Three independent fixes for the OpenCode agent adapter:
1. Wrong API endpoints: /event/subscribe → /event, /session/{id}/prompt → /session/{id}/message
2. Untagged enum mis-dispatch: replace serde_json::from_value with manual type-field dispatch
3. Wire permissionMode "bypass" for OpenCode: allow in normalize_permission_mode() and pass
--dangerously-skip-permissions to CLI (both spawn and spawn_streaming)
Tested with OpenCode 1.1.48 + Kimi K2.5.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds support for system, user, assistant, and result message types to the AMP schema, along with associated fields like subtype, session_id, tools, and duration metrics. Updates the schema validation and adds corresponding test cases. Also improves the command-line argument handling in the agent management package to accommodate the new message types and streamlined permission flags.
The changes enhance the schema's flexibility for different interaction patterns and provide better tracking of agent operations.
- Add Cursor to AgentId enum
- Implement install_cursor() function for binary installation
- Add Cursor spawn logic with JSON format support
- Update README to mention Cursor support in all relevant sections
Cursor-agent runs on localhost:32123 and uses OpenCode-compatible format.
Based on opencode-cursor-auth pattern for Cursor Pro integration.
Resolves#118
* chore: remove inspect.sandboxagent.dev in favor of /ui/
* chore: add 404 page
* fix: correct inspector package name in Dockerfiles and add .dockerignore
- Change @anthropic-ai/sdk-inspector to @sandbox-agent/inspector in all Dockerfiles
- Add .dockerignore to exclude target/, node_modules/, etc from Docker context
The wrong package name caused pnpm install --filter to match nothing, so the
inspector frontend was never built, resulting in binaries without the /ui/ endpoint.
* chore: cargo fmt
* chore(release): update version to 0.1.4-rc.7
The spawn_streaming() function was not passing environment variables
from SpawnOptions.env to the spawned process. This caused agents like
Claude to not receive ANTHROPIC_API_KEY, resulting in silent
authentication failures.
The non-streaming spawn() method correctly passes env vars (lines 298-300),
but spawn_streaming() was missing this code path.
This fix adds the same env var loop to spawn_streaming(), ensuring that
credentials extracted from the host environment are properly passed to
spawned agents.
* feat: add Claude adapter improvements for HITL support
- Add question and permission handling for Claude sessions
- Add Claude sender channel for interactive communication
- Add stream event and control request handling
- Update agent compatibility documentation
* fix: restore Claude HITL streaming input and permission handling
- Add streaming_input field to SpawnOptions for Claude stdin streaming
- Enable --input-format stream-json, --permission-prompt-tool stdio flags
- Pipe stdin for Claude (not just Codex) in spawn_streaming
- Update Claude capabilities: permissions, questions, tool_calls, tool_results, streaming_deltas
- Fix permission mode normalization to respect user's choice instead of forcing bypass
- Add acceptEdits permission mode support
- Add libc dependency for is_running_as_root check
Previously used cfg!(target_env = "musl") which checks compile-time,
causing musl-compiled sandbox-agent to always download musl binaries
even on glibc systems like Debian/E2B.
Now checks for /lib/ld-musl-*.so.1 at runtime to detect the actual
system libc and download the correct Claude binary variant.
- Add test_permission_mode() helper to use "default" for OpenCode
(it only supports default, not bypass or plan modes)
- Fix OAuth health check to accept 403 "Missing scopes" as valid auth
(OAuth tokens may lack api.model.read scope but still work for agents)
- Skip OpenCode in approval_flow_snapshots (doesn't support plan mode)
- Make sessions_list_global snapshot agent-agnostic (just check count)
- Add new snapshots for Codex and OpenCode agents
