labgate 0.5.2 → 0.5.4

package/dist/lib/container.js

@@ -36,11 +36,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeMountFingerprint = computeMountFingerprint;
 exports.imageToSifName = imageToSifName;
 exports.buildEntrypoint = buildEntrypoint;
+exports.setupBrowserHook = setupBrowserHook;
 exports.startSession = startSession;
 exports.listSessions = listSessions;
 exports.stopSession = stopSession;
+exports.restartSession = restartSession;
 const child_process_1 = require("child_process");
 const fs_1 = require("fs");
 const path_1 = require("path");
@@ -50,8 +53,245 @@ const fast_glob_1 = __importDefault(require("fast-glob"));
 const config_js_1 = require("./config.js");
 const runtime_js_1 = require("./runtime.js");
 const audit_js_1 = require("./audit.js");
+const slurm_db_js_1 = require("./slurm-db.js");
+const slurm_poller_js_1 = require("./slurm-poller.js");
 const log = __importStar(require("./log.js"));
-const ui_js_1 = require("./ui.js");
+/**
+ * Compute a deterministic fingerprint of mount-affecting config fields.
+ * Used to detect when running sessions need a restart after config changes.
+ * Only includes fields that are baked into container args at launch time
+ * and cannot be hot-reloaded (--bind, --volume, --network, image, runtime).
+ */
+function computeMountFingerprint(config, imageOverride) {
+    const input = JSON.stringify({
+        datasets: (config.datasets || []).map(d => ({ path: d.path, name: d.name, mode: d.mode })),
+        extra_paths: (config.filesystem.extra_paths || []).map(p => ({ path: p.path, mode: p.mode })),
+        image: imageOverride ?? config.image,
+        network_mode: config.network.mode,
+        runtime: config.runtime,
+    });
+    return (0, crypto_1.createHash)('sha256').update(input).digest('hex').slice(0, 16);
+}
+function writeSessionFile(sessionId, session, image) {
+    const dir = (0, config_js_1.getSessionsDir)();
+    (0, config_js_1.ensurePrivateDir)(dir);
+    const data = {
+        id: sessionId,
+        agent: session.agent,
+        workdir: session.workdir,
+        node: (0, os_1.hostname)(),
+        pid: process.pid,
+        started: new Date().toISOString(),
+        network: session.config.network.mode,
+        image,
+        user: (0, os_1.userInfo)().username,
+        configFingerprint: computeMountFingerprint(session.config, session.imageOverride),
+    };
+    const content = JSON.stringify(data, null, 2) + '\n';
+    const sessionFile = (0, path_1.join)(dir, `${sessionId}.json`);
+    (0, fs_1.writeFileSync)(sessionFile, content, { encoding: 'utf-8', mode: config_js_1.PRIVATE_FILE_MODE });
+    (0, config_js_1.ensurePrivateFile)(sessionFile);
+    // Enterprise: also write to shared sessions dir for admin visibility
+    if (session.sharedSessionsDir) {
+        try {
+            const sharedFile = (0, path_1.join)(session.sharedSessionsDir, `${sessionId}.json`);
+            (0, fs_1.writeFileSync)(sharedFile, content, { encoding: 'utf-8', mode: 0o664 });
+        }
+        catch {
+            // Best effort; shared dir may not be writable
+        }
+    }
+}
+function removeSessionFile(sessionId, sharedSessionsDir) {
+    try {
+        (0, fs_1.unlinkSync)((0, path_1.join)((0, config_js_1.getSessionsDir)(), `${sessionId}.json`));
+    }
+    catch { /* already removed */ }
+    if (sharedSessionsDir) {
+        try {
+            (0, fs_1.unlinkSync)((0, path_1.join)(sharedSessionsDir, `${sessionId}.json`));
+        }
+        catch { /* best effort */ }
+    }
+}
+const LABGATE_INSTRUCTION_START = '<!-- LABGATE_SESSION_INSTRUCTION_START -->';
+const LABGATE_INSTRUCTION_END = '<!-- LABGATE_SESSION_INSTRUCTION_END -->';
+function getInstructionFileForAgent(agent) {
+    return agent.toLowerCase() === 'claude' ? 'CLAUDE.md' : 'AGENTS.md';
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+function stripLabgateInstructionBlock(content) {
+    const pattern = new RegExp(`${escapeRegExp(LABGATE_INSTRUCTION_START)}[\\s\\S]*?${escapeRegExp(LABGATE_INSTRUCTION_END)}\\n?`, 'g');
+    return content.replace(pattern, '').replace(/^\n+/, '');
+}
+function hasOtherActiveSessionForInstructionFile(workdir, filename) {
+    const dir = (0, config_js_1.getSessionsDir)();
+    if (!(0, fs_1.existsSync)(dir))
+        return false;
+    const localHost = (0, os_1.hostname)();
+    try {
+        const files = (0, fs_1.readdirSync)(dir).filter(f => f.endsWith('.json'));
+        for (const file of files) {
+            try {
+                const data = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(dir, file), 'utf-8'));
+                if (data.workdir !== workdir)
+                    continue;
+                if (getInstructionFileForAgent(data.agent) !== filename)
+                    continue;
+                if (data.node === localHost) {
+                    try {
+                        process.kill(data.pid, 0);
+                    }
+                    catch {
+                        try {
+                            (0, fs_1.unlinkSync)((0, path_1.join)(dir, file));
+                        }
+                        catch { /* best effort */ }
+                        continue;
+                    }
+                }
+                return true;
+            }
+            catch { /* skip bad session files */ }
+        }
+    }
+    catch { /* skip unreadable dir */ }
+    return false;
+}
+function cleanupLabgateInstructionFile(workdir, filename, deleteWhenEmpty) {
+    if (hasOtherActiveSessionForInstructionFile(workdir, filename))
+        return;
+    const targetPath = (0, path_1.join)(workdir, filename);
+    try {
+        if (!(0, fs_1.existsSync)(targetPath))
+            return;
+        const current = (0, fs_1.readFileSync)(targetPath, 'utf-8');
+        const stripped = stripLabgateInstructionBlock(current);
+        if (stripped.trim().length === 0) {
+            if (deleteWhenEmpty) {
+                try {
+                    (0, fs_1.unlinkSync)(targetPath);
+                }
+                catch { /* best effort */ }
+            }
+            else if (stripped !== current) {
+                (0, fs_1.writeFileSync)(targetPath, '', 'utf-8');
+            }
+        }
+        else if (stripped !== current) {
+            (0, fs_1.writeFileSync)(targetPath, stripped, 'utf-8');
+        }
+    }
+    catch (err) {
+        log.warn(`Could not clean up ${filename}: ${err.message ?? String(err)}`);
+    }
+}
+function buildLabgateInstructionBlock(session) {
+    const lines = [
+        LABGATE_INSTRUCTION_START,
+        '## LabGate Sandbox Context (Auto-Managed)',
+        '- You are running inside a LabGate sandbox container.',
+        '- Path mapping:',
+        `  - Container \`/work\` maps to host \`${session.workdir}\``,
+        `  - Container \`/home/sandbox\` maps to host \`${(0, config_js_1.getSandboxHome)()}\``,
+    ];
+    for (const mount of session.config.filesystem.extra_paths) {
+        const hostPath = mount.path.replace(/^~/, (0, os_1.homedir)());
+        lines.push(`  - Container \`/mnt/${(0, path_1.basename)(hostPath)}\` maps to host \`${hostPath}\` (${mount.mode})`);
+    }
+    const datasets = session.config.datasets || [];
+    for (const ds of datasets) {
+        const hostPath = ds.path.replace(/^~/, (0, os_1.homedir)());
+        lines.push(`  - Container \`/datasets/${ds.name}\` maps to host \`${hostPath}\` (${ds.mode})`);
+    }
+    lines.push('- Treat other host paths as unavailable unless explicitly mounted.');
+    lines.push('- When reporting file paths to the user, prefer showing both container and host paths when helpful.');
+    if (datasets.length > 0) {
+        lines.push('');
+        lines.push('### Available Datasets');
+        lines.push('The following named datasets are mounted and available for analysis:');
+        for (const ds of datasets) {
+            const desc = ds.description ? ` — ${ds.description}` : '';
+            lines.push(`- **${ds.name}** at \`/datasets/${ds.name}\` (${ds.mode})${desc}`);
+        }
+        lines.push('');
+        lines.push('Use these dataset paths directly when the user references data by name.');
+    }
+    if (session.config.slurm.enabled) {
+        lines.push('');
+        lines.push('### SLURM Integration');
+        lines.push('- SLURM commands (srun, sbatch, squeue, scancel) are available.');
+        lines.push('- LabGate tracks your SLURM jobs automatically via squeue polling.');
+        if (session.config.slurm.mcp_server && session.agent.toLowerCase() === 'claude') {
+            lines.push('- Use the `labgate-slurm` MCP tools to check job status and read output files.');
+            lines.push('- Available tools: `list_slurm_jobs`, `get_slurm_job`, `get_slurm_output`, `cancel_slurm_job`, `set_slurm_job_notes`');
+            lines.push('- Jobs may have user-annotated notes visible via `get_slurm_job`. Use `set_slurm_job_notes` to add your own observations.');
+        }
+        lines.push('- When submitting jobs, prefer using `--output` and `--error` flags to set explicit paths.');
+    }
+    lines.push(LABGATE_INSTRUCTION_END);
+    return lines.join('\n');
+}
+/**
+ * Inject a LabGate-managed instruction block into the agent-specific instruction file.
+ * The block is removed when the session ends unless another active session
+ * still manages the same instruction file in that workdir.
+ */
+function installLabgateInstruction(session) {
+    const filename = getInstructionFileForAgent(session.agent);
+    const targetPath = (0, path_1.join)(session.workdir, filename);
+    const existedBefore = (0, fs_1.existsSync)(targetPath);
+    try {
+        const current = existedBefore ? (0, fs_1.readFileSync)(targetPath, 'utf-8') : '';
+        const stripped = stripLabgateInstructionBlock(current);
+        const block = buildLabgateInstructionBlock(session);
+        const next = stripped.trim().length === 0
+            ? `${block}\n`
+            : `${block}\n\n${stripped}`;
+        if (next !== current) {
+            (0, fs_1.writeFileSync)(targetPath, next, 'utf-8');
+        }
+    }
+    catch (err) {
+        log.warn(`Could not write ${filename}: ${err.message ?? String(err)}`);
+        return () => { };
+    }
+    return () => cleanupLabgateInstructionFile(session.workdir, filename, !existedBefore);
+}
+/**
+ * Clean up stale session files from dead local processes.
+ * Called on session start to tidy up after crashes.
+ */
+function cleanStaleSessionFiles() {
+    const dir = (0, config_js_1.getSessionsDir)();
+    if (!(0, fs_1.existsSync)(dir))
+        return;
+    const localHost = (0, os_1.hostname)();
+    try {
+        const files = (0, fs_1.readdirSync)(dir).filter(f => f.endsWith('.json'));
+        for (const file of files) {
+            try {
+                const data = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(dir, file), 'utf-8'));
+                // Only clean up sessions from this node
+                if (data.node !== localHost)
+                    continue;
+                // Check if the process is still alive
+                try {
+                    process.kill(data.pid, 0);
+                }
+                catch {
+                    // Process is dead — remove stale file
+                    (0, fs_1.unlinkSync)((0, path_1.join)(dir, file));
+                    cleanupLabgateInstructionFile(data.workdir, getInstructionFileForAgent(data.agent), false);
+                }
+            }
+            catch { /* skip unparseable files */ }
+        }
+    }
+    catch { /* dir read error */ }
+}
 // ── SIF image management (Apptainer/Singularity) ─────────
 /**
  * Convert a container image URI to a local SIF filename.
@@ -85,7 +325,7 @@ function ensureSifImage(runtime, image) {
     }
     return sifPath;
 }
-// ── OCI image management (Podman/Docker) ─────────────────
+// ── OCI image management (Docker) ────────────────────────
 function ensureOciImage(runtime, image) {
     try {
         if (runtime === 'docker') {
@@ -107,7 +347,6 @@ function ensureOciImage(runtime, image) {
                 if (runtime === 'docker') {
                     log.step('Fix: sudo usermod -aG docker $USER && newgrp docker');
                 }
-                log.step('Or use podman (rootless): labgate config set runtime podman');
             }
             else {
                 log.error(`Failed to pull image "${image}" with ${runtime}.`);
@@ -173,6 +412,11 @@ function getMountRoots(session) {
             const target = `/mnt/${(0, path_1.basename)(resolved)}`;
             return { host: resolved, container: target };
         }),
+        // Datasets mounted under /datasets/{name}
+        ...(config.datasets || []).map(({ path: p, name }) => {
+            const resolved = p.replace(/^~/, (0, os_1.homedir)());
+            return { host: resolved, container: `/datasets/${name}` };
+        }),
     ];
 }
 // ── Dry-run runtime fallback ──────────────────────────────
@@ -223,13 +467,13 @@ function buildFilteredProxyEnv(config) {
     }
     return env;
 }
-function buildNetworkArgs(config, runtime) {
+function buildNetworkArgs(config) {
     if (config.network.mode === 'none')
         return ['--network=none'];
     if (config.network.mode === 'host')
         return ['--network=host'];
     // filtered
-    return runtime === 'podman' ? ['--network=slirp4netns'] : ['--network=bridge'];
+    return ['--network=bridge'];
 }
 function prepareCommonArgs(session, sessionId, tokenEnv) {
     const { agent, config } = session;
@@ -250,8 +494,8 @@ function prepareCommonArgs(session, sessionId, tokenEnv) {
     ];
     return { blockedMounts, emptyDir, envArgs };
 }
-// ── Build Podman/Docker arguments ─────────────────────────
-function buildPodmanArgs(session, runtime, sessionId, tokenEnv = []) {
+// ── Build Docker arguments ────────────────────────────────
+function buildDockerArgs(session, sessionId, tokenEnv = []) {
     const { agent, workdir, config, imageOverride } = session;
     const image = imageOverride ?? config.image;
     const sandboxHome = (0, config_js_1.getSandboxHome)();
@@ -267,7 +511,7 @@ function buildPodmanArgs(session, runtime, sessionId, tokenEnv = []) {
         '--security-opt=no-new-privileges',
         '--pids-limit=512',
         // ── Network ──
-        ...buildNetworkArgs(config, runtime),
+        ...buildNetworkArgs(config),
         // ── Persistent sandbox HOME ──
         '--volume', `${sandboxHome}:/home/sandbox:rw`,
         // ── Working directory ──
@@ -279,6 +523,11 @@ function buildPodmanArgs(session, runtime, sessionId, tokenEnv = []) {
             const target = `/mnt/${(0, path_1.basename)(resolved)}`;
             return `--volume=${resolved}:${target}:${mode}`;
         }),
+        // ── Dataset mounts ──
+        ...(config.datasets || []).map(({ path: p, name, mode }) => {
+            const resolved = p.replace(/^~/, (0, os_1.homedir)());
+            return `--volume=${resolved}:/datasets/${name}:${mode}`;
+        }),
         // ── Block sensitive paths ──
         ...blockedMounts.flatMap(({ containerPath, kind }) => {
             const source = kind === 'dir' ? emptyDir : '/dev/null';
@@ -313,6 +562,12 @@ function buildApptainerArgs(session, runtime, sifPath, sessionId, tokenEnv = [])
             const bindSpec = mode === 'ro' ? `${resolved}:${target}:ro` : `${resolved}:${target}`;
             return ['--bind', bindSpec];
         }),
+        // ── Dataset mounts ──
+        ...(config.datasets || []).flatMap(({ path: p, name, mode }) => {
+            const resolved = p.replace(/^~/, (0, os_1.homedir)());
+            const bindSpec = mode === 'ro' ? `${resolved}:/datasets/${name}:ro` : `${resolved}:/datasets/${name}`;
+            return ['--bind', bindSpec];
+        }),
         // ── Block sensitive paths ──
         ...blockedMounts.flatMap(({ containerPath, kind }) => {
             const source = kind === 'dir' ? emptyDir : '/dev/null';
@@ -367,38 +622,101 @@ function buildEntrypoint(agent) {
     lines.push(`if ! command -v ${setup.bin} >/dev/null 2>&1; then`, `  echo "[labgate] Installing ${setup.pkg}..."`, `  ${setup.installer}`, 'fi', `echo "[labgate] Starting ${setup.bin} in /work"`, `exec ${setup.bin}`);
     return lines.join('\n');
 }
-// ── OAuth URL interceptor (watches container stdout) ──────
+// ── Browser-open hook for OAuth (via sandbox home) ────────
+/**
+ * Detect whether we can open a browser on this machine.
+ * Returns false for SSH sessions, headless servers, etc.
+ */
+function canOpenBrowser() {
+    if (process.env.SSH_CONNECTION || process.env.SSH_TTY)
+        return false;
+    if ((0, os_1.platform)() === 'darwin')
+        return true;
+    if (process.env.DISPLAY || process.env.WAYLAND_DISPLAY)
+        return true;
+    return false;
+}
+/**
+ * Copy text to the user's local clipboard via OSC 52 escape sequence.
+ * Works over SSH in terminals that support it: iTerm2, kitty, alacritty,
+ * Windows Terminal, tmux (with set-clipboard on), foot, WezTerm, etc.
+ */
+function osc52Copy(text) {
+    const encoded = Buffer.from(text).toString('base64');
+    // Write directly to the TTY to bypass any stdout buffering/piping
+    const tty = process.stderr.isTTY ? process.stderr : process.stdout;
+    tty.write(`\x1b]52;c;${encoded}\x07`);
+}
+const OAUTH_URL_DEDUPE_WINDOW_MS = 20_000;
+let lastHandledOAuthUrl = '';
+let lastHandledOAuthAt = 0;
+function handleOAuthUrl(url, options) {
+    const now = Date.now();
+    if (url === lastHandledOAuthUrl && (now - lastHandledOAuthAt) < OAUTH_URL_DEDUPE_WINDOW_MS) {
+        return;
+    }
+    lastHandledOAuthUrl = url;
+    lastHandledOAuthAt = now;
+    if (options.isRemote) {
+        // SSH / headless: push URL to local clipboard via OSC 52 if supported.
+        osc52Copy(url);
+        log.info(`Login URL:\n${url}`);
+        log.info('Tried to copy URL via terminal clipboard (OSC 52).');
+        log.info('Open it in your local browser, then paste the code back here.');
+        return;
+    }
+    if (options.hostPlatform === 'darwin') {
+        try {
+            options.execSync('pbcopy', [], { input: url, stdio: ['pipe', 'ignore', 'ignore'] });
+        }
+        catch { /* best effort */ }
+        try {
+            options.execSync('open', [url], { stdio: 'ignore' });
+            log.success('Login URL opened in browser');
+        }
+        catch {
+            log.warn('Could not auto-open browser. URL copied to clipboard (if available).');
+            log.info(`Login URL:\n${url}`);
+        }
+        return;
+    }
+    // Local Linux with display
+    try {
+        options.execSync('xdg-open', [url], { stdio: 'ignore' });
+        log.success('Login URL opened in browser');
+    }
+    catch {
+        osc52Copy(url);
+        log.warn('Could not auto-open browser. Tried clipboard copy via terminal.');
+        log.info(`Login URL:\n${url}`);
+    }
+}
 /**
  * Creates a function that buffers container output and watches for OAuth
- * URLs. When found (even if line-wrapped), reassembles the full URL and
- * copies it to the local clipboard via OSC 52.
- *
- * Works regardless of whether the BROWSER hook fires — this is a safety
- * net that catches the URL directly from Claude Code's terminal output.
+ * URLs. Works as a fallback if the BROWSER hook isn't triggered.
  */
-function createOAuthInterceptor() {
+function createOAuthInterceptor(options = {}) {
     let buffer = '';
     let handled = false;
+    const isRemote = options.forceRemote ?? !canOpenBrowser();
+    const hostPlatform = options.platformOverride ?? (0, os_1.platform)();
+    const execSync = options.execSync ?? child_process_1.execFileSync;
     return {
         feed(data) {
             if (handled)
                 return data;
             buffer += data;
-            // Keep buffer from growing unbounded — only need to look at recent output
+            // Keep buffer from growing unbounded — only need to look at recent output.
             if (buffer.length > 8000) {
                 buffer = buffer.slice(-6000);
             }
-            // Look for the OAuth URL pattern — it may be split across lines
-            // Claude Code wraps long URLs at terminal width boundaries
+            // Look for the OAuth URL pattern — it may be split across lines.
             const match = buffer.match(/https:\/\/claude\.ai\/oauth\/authorize\?[^\s]*/);
             if (!match)
                 return data;
-            // Found a URL start. Now collect the full URL by stripping line breaks
-            // that Claude Code's terminal wrapping inserted.
+            // Reassemble wrapped URL by stripping terminal-inserted whitespace.
             const urlStart = buffer.indexOf(match[0]);
             let raw = buffer.slice(urlStart);
-            // The URL ends at "Paste code" or double newline or a line that
-            // doesn't look like URL continuation
             const endPatterns = [/\n\s*\n/, /Paste code/, /\n\s*$/];
             for (const pat of endPatterns) {
                 const endMatch = raw.match(pat);
@@ -406,63 +724,39 @@ function createOAuthInterceptor() {
                     raw = raw.slice(0, endMatch.index);
                 }
             }
-            // Strip whitespace/newlines that the terminal wrapping inserted
             const cleanUrl = raw.replace(/\s+/g, '').trim();
             if (cleanUrl.length > 50 && cleanUrl.startsWith('https://')) {
                 handled = true;
-                // Copy to local clipboard via OSC 52
-                osc52Copy(cleanUrl);
-                // Print to stderr so it doesn't mix with the PTY output
-                log.success('Login URL copied to your clipboard — paste it in your browser');
+                handleOAuthUrl(cleanUrl, { isRemote, hostPlatform, execSync });
             }
             return data;
         },
     };
 }
-// ── Browser-open hook for OAuth (via sandbox home) ────────
-/**
- * Detect whether we can open a browser on this machine.
- * Returns false for SSH sessions, headless servers, etc.
- */
-function canOpenBrowser() {
-    if (process.env.SSH_CONNECTION || process.env.SSH_TTY)
-        return false;
-    if ((0, os_1.platform)() === 'darwin')
-        return true;
-    if (process.env.DISPLAY || process.env.WAYLAND_DISPLAY)
-        return true;
-    return false;
-}
-/**
- * Copy text to the user's local clipboard via OSC 52 escape sequence.
- * Works over SSH in terminals that support it: iTerm2, kitty, alacritty,
- * Windows Terminal, tmux (with set-clipboard on), foot, WezTerm, etc.
- */
-function osc52Copy(text) {
-    const encoded = Buffer.from(text).toString('base64');
-    // Write directly to the TTY to bypass any stdout buffering/piping
-    const tty = process.stderr.isTTY ? process.stderr : process.stdout;
-    tty.write(`\x1b]52;c;${encoded}\x07`);
-}
-/**
- * Sets up OAuth browser handling. Always intercepts the URL via BROWSER
- * hook. Behaviour depends on environment:
- *
- * 1. Local macOS + podman: Open URL with `open`, copy with `pbcopy`,
- *    forward callback port via `podman machine ssh`.
- * 2. Local Linux with display: Open with `xdg-open`.
- * 3. SSH / headless: Copy URL to local clipboard via OSC 52 terminal
- *    escape sequence. Works in iTerm2, kitty, Windows Terminal, tmux, etc.
- *    Falls back to displaying the URL if OSC 52 is not supported.
- */
-function setupBrowserHook() {
-    const isRemote = !canOpenBrowser();
-    const sandboxHome = (0, config_js_1.getSandboxHome)();
+function setupBrowserHook(options = {}) {
+    const isRemote = options.forceRemote ?? !canOpenBrowser();
+    const hostPlatform = options.platformOverride ?? (0, os_1.platform)();
+    const execSync = options.execSync ?? child_process_1.execFileSync;
+    const sandboxHome = options.sandboxHomeOverride ?? (0, config_js_1.getSandboxHome)();
     const labgateDir = (0, path_1.join)(sandboxHome, '.labgate');
     (0, fs_1.mkdirSync)(labgateDir, { recursive: true });
     // Write the browser-open script (runs inside the container)
     const scriptPath = (0, path_1.join)(labgateDir, 'browser-open.sh');
-    (0, fs_1.writeFileSync)(scriptPath, '#!/bin/sh\necho "$1" > /home/sandbox/.labgate/browser-url\n', { mode: 0o755 });
+    (0, fs_1.writeFileSync)(scriptPath, [
+        '#!/bin/sh',
+        'set -eu',
+        'url=""',
+        'for arg in "$@"; do',
+        '  case "$arg" in',
+        '    http://*|https://*) url="$arg" ;;',
+        '  esac',
+        'done',
+        '[ -n "$url" ] || url="${1:-}"',
+        'mkdir -p /home/sandbox/.labgate',
+        'printf \'%s\\n\' "$url" > /home/sandbox/.labgate/browser-url',
+        'exit 0',
+        '',
+    ].join('\n'), { mode: 0o755 });
     // Remove stale URL file
     const urlFilePath = (0, path_1.join)(labgateDir, 'browser-url');
     try {
@@ -470,62 +764,48 @@ function setupBrowserHook() {
     }
     catch { /* doesn't exist */ }
     let handled = false;
-    // Watch for the URL file on the host side
-    const watcher = (0, fs_1.watch)(labgateDir, (_eventType, filename) => {
-        if (handled || filename !== 'browser-url')
-            return;
-        handled = true;
+    const processUrlFile = () => {
+        if (handled)
+            return true;
         try {
             const url = (0, fs_1.readFileSync)(urlFilePath, 'utf-8').trim();
             if (!url)
-                return;
-            if (isRemote) {
-                // SSH / headless: push URL to local clipboard via OSC 52
-                osc52Copy(url);
-                log.success('Login URL copied to your local clipboard via terminal');
-                log.info('Paste it in your browser to sign in, then paste the code back here');
-            }
-            else if ((0, os_1.platform)() === 'darwin') {
-                // Local macOS: open browser + copy to clipboard
-                const portMatch = url.match(/localhost%3A(\d+)/);
-                if (portMatch) {
-                    const port = parseInt(portMatch[1], 10);
-                    if (port > 0 && port < 65536) {
-                        try {
-                            (0, child_process_1.execFileSync)('podman', ['machine', 'ssh', '--', '-f', '-N', '-L', `${port}:localhost:${port}`], {
-                                timeout: 5000,
-                                stdio: 'ignore',
-                            });
-                            log.step(`Forwarding callback port ${port}`);
-                        }
-                        catch { /* best effort */ }
-                    }
-                }
-                try {
-                    (0, child_process_1.execFileSync)('pbcopy', [], { input: url, stdio: ['pipe', 'ignore', 'ignore'] });
-                }
-                catch { /* best effort */ }
-                try {
-                    (0, child_process_1.execFileSync)('open', [url]);
-                }
-                catch { /* best effort */ }
-                log.success('Login URL opened in browser and copied to clipboard');
-            }
-            else {
-                // Local Linux with display
-                try {
-                    (0, child_process_1.execFileSync)('xdg-open', [url]);
-                }
-                catch {
-                    osc52Copy(url);
-                    log.info(`Login URL:\n${url}`);
-                }
-            }
+                return false;
+            handled = true;
+            handleOAuthUrl(url, { isRemote, hostPlatform, execSync });
+            return true;
         }
-        catch { /* best effort */ }
+        catch {
+            return false;
+        }
+    };
+    // Watch for the URL file on the host side
+    const watcher = (0, fs_1.watch)(labgateDir, (_eventType, filename) => {
+        if (handled)
+            return;
+        const name = filename || '';
+        if (name !== 'browser-url')
+            return;
+        if (processUrlFile())
+            return;
+        // File may exist but not be fully flushed yet. Retry shortly.
+        setTimeout(() => { processUrlFile(); }, 60);
     });
+    // Safety net: if fs.watch misses events, poll for a short window.
+    const poll = setInterval(() => {
+        if (handled) {
+            clearInterval(poll);
+            return;
+        }
+        processUrlFile();
+    }, 200);
+    const pollTimeout = setTimeout(() => clearInterval(poll), 60_000);
+    poll.unref?.();
+    pollTimeout.unref?.();
     const cleanup = () => {
         watcher.close();
+        clearInterval(poll);
+        clearTimeout(pollTimeout);
         try {
             (0, fs_1.unlinkSync)(urlFilePath);
         }
@@ -633,6 +913,13 @@ function formatStatusFooter(session, runtime, sessionId, image) {
 function logSessionStart(session, sessionId) {
     if (!session.config.audit.enabled)
         return;
+    const datasets = (session.config.datasets || []).map(ds => ({
+        path: ds.path.replace(/^~/, (0, os_1.homedir)()),
+        name: ds.name,
+        target: `/datasets/${ds.name}`,
+        mode: ds.mode,
+        ...(ds.description ? { description: ds.description } : {}),
+    }));
     const event = {
         timestamp: new Date().toISOString(),
         session: sessionId,
@@ -648,8 +935,9 @@ function logSessionStart(session, sessionId) {
                 mode: p.mode,
             })),
         ],
+        ...(datasets.length > 0 ? { datasets } : {}),
     };
-    (0, audit_js_1.writeAuditEvent)(session.config, event);
+    (0, audit_js_1.writeAuditEvent)(session.config, event, { sharedAuditDir: session.sharedAuditDir });
 }
 function logSessionEnd(session, sessionId, exitCode) {
     if (!session.config.audit.enabled)
@@ -659,7 +947,7 @@ function logSessionEnd(session, sessionId, exitCode) {
         session: sessionId,
         event: 'session_end',
         exit_code: exitCode,
-    });
+    }, { sharedAuditDir: session.sharedAuditDir });
 }
 function setupSessionTimeout(session, sessionId, runtime, isExited, killChild) {
     const timeoutHours = session.config.session_timeout_hours;
@@ -676,7 +964,7 @@ function setupSessionTimeout(session, sessionId, runtime, isExited, killChild) {
                 session: sessionId,
                 event: 'session_timeout',
                 timeout_hours: timeoutHours,
-            });
+            }, { sharedAuditDir: session.sharedAuditDir });
         }
         if (!(0, runtime_js_1.isApptainerFamily)(runtime)) {
             try {
@@ -703,12 +991,12 @@ function printSessionInfo(session, sessionId, runtime) {
         ['Network', mode],
         ['Timeout', timeoutLabel],
         ['Blocked', `${session.config.filesystem.blocked_patterns.length} patterns`],
+        ...((session.config.datasets || []).length > 0 ? [['Datasets', `${session.config.datasets.length} mounted`]] : []),
         ...(session.config.audit.enabled ? [['Audit', (0, config_js_1.getLogDir)(session.config)]] : []),
-        ['Settings', `http://${(0, os_1.hostname)()}:7700`],
     ]);
     console.error('');
     if ((0, runtime_js_1.isApptainerFamily)(runtime) && mode !== 'host') {
-        log.warn(`Apptainer does not enforce network=${mode}. Use podman for strict isolation.`);
+        log.warn(`Apptainer does not enforce network=${mode}. Use network policy on the host for strict isolation.`);
     }
     if (mode === 'filtered') {
         log.warn('Filtered mode relies on your proxy. Set LABGATE_PROXY or HTTP_PROXY.');
@@ -742,65 +1030,154 @@ async function startSession(session) {
         if (!session.dryRun) {
             ensureOciImage(runtime, image);
         }
-        args = buildPodmanArgs(session, runtime, sessionId, [...tokenEnv, ...(browserHook?.env ?? [])]);
+        args = buildDockerArgs(session, sessionId, [...tokenEnv, ...(browserHook?.env ?? [])]);
     }
     if (session.dryRun) {
         prettyPrintCommand(runtime, args);
         return;
     }
-    // Create OAuth URL interceptor for SSH/headless environments
-    const oauthInterceptor = !canOpenBrowser() ? createOAuthInterceptor() : null;
+    // Create OAuth URL interceptor as a fallback when BROWSER hook does not fire.
+    // This parses Claude output and handles wrapped OAuth URLs.
+    const oauthInterceptor = (session.agent === 'claude' && tokenEnv.length === 0)
+        ? createOAuthInterceptor()
+        : null;
+    // Clean up stale session files from crashed processes, then register this session
+    cleanStaleSessionFiles();
+    writeSessionFile(sessionId, session, image);
+    const cleanupLabgateInstruction = installLabgateInstruction(session);
+    // Start SLURM job tracking if enabled
+    let sessionSlurmDB = null;
+    let sessionSlurmPoller = null;
+    const cleanupSlurm = () => {
+        if (sessionSlurmPoller) {
+            sessionSlurmPoller.stop();
+            sessionSlurmPoller = null;
+        }
+        if (sessionSlurmDB) {
+            try {
+                sessionSlurmDB.close();
+            }
+            catch { }
+            sessionSlurmDB = null;
+        }
+    };
+    if (session.config.slurm.enabled) {
+        try {
+            sessionSlurmDB = new slurm_db_js_1.SlurmJobDB((0, config_js_1.getSlurmDbPath)());
+            sessionSlurmPoller = new slurm_poller_js_1.SlurmPoller({
+                db: sessionSlurmDB,
+                pollIntervalMs: session.config.slurm.poll_interval_seconds * 1000,
+                sacctLookbackHours: session.config.slurm.sacct_lookback_hours,
+            });
+            sessionSlurmPoller.start();
+        }
+        catch {
+            // SLURM tracking unavailable (better-sqlite3 not installed)
+            cleanupSlurm();
+        }
+    }
+    // Auto-register SLURM MCP server for Claude Code
+    if (session.config.slurm.enabled && session.config.slurm.mcp_server && session.agent.toLowerCase() === 'claude') {
+        try {
+            const sandboxHome = (0, config_js_1.getSandboxHome)();
+            const claudeDir = (0, path_1.join)(sandboxHome, '.claude');
+            (0, config_js_1.ensurePrivateDir)(claudeDir);
+            // The MCP server script path (compiled dist)
+            const mcpServerPath = (0, path_1.resolve)(__dirname, 'slurm-mcp.js');
+            const dbPath = (0, config_js_1.getSlurmDbPath)();
+            // Read existing mcp.json or start fresh
+            const mcpConfigPath = (0, path_1.join)(claudeDir, 'mcp.json');
+            let mcpConfig = {};
+            try {
+                if ((0, fs_1.existsSync)(mcpConfigPath)) {
+                    mcpConfig = JSON.parse((0, fs_1.readFileSync)(mcpConfigPath, 'utf-8'));
+                }
+            }
+            catch { /* start fresh */ }
+            if (!mcpConfig.mcpServers)
+                mcpConfig.mcpServers = {};
+            mcpConfig.mcpServers['labgate-slurm'] = {
+                command: 'node',
+                args: [mcpServerPath, '--db', dbPath],
+            };
+            (0, fs_1.writeFileSync)(mcpConfigPath, JSON.stringify(mcpConfig, null, 2), 'utf-8');
+            (0, config_js_1.ensurePrivateFile)(mcpConfigPath);
+        }
+        catch {
+            // Best effort — MCP registration failure is non-fatal
+        }
+    }
     logSessionStart(session, sessionId);
     printSessionInfo(session, sessionId, runtime);
-    // Start settings UI server alongside the session
-    const uiServer = (0, ui_js_1.startUI)(7700, false);
     if (footerMode === 'once') {
         console.log(footerLine);
     }
     const wantsSticky = footerMode === 'sticky';
-    if (wantsSticky) {
-        if (!process.stdout.isTTY || !process.stdin.isTTY) {
-            log.step('Sticky footer needs a TTY; using one-time footer.');
+    const needsOAuthPtyFallback = !!oauthInterceptor;
+    const hasTty = !!(process.stdout.isTTY && process.stdin.isTTY);
+    const shouldUsePty = hasTty && (wantsSticky || needsOAuthPtyFallback);
+    if (shouldUsePty) {
+        const pty = await loadPty();
+        if (!pty) {
+            if (wantsSticky) {
+                log.step('Sticky footer requires node-pty. Using one-time footer.');
+            }
+            else if (needsOAuthPtyFallback) {
+                log.step('OAuth URL fallback interceptor unavailable (node-pty missing).');
+            }
         }
         else {
-            const pty = await loadPty();
-            if (!pty) {
-                log.step('Sticky footer requires node-pty. Using one-time footer.');
+            let runtimePath;
+            try {
+                runtimePath = (0, child_process_1.execFileSync)('which', [runtime], { encoding: 'utf-8' }).trim();
             }
-            else {
-                let runtimePath;
-                try {
-                    runtimePath = (0, child_process_1.execFileSync)('which', [runtime], { encoding: 'utf-8' }).trim();
-                }
-                catch {
-                    runtimePath = runtime;
-                }
-                const cleanEnv = {};
-                for (const [k, v] of Object.entries(process.env)) {
-                    if (v !== undefined)
-                        cleanEnv[k] = v;
-                }
-                const cols = process.stdout.columns || 80;
-                const rows = process.stdout.rows || 24;
-                const child = pty.spawn(runtimePath, args, {
+            catch {
+                runtimePath = runtime;
+            }
+            const cleanEnv = {};
+            for (const [k, v] of Object.entries(process.env)) {
+                if (v !== undefined)
+                    cleanEnv[k] = v;
+            }
+            const cols = process.stdout.columns || 80;
+            const rows = process.stdout.rows || 24;
+            let child;
+            try {
+                child = pty.spawn(runtimePath, args, {
                     name: 'xterm-256color',
                     cols,
                     rows,
                     cwd: process.cwd(),
                     env: cleanEnv,
                 });
+            }
+            catch (err) {
+                log.step(`PTY spawn failed (${err?.message ?? String(err)}). Falling back to standard spawn.`);
+                // Fall through to standard spawn path below.
+                child = null;
+            }
+            if (!child) {
+                // Continue below with non-PTY spawn.
+            }
+            else {
                 let exited = false;
                 const resizeHandler = () => {
                     child.resize(process.stdout.columns || 80, process.stdout.rows || 24);
-                    renderStickyFooter(footerLine);
+                    if (wantsSticky) {
+                        renderStickyFooter(footerLine);
+                    }
                 };
                 process.stdout.on('resize', resizeHandler);
-                renderStickyFooter(footerLine);
+                if (wantsSticky) {
+                    renderStickyFooter(footerLine);
+                }
                 child.onData((data) => {
                     if (oauthInterceptor)
                         oauthInterceptor.feed(data);
                     process.stdout.write(data);
-                    renderStickyFooter(footerLine);
+                    if (wantsSticky) {
+                        renderStickyFooter(footerLine);
+                    }
                 });
                 if (process.stdin.isTTY) {
                     process.stdin.setRawMode(true);
@@ -815,7 +1192,9 @@ async function startSession(session) {
                     if (timeoutHandle)
                         clearTimeout(timeoutHandle);
                     browserHook?.cleanup();
-                    uiServer.close();
+                    cleanupSlurm();
+                    removeSessionFile(sessionId, session.sharedSessionsDir);
+                    cleanupLabgateInstruction();
                     if (process.stdin.isTTY) {
                         process.stdin.setRawMode(false);
                     }
@@ -830,6 +1209,12 @@ async function startSession(session) {
             }
         }
     }
+    else if (wantsSticky) {
+        log.step('Sticky footer needs a TTY; using one-time footer.');
+    }
+    else if (needsOAuthPtyFallback && !hasTty) {
+        log.step('OAuth URL fallback interceptor requires a TTY; relying on BROWSER hook only.');
+    }
     if (footerMode === 'sticky') {
         console.log(footerLine);
     }
@@ -843,7 +1228,9 @@ async function startSession(session) {
         if (timeoutHandle)
             clearTimeout(timeoutHandle);
         browserHook?.cleanup();
-        uiServer.close();
+        cleanupSlurm();
+        removeSessionFile(sessionId, session.sharedSessionsDir);
+        cleanupLabgateInstruction();
         logSessionEnd(session, sessionId, code ?? 0);
         process.exit(code ?? 0);
     });
@@ -853,36 +1240,40 @@ async function startSession(session) {
 }
 // ── List running sessions ─────────────────────────────────
 async function listSessions() {
-    const config = (0, config_js_1.loadConfig)();
-    let runtime;
-    try {
-        runtime = (0, runtime_js_1.getRuntime)(config.runtime);
-    }
-    catch (err) {
-        console.error(err.message ?? String(err));
-        process.exit(1);
-    }
-    if ((0, runtime_js_1.isApptainerFamily)(runtime)) {
-        log.info('Apptainer sessions run as processes. Use:');
-        log.step('ps aux | grep apptainer');
+    const dir = (0, config_js_1.getSessionsDir)();
+    if (!(0, fs_1.existsSync)(dir)) {
+        log.info('No active sessions.');
         return;
     }
-    try {
-        const output = (0, child_process_1.execFileSync)(runtime, [
-            'ps',
-            '--filter', 'name=labgate-',
-            '--format', '{{.Names}}\t{{.Status}}\t{{.RunningFor}}',
-        ], { encoding: 'utf-8' }).trim();
-        if (!output) {
-            log.info('No active sessions.');
-            return;
+    const localHost = (0, os_1.hostname)();
+    const files = (0, fs_1.readdirSync)(dir).filter(f => f.endsWith('.json'));
+    const sessions = [];
+    for (const file of files) {
+        try {
+            const data = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(dir, file), 'utf-8'));
+            // Check if process is still alive (local node only)
+            if (data.node === localHost) {
+                try {
+                    process.kill(data.pid, 0);
+                }
+                catch {
+                    (0, fs_1.unlinkSync)((0, path_1.join)(dir, file));
+                    continue;
+                }
+            }
+            sessions.push(data);
         }
-        log.header('Active sessions');
-        console.log('NAME\t\t\tSTATUS\t\tRUNNING');
-        console.log(output);
+        catch { /* skip unparseable */ }
     }
-    catch {
+    if (sessions.length === 0) {
         log.info('No active sessions.');
+        return;
+    }
+    log.header('Active sessions');
+    console.log('ID\t\tAGENT\tNODE\t\tWORKDIR\t\t\tSTARTED');
+    for (const s of sessions) {
+        const started = s.started?.slice(11, 19) ?? '';
+        console.log(`${s.id}\t${s.agent}\t${s.node}\t\t${s.workdir}\t${started}`);
     }
 }
 // ── Stop a session ────────────────────────────────────────
@@ -912,4 +1303,85 @@ async function stopSession(id) {
         process.exit(1);
     }
 }
+/**
+ * Restart a running session with fresh config.
+ * Stops the old process (via SIGTERM from session file), waits for cleanup,
+ * then relaunches the same agent/workdir with the current config.
+ */
+async function restartSession(id, opts) {
+    const dir = (0, config_js_1.getSessionsDir)();
+    const localHost = (0, os_1.hostname)();
+    if (!(0, fs_1.existsSync)(dir)) {
+        log.error(`No sessions directory found.`);
+        process.exit(1);
+    }
+    // Find session by ID or prefix
+    const files = (0, fs_1.readdirSync)(dir).filter(f => f.endsWith('.json'));
+    let sessionData = null;
+    let sessionFile = null;
+    for (const file of files) {
+        try {
+            const data = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(dir, file), 'utf-8'));
+            if (data.id === id || data.id.startsWith(id)) {
+                sessionData = data;
+                sessionFile = (0, path_1.join)(dir, file);
+                break;
+            }
+        }
+        catch { /* skip unparseable */ }
+    }
+    if (!sessionData || !sessionFile) {
+        log.error(`Session "${id}" not found.`);
+        process.exit(1);
+    }
+    if (sessionData.node !== localHost) {
+        log.error(`Session is on node "${sessionData.node}", not this host ("${localHost}").`);
+        process.exit(1);
+    }
+    const { agent, workdir } = sessionData;
+    if (!agent || !workdir) {
+        log.error('Session file is missing agent or workdir.');
+        process.exit(1);
+    }
+    log.info(`Restarting session ${sessionData.id} (${agent} in ${workdir})`);
+    // 1. Stop the old session
+    log.step('Stopping old session...');
+    try {
+        process.kill(sessionData.pid, 'SIGTERM');
+    }
+    catch {
+        log.warn('Process already stopped.');
+    }
+    // 2. Wait for cleanup (up to 10 seconds)
+    const deadline = Date.now() + 10_000;
+    while ((0, fs_1.existsSync)(sessionFile) && Date.now() < deadline) {
+        await new Promise(r => setTimeout(r, 200));
+    }
+    if ((0, fs_1.existsSync)(sessionFile)) {
+        try {
+            (0, fs_1.unlinkSync)(sessionFile);
+        }
+        catch { /* best effort */ }
+    }
+    log.success('Old session stopped.');
+    if (opts.dryRun) {
+        log.info('Dry run — would start new session with fresh config.');
+        return;
+    }
+    // 3. Load fresh config and start new session
+    // Use dynamic import to avoid circular dependency
+    const { loadEffectiveConfig } = await import('./config.js');
+    const effective = loadEffectiveConfig();
+    const config = effective.config;
+    log.step('Starting new session with fresh config...');
+    await startSession({
+        agent,
+        workdir,
+        config,
+        dryRun: false,
+        footerMode: 'once',
+        sharedSessionsDir: effective.sharedSessionsDir,
+        sharedAuditDir: effective.sharedAuditDir,
+    });
+}
 //# sourceMappingURL=container.js.map