Three independent fixes for the OpenCode agent adapter:
1. Wrong API endpoints: /event/subscribe → /event, /session/{id}/prompt → /session/{id}/message
2. Untagged enum mis-dispatch: replace serde_json::from_value with manual type-field dispatch
3. Wire permissionMode "bypass" for OpenCode: allow in normalize_permission_mode() and pass
--dangerously-skip-permissions to CLI (both spawn and spawn_streaming)
Tested with OpenCode 1.1.48 + Kimi K2.5.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds support for system, user, assistant, and result message types to the AMP schema, along with associated fields like subtype, session_id, tools, and duration metrics. Updates the schema validation and adds corresponding test cases. Also improves the command-line argument handling in the agent management package to accommodate the new message types and streamlined permission flags.
The changes enhance the schema's flexibility for different interaction patterns and provide better tracking of agent operations.
- Add Cursor to AgentId enum
- Implement install_cursor() function for binary installation
- Add Cursor spawn logic with JSON format support
- Update README to mention Cursor support in all relevant sections
Cursor-agent runs on localhost:32123 and uses OpenCode-compatible format.
Based on opencode-cursor-auth pattern for Cursor Pro integration.
Resolves#118
## Summary
Fix credential detection bugs and add credential availability status to the API. Consolidate Claude fallback models and add `sonnet` alias.
Builds on #109 (OAuth token support).
Related issues:
- Fixes#117 (Claude, Codex not showing up in gigacode)
- Related to #113 (Default agent should be Claude Code)
## Changes
### Credential detection fixes
- **`agent-credentials/src/lib.rs`**: Fix `?` operator bug in `extract_claude_credentials` - now continues to next config path if one is missing instead of returning early
### API credential status
- **`sandbox-agent/src/router.rs`**: Add `credentialsAvailable` field to `AgentInfo` struct
- **`/v1/agents`** endpoint now reports whether each agent has valid credentials
### OpenCode provider improvements
- **`sandbox-agent/src/opencode_compat.rs`**: Build `connected` array based on actual credential availability, not just model presence
- Check provider-specific credentials for OpenCode groups (e.g., `opencode:anthropic` only connected if Anthropic creds available)
- Add logging when credential extraction fails in model cache building
### Fallback model consolidation
- Renamed `claude_oauth_fallback_models()` → `claude_fallback_models()` (used for all fallback cases, not just OAuth)
- Added `sonnet` to fallback models (confirmed working via headless CLI test)
- Added `codex_fallback_models()` for Codex when credentials missing
- Added comment explaining aliases work for both API and OAuth users
### Documentation
- **`docs/credentials.mdx`**: New reference doc covering credential sources, extraction behavior, and error handling
- Documents that extraction failures are silent (not errors)
- Documents that agents spawn without credential pre-validation
### Inspector UI
- **`AgentsTab.tsx`**: Added credential status pill showing "Authenticated" or "No Credentials"
## Error Handling Philosophy
- **Extraction failures are silent**: Missing/malformed config files don't error, just continue to next source
- **Agents spawn without credential validation**: No pre-flight auth check; agent's native error surfaces if credentials are missing
- **Fallback models for UI**: When credentials missing, show alias-based models so users can still configure sessions
## Validation
- Tested Claude Code model aliases via headless CLI:
- `claude --model default --print "say hi"` ✓
- `claude --model sonnet --print "say hi"` ✓
- `claude --model haiku --print "say hi"` ✓
- Build passes
- TypeScript types regenerated with `credentialsAvailable` field
- Fix tool name lost on ToolResult events (persist via tool_name_by_call)
- Fix tool input lost on ToolResult events (persist via tool_args_by_call)
- Fix tool output in wrong field (error -> output)
- Fix text doubling in streaming (defer emit to ItemCompleted)
- Fix missing delta field in text streaming events
- Default server mode to no-token when --token not specified
- Add install-fast-sa and install-fast-gigacode justfile targets
## Summary
- Adds a `session_created` telemetry event that fires when a new session is created
- Logs safe session config fields: agent, agent_mode, permission_mode, model, variant
- Does not include workdir or any sensitive paths
- Respects existing telemetry enabled/disabled flag (`--no-telemetry`)
- Sends asynchronously via spawned task to avoid blocking session creation
## Test plan
- [x] `cargo check` passes
- [ ] Verify event reaches telemetry endpoint with correct fields
- [ ] Verify no event is sent when `--no-telemetry` is set
* fix: add postinstall chmod for npm binary permissions
* fix: report npm package version instead of compiled binary version
The --version flag now reports the version from package.json instead of the
version compiled into the Rust binary. This ensures the version matches what
was installed via npm, even when binaries are reused from previous releases.
* fix: bake version into binary at build time
Instead of hacking around the version in the Node.js wrapper script,
properly pass the version at build time via SANDBOX_AGENT_VERSION env var.
Changes:
- build.rs: Generate version.rs with VERSION constant from env var
- main.rs: Use generated version constant for clap --version
- Dockerfiles: Accept SANDBOX_AGENT_VERSION as build arg
- build.sh: Pass version as second argument to Docker builds
- release.yaml: Pass version to build script during CI
- Remove version hack from sdks/cli/bin/sandbox-agent wrapper
The version is now baked into the binary during the release build,
ensuring --version reports the correct npm package version.
* chore: remove inspect.sandboxagent.dev in favor of /ui/
* chore: add 404 page
* fix: correct inspector package name in Dockerfiles and add .dockerignore
- Change @anthropic-ai/sdk-inspector to @sandbox-agent/inspector in all Dockerfiles
- Add .dockerignore to exclude target/, node_modules/, etc from Docker context
The wrong package name caused pnpm install --filter to match nothing, so the
inspector frontend was never built, resulting in binaries without the /ui/ endpoint.
* chore: cargo fmt
* chore(release): update version to 0.1.4-rc.7
The spawn_streaming() function was not passing environment variables
from SpawnOptions.env to the spawned process. This caused agents like
Claude to not receive ANTHROPIC_API_KEY, resulting in silent
authentication failures.
The non-streaming spawn() method correctly passes env vars (lines 298-300),
but spawn_streaming() was missing this code path.
This fix adds the same env var loop to spawn_streaming(), ensuring that
credentials extracted from the host environment are properly passed to
spawned agents.
