* Fix Foundry auth: migrate to Better Auth adapter, fix access token retrieval
- Remove @ts-nocheck from better-auth.ts, auth-user/index.ts, app-shell.ts
and fix all type errors
- Fix getAccessTokenForSession: read GitHub token directly from account
record instead of calling Better Auth's internal /get-access-token
endpoint which returns 403 on server-side calls
- Re-implement workspaceAuth helper functions (workspaceAuthColumn,
normalizeAuthValue, workspaceAuthClause, workspaceAuthWhere) that were
accidentally deleted
- Remove all retry logic (withRetries, isRetryableAppActorError)
- Implement CORS origin allowlist from configured environment
- Document cachedAppWorkspace singleton pattern
- Add inline org sync fallback in buildAppSnapshot for post-OAuth flow
- Add no-retry rule to CLAUDE.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add Foundry dev panel from fix-git-data branch
Port the dev panel component that was left out when PR #243 was replaced
by PR #247. Adapted to remove runtime/mock-debug references that don't
exist on the current branch.
- Toggle with Shift+D, persists visibility to localStorage
- Shows context, session, GitHub sync status sections
- Dev-only (import.meta.env.DEV)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add full Docker image defaults, fix actor deadlocks, and improve dev experience
- Add Dockerfile.full and --all flag to install-agent CLI for pre-built images
- Centralize Docker image constant (FULL_IMAGE) pinned to 0.3.1-full
- Remove examples/shared/Dockerfile{,.dev} and daytona snapshot example
- Expand Docker docs with full runnable Dockerfile
- Fix self-deadlock in createWorkbenchSession (fire-and-forget provisioning)
- Audit and convert 12 task actions from wait:true to wait:false
- Add bun --hot for dev backend hot reload
- Remove --force from pnpm install in dev Dockerfile for faster startup
- Add env_file support to compose.dev.yaml for automatic credential loading
- Add mock frontend compose config and dev panel
- Update CLAUDE.md with wait:true policy and dev environment setup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* WIP: async action fixes and interest manager
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix Foundry UI bugs: org names, hanging sessions, and wrong repo creation
- Fix org display name using GitHub description instead of name field
- Fix createWorkbenchSession hanging when sandbox is provisioning
- Fix auto-session creation retry storm on errors
- Fix task creation using wrong repo due to React state race conditions
- Remove Bun hot-reload from backend Dockerfile (causes port drift)
- Add GitHub sync/install status to dev panel
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
docker on osx runs as linux-arm64 and there's no build for that. TBH, this is completely vibe coded but I did manually but I did look through this and seems right to me.
* fix: add postinstall chmod for npm binary permissions
* fix: report npm package version instead of compiled binary version
The --version flag now reports the version from package.json instead of the
version compiled into the Rust binary. This ensures the version matches what
was installed via npm, even when binaries are reused from previous releases.
* fix: bake version into binary at build time
Instead of hacking around the version in the Node.js wrapper script,
properly pass the version at build time via SANDBOX_AGENT_VERSION env var.
Changes:
- build.rs: Generate version.rs with VERSION constant from env var
- main.rs: Use generated version constant for clap --version
- Dockerfiles: Accept SANDBOX_AGENT_VERSION as build arg
- build.sh: Pass version as second argument to Docker builds
- release.yaml: Pass version to build script during CI
- Remove version hack from sdks/cli/bin/sandbox-agent wrapper
The version is now baked into the binary during the release build,
ensuring --version reports the correct npm package version.
## Summary
- Add Node.js build stage to all release Dockerfiles to build the inspector frontend
- Copy pre-built inspector assets into Rust build stages so they get embedded in binaries
- Remove `SANDBOX_AGENT_SKIP_INSPECTOR=1` from all Dockerfiles and the release workflow
## Test plan
- [ ] Build linux-x86_64 locally: `docker/release/build.sh x86_64-unknown-linux-musl`
- [ ] Run the binary and verify inspector is embedded (should show "inspector ui available")
- [ ] Access the inspector UI at http://localhost:2468/ui/🤖 Generated with [Claude Code](https://claude.ai/code)
