRegistry = class {
-  registryPath;
-  data;
-  constructor(registryPath = DEFAULT_REGISTRY_PATH) {
-    this.registryPath = registryPath;
-    this.data = this.load();
-  }
-  /**
-   * Load registry data from file
-   */
-  load() {
-    try {
-      if (fs4.existsSync(this.registryPath)) {
-        const content = fs4.readFileSync(this.registryPath, "utf-8");
-        return JSON.parse(content);
-      }
-    } catch {
-    }
-    return { vms: {}, updatedAt: Date.now() };
-  }
-  /**
-   * Save registry data to file atomically
-   */
-  save() {
-    this.data.updatedAt = Date.now();
-    const content = JSON.stringify(this.data, null, 2);
-    const tempPath = `${this.registryPath}.tmp`;
-    fs4.writeFileSync(tempPath, content, { mode: 420 });
-    fs4.renameSync(tempPath, this.registryPath);
-  }
-  /**
-   * Register a VM with its IP address
-   */
-  register(vmIp, runId, sandboxToken, options) {
-    this.data.vms[vmIp] = {
-      runId,
-      sandboxToken,
-      registeredAt: Date.now(),
-      firewallRules: options?.firewallRules,
-      mitmEnabled: options?.mitmEnabled,
-      sealSecretsEnabled: options?.sealSecretsEnabled
-    };
-    this.save();
-    const firewallInfo = options?.firewallRules ? ` with ${options.firewallRules.length} firewall rules` : "";
-    const mitmInfo = options?.mitmEnabled ? ", MITM enabled" : "";
-    console.log(
-      `[VMRegistry] Registered VM ${vmIp} for run ${runId}${firewallInfo}${mitmInfo}`
-    );
-  }
-  /**
-   * Unregister a VM by IP address
-   */
-  unregister(vmIp) {
-    if (this.data.vms[vmIp]) {
-      const registration = this.data.vms[vmIp];
-      delete this.data.vms[vmIp];
-      this.save();
-      console.log(
-        `[VMRegistry] Unregistered VM ${vmIp} (run ${registration.runId})`
-      );
-    }
-  }
-  /**
-   * Look up registration by VM IP
-   */
-  lookup(vmIp) {
-    return this.data.vms[vmIp];
-  }
-  /**
-   * Get all registered VMs
-   */
-  getAll() {
-    return { ...this.data.vms };
-  }
-  /**
-   * Clear all registrations
-   */
-  clear() {
-    this.data.vms = {};
-    this.save();
-    console.log("[VMRegistry] Cleared all registrations");
-  }
-  /**
-   * Get the path to the registry file
-   */
-  getRegistryPath() {
-    return this.registryPath;
-  }
-};
-var globalRegistry = null;
-function getVMRegistry() {
-  if (!globalRegistry) {
-    globalRegistry = new VMRegistry();
-  }
-  return globalRegistry;
-}
-function initVMRegistry(registryPath) {
-  globalRegistry = new VMRegistry(registryPath);
-  return globalRegistry;
-}
-
-// src/lib/proxy/proxy-manager.ts
-import { spawn as spawn2 } from "child_process";
-import fs5 from "fs";
-import path3 from "path";
-
-// src/lib/proxy/mitm-addon-script.ts
-var RUNNER_MITM_ADDON_SCRIPT = `#!/usr/bin/env python3
-"""
-mitmproxy addon for VM0 runner-level network security mode.
-
-This addon runs on the runner HOST (not inside VMs) and:
-1. Intercepts all HTTPS requests from VMs
-2. Looks up the source VM's runId and firewall rules from the VM registry
-3. Evaluates firewall rules (first-match-wins) to ALLOW or DENY
-4. For MITM mode: Rewrites requests to go through VM0 Proxy endpoint
-5. For SNI-only mode: Passes through or blocks without decryption
-6. Logs network activity per-run to JSONL files
-"""
-import os
-import json
-import time
-import urllib.parse
-import ipaddress
-import socket
-from mitmproxy import http, ctx, tls
-
-
-# VM0 Proxy configuration from environment
-API_URL = os.environ.get("VM0_API_URL", "https://www.vm0.ai")
-REGISTRY_PATH = os.environ.get("VM0_REGISTRY_PATH", "/tmp/vm0-vm-registry.json")
-VERCEL_BYPASS = os.environ.get("VERCEL_AUTOMATION_BYPASS_SECRET", "")
-
-# Construct proxy URL
-PROXY_URL = f"{API_URL}/api/webhooks/agent/proxy"
-
-# Cache for VM registry (reloaded periodically)
-_registry_cache = {}
-_registry_cache_time = 0
-REGISTRY_CACHE_TTL = 2  # seconds
-
-# Track request start times for latency calculation
-request_start_times = {}
-
-
-def load_registry() -> dict:
-    """Load the VM registry from file, with caching."""
-    global _registry_cache, _registry_cache_time
-
-    now = time.time()
-    if now - _registry_cache_time < REGISTRY_CACHE_TTL:
-        return _registry_cache
-
-    try:
-        if os.path.exists(REGISTRY_PATH):
-            with open(REGISTRY_PATH, "r") as f:
-                data = json.load(f)
-                _registry_cache = data.get("vms", {})
-                _registry_cache_time = now
-                return _registry_cache
-    except Exception as e:
-        ctx.log.warn(f"Failed to load VM registry: {e}")
-
-    return _registry_cache
-
-
-def get_vm_info(client_ip: str) -> dict | None:
-    """Look up VM info by client IP address."""
-    registry = load_registry()
-    return registry.get(client_ip)
-
-
-def get_network_log_path(run_id: str) -> str:
-    """Get the network log file path for a run."""
-    return f"/tmp/vm0-network-{run_id}.jsonl"
-
-
-def log_network_entry(run_id: str, entry: dict) -> None:
-    """Write a network log entry to the per-run JSONL file."""
-    if not run_id:
-        return
-
-    log_path = get_network_log_path(run_id)
-    try:
-        fd = os.open(log_path, os.O_CREAT | os.O_APPEND | os.O_WRONLY, 0o644)
-        try:
-            os.write(fd, (json.dumps(entry) + "\\n").encode())
-        finally:
-            os.close(fd)
-    except Exception as e:
-        ctx.log.warn(f"Failed to write network log: {e}")
-
-
-def get_original_url(flow: http.HTTPFlow) -> str:
-    """Reconstruct the original target URL from the request."""
-    scheme = "https" if flow.request.port == 443 else "http"
-    host = flow.request.pretty_host
-    port = flow.request.port
-
-    if (scheme == "https" and port != 443) or (scheme == "http" and port != 80):
-        host_with_port = f"{host}:{port}"
-    else:
-        host_with_port = host
-
-    path = flow.request.path
-    return f"{scheme}://{host_with_port}{path}"
-
-
-# ============================================================================
-# Firewall Rule Matching
-# ============================================================================
-
-def match_domain(pattern: str, hostname: str) -> bool:
-    """
-    Match hostname against domain pattern.
-    Supports exact match and wildcard prefix (*.example.com).
-    """
-    if not pattern or not hostname:
-        return False
-
-    pattern = pattern.lower()
-    hostname = hostname.lower()
-
-    if pattern.startswith("*."):
-        # Wildcard: *.example.com matches sub.example.com, www.example.com
-        # Also matches example.com itself (without subdomain)
-        suffix = pattern[1:]  # .example.com
-        base = pattern[2:]    # example.com
-        return hostname.endswith(suffix) or hostname == base
-
-    return hostname == pattern
-
-
-def match_ip(cidr: str, ip_str: str) -> bool:
-    """
-    Match IP address against CIDR range.
-    Supports single IPs (1.2.3.4) and ranges (10.0.0.0/8).
+    Match IP address against CIDR range.
+    Supports single IPs (1.2.3.4) and ranges (10.0.0.0/8).
     """
     if not cidr or not ip_str:
         return False
@@ -10598,10 +8125,9 @@ async function withSandboxTiming(actionType, fn) {
   }
 }
 
-// src/lib/executor.ts
-function getVmIdFromRunId(runId) {
-  return runId.split("-")[0] || runId.substring(0, 8);
-}
+// src/lib/executor-env.ts
+var ENV_JSON_PATH = "/tmp/vm0-env.json";
+var PROXY_CA_CERT_PATH = "/opt/vm0-runner/proxy/mitmproxy-ca-cert.pem";
 function buildEnvironmentVariables(context, apiUrl) {
   const envVars = {
     VM0_API_URL: apiUrl,
@@ -10645,7 +8171,9 @@ function buildEnvironmentVariables(context, apiUrl) {
   }
   return envVars;
 }
-var ENV_JSON_PATH = "/tmp/vm0-env.json";
+
+// src/lib/network-logs/network-logs.ts
+import fs6 from "fs";
 function getNetworkLogPath(runId) {
   return `/tmp/vm0-network-${runId}.jsonl`;
 }
@@ -10710,16 +8238,30 @@ async function uploadNetworkLogs(apiUrl, sandboxToken, runId) {
   console.log(`[Executor] Network logs uploaded successfully for ${runId}`);
   cleanupNetworkLogs(runId);
 }
+
+// src/lib/vm-setup/vm-setup.ts
+import fs7 from "fs";
+
+// src/lib/scripts/utils.ts
+function getAllScripts() {
+  return [
+    { content: RUN_AGENT_SCRIPT, path: SCRIPT_PATHS.runAgent },
+    { content: DOWNLOAD_SCRIPT, path: SCRIPT_PATHS.download },
+    { content: MOCK_CLAUDE_SCRIPT, path: SCRIPT_PATHS.mockClaude },
+    // Env loader is runner-specific (loads env from JSON before executing run-agent.mjs)
+    { content: ENV_LOADER_SCRIPT, path: ENV_LOADER_PATH }
+  ];
+}
+
+// src/lib/vm-setup/vm-setup.ts
 async function uploadScripts(ssh) {
   const scripts = getAllScripts();
-  await ssh.execOrThrow(
-    `sudo mkdir -p ${SCRIPT_PATHS.baseDir} ${SCRIPT_PATHS.libDir}`
-  );
+  await ssh.execOrThrow(`sudo mkdir -p ${SCRIPT_PATHS.baseDir}`);
   for (const script of scripts) {
     await ssh.writeFileWithSudo(script.path, script.content);
   }
   await ssh.execOrThrow(
-    `sudo chmod +x ${SCRIPT_PATHS.baseDir}/*.py ${SCRIPT_PATHS.libDir}/*.py 2>/dev/null || true`
+    `sudo chmod +x ${SCRIPT_PATHS.baseDir}/*.mjs 2>/dev/null || true`
   );
 }
 async function downloadStorages(ssh, manifest) {
@@ -10732,7 +8274,7 @@ async function downloadStorages(ssh, manifest) {
   const manifestJson = JSON.stringify(manifest);
   await ssh.writeFile("/tmp/storage-manifest.json", manifestJson);
   const result = await ssh.exec(
-    `python3 ${SCRIPT_PATHS.download} /tmp/storage-manifest.json`
+    `node ${SCRIPT_PATHS.download} /tmp/storage-manifest.json`
   );
   if (result.exitCode !== 0) {
     throw new Error(`Storage download failed: ${result.stderr}`);
@@ -10759,14 +8301,13 @@ async function restoreSessionHistory(ssh, resumeSession, workingDir, cliAgentTyp
     `[Executor] Session history restored (${sessionHistory.split("\n").length} lines)`
   );
 }
-var PROXY_CA_CERT_PATH = "/opt/vm0-runner/proxy/mitmproxy-ca-cert.pem";
 async function installProxyCA(ssh) {
-  if (!fs6.existsSync(PROXY_CA_CERT_PATH)) {
+  if (!fs7.existsSync(PROXY_CA_CERT_PATH)) {
     throw new Error(
       `Proxy CA certificate not found at ${PROXY_CA_CERT_PATH}. Run generate-proxy-ca.sh first.`
     );
   }
-  const caCert = fs6.readFileSync(PROXY_CA_CERT_PATH, "utf-8");
+  const caCert = fs7.readFileSync(PROXY_CA_CERT_PATH, "utf-8");
   console.log(
     `[Executor] Installing proxy CA certificate (${caCert.length} bytes)`
   );
@@ -10785,6 +8326,61 @@ nameserver 1.1.1.1`;
     `sudo sh -c 'rm -f /etc/resolv.conf && echo "${dnsConfig}" > /etc/resolv.conf'`
   );
 }
+
+// src/lib/executor.ts
+function getVmIdFromRunId(runId) {
+  return runId.split("-")[0] || runId.substring(0, 8);
+}
+var CURL_ERROR_MESSAGES = {
+  6: "DNS resolution failed",
+  7: "Connection refused",
+  28: "Connection timeout",
+  60: "TLS certificate error (proxy CA not trusted)",
+  22: "HTTP error from server"
+};
+async function runPreflightCheck(ssh, apiUrl, runId, sandboxToken, bypassSecret) {
+  const heartbeatUrl = `${apiUrl}/api/webhooks/agent/heartbeat`;
+  const bypassHeader = bypassSecret ? ` -H "x-vercel-protection-bypass: ${bypassSecret}"` : "";
+  const curlCmd = `curl -sf --connect-timeout 5 --max-time 10 "${heartbeatUrl}" -X POST -H "Content-Type: application/json" -H "Authorization: Bearer ${sandboxToken}"${bypassHeader} -d '{"runId":"${runId}"}'`;
+  const result = await ssh.exec(curlCmd, 2e4);
+  if (result.exitCode === 0) {
+    return { success: true };
+  }
+  const errorDetail = CURL_ERROR_MESSAGES[result.exitCode] ?? `curl exit code ${result.exitCode}`;
+  const stderrInfo = result.stderr?.trim() ? ` (${result.stderr.trim()})` : "";
+  return {
+    success: false,
+    error: `Preflight check failed: ${errorDetail}${stderrInfo} - VM cannot reach VM0 API at ${apiUrl}`
+  };
+}
+async function reportPreflightFailure(apiUrl, runId, sandboxToken, error, bypassSecret) {
+  const completeUrl = `${apiUrl}/api/webhooks/agent/complete`;
+  const headers = {
+    "Content-Type": "application/json",
+    Authorization: `Bearer ${sandboxToken}`
+  };
+  if (bypassSecret) {
+    headers["x-vercel-protection-bypass"] = bypassSecret;
+  }
+  try {
+    const response = await fetch(completeUrl, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        runId,
+        exitCode: 1,
+        error
+      })
+    });
+    if (!response.ok) {
+      console.error(
+        `[Executor] Failed to report preflight failure: HTTP ${response.status}`
+      );
+    }
+  } catch (err) {
+    console.error(`[Executor] Failed to report preflight failure: ${err}`);
+  }
+}
 async function executeJob(context, config, options = {}) {
   const vmId = getVmIdFromRunId(context.runId);
   let vm = null;
@@ -10863,6 +8459,32 @@ async function executeJob(context, config, options = {}) {
       `[Executor] Writing env JSON (${envJson.length} bytes) to ${ENV_JSON_PATH}`
     );
     await ssh.writeFile(ENV_JSON_PATH, envJson);
+    if (!options.benchmarkMode) {
+      log(`[Executor] Running preflight connectivity check...`);
+      const bypassSecret = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
+      const preflight = await runPreflightCheck(
+        ssh,
+        config.server.url,
+        context.runId,
+        context.sandboxToken,
+        bypassSecret
+      );
+      if (!preflight.success) {
+        log(`[Executor] Preflight check failed: ${preflight.error}`);
+        await reportPreflightFailure(
+          config.server.url,
+          context.runId,
+          context.sandboxToken,
+          preflight.error,
+          bypassSecret
+        );
+        return {
+          exitCode: 1,
+          error: preflight.error
+        };
+      }
+      log(`[Executor] Preflight check passed`);
+    }
     const systemLogFile = `/tmp/vm0-main-${context.runId}.log`;
     const exitCodeFile = `/tmp/vm0-exit-${context.runId}`;
     const startTime = Date.now();
@@ -10875,7 +8497,7 @@ async function executeJob(context, config, options = {}) {
     } else {
       log(`[Executor] Running agent via env-loader (background)...`);
       await ssh.exec(
-        `nohup sh -c 'python3 -u ${ENV_LOADER_PATH}; echo $? > ${exitCodeFile}' > ${systemLogFile} 2>&1 &`
+        `nohup sh -c 'node ${ENV_LOADER_PATH}; echo $? > ${exitCodeFile}' > ${systemLogFile} 2>&1 &`
       );
       log(`[Executor] Agent started in background`);
     }
@@ -10894,7 +8516,7 @@ async function executeJob(context, config, options = {}) {
       }
       if (!options.benchmarkMode) {
         const processCheck = await ssh.exec(
-          `pgrep -f "env-loader.py" > /dev/null 2>&1 && echo "RUNNING" || echo "DEAD"`
+          `pgrep -f "env-loader.mjs" > /dev/null 2>&1 && echo "RUNNING" || echo "DEAD"`
         );
         if (processCheck.stdout.trim() === "DEAD") {
           log(
@@ -11327,7 +8949,7 @@ var benchmarkCommand = new Command3("benchmark").description(
 });
 
 // src/index.ts
-var version = true ? "2.8.5" : "0.1.0";
+var version = true ? "2.10.0" : "0.1.0";
 program.name("vm0-runner").version(version).description("Self-hosted runner for VM0 agents");
 program.addCommand(startCommand);
 program.addCommand(statusCommand);