Re-enable theme.css with full custom styling (links, inputs, cards,
code blocks, alerts) and update docs.json color values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bun.serve() defaults to a 10s idle timeout that can kill long-running
requests. Actor RPCs go through the gateway tunnel with a 1s SSE ping,
so this likely never fires, but set idleTimeout to 255 as a safety net.
Subscription topics (app, org, session, task) previously had no retry
mechanism. If the initial connection or a mid-session error occurred,
the subscription stayed in error state permanently. Add exponential
backoff retry (1s base, 30s max) that cleans up the old connection
before each attempt and stops when disposed or no listeners remain.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
E2B sandboxes run as `user` (home: /home/user), not `sandbox`, so
`mkdir -p /home/sandbox` fails with "Permission denied". Replace all
hardcoded `/home/sandbox` paths with `$HOME` resolved at shell runtime
inside the sandbox, and dynamically resolve the repo CWD via the sandbox
actor so it works across providers (E2B, local Docker, Daytona).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The `-full` base image already includes sandbox-agent and all agents
pre-installed. Remove redundant apt-get, install script, and
install-agent dockerfile commands from the Modal provider.
Also allow overriding the default image via SANDBOX_AGENT_IMAGE env var
across all providers for testing with different published versions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add support for configuring base images across all compute providers:
- E2B: Accept optional `template` parameter to select custom templates
- Modal: Accept optional `image` parameter (string or Image object) for base images
- ComputeSDK: Expand `create` override to accept full CreateSandboxOptions payload (image, templateId, etc.)
- Daytona: Improve type safety for `image` option
Improve forward compatibility by making all `create` overrides accept full Partial SDK types, allowing any new provider fields to flow through without code changes. Fix Modal provider bug where `encryptedPorts` was hardcoded and would clobber user-provided values; now merges additional ports instead.
Update docs and examples to demonstrate base image configuration for E2B, Modal, and ComputeSDK. Add comprehensive provider lifecycle tests for Modal and ComputeSDK, including template and image passthrough verification.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Adds desktop computer-use endpoints (windows, screenshots, mouse/keyboard,
launch/open), enhances neko-based streaming integration, updates inspector
UI with desktop debug tab, and adds common software test infrastructure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Improve desktop streaming architecture, add inspector dev tooling,
React DesktopViewer updates, and computer-use documentation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add desktop runtime management (Xvfb, openbox, dbus), screen capture,
mouse/keyboard input, and video streaming via neko binary extracted
from the m1k1o/neko container. Includes Docker test rig, TypeScript SDK
desktop support, and inspector Desktop tab.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a custom Docker image (foundry-base.Dockerfile) that builds sandbox-agent
from source and layers sudo, git, neovim, gh, node, bun, chromium, and
agent-browser. Includes publish script for timestamped + latest tags to
rivetdev/sandbox-agent on Docker Hub.
Update local sandbox provider default to use foundry-base-latest and wire
HF_LOCAL_SANDBOX_IMAGE env var through compose.dev.yaml.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Some org actors had auth tables created outside the migration system
(by earlier queue-based auth code). Migration m0001 fails with
"table auth_session_index already exists" on those actors, preventing
them from starting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch storeStateStrategy from "database" to "cookie" so OAuth state is
stored encrypted in a temporary cookie instead of a DB verification record.
This makes the callback idempotent — proxy retries can't fail because the
state travels with the request itself rather than being deleted after the
first successful callback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The production proxy chain (Cloudflare -> Fastly -> Railway) retries
OAuth callback requests when they take >10s. The first request succeeds
and deletes the verification record, so the retry fails with
"verification not found" -> ?error=please_restart_the_process.
- Add callback deduplication by OAuth state param in the auth handler.
Duplicate requests wait for the original and return a cloned response.
- Cache appOrganization() and getUser() actor handles to eliminate
redundant getOrCreate RPCs during callbacks (was 10+ per sign-in).
- Add diagnostic logging for auth callback timing and adapter operations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The org actor's workflow queue is shared with GitHub sync, webhooks, task
mutations, and billing (20+ queue names processed sequentially). During
OAuth callback, auth operations would time out waiting behind long-running
queue handlers, causing Better Auth's parseState to redirect to
?error=please_restart_the_process.
Auth operations are simple SQLite reads/writes with no cross-actor side
effects, so they are safe to run as actions that execute immediately
without competing in the queue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Revert actor communication from direct action calls to queue/workflow-based
patterns for better observability (workflow history in RivetKit inspector),
replay/recovery semantics, and idiomatic RivetKit usage.
- Add queue/workflow infrastructure to all actors: organization, task, user,
github-data, sandbox, and audit-log
- Mutations route through named queues processed by workflow command loops
with ctx.step() wrapping for c.state/c.db access and observability
- Remove command action wrappers (~460 lines) — callers use .send() directly
to queue names with expectQueueResponse() for wait:true results
- Keep sendPrompt and runProcess as direct sandbox actions (long-running /
large responses that would block the workflow loop or exceed 128KB limit)
- Fix workspace fire-and-forget calls (enqueueWorkspaceEnsureSession,
enqueueWorkspaceRefresh) to self-send to task queue instead of calling
directly outside workflow step context
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add task owner git auth proposal and sandbox architecture docs
- Add proposal for primary user per task with OAuth token injection
for sandbox git operations (.context/proposal-task-owner-git-auth.md)
- Document sandbox architecture constraints in CLAUDE.md: single sandbox
per task assumption, OAuth token security implications, git auto-auth
requirement, and git error surfacing rules
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add proposals for reverting to queues and rivetkit sandbox resilience
- proposal-revert-actions-to-queues.md: Detailed plan for reverting the
actions-only pattern back to queues/workflows now that the RivetKit
queue.iter() bug is fixed. Lists what to keep (lazy tasks, resolveTaskRepoId,
sync override threading, E2B fixes, frontend fixes) vs what to revert
(communication pattern only).
- proposal-rivetkit-sandbox-resilience.md: Rivetkit sandbox actor changes for
handling destroyed/paused sandboxes, keep-alive, and the UNIQUE constraint
crash fix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(foundry): add manual task owner change via UI dropdown
Add an owner dropdown to the Overview tab that lets users reassign task
ownership to any organization member. The owner's GitHub credentials are
used for git operations in the sandbox.
Full-stack implementation:
- Backend: changeTaskOwnerManually action on task actor, routed through
org actor's changeWorkspaceTaskOwner action, with primaryUser schema
columns on both task and org index tables
- Client: changeOwner method on workspace client (mock + remote)
- Frontend: owner dropdown in right sidebar Overview tab showing org
members, with avatar and role display
- Shared: TaskWorkspaceChangeOwnerInput type and primaryUser fields on
workspace snapshot types
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(foundry): checkpoint actor and workspace refactor
* docs(foundry): add agent handoff context
* wip(foundry): continue actor refactor
* wip(foundry): capture remaining local changes
* Complete Foundry refactor checklist
* Fix Foundry validation fallout
* wip
* wip: convert all actors from workflow to plain run handlers
Workaround for RivetKit bug where c.queue.iter() never yields messages
for actors created via getOrCreate from another actor's context. The
queue accepts messages (visible in inspector) but the iterator hangs.
Sleep/wake fixes it, but actors with active connections never sleep.
Converted organization, github-data, task, and user actors from
run: workflow(...) to plain run: async (c) => { for await ... }.
Also fixes:
- Missing auth tables in org migration (auth_verification etc)
- default_model NOT NULL constraint on org profile upsert
- Nested workflow step in github-data (HistoryDivergedError)
- Removed --force from frontend Dockerfile pnpm install
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Convert all actors from queues/workflows to direct actions, lazy task creation
Major refactor replacing all queue-based workflow communication with direct
RivetKit action calls across all actors. This works around a RivetKit bug
where c.queue.iter() deadlocks for actors created from another actor's context.
Key changes:
- All actors (organization, task, user, audit-log, github-data) converted
from run: workflow(...) to actions-only (no run handler, no queues)
- PR sync creates virtual task entries in org local DB instead of spawning
task actors — prevents OOM from 200+ actors created simultaneously
- Task actors created lazily on first user interaction via getOrCreate,
self-initialize from org's getTaskIndexEntry data
- Removed requireRepoExists cross-actor call (caused 500s), replaced with
local resolveTaskRepoId from org's taskIndex table
- Fixed getOrganizationContext to thread overrides through all sync phases
- Fixed sandbox repo path (/home/user/repo for E2B compatibility)
- Fixed buildSessionDetail to skip transcript fetch for pending sessions
- Added process crash protection (uncaughtException/unhandledRejection)
- Fixed React infinite render loop in mock-layout useEffect dependencies
- Added sandbox listProcesses error handling for expired E2B sandboxes
- Set E2B sandbox timeout to 1 hour (was 5 min default)
- Updated CLAUDE.md with lazy task creation rules, no-silent-catch policy,
React hook dependency safety rules
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix E2B sandbox timeout comment, frontend stability, and create-flow improvements
- Add TEMPORARY comment on E2B timeoutMs with pointer to rivetkit sandbox
resilience proposal for when autoPause lands
- Fix React useEffect dependency stability in mock-layout and
organization-dashboard to prevent infinite re-render loops
- Fix terminal-pane ref handling
- Improve create-flow service and tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add `pause()`, `kill()`, and `reconnect()` methods to the SandboxProvider interface so providers can support graceful suspension and permanent deletion as distinct operations. The E2B provider now uses `betaCreate` with `autoPause: true` by default, `betaPause()` for suspension, and surfaces `SandboxDestroyedError` on reconnect to a deleted sandbox. SDK exposes `pauseSandbox()` and `killSandbox()` alongside the existing `destroySandbox()`.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
agent_process_status() for mock always returned Some(...) even when the
launcher file did not exist. This caused install_agent_process() to
short-circuit with "already installed" and never write the launcher
script. Fix by checking that the launcher file exists before reporting
the mock agent as installed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add hidden `mock-agent-process` CLI subcommand implementing a stdio
JSON-RPC echo agent (ported from examples/mock-acp-agent)
- Update write_mock_agent_process_launcher() to exec the new subcommand
instead of exiting with error
- Update sdks/react to support React 18 and 19 peer dependencies
- Update @types/react to v19 across workspace (pnpm override + inspector)
- Fix RefObject<T | null> compatibility for React 19 useRef() signatures
- Add version reference replacement logic to release update_version.ts
covering all docs, examples, and code files listed in CLAUDE.md
- Add missing files to CLAUDE.md Install Version References list
(architecture.mdx, boxlite, modal, computesdk docs and examples)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* SDK sandbox provisioning: built-in providers, docs restructure, and quickstart overhaul
- Add built-in sandbox providers (local, docker, e2b, daytona, vercel, cloudflare) to the TypeScript SDK so users import directly instead of passing client instances
- Restructure docs: rename architecture to orchestration-architecture, add new architecture page for server overview, improve getting started flow
- Rewrite quickstart to be TypeScript-first with provider CodeGroup and custom provider accordion
- Update all examples to use new provider APIs
- Update persist drivers and foundry for new SDK surface
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix SDK typecheck errors and update persist drivers for insertEvent signature
- Fix insertEvent call in client.ts to pass sessionId as first argument
- Update Daytona provider create options to use Partial type (image has default)
- Update StrictUniqueSessionPersistDriver in tests to match new insertEvent signature
- Sync persist packages, openapi spec, and docs with upstream changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add Modal and ComputeSDK built-in providers, update examples and docs
- Add `sandbox-agent/modal` provider using Modal SDK with node:22-slim image
- Add `sandbox-agent/computesdk` provider using ComputeSDK's unified sandbox API
- Update Modal and ComputeSDK examples to use new SDK providers
- Update Modal and ComputeSDK deploy docs with provider-based examples
- Add Modal to quickstart CodeGroup and docs.json navigation
- Add provider test entries for Modal and ComputeSDK
- Remove old standalone example files (modal.ts, computesdk.ts)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix Modal provider: pre-install agents in image, fire-and-forget exec for server
- Pre-install agents in Dockerfile commands so they are cached across creates
- Use fire-and-forget exec (no wait) to keep server alive in Modal sandbox
- Add memoryMiB option (default 2GB) to avoid OOM during agent install
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Sync upstream changes: multiplayer docs, logos, openapi spec, foundry config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* SDK: Add ensureServer() for automatic server recovery
Add ensureServer() to SandboxProvider interface to handle cases where the
sandbox-agent server stops or goes to sleep. The SDK now calls this method
after 3 consecutive health-check failures, allowing providers to restart the
server if needed. Most built-in providers (E2B, Daytona, Vercel, Modal,
ComputeSDK) implement this. Docker and Cloudflare manage server lifecycle
differently, and Local uses managed child processes.
Also update docs for quickstart, architecture, multiplayer, and session
persistence; mark persist-* packages as deprecated; and add ensureServer
implementations to all applicable providers.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* wip
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Bump @agentclientprotocol/sdk from 0.14.1 to 0.16.1 in acp-http-client
- Update adapters.json to reflect new SDK version
- Migrate unstableListSessions to listSessions (stabilized in SDK 0.16.0)
- Add CLAUDE.md guidance: request token location before e2e agent testing
All 5 ACP adapters remain at their latest versions. E2E testing confirms
Claude, Codex, Pi, and Cursor agents work end-to-end with credentials.
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
