Implements sandbox-agent-managed hooks that work universally across all agents
(Claude, Codex, OpenCode, Amp, Mock). Hooks are shell commands executed at
specific lifecycle points in a session.
## Hook Types
- on_session_start - Executed when a session is created
- on_session_end - Executed when a session terminates
- on_message_start - Executed before processing each message
- on_message_end - Executed after each message is fully processed
## Features
- Hooks are configured via the API when creating sessions
- Environment variables provide context (SANDBOX_SESSION_ID, SANDBOX_AGENT, etc.)
- Configurable timeout per hook
- continue_on_failure option to control execution flow
- Working directory support for hook execution
## API Changes
- CreateSessionRequest now accepts optional 'hooks' and 'workingDir' fields
- HooksConfig and HookDefinition schemas added to OpenAPI spec
## Testing
- 8 unit tests for hook execution
- 9 integration tests using mock agent with snapshot testing
- Tests cover all lifecycle hooks, multiple hooks, failure handling, and env vars
* feat: add Claude adapter improvements for HITL support
- Add question and permission handling for Claude sessions
- Add Claude sender channel for interactive communication
- Add stream event and control request handling
- Update agent compatibility documentation
* fix: restore Claude HITL streaming input and permission handling
- Add streaming_input field to SpawnOptions for Claude stdin streaming
- Enable --input-format stream-json, --permission-prompt-tool stdio flags
- Pipe stdin for Claude (not just Codex) in spawn_streaming
- Update Claude capabilities: permissions, questions, tool_calls, tool_results, streaming_deltas
- Fix permission mode normalization to respect user's choice instead of forcing bypass
- Add acceptEdits permission mode support
- Add libc dependency for is_running_as_root check
- Enable CORS for https://inspect.sandboxagent.dev by default
- Add --no-inspector-cors flag to opt out
- Additional --cors-allow-origin flags are now cumulative with inspector
- Inspector now tries current origin first before localhost:2468 fallback
Previously used cfg!(target_env = "musl") which checks compile-time,
causing musl-compiled sandbox-agent to always download musl binaries
even on glibc systems like Debian/E2B.
Now checks for /lib/ld-musl-*.so.1 at runtime to detect the actual
system libc and download the correct Claude binary variant.
- Restructure examples into individual packages per provider (daytona, docker, e2b, vercel) with shared utilities in @sandbox-agent/example-shared
- Make Claude plan mode prompt-only (no longer requires permissionMode=plan)
- Claude now defaults to bypass permission mode
- Add agent_file_edit_flow test for file editing capabilities
- Fix Daytona file permission setting to use executeCommand
OpenCode's embedded bun hangs indefinitely when trying to install the
@gitlab/opencode-gitlab-auth plugin with --force, blocking all SSE
event streaming. Skip OpenCode in http_events_snapshots,
sse_events_snapshots, and concurrency_snapshots tests until the
upstream issue is resolved.
The basic API endpoint tests (install, modes, sessions) still work
for OpenCode.
- Add test_permission_mode() helper to use "default" for OpenCode
(it only supports default, not bypass or plan modes)
- Fix OAuth health check to accept 403 "Missing scopes" as valid auth
(OAuth tokens may lack api.model.read scope but still work for agents)
- Skip OpenCode in approval_flow_snapshots (doesn't support plan mode)
- Make sessions_list_global snapshot agent-agnostic (just check count)
- Add new snapshots for Codex and OpenCode agents
