diff --git a/docs/security.mdx b/docs/security.mdx
index ec00f49..b8a28e5 100644
--- a/docs/security.mdx
+++ b/docs/security.mdx
@@ -53,6 +53,27 @@ export const workspace = actor({
     events: [] as Array<{ userId: string; prompt: string; createdAt: number }>,
   },
 
+  createVars: async (c) => {
+    // Connect to Sandbox Agent from the actor (server-side only).
+    // Sandbox credentials never reach the client.
+    const sdk = await SandboxAgent.connect({
+      baseUrl: process.env.SANDBOX_URL!,
+      token: process.env.SANDBOX_TOKEN,
+    });
+
+    const session = await sdk.resumeOrCreateSession({ id: "default", agent: "claude" });
+
+    const unsubscribe = session.onEvent((event) => {
+      c.broadcast("session.event", {
+        eventIndex: event.eventIndex,
+        sender: event.sender,
+        payload: event.payload,
+      });
+    });
+
+    return { sdk, session, unsubscribe };
+  },
+
   onBeforeConnect: async (c, params: ConnParams) => {
     const claims = await verifyWorkspaceToken(params.accessToken, c.key[0]);
     if (!claims) {
@@ -83,28 +104,7 @@ export const workspace = actor({
         throw new UserError("Insufficient permissions", { code: "forbidden" });
       }
 
-      // Connect to Sandbox Agent from the actor (server-side only).
-      // Sandbox credentials never reach the client.
-      const sdk = await SandboxAgent.connect({
-        baseUrl: process.env.SANDBOX_URL!,
-        token: process.env.SANDBOX_TOKEN,
-      });
-
-      const session = await sdk.createSession({
-        agent: "claude",
-        sessionInit: { cwd: "/workspace" },
-      });
-
-      session.onEvent((event) => {
-        c.broadcast("session.event", {
-          userId: c.conn!.state.userId,
-          eventIndex: event.eventIndex,
-          sender: event.sender,
-          payload: event.payload,
-        });
-      });
-
-      const result = await session.prompt([
+      const result = await c.vars.session.prompt([
         { type: "text", text: prompt },
       ]);
 
@@ -117,6 +117,11 @@ export const workspace = actor({
       return { stopReason: result.stopReason };
     },
   },
+
+  onSleep: async (c) => {
+    c.vars.unsubscribe?.();
+    await c.vars.sdk.dispose();
+  },
 });
 ```
 
diff --git a/sdks/persist-rivet/package.json b/sdks/persist-rivet/package.json
index 4eb1791..8440b14 100644
--- a/sdks/persist-rivet/package.json
+++ b/sdks/persist-rivet/package.json
@@ -20,7 +20,7 @@
     "sandbox-agent": "workspace:*"
   },
   "peerDependencies": {
-    "rivetkit": ">=0.5.0"
+    "rivetkit": ">=2.0.0"
   },
   "peerDependenciesMeta": {
     "rivetkit": {