* Fix Foundry auth: migrate to Better Auth adapter, fix access token retrieval
- Remove @ts-nocheck from better-auth.ts, auth-user/index.ts, app-shell.ts
and fix all type errors
- Fix getAccessTokenForSession: read GitHub token directly from account
record instead of calling Better Auth's internal /get-access-token
endpoint which returns 403 on server-side calls
- Re-implement workspaceAuth helper functions (workspaceAuthColumn,
normalizeAuthValue, workspaceAuthClause, workspaceAuthWhere) that were
accidentally deleted
- Remove all retry logic (withRetries, isRetryableAppActorError)
- Implement CORS origin allowlist from configured environment
- Document cachedAppWorkspace singleton pattern
- Add inline org sync fallback in buildAppSnapshot for post-OAuth flow
- Add no-retry rule to CLAUDE.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add Foundry dev panel from fix-git-data branch
Port the dev panel component that was left out when PR #243 was replaced
by PR #247. Adapted to remove runtime/mock-debug references that don't
exist on the current branch.
- Toggle with Shift+D, persists visibility to localStorage
- Shows context, session, GitHub sync status sections
- Dev-only (import.meta.env.DEV)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add full Docker image defaults, fix actor deadlocks, and improve dev experience
- Add Dockerfile.full and --all flag to install-agent CLI for pre-built images
- Centralize Docker image constant (FULL_IMAGE) pinned to 0.3.1-full
- Remove examples/shared/Dockerfile{,.dev} and daytona snapshot example
- Expand Docker docs with full runnable Dockerfile
- Fix self-deadlock in createWorkbenchSession (fire-and-forget provisioning)
- Audit and convert 12 task actions from wait:true to wait:false
- Add bun --hot for dev backend hot reload
- Remove --force from pnpm install in dev Dockerfile for faster startup
- Add env_file support to compose.dev.yaml for automatic credential loading
- Add mock frontend compose config and dev panel
- Update CLAUDE.md with wait:true policy and dev environment setup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* WIP: async action fixes and interest manager
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix Foundry UI bugs: org names, hanging sessions, and wrong repo creation
- Fix org display name using GitHub description instead of name field
- Fix createWorkbenchSession hanging when sandbox is provisioning
- Fix auto-session creation retry storm on errors
- Fix task creation using wrong repo due to React state race conditions
- Remove Bun hot-reload from backend Dockerfile (causes port drift)
- Add GitHub sync/install status to dev panel
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* chore: recover hamburg workspace state
* chore: drop workspace context files
* refactor: generalize permissions example
* refactor: parse permissions example flags
* docs: clarify why fs and terminal stay native
* feat: add interactive permission prompt UI to Inspector
Add permission request handling to the Inspector UI so users can
Allow, Always Allow, or Reject tool calls that require permissions
instead of having them auto-cancelled. Wires up SDK
onPermissionRequest/respondPermission through App → ChatPanel →
ChatMessages with proper toolCallId-to-pendingId mapping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: prevent permission reply from silently escalating "once" to "always"
Remove allow_always from the fallback chain when the user replies "once",
aligning with the ACP spec which says "map by option kind first" with no
fallback for allow_once. Also fix Inspector to use rawSend, revert
hydration guard to accept empty configOptions, and handle respondPermission
errors by rejecting the pending promise.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: improve inspector UI for processes and fix PTY terminal
- Simplify ProcessRunTab layout: compact form with collapsible Advanced section for timeout/maxOutputBytes
- Rewrite ProcessesTab: collapsible create form, lightweight list items with status dots, clean detail panel with tabs
- Extract error details: use problem.detail instead of generic "Stream Error" title for better error messages
- Fix GhosttyTerminal binary frame parsing: handle server's binary ArrayBuffer control frames (ready/exit/error)
- Enable WebSocket proxying in Vite dev server with ws: true
- Set TERM=xterm-256color default for TTY processes so tools like tmux, vim, htop work out of the box
- Remove orange gradient background from terminal container for cleaner look
- Remove orange left border from selected process list items
- Update inspector CSS with new process/terminal styles
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* fix: address review issues and add processes documentation
- Fix unstable onExit callback in ProcessesTab (useCallback)
- Fix SSE follow stream race condition (subscribe before history read)
- Update inspector.mdx with new process management features
- Change observability icon to avoid conflict with processes
- Add docs/processes.mdx covering the full process management API
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: simplify processes doc — rename sections, remove low-level protocol
- Rename "Interactive terminals" to "Terminals" with "Connect to a terminal" sub-heading
- Add TTY process creation step at top of Terminals section
- Remove low-level WebSocket protocol table and raw WebSocket example
- Keep browser terminal emulator reference with Ghostty link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: update GhosttyTerminal permalink to latest commit
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: use main branch permalink for GhosttyTerminal reference
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: refine process API — WebSocket binary protocol, SDK terminal session, updated tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: update GhosttyTerminal permalink to 636eefb
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* inspector: use websocket terminal API
* sdk: restore high-level terminal session
* docs: update inspector terminal permalink
* inspector: update run once placeholder
* Fix lazy install v1 API test fixture
* Add reusable React terminal component
* Fix terminal WebSocket ready state checks
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Add comprehensive tracing instrumentation across the entire agent startup path (gigacode CLI, ACP HTTP adapter, agent installation, and process spawning) to enable detailed performance profiling. Replace npm-based agent process launchers that use npx (incurring resolution overhead on every spawn) with pre-installed npm packages, reducing startup latency. Improve error diagnostics when agent processes crash by capturing exit codes and stderr tails. Update error handling to map exited processes to dedicated error variants with actionable error messages.
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* feat: add configuration for model, mode, and thought level
* docs: document Claude effort-level filesystem config
* fix: prevent panic on empty modes/thoughtLevels in parse_agent_config
Use `.first()` with safe fallback instead of direct `[0]` index access,
which would panic if the Vec is empty and no default is set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: harden session lifecycle and align cli.mdx example with claude.json
- destroySession: wrap session/cancel RPC in try/catch so local cleanup
always succeeds even when the agent is unreachable
- createSession/resumeOrCreateSession: clean up the remote session if
post-creation config calls (setMode/setModel/setThoughtLevel) fail,
preventing leaked orphan sessions
- cli.mdx: fix example output to match current claude.json (model name,
model order, and populated modes)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: harden session lifecycle and align config persistence logic
- resumeOrCreateSession: Remove destroy-on-error for the resume path. Config
errors now propagate without destroying a pre-existing session. The destroy
pattern remains in createSession (where the session is newly created and has
no prior state to preserve).
- setSessionMode fallback: When session/set_mode returns -32601 and the
fallback uses session/set_config_option, now keep modes.currentModeId
in sync with the updated currentValue. Prevents stale cached state in
getModes() when the fallback path is used.
- persistSessionStateFromMethod: Re-read the record from persistence instead
of using a stale pre-await snapshot. Prevents race conditions where
concurrent session/update events (processed by persistSessionStateFromEvent)
are silently overwritten by optimistic updates.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* fix: correct doc examples with valid Codex modes and update stable API list
- Replace invalid Codex mode values ("plan", "build") with valid ones
("auto", "full-access") in agent-sessions.mdx and sdk-overview.mdx
- Update CLAUDE.md stable method enumerations to include new session
config methods (setSessionMode, setSessionModel, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add OpenAPI annotations for process endpoints and fix config persistence race
Add summary/description to all process management endpoint specs and the
not_found error type. Fix hydrateSessionConfigOptions to re-read from
persistence after the network call, and sync mode-category configOptions
on session/update current_mode_update events.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add process management API
Introduces a complete Process Management API for Sandbox Agent with process lifecycle management (start, stop, kill, delete), one-shot command execution, log streaming via SSE and WebSocket, stdin input, and PTY/terminal support. Includes new process_runtime module for managing process state, HTTP route handlers, OpenAPI documentation, and integration tests.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* fix: address review issues in process management API
- Add doc comments to all 13 new #[utoipa::path] handlers (CLAUDE.md compliance)
- Fix send_signal ESRCH check: use raw_os_error() == Some(libc::ESRCH) instead of ErrorKind::NotFound
- Add max_input_bytes_per_request enforcement in WebSocket terminal handler
- URL-decode access_token query parameter for WebSocket auth
- Replace fragile string prefix matching with proper SandboxError::NotFound variant
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* feat: add TypeScript SDK support for process management
Add process CRUD operations (create, get, list, update, delete) and
event streaming to the TypeScript SDK. Includes integration tests,
mock agent updates, and test environment fixes for cross-platform
home directory handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: provide WebSocket impl for process terminal test on Node 20
Node 20 lacks globalThis.WebSocket. Add ws as a devDependency and
pass it to connectProcessTerminalWebSocket in the integration test
so CI no longer fails.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Three independent fixes for the OpenCode agent adapter:
1. Wrong API endpoints: /event/subscribe → /event, /session/{id}/prompt → /session/{id}/message
2. Untagged enum mis-dispatch: replace serde_json::from_value with manual type-field dispatch
3. Wire permissionMode "bypass" for OpenCode: allow in normalize_permission_mode() and pass
--dangerously-skip-permissions to CLI (both spawn and spawn_streaming)
Tested with OpenCode 1.1.48 + Kimi K2.5.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds support for system, user, assistant, and result message types to the AMP schema, along with associated fields like subtype, session_id, tools, and duration metrics. Updates the schema validation and adds corresponding test cases. Also improves the command-line argument handling in the agent management package to accommodate the new message types and streamlined permission flags.
The changes enhance the schema's flexibility for different interaction patterns and provide better tracking of agent operations.
- Add Cursor to AgentId enum
- Implement install_cursor() function for binary installation
- Add Cursor spawn logic with JSON format support
- Update README to mention Cursor support in all relevant sections
Cursor-agent runs on localhost:32123 and uses OpenCode-compatible format.
Based on opencode-cursor-auth pattern for Cursor Pro integration.
Resolves#118
## Summary
Fix credential detection bugs and add credential availability status to the API. Consolidate Claude fallback models and add `sonnet` alias.
Builds on #109 (OAuth token support).
Related issues:
- Fixes#117 (Claude, Codex not showing up in gigacode)
- Related to #113 (Default agent should be Claude Code)
## Changes
### Credential detection fixes
- **`agent-credentials/src/lib.rs`**: Fix `?` operator bug in `extract_claude_credentials` - now continues to next config path if one is missing instead of returning early
### API credential status
- **`sandbox-agent/src/router.rs`**: Add `credentialsAvailable` field to `AgentInfo` struct
- **`/v1/agents`** endpoint now reports whether each agent has valid credentials
### OpenCode provider improvements
- **`sandbox-agent/src/opencode_compat.rs`**: Build `connected` array based on actual credential availability, not just model presence
- Check provider-specific credentials for OpenCode groups (e.g., `opencode:anthropic` only connected if Anthropic creds available)
- Add logging when credential extraction fails in model cache building
### Fallback model consolidation
- Renamed `claude_oauth_fallback_models()` → `claude_fallback_models()` (used for all fallback cases, not just OAuth)
- Added `sonnet` to fallback models (confirmed working via headless CLI test)
- Added `codex_fallback_models()` for Codex when credentials missing
- Added comment explaining aliases work for both API and OAuth users
### Documentation
- **`docs/credentials.mdx`**: New reference doc covering credential sources, extraction behavior, and error handling
- Documents that extraction failures are silent (not errors)
- Documents that agents spawn without credential pre-validation
### Inspector UI
- **`AgentsTab.tsx`**: Added credential status pill showing "Authenticated" or "No Credentials"
## Error Handling Philosophy
- **Extraction failures are silent**: Missing/malformed config files don't error, just continue to next source
- **Agents spawn without credential validation**: No pre-flight auth check; agent's native error surfaces if credentials are missing
- **Fallback models for UI**: When credentials missing, show alias-based models so users can still configure sessions
## Validation
- Tested Claude Code model aliases via headless CLI:
- `claude --model default --print "say hi"` ✓
- `claude --model sonnet --print "say hi"` ✓
- `claude --model haiku --print "say hi"` ✓
- Build passes
- TypeScript types regenerated with `credentialsAvailable` field
