* feat: add process management API
Introduces a complete Process Management API for Sandbox Agent with process lifecycle management (start, stop, kill, delete), one-shot command execution, log streaming via SSE and WebSocket, stdin input, and PTY/terminal support. Includes new process_runtime module for managing process state, HTTP route handlers, OpenAPI documentation, and integration tests.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* fix: address review issues in process management API
- Add doc comments to all 13 new #[utoipa::path] handlers (CLAUDE.md compliance)
- Fix send_signal ESRCH check: use raw_os_error() == Some(libc::ESRCH) instead of ErrorKind::NotFound
- Add max_input_bytes_per_request enforcement in WebSocket terminal handler
- URL-decode access_token query parameter for WebSocket auth
- Replace fragile string prefix matching with proper SandboxError::NotFound variant
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* feat: add TypeScript SDK support for process management
Add process CRUD operations (create, get, list, update, delete) and
event streaming to the TypeScript SDK. Includes integration tests,
mock agent updates, and test environment fixes for cross-platform
home directory handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: provide WebSocket impl for process terminal test on Node 20
Node 20 lacks globalThis.WebSocket. Add ws as a devDependency and
pass it to connectProcessTerminalWebSocket in the integration test
so CI no longer fails.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
The sandbox-agent SDK build script was missing the cli-shared build
step, causing DTS build failures in CI when cli-shared wasn't
pre-built.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add delete button on ended sessions (visible on hover)
- Darken ended sessions with opacity and "ended" pill badge
- Sort ended sessions to bottom of list
- Add token usage pill in chat header
- Disable input when session ended
- Add Official Skills dropdown with SDK and Rivet presets
- Format session IDs shorter with full ID on hover
- Add arrow icon to "Configure persistence" link
- Add agent logo SVGs
## Summary
Fix credential detection bugs and add credential availability status to the API. Consolidate Claude fallback models and add `sonnet` alias.
Builds on #109 (OAuth token support).
Related issues:
- Fixes#117 (Claude, Codex not showing up in gigacode)
- Related to #113 (Default agent should be Claude Code)
## Changes
### Credential detection fixes
- **`agent-credentials/src/lib.rs`**: Fix `?` operator bug in `extract_claude_credentials` - now continues to next config path if one is missing instead of returning early
### API credential status
- **`sandbox-agent/src/router.rs`**: Add `credentialsAvailable` field to `AgentInfo` struct
- **`/v1/agents`** endpoint now reports whether each agent has valid credentials
### OpenCode provider improvements
- **`sandbox-agent/src/opencode_compat.rs`**: Build `connected` array based on actual credential availability, not just model presence
- Check provider-specific credentials for OpenCode groups (e.g., `opencode:anthropic` only connected if Anthropic creds available)
- Add logging when credential extraction fails in model cache building
### Fallback model consolidation
- Renamed `claude_oauth_fallback_models()` → `claude_fallback_models()` (used for all fallback cases, not just OAuth)
- Added `sonnet` to fallback models (confirmed working via headless CLI test)
- Added `codex_fallback_models()` for Codex when credentials missing
- Added comment explaining aliases work for both API and OAuth users
### Documentation
- **`docs/credentials.mdx`**: New reference doc covering credential sources, extraction behavior, and error handling
- Documents that extraction failures are silent (not errors)
- Documents that agents spawn without credential pre-validation
### Inspector UI
- **`AgentsTab.tsx`**: Added credential status pill showing "Authenticated" or "No Credentials"
## Error Handling Philosophy
- **Extraction failures are silent**: Missing/malformed config files don't error, just continue to next source
- **Agents spawn without credential validation**: No pre-flight auth check; agent's native error surfaces if credentials are missing
- **Fallback models for UI**: When credentials missing, show alias-based models so users can still configure sessions
## Validation
- Tested Claude Code model aliases via headless CLI:
- `claude --model default --print "say hi"` ✓
- `claude --model sonnet --print "say hi"` ✓
- `claude --model haiku --print "say hi"` ✓
- Build passes
- TypeScript types regenerated with `credentialsAvailable` field
docker on osx runs as linux-arm64 and there's no build for that. TBH, this is completely vibe coded but I did manually but I did look through this and seems right to me.
* docs: add Cloudflare Sandbox SDK deployment guide
- Add docs/deploy/cloudflare.mdx with full deployment guide
- Add examples/cloudflare/ with working Worker code
- Update docs navigation to include Cloudflare option
- Update deploy index page with Cloudflare card
The example shows how to run sandbox-agent inside a Cloudflare Sandbox
with exposed ports for API access.
Co-authored-by: Shelley <shelley@exe.dev>
* fix: guard server startup to avoid port conflicts
Add health check before starting sandbox-agent to prevent 'address already
in use' errors on subsequent requests. The isServerRunning() function probes
the health endpoint to determine if setup should be skipped.
Co-authored-by: Shelley <shelley@exe.dev>
* fix: default cloudflare/sandbox:0.7.0 (latest does not exist)
* feat(cloudflare): add React frontend and improve deployment docs
- Add React + Vite frontend for Cloudflare example with sandbox-agent SDK
- Update ensureRunning to poll health endpoint instead of fixed wait
- Fix SDK fetch binding issue (globalThis.fetch.bind)
- Update docs with .dev.vars format warning and container caching tip
- Use containerFetch proxy pattern for reliable local dev
---------
Co-authored-by: Shelley <shelley@exe.dev>
Co-authored-by: Nathan Flurry <git@nathanflurry.com>
Co-authored-by: Nathan Flurry <developer@nathanflurry.com>
* fix: fix bun install bug
* refactor: consolidate executable check into assertExecutable helper
- Add assertExecutable() to cli-shared that checks and attempts chmod
- Simplify CLI and SDK spawn code to use the shared helper
- Fix cli-shared package.json exports (.js not .mjs)
- Add global install instructions to SDK error message
* chore(release): update version to 0.1.6-rc.1
* fix: add cli-shared package to Dockerfiles
* chore(release): update version to 0.1.6-rc.1
* fix: add cli-shared publishing to release workflow
* chore(release): update version to 0.1.6-rc.1
* fix: handle already-exists error during crate publish
* chore(release): update version to 0.1.6-rc.1
* fix: add postinstall chmod for npm binary permissions
* fix: report npm package version instead of compiled binary version
The --version flag now reports the version from package.json instead of the
version compiled into the Rust binary. This ensures the version matches what
was installed via npm, even when binaries are reused from previous releases.
* fix: bake version into binary at build time
Instead of hacking around the version in the Node.js wrapper script,
properly pass the version at build time via SANDBOX_AGENT_VERSION env var.
Changes:
- build.rs: Generate version.rs with VERSION constant from env var
- main.rs: Use generated version constant for clap --version
- Dockerfiles: Accept SANDBOX_AGENT_VERSION as build arg
- build.sh: Pass version as second argument to Docker builds
- release.yaml: Pass version to build script during CI
- Remove version hack from sdks/cli/bin/sandbox-agent wrapper
The version is now baked into the binary during the release build,
ensuring --version reports the correct npm package version.
* chore: remove inspect.sandboxagent.dev in favor of /ui/
* chore: add 404 page
* fix: correct inspector package name in Dockerfiles and add .dockerignore
- Change @anthropic-ai/sdk-inspector to @sandbox-agent/inspector in all Dockerfiles
- Add .dockerignore to exclude target/, node_modules/, etc from Docker context
The wrong package name caused pnpm install --filter to match nothing, so the
inspector frontend was never built, resulting in binaries without the /ui/ endpoint.
* chore: cargo fmt
* chore(release): update version to 0.1.4-rc.7
