Skip to content

feat(ai): sandboxed harness adapters (provider-agnostic sandbox layer) #774

Merged
AlemTuzlak merged 158 commits into
mainfrom
feat/sandboxes
Jun 30, 2026
Merged

feat(ai): sandboxed harness adapters (provider-agnostic sandbox layer) #774
AlemTuzlak merged 158 commits into
mainfrom
feat/sandboxes

Conversation

@AlemTuzlak

@AlemTuzlak AlemTuzlak commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Provider-agnostic sandbox layer: coding-agent harnesses (Claude Code, Codex, OpenCode, Grok Build — or any ACP agent) run inside isolated sandboxes (files, repos, processes, secrets) and stream back through chat(). One chat() + withSandbox() wiring drives every harness × provider combination.

Two axes: harness (what runs) × provider (where)

Providers — all behind the same SandboxHandle/SandboxProvider contract:

Provider Package Isolation
Local process @tanstack/ai-sandbox-local-process none (host dev loop)
Docker @tanstack/ai-sandbox-docker container; commit snapshots, fork, resume-by-id
Daytona @tanstack/ai-sandbox-daytona managed cloud sandbox; port previews, resume-by-id
Vercel @tanstack/ai-sandbox-vercel managed microVM; persistent fs, exposed-port domains
Cloudflare @tanstack/ai-sandbox-cloudflare edge Containers (Workers + DO); preview URLs

Harnesses — each runs in-sandbox and declares requires: [SandboxCapability]:

  • @tanstack/ai-claude-codeclaude -p --output-format stream-json over stdin; MCP tool-proxy bridges chat() tools; policy → permission-prompt + interactive approvals.
  • @tanstack/ai-codexcodex exec --experimental-json; MCP tool-proxy; policy → sandbox/approval/network knobs.
  • @tanstack/ai-opencodeopencode serve in-sandbox over the SDK; permission modes + interactive approvals; MCP tool-proxy.
  • @tanstack/ai-grok-buildgrok over ACP (auto stdio/WebSocket; grok agent serve), with a legacy streaming-json path.

@tanstack/ai-acp — the ACP layer + acpCompatible

Shared Agent Client Protocol plumbing (transport, session, permissions, AG-UI translation) plus acpCompatible — the harness equivalent of openaiCompatible. Plug any ACP-compliant agent CLI (pi, gemini --acp, dozens more) into a sandbox without a dedicated package:

const pi = acpCompatible({
  name: 'pi',
  models: ['pi-fast', 'pi-pro'],                              // type-safe model union
  modelOptions: {} as { reasoningEffort?: 'low' | 'high' },   // typed per-call options
  command: ({ model, harnessCwd }) => `pi --acp -m ${model} --cwd ${harnessCwd}`,
  skillsDir: '.pi/skills',                                    // native skills convention
})
chat({ adapter: pi('pi-pro'), modelOptions: { reasoningEffort: 'high' }, messages, middleware: [withSandbox(def)] })
  • Typed config (parity with openaiCompatible): models union + modelOptions brand; command (stdio) or openTransport (WebSocket/custom).
  • Workspace skill projection: MCP skills → ACP-native mcpServers (secrets resolved); gitSkills → skillsDir; fileSkill/instructions/secrets via bootstrap.
  • Permission modes (headless/interactive); session resume; abort; non-text agent/tool content surfaced as CUSTOM events.
  • ACP compliance: clientInfo + protocol-version negotiation; documented coverage (covered / surfaced-as-CUSTOM / not-implemented) so we don't overclaim.

Core + provisioning

  • @tanstack/ai-sandboxdefineSandbox() (lazy controller + resume→restoreSnapshot→create+bootstrap state machine), withSandbox(), defineWorkspace(), bootstrapWorkspace, defineSandboxPolicy() + evaluateCommand, capability tokens (SandboxCapability + optional SandboxStore/Locks/SandboxPolicy/Projection), createExecBackedGit, spawnNdjson, the host MCP tool-proxy bridge, and the shared interactive-approval primitives.
  • createSecrets — type-safe secret refs injected into the agent env at create/resume, never persisted to snapshots/store/event log.
  • Workspace skills/provisioningfileSkill/agentSkill/mcpSkill/gitSkill, instructionsAGENTS.md, scripts, plugins; each harness projects into its native format.
  • File-event hooksonFile/onFileCreate/onFileChange/onFileDelete chat middleware + SandboxFileEvent.
  • Serverless/edge run model — a trigger starts a run and returns immediately while a durable orchestrator drives it and clients tail from a resumable cursor; stdin-less providers (Daytona/Vercel/Cloudflare) use an exec-backed bootstrap shell.
  • @tanstack/aiTextOptions.capabilities, the sandbox middleware hook group, middleware type exports.

Examples & docs

  • examples/sandbox-web — pick harness × provider per run from the UI; agent scaffolds an app, runs the dev server, returns a live preview URL.
  • examples/sandbox-cloudflare — the same agent at the edge.
  • Docs — a full docs/sandbox/* section (overview, quick start, providers, harnesses, workspace, provisioning, tools, policy, lifecycle, events, observability, cloudflare) + adapter pages (claude-code, codex, opencode, grok-build, acp-compatible). All code samples type-check under kiira.

Verification

  • Unit + integration tests across all sandbox packages; Docker verified against a real daemon; deterministic fake-CLI / fake-ACP-agent tests run in real local-process sandboxes.
  • Sandbox-creation E2E (@tanstack/ai-acp): a fake ACP agent in a real sandbox proves secrets reach the agent env, fileSkill/instructions land as files, setup runs, permission modes behave, workspace MCP skills reach newSession, and gitSkills link into skillsDir.
  • @tanstack/ai suite still passes; types / eslint / build / publint / kiira all green; changesets for every package.

Remaining (documented)

  • Full client-in-the-loop interactive approvals resume loop (pause → approve → resume) is entangled with each harness's permission contract + chat()'s persistence; the implemented lever is defineSandboxPolicy → permission modes + approval-requested events.
  • Live agent-in-sandbox runs are the manual E2E (need the agent CLIs + keys); the automated suites use deterministic fakes.

jherr and others added 10 commits June 12, 2026 07:00
…xample

New @tanstack/ai-claude-code package that runs Claude Code (via
@anthropic-ai/claude-agent-sdk) as a TanStack AI chat backend. Unlike HTTP
provider adapters, this is a harness adapter: Claude Code owns the agent
loop and executes its built-in tools (bash, file edits, search) server-side.

- Stream translator maps Agent SDK messages to AG-UI events; harness tool
  activity arrives as already-resolved TOOL_CALL_*/TOOL_CALL_RESULT pairs
  and runs always finish with stop/length (never tool_calls), so the engine
  never re-executes harness tools. Every started tool call is guaranteed a
  result (synthesized on abort) to keep the engine's pending-call scan safe.
- TanStack toolDefinition() server tools are bridged into the harness as an
  in-process MCP server (raw JSON Schema passthrough, no zod round-trip).
  Client-side/approval tools fail fast — documented v1 limitation.
- Stateful sessions: session id surfaced via a claude-code.session-id CUSTOM
  event; resume via modelOptions.sessionId (+ forkSession).
- Structured output uses the SDK's native outputFormat json_schema.
- settingSources defaults to ['project'] so servers don't inherit user-level
  ~/.claude config from the host machine.
- E2E: excluded from the aimock matrix (subprocess can't carry X-Test-Id
  isolation); covered by 44 unit tests plus a gated live smoke spec
  (CLAUDE_CODE_E2E=1).

Also adds examples/ts-react-coding-agent: a TanStack Start app demoing
session resume, the harness tool timeline, read-only/edit permission modes,
tool bridging, and a sandboxed scratch workspace — with the agent registry
structured so future Codex/Gemini CLI harness adapters can slot in.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ters

Add two new coding-agent harness adapters alongside Claude Code:

- @tanstack/ai-codex drives OpenAI Codex via @openai/codex-sdk with local
  tool execution, resumable sessions (modelOptions.sessionId), structured
  output, and a localhost MCP bridge for TanStack server tools.
- @tanstack/ai-gemini-cli drives `gemini --acp` over the Agent Client
  Protocol with token-level streaming, resumable sessions, a configurable
  permission policy, and headless ACP auth method selection (authMethodId)
  so runs never stall on an interactive auth picker.

Wire both into the ts-react-coding-agent example: the agent dropdown keeps
every harness selectable, and a server function (createServerFn) reports
which agents are actually configured at runtime so the UI can surface a
setup dialog for unconfigured ones. Includes adapter docs and changesets.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add the @tanstack/ai-opencode package, an OpenCode harness adapter that
drives OpenCode (via @opencode-ai/sdk) as a TanStack AI chat backend with
local tool execution, token-level streaming, stateful sessions, and
TanStack tool bridging over a localhost MCP server. Wires the adapter into
the ts-react-coding-agent example, adds the OpenCode adapter docs page, and
anchors the OpenCode.md gitignore entry so it no longer shadows the docs
page on case-insensitive filesystems.

Co-authored-by: Cursor <cursoragent@cursor.com>
…e, withSandbox, workspace, policy

- @tanstack/ai-sandbox: provider-agnostic SandboxHandle/SandboxProvider/SandboxCapabilities contracts
- capability tokens (SandboxCapability + optional SandboxStore/Locks), in-memory store/lock defaults
- defineSandbox lazy controller + ensure state machine (resume->restoreSnapshot->create+bootstrap) with capability-aware degradation
- withSandbox middleware (setup provides handle; onFinish/onError snapshot+destroy)
- defineWorkspace (git/local/none + skills + secrets), provider-agnostic bootstrapWorkspace
- defineSandboxPolicy + evaluateCommand (glob, deny>ask>allow), compound sandbox key (secrets excluded)
- export DefinedChatMiddleware/AnyChatMiddleware from @tanstack/ai for portable middleware authoring
- 22 unit tests (ensure/policy/key/store); types + lint clean

Refs sandbox proposal (Phase A).
…git helper

- @tanstack/ai-sandbox-local-process: SandboxHandle over host fs/child_process (no isolation, dev loop)
- virtual /workspace root mapped to a real host dir with path containment
- exec/spawn (duplex stdin, streamed stdout), localhost port channel, env, fork via dir copy, durable fs resume-by-dir
- core: createExecBackedGit helper (shared by providers without native git); bootstrap clones into the handle's own root
- 10 unit tests (fs/exec/spawn/lifecycle/fork/bootstrap/ensure); types + lint clean
…runner

- @tanstack/ai: TextOptions.capabilities carries the middleware capability context so harness adapters can read provided capabilities (getSandbox(options.capabilities)) from chatStream; populated by the engine
- @tanstack/ai-sandbox: spawnNdjson/toLines — spawn an agent CLI in a sandbox and stream parsed NDJSON stdout (the reusable harness-execution primitive)
- tests: toLines buffering + spawnNdjson parsing (core), real spawn+NDJSON via local-process (11) — 25 core tests; types + lint clean
@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Too many files!

This PR contains 322 files, which is 172 over the limit of 150.

To get a review, narrow the scope:
• coderabbit review --type committed # exclude uncommitted changes
• coderabbit review --dir # limit to a subdirectory
• coderabbit review --base # compare against a closer base

Upgrade to a paid plan to raise the limit.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b32c8112-1911-44fc-a352-6a87d5056361

📥 Commits

Reviewing files that changed from the base of the PR and between 27ba4c7 and 70e8962.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (322)
  • .agent/self-learning/coupling.json
  • .changeset/acp-compatible.md
  • .changeset/ai-acp-extract.md
  • .changeset/ai-claude-code-initial.md
  • .changeset/ai-codex-initial.md
  • .changeset/ai-opencode-initial.md
  • .changeset/ai-sandbox-cloudflare.md
  • .changeset/codex-mcp-bridge-http-headers.md
  • .changeset/sandbox-bootstrap-no-stdin.md
  • .changeset/sandbox-claude-edge-streaming.md
  • .changeset/sandbox-cloudflare-harness-agnostic-env.md
  • .changeset/sandbox-daytona-vercel.md
  • .changeset/sandbox-hooks-redesign.md
  • .changeset/sandbox-layer.md
  • .changeset/sandbox-provisioning-fast-init.md
  • .changeset/sandbox-serverless-runtime.md
  • .changeset/vercel-sandbox-mkdir-idempotent.md
  • .gitignore
  • docs/adapters/acp-compatible.md
  • docs/adapters/claude-code.md
  • docs/adapters/codex.md
  • docs/adapters/grok-build.md
  • docs/adapters/opencode.md
  • docs/config.json
  • docs/sandbox/cloudflare.md
  • docs/sandbox/events.md
  • docs/sandbox/harnesses.md
  • docs/sandbox/lifecycle.md
  • docs/sandbox/observability.md
  • docs/sandbox/overview.md
  • docs/sandbox/policy.md
  • docs/sandbox/providers.md
  • docs/sandbox/provisioning.md
  • docs/sandbox/quick-start.md
  • docs/sandbox/tools.md
  • docs/sandbox/workspace.md
  • examples/sandbox-cloudflare/.dev.vars.example
  • examples/sandbox-cloudflare/.gitignore
  • examples/sandbox-cloudflare/Dockerfile
  • examples/sandbox-cloudflare/README.md
  • examples/sandbox-cloudflare/package.json
  • examples/sandbox-cloudflare/src/agent.ts
  • examples/sandbox-cloudflare/src/routeTree.gen.ts
  • examples/sandbox-cloudflare/src/router.tsx
  • examples/sandbox-cloudflare/src/routes/__root.tsx
  • examples/sandbox-cloudflare/src/routes/api.run.ts
  • examples/sandbox-cloudflare/src/routes/index.tsx
  • examples/sandbox-cloudflare/src/sandbox-options.ts
  • examples/sandbox-cloudflare/src/sandbox-provider.ts
  • examples/sandbox-cloudflare/src/server.ts
  • examples/sandbox-cloudflare/src/styles.css
  • examples/sandbox-cloudflare/tsconfig.json
  • examples/sandbox-cloudflare/vite.config.ts
  • examples/sandbox-cloudflare/worker-configuration.d.ts
  • examples/sandbox-cloudflare/wrangler.jsonc
  • examples/sandbox-web/.env.example
  • examples/sandbox-web/.gitignore
  • examples/sandbox-web/README.md
  • examples/sandbox-web/package.json
  • examples/sandbox-web/src/routeTree.gen.ts
  • examples/sandbox-web/src/router.tsx
  • examples/sandbox-web/src/routes/__root.tsx
  • examples/sandbox-web/src/routes/api.run.ts
  • examples/sandbox-web/src/routes/index.tsx
  • examples/sandbox-web/src/sandbox-agent.ts
  • examples/sandbox-web/src/sandbox-options.ts
  • examples/sandbox-web/src/styles.css
  • examples/sandbox-web/tsconfig.json
  • examples/sandbox-web/vite.config.ts
  • examples/ts-react-chat/.env.example
  • examples/ts-react-chat/README.md
  • examples/ts-react-chat/package.json
  • examples/ts-react-chat/src/routeTree.gen.ts
  • examples/ts-react-chat/src/routes/api.sandbox-triage.test.ts
  • examples/ts-react-chat/src/routes/api.sandbox-triage.ts
  • examples/ts-react-chat/src/routes/index.tsx
  • examples/ts-react-chat/src/routes/sandboxes.tsx
  • examples/ts-react-chat/src/sandbox-triage-options.ts
  • examples/ts-react-chat/src/sandbox-triage.test.ts
  • examples/ts-react-chat/src/sandbox-triage.ts
  • examples/ts-react-chat/src/triage-tools.ts
  • examples/ts-react-chat/vite.config.ts
  • knip.json
  • packages/ai-acp/README.md
  • packages/ai-acp/package.json
  • packages/ai-acp/src/adapters/compatible.ts
  • packages/ai-acp/src/adapters/projection.ts
  • packages/ai-acp/src/index.ts
  • packages/ai-acp/src/messages/prompt.ts
  • packages/ai-acp/src/permissions.ts
  • packages/ai-acp/src/session/acp-client.ts
  • packages/ai-acp/src/session/sandbox-server.ts
  • packages/ai-acp/src/stream/queue.ts
  • packages/ai-acp/src/stream/translate.ts
  • packages/ai-acp/src/transport/resolve.ts
  • packages/ai-acp/src/transport/stdio.ts
  • packages/ai-acp/src/transport/types.ts
  • packages/ai-acp/src/transport/websocket.ts
  • packages/ai-acp/src/types/acp-types.ts
  • packages/ai-acp/tests/compatible.test.ts
  • packages/ai-acp/tests/sandbox-provisioning.test.ts
  • packages/ai-acp/tests/sandbox-server.test.ts
  • packages/ai-acp/tests/translate.test.ts
  • packages/ai-acp/tests/transport.test.ts
  • packages/ai-acp/tsconfig.json
  • packages/ai-acp/vite.config.ts
  • packages/ai-claude-code/README.md
  • packages/ai-claude-code/package.json
  • packages/ai-claude-code/src/adapters/policy-map.ts
  • packages/ai-claude-code/src/adapters/projection.ts
  • packages/ai-claude-code/src/adapters/text.ts
  • packages/ai-claude-code/src/index.ts
  • packages/ai-claude-code/src/messages/prompt.ts
  • packages/ai-claude-code/src/model-meta.ts
  • packages/ai-claude-code/src/provider-options.ts
  • packages/ai-claude-code/src/stream/sdk-types.ts
  • packages/ai-claude-code/src/stream/translate.ts
  • packages/ai-claude-code/tests/policy-map.test.ts
  • packages/ai-claude-code/tests/projection.test.ts
  • packages/ai-claude-code/tests/prompt.test.ts
  • packages/ai-claude-code/tests/text-adapter.test.ts
  • packages/ai-claude-code/tests/tool-bridge-roundtrip.test.ts
  • packages/ai-claude-code/tests/translate.test.ts
  • packages/ai-claude-code/tsconfig.json
  • packages/ai-claude-code/vite.config.ts
  • packages/ai-codex/README.md
  • packages/ai-codex/package.json
  • packages/ai-codex/src/adapters/policy-map.ts
  • packages/ai-codex/src/adapters/projection.ts
  • packages/ai-codex/src/adapters/text.ts
  • packages/ai-codex/src/index.ts
  • packages/ai-codex/src/messages/prompt.ts
  • packages/ai-codex/src/model-meta.ts
  • packages/ai-codex/src/provider-options.ts
  • packages/ai-codex/src/stream/sdk-types.ts
  • packages/ai-codex/src/stream/translate.ts
  • packages/ai-codex/tests/policy-map.test.ts
  • packages/ai-codex/tests/projection.test.ts
  • packages/ai-codex/tests/prompt.test.ts
  • packages/ai-codex/tests/text-adapter.test.ts
  • packages/ai-codex/tests/translate.test.ts
  • packages/ai-codex/tsconfig.json
  • packages/ai-codex/vite.config.ts
  • packages/ai-gemini/src/experimental/text-interactions/adapter.ts
  • packages/ai-grok-build/README.md
  • packages/ai-grok-build/package.json
  • packages/ai-grok-build/src/adapters/policy-map.ts
  • packages/ai-grok-build/src/adapters/projection.ts
  • packages/ai-grok-build/src/adapters/text.ts
  • packages/ai-grok-build/src/auth.ts
  • packages/ai-grok-build/src/index.ts
  • packages/ai-grok-build/src/install.ts
  • packages/ai-grok-build/src/messages/prompt.ts
  • packages/ai-grok-build/src/model-meta.ts
  • packages/ai-grok-build/src/process/acp.ts
  • packages/ai-grok-build/src/process/grok-acp-notifications.ts
  • packages/ai-grok-build/src/process/resolve-executable.ts
  • packages/ai-grok-build/src/provider-options.ts
  • packages/ai-grok-build/src/stream/sdk-types.ts
  • packages/ai-grok-build/src/stream/thought-router.ts
  • packages/ai-grok-build/src/stream/translate.ts
  • packages/ai-grok-build/tests/acp.test.ts
  • packages/ai-grok-build/tests/grok-acp-notifications.test.ts
  • packages/ai-grok-build/tests/install.test.ts
  • packages/ai-grok-build/tests/policy-map.test.ts
  • packages/ai-grok-build/tests/projection.test.ts
  • packages/ai-grok-build/tests/resolve-executable.test.ts
  • packages/ai-grok-build/tests/text-adapter.test.ts
  • packages/ai-grok-build/tests/thought-router.test.ts
  • packages/ai-grok-build/tests/translate.test.ts
  • packages/ai-grok-build/tsconfig.json
  • packages/ai-grok-build/vite.config.ts
  • packages/ai-isolate-cloudflare/package.json
  • packages/ai-opencode/README.md
  • packages/ai-opencode/package.json
  • packages/ai-opencode/src/adapters/projection.ts
  • packages/ai-opencode/src/adapters/text.ts
  • packages/ai-opencode/src/index.ts
  • packages/ai-opencode/src/messages/prompt.ts
  • packages/ai-opencode/src/model-meta.ts
  • packages/ai-opencode/src/process/permissions.ts
  • packages/ai-opencode/src/process/sandbox-server.ts
  • packages/ai-opencode/src/process/server.ts
  • packages/ai-opencode/src/provider-options.ts
  • packages/ai-opencode/src/stream/queue.ts
  • packages/ai-opencode/src/stream/sdk-types.ts
  • packages/ai-opencode/src/stream/translate.ts
  • packages/ai-opencode/tests/permissions.test.ts
  • packages/ai-opencode/tests/projection.test.ts
  • packages/ai-opencode/tests/prompt.test.ts
  • packages/ai-opencode/tests/text-adapter.test.ts
  • packages/ai-opencode/tests/translate.test.ts
  • packages/ai-opencode/tsconfig.json
  • packages/ai-opencode/vite.config.ts
  • packages/ai-sandbox-cloudflare/package.json
  • packages/ai-sandbox-cloudflare/src/agent.ts
  • packages/ai-sandbox-cloudflare/src/chat-coordinator.ts
  • packages/ai-sandbox-cloudflare/src/container-coordinator.ts
  • packages/ai-sandbox-cloudflare/src/coordinator.ts
  • packages/ai-sandbox-cloudflare/src/factory.ts
  • packages/ai-sandbox-cloudflare/src/handle.ts
  • packages/ai-sandbox-cloudflare/src/index.ts
  • packages/ai-sandbox-cloudflare/src/preview-tool.ts
  • packages/ai-sandbox-cloudflare/src/protocol.ts
  • packages/ai-sandbox-cloudflare/src/provider.ts
  • packages/ai-sandbox-cloudflare/src/public-host.ts
  • packages/ai-sandbox-cloudflare/src/run-log-do.ts
  • packages/ai-sandbox-cloudflare/src/runner.ts
  • packages/ai-sandbox-cloudflare/src/web-crypto.ts
  • packages/ai-sandbox-cloudflare/src/worker.ts
  • packages/ai-sandbox-cloudflare/tests/handle.test.ts
  • packages/ai-sandbox-cloudflare/tests/preview-tool.test.ts
  • packages/ai-sandbox-cloudflare/tests/protocol.test.ts
  • packages/ai-sandbox-cloudflare/tests/resolve-hosts.test.ts
  • packages/ai-sandbox-cloudflare/tests/run-log-do.test.ts
  • packages/ai-sandbox-cloudflare/tests/web-crypto.test.ts
  • packages/ai-sandbox-cloudflare/tsconfig.json
  • packages/ai-sandbox-cloudflare/vite.config.ts
  • packages/ai-sandbox-daytona/package.json
  • packages/ai-sandbox-daytona/src/handle.ts
  • packages/ai-sandbox-daytona/src/index.ts
  • packages/ai-sandbox-daytona/src/provider.ts
  • packages/ai-sandbox-daytona/tests/daytona.test.ts
  • packages/ai-sandbox-daytona/tests/handle.test.ts
  • packages/ai-sandbox-daytona/tsconfig.json
  • packages/ai-sandbox-daytona/vite.config.ts
  • packages/ai-sandbox-docker/package.json
  • packages/ai-sandbox-docker/src/handle.ts
  • packages/ai-sandbox-docker/src/index.ts
  • packages/ai-sandbox-docker/src/provider.ts
  • packages/ai-sandbox-docker/tests/docker.test.ts
  • packages/ai-sandbox-docker/tsconfig.json
  • packages/ai-sandbox-docker/vite.config.ts
  • packages/ai-sandbox-local-process/package.json
  • packages/ai-sandbox-local-process/src/handle.ts
  • packages/ai-sandbox-local-process/src/index.ts
  • packages/ai-sandbox-local-process/src/provider.ts
  • packages/ai-sandbox-local-process/tests/local-process.test.ts
  • packages/ai-sandbox-local-process/tsconfig.json
  • packages/ai-sandbox-local-process/vite.config.ts
  • packages/ai-sandbox-vercel/package.json
  • packages/ai-sandbox-vercel/src/handle.ts
  • packages/ai-sandbox-vercel/src/index.ts
  • packages/ai-sandbox-vercel/src/provider.ts
  • packages/ai-sandbox-vercel/tests/vercel.test.ts
  • packages/ai-sandbox-vercel/tsconfig.json
  • packages/ai-sandbox-vercel/vite.config.ts
  • packages/ai-sandbox/README.md
  • packages/ai-sandbox/package.json
  • packages/ai-sandbox/skills/ai-sandbox/SKILL.md
  • packages/ai-sandbox/src/agents-file.ts
  • packages/ai-sandbox/src/approvals.ts
  • packages/ai-sandbox/src/bootstrap.ts
  • packages/ai-sandbox/src/bridge-events.ts
  • packages/ai-sandbox/src/capabilities.ts
  • packages/ai-sandbox/src/contracts.ts
  • packages/ai-sandbox/src/errors.ts
  • packages/ai-sandbox/src/git-exec.ts
  • packages/ai-sandbox/src/harness-cwd.ts
  • packages/ai-sandbox/src/index.ts
  • packages/ai-sandbox/src/key.ts
  • packages/ai-sandbox/src/middleware.ts
  • packages/ai-sandbox/src/ngrok.ts
  • packages/ai-sandbox/src/policy.ts
  • packages/ai-sandbox/src/projection.ts
  • packages/ai-sandbox/src/remote-tools.ts
  • packages/ai-sandbox/src/run-log.ts
  • packages/ai-sandbox/src/run.ts
  • packages/ai-sandbox/src/runner.ts
  • packages/ai-sandbox/src/sandbox.ts
  • packages/ai-sandbox/src/secrets.ts
  • packages/ai-sandbox/src/setup-plan.ts
  • packages/ai-sandbox/src/shell.ts
  • packages/ai-sandbox/src/store.ts
  • packages/ai-sandbox/src/tool-bridge.ts
  • packages/ai-sandbox/src/watch.ts
  • packages/ai-sandbox/src/workspace.ts
  • packages/ai-sandbox/tests/agents-file.test.ts
  • packages/ai-sandbox/tests/approvals.test.ts
  • packages/ai-sandbox/tests/bootstrap.test.ts
  • packages/ai-sandbox/tests/bridge-jsonrpc.test.ts
  • packages/ai-sandbox/tests/ensure.test.ts
  • packages/ai-sandbox/tests/fakes.ts
  • packages/ai-sandbox/tests/git-exec.test.ts
  • packages/ai-sandbox/tests/harness-cwd.test.ts
  • packages/ai-sandbox/tests/key.test.ts
  • packages/ai-sandbox/tests/policy.test.ts
  • packages/ai-sandbox/tests/projection.test.ts
  • packages/ai-sandbox/tests/remote-tools.test.ts
  • packages/ai-sandbox/tests/run-log.test.ts
  • packages/ai-sandbox/tests/run.test.ts
  • packages/ai-sandbox/tests/runner.test.ts
  • packages/ai-sandbox/tests/secrets.test.ts
  • packages/ai-sandbox/tests/setup-plan.test.ts
  • packages/ai-sandbox/tests/shell.test.ts
  • packages/ai-sandbox/tests/store.test.ts
  • packages/ai-sandbox/tests/tool-bridge.test.ts
  • packages/ai-sandbox/tests/watch.test.ts
  • packages/ai-sandbox/tests/with-sandbox-hooks.test.ts
  • packages/ai-sandbox/tests/workspace.test.ts
  • packages/ai-sandbox/tsconfig.json
  • packages/ai-sandbox/vite.config.ts
  • packages/ai/src/activities/chat/index.ts
  • packages/ai/src/activities/chat/middleware/compose.ts
  • packages/ai/src/activities/chat/middleware/index.ts
  • packages/ai/src/activities/chat/middleware/sandbox-runtime.ts
  • packages/ai/src/activities/chat/middleware/types.ts
  • packages/ai/src/adapter-internals.ts
  • packages/ai/src/index.ts
  • packages/ai/src/logger/internal-logger.ts
  • packages/ai/src/logger/resolve.ts
  • packages/ai/src/logger/types.ts
  • packages/ai/src/types.ts
  • packages/ai/tests/logger/internal-logger.test.ts
  • packages/ai/tests/logger/types.test.ts
  • packages/ai/tests/sandbox-debug-category.test.ts
  • packages/ai/tests/sandbox-file-dispatch.test.ts
  • packages/ai/tests/sandbox-runtime-emit.test.ts
  • pnpm-workspace.yaml
  • testing/e2e/README.md
  • testing/e2e/package.json
  • testing/e2e/tests/claude-code.spec.ts

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/sandboxes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

🚀 Changeset Version Preview

14 package(s) bumped directly, 30 bumped as dependents.

🟥 Major bumps

Package Version Reason
@tanstack/ai-acp 0.1.0 → 1.0.0 Changeset
@tanstack/ai-bedrock 0.0.1 → 1.0.0 Changeset
@tanstack/ai-claude-code 0.1.0 → 1.0.0 Changeset
@tanstack/ai-codex 0.1.0 → 1.0.0 Changeset
@tanstack/ai-grok-build 0.1.0 → 1.0.0 Changeset
@tanstack/ai-mistral 0.1.0 → 1.0.0 Changeset
@tanstack/ai-opencode 0.1.0 → 1.0.0 Changeset
@tanstack/ai-sandbox 0.1.0 → 1.0.0 Changeset
@tanstack/ai-sandbox-cloudflare 0.1.0 → 1.0.0 Changeset
@tanstack/ai-sandbox-daytona 0.1.0 → 1.0.0 Changeset
@tanstack/ai-sandbox-docker 0.1.0 → 1.0.0 Changeset
@tanstack/ai-sandbox-local-process 0.1.0 → 1.0.0 Changeset
@tanstack/ai-sandbox-vercel 0.1.0 → 1.0.0 Changeset
@tanstack/ai-angular 0.2.0 → 1.0.0 Dependent
@tanstack/ai-anthropic 0.15.11 → 1.0.0 Dependent
@tanstack/ai-code-mode 0.3.2 → 1.0.0 Dependent
@tanstack/ai-code-mode-skills 0.3.5 → 1.0.0 Dependent
@tanstack/ai-elevenlabs 0.2.30 → 1.0.0 Dependent
@tanstack/ai-fal 0.9.7 → 1.0.0 Dependent
@tanstack/ai-gemini 0.18.3 → 1.0.0 Dependent
@tanstack/ai-grok 0.14.5 → 1.0.0 Dependent
@tanstack/ai-groq 0.4.15 → 1.0.0 Dependent
@tanstack/ai-isolate-node 0.1.41 → 1.0.0 Dependent
@tanstack/ai-isolate-quickjs 0.1.41 → 1.0.0 Dependent
@tanstack/ai-ollama 0.8.11 → 1.0.0 Dependent
@tanstack/ai-openai 0.15.9 → 1.0.0 Dependent
@tanstack/ai-openrouter 0.15.5 → 1.0.0 Dependent
@tanstack/ai-preact 0.10.0 → 1.0.0 Dependent
@tanstack/ai-react 0.16.0 → 1.0.0 Dependent
@tanstack/ai-react-ui 0.8.12 → 1.0.0 Dependent
@tanstack/ai-solid 0.14.0 → 1.0.0 Dependent
@tanstack/ai-solid-ui 0.7.11 → 1.0.0 Dependent
@tanstack/ai-svelte 0.14.0 → 1.0.0 Dependent
@tanstack/ai-vue 0.14.0 → 1.0.0 Dependent
@tanstack/openai-base 0.9.5 → 1.0.0 Dependent

🟨 Minor bumps

Package Version Reason
@tanstack/ai 0.38.0 → 0.39.0 Changeset

🟩 Patch bumps

Package Version Reason
@tanstack/ai-client 0.19.0 → 0.19.1 Dependent
@tanstack/ai-devtools-core 0.4.19 → 0.4.20 Dependent
@tanstack/ai-isolate-cloudflare 0.2.32 → 0.2.33 Dependent
@tanstack/ai-mcp 0.2.0 → 0.2.1 Dependent
@tanstack/ai-vue-ui 0.2.28 → 0.2.29 Dependent
@tanstack/preact-ai-devtools 0.1.62 → 0.1.63 Dependent
@tanstack/react-ai-devtools 0.2.62 → 0.2.63 Dependent
@tanstack/solid-ai-devtools 0.2.62 → 0.2.63 Dependent

@socket-security

socket-security Bot commented Jun 16, 2026

Copy link
Copy Markdown

@nx-cloud

nx-cloud Bot commented Jun 16, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit 70e8962

Command Status Duration Result
nx run-many --targets=build --exclude=examples/... ✅ Succeeded 1m 50s View ↗

☁️ Nx Cloud last updated this comment at 2026-06-30 14:03:31 UTC

@pkg-pr-new

pkg-pr-new Bot commented Jun 16, 2026

Copy link
Copy Markdown

Open in StackBlitz

@tanstack/ai

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai@774

@tanstack/ai-acp

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-acp@774

@tanstack/ai-angular

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-angular@774

@tanstack/ai-anthropic

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-anthropic@774

@tanstack/ai-bedrock

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-bedrock@774

@tanstack/ai-claude-code

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-claude-code@774

@tanstack/ai-client

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-client@774

@tanstack/ai-code-mode

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-code-mode@774

@tanstack/ai-code-mode-skills

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-code-mode-skills@774

@tanstack/ai-codex

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-codex@774

@tanstack/ai-devtools-core

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-devtools-core@774

@tanstack/ai-elevenlabs

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-elevenlabs@774

@tanstack/ai-event-client

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-event-client@774

@tanstack/ai-fal

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-fal@774

@tanstack/ai-gemini

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-gemini@774

@tanstack/ai-grok

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-grok@774

@tanstack/ai-grok-build

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-grok-build@774

@tanstack/ai-groq

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-groq@774

@tanstack/ai-isolate-cloudflare

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-isolate-cloudflare@774

@tanstack/ai-isolate-node

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-isolate-node@774

@tanstack/ai-isolate-quickjs

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-isolate-quickjs@774

@tanstack/ai-mcp

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-mcp@774

@tanstack/ai-mistral

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-mistral@774

@tanstack/ai-ollama

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-ollama@774

@tanstack/ai-openai

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-openai@774

@tanstack/ai-opencode

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-opencode@774

@tanstack/ai-openrouter

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-openrouter@774

@tanstack/ai-preact

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-preact@774

@tanstack/ai-react

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-react@774

@tanstack/ai-react-ui

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-react-ui@774

@tanstack/ai-sandbox

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-sandbox@774

@tanstack/ai-sandbox-cloudflare

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-sandbox-cloudflare@774

@tanstack/ai-sandbox-daytona

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-sandbox-daytona@774

@tanstack/ai-sandbox-docker

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-sandbox-docker@774

@tanstack/ai-sandbox-local-process

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-sandbox-local-process@774

@tanstack/ai-sandbox-vercel

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-sandbox-vercel@774

@tanstack/ai-solid

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-solid@774

@tanstack/ai-solid-ui

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-solid-ui@774

@tanstack/ai-svelte

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-svelte@774

@tanstack/ai-utils

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-utils@774

@tanstack/ai-vue

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-vue@774

@tanstack/ai-vue-ui

npm i https://pkg.pr.new/TanStack/ai/@tanstack/ai-vue-ui@774

@tanstack/openai-base

npm i https://pkg.pr.new/TanStack/ai/@tanstack/openai-base@774

@tanstack/preact-ai-devtools

npm i https://pkg.pr.new/TanStack/ai/@tanstack/preact-ai-devtools@774

@tanstack/react-ai-devtools

npm i https://pkg.pr.new/TanStack/ai/@tanstack/react-ai-devtools@774

@tanstack/solid-ai-devtools

npm i https://pkg.pr.new/TanStack/ai/@tanstack/solid-ai-devtools@774

commit: 70e8962

AlemTuzlak and others added 14 commits June 16, 2026 17:04
…ential leakage

Security review (PR #774):
- argument injection: insert '--' end-of-options separators before positionals (clone url/target, add paths) and reject url/ref/dir/path values beginning with '-' (flag-smuggling guard)
- secrets in argv: stop embedding the auth token in the clone URL (leaked via ps/logs); use a one-shot credential.helper that reads the token from the child ENV, single-quoted so the outer shell never expands it
- 4 unit tests pinning: token absent from argv + present in env, '--' separators, leading-dash rejection, quote escaping
- @tanstack/ai-sandbox-docker: SandboxHandle over a Docker container
- create/resume-by-id/restoreSnapshot(commit image)/destroy; durable fs across stop/start
- exec + duplex spawn via dockerode exec + stream demux; fs over base64 piping (binary-safe, no tar dep)
- commit-based snapshot + fork; host.docker.internal gateway for host MCP reachability; publishPorts -> ports.connect
- exec-backed git reused from core
- 3 integration tests (gated on a reachable daemon) — verified green against a real daemon: exec, fs+binary round-trip, snapshot, resume, spawn streaming, ensure+bootstrap
- pnpm-workspace: declare dockerode's optional native deps (cpu-features, ssh2) as not-built (JS fallback, local socket)
- claudeCodeText now declares requires:[SandboxCapability] and spawns the claude CLI INSIDE the sandbox via sandbox.process (claude -p --output-format stream-json), reusing translateSdkStream for the stdout NDJSON
- prompt fed via stdin (not argv); session id surfaced as before; emits a file.changed CUSTOM event with the git diff after the run
- permission-mode/allowed/disallowed/add-dir/max-turns/system-prompt mapped to CLI flags; default permission-mode bypassPermissions (sandbox is isolated)
- drop @anthropic-ai/claude-agent-sdk + @modelcontextprotocol/sdk deps; remove the in-process tool bridge (chat()-tools MCP proxy deferred — adapter rejects tools for now); provider-options self-contained
- spawnNdjson gains an  option to feed stdin
- deterministic test via a fake claude CLI in a real local-process sandbox (24 tests); types + lint clean
Runnable demo (examples/sandbox-coding-agent) that runs Claude Code inside a sandbox to fix a bug end-to-end via chat() + withSandbox:
- bootstraps a tiny git repo with a deliberate bug, asks the agent to fix it, streams output + prints the git diff
- Docker provider by default (installs the claude CLI in setup); SANDBOX=local runs on the host process
- README with prerequisites + run instructions for manual e2e verification
…lag mapping; changesets

- SandboxPolicyCapability: withSandbox provides the definition policy (conditionally); harness adapters read it via getOptional
- claude-code maps defineSandboxPolicy (default decision + fileWrite/network caps + tool-name command rules) onto --permission-mode/--allowedTools/--disallowedTools (best-effort; fine-grained command globs await the MCP permission-prompt tool)
- changesets for the sandbox layer + updated claude-code changeset for the in-sandbox behavior
- policy-map unit tests (5)
- docs/sandbox/overview.md: mental model, providers, defineWorkspace/defineSandboxPolicy, lifecycle/resume, events, the runnable example (no as-casts; latest model id)
- docs/config.json: new Sandboxes section (addedAt 2026-06-16)
- packages/ai-sandbox/skills/ai-sandbox: agent skill covering the sandbox APIs + critical rules
- ship skills in the package files
- test:docs green
…n-sandbox agent

- startHostToolBridge: host-side Streamable-HTTP MCP server exposing chat() server tools; the in-sandbox claude calls mcp__tanstack__<tool>, proxied back to the host where execute() runs (closures/DB/secrets). Per-run bearer token; binds for host.docker.internal reachability from Docker
- adapter wires --mcp-config when tools are present, picks localhost vs host.docker.internal by provider, and tears the bridge down after the run; tools no longer rejected
- 3 host-side tests via the MCP SDK client (list/call/error/auth) — verified green without needing claude
- docs + skill updated to describe the tool-proxy
- @tanstack/ai-sandbox-cloudflare: cloudflareSandbox() on @cloudflare/sandbox (edge, inside a Worker)
- uniform SandboxHandle: exec, base64-backed fs, exec-backed git, exposePort preview URLs (previewHostname), setEnvVars; spawn via startProcess+onOutput queue
- ephemeral disk + no GA snapshots -> durableFilesystem/snapshots false (withSandbox re-bootstraps across cold starts); background processes have no stdin (documented; stdin-fed harnesses need local-process/docker)
- compiles against the real @cloudflare/sandbox types; 7 deterministic handle tests against a mock Sandbox (fs round-trip, exec, spawn queue, stdin limitation, port). Runtime verification pending a Workers runtime
- align @cloudflare/workers-types version with the workspace (sherif)
- codexText declares requires:[SandboxCapability]; spawns 'codex exec --experimental-json' inside the sandbox (mirroring @openai/codex-sdk's own CLI invocation), prompt via stdin, JSONL thread events → existing translateThreadEvents
- sandbox mode / approval policy / reasoning effort / add-dir / skip-git-repo-check / config mapped to codex CLI flags; resume via 'resume <id>'
- drop @openai/codex-sdk + @modelcontextprotocol/sdk + the in-process tool bridge; provider-options self-contained; chat()-tools bridging deferred (rejects tools)
- deterministic fake-codex-CLI test in a real local-process sandbox (27 tests); types/lint/knip/sherif clean
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/sandboxes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

tombeckenham and others added 15 commits June 30, 2026 19:45
Drop the harness package, its changeset, example integrations, Dockerfile
install step, and docs. Sandbox examples now support claude-code, codex, and
grok only.
Remove sandbox-coding-agent, sandbox-issue-triage, and ts-react-coding-agent;
sandbox-cloudflare and sandbox-web cover the same ground. Repoint the docs and
ai-sandbox README references to the surviving examples and prune the lockfile.
Add acpCompatible / acpCompatibleText — the harness equivalent of
openaiCompatible. Build a chat() text adapter for any ACP-compliant agent CLI
and plug it into a sandbox without a dedicated package: configure command
(stdio) or openTransport (WebSocket/custom) once, select a model per call. It
handles sandbox resolution, tool->MCP bridging, session resume, permission
modes (headless/interactive), abort, and AG-UI translation. Also exports the
shared buildAcpPrompt helper.

Includes an end-to-end stdio test against a real ACP agent, plus README and
docs pages.
- initialize handshake now sends clientInfo and validates the negotiated
  protocol version (closes the connection if the agent requires a newer one).
- translator surfaces non-text agent content (image/audio/resource blocks) as a
  CUSTOM event via a new optional 'contentEvent' label instead of dropping it;
  acpCompatible enables it as '<name>.message-content'. grok-build is unchanged
  (it doesn't set the label).
- tool results preserve non-text content (diffs, terminal, images) instead of
  collapsing to a status stub.
- document protocol coverage (covered / surfaced-as-custom / not-implemented) in
  the README and docs so we don't overclaim full-spec coverage.
Parity with openaiCompatible: declare a 'models' tuple for a type-safe model
union (harness('unknown') is now a compile error; omit to accept any string),
and a 'modelOptions' type-only brand ({} as { ... }) for the per-call options
accepted via chat({ modelOptions }). Declared options are merged with the base
ACP options and surfaced on ctx.modelOptions in command/openTransport so they
can be turned into CLI flags.
Add a dedicated sandbox Harnesses page listing the built-in harness adapters
(Grok Build, Claude Code, Codex, OpenCode) and acpCompatible for any ACP agent,
linking to the official ACP agents list + registry. Cross-link it from the
overview's harness axis and the Providers page.
Project withSandbox workspace skills into acpCompatible harnesses: MCP skills go
over ACP's native newSession mcpServers (resolving secret/bearer headers), and
gitSkills are linked into a new harness-declared skillsDir flag (e.g. .pi/skills,
like Claude Code's .claude/skills). fileSkill/instructions/secrets are handled by
bootstrap. agentSkill/plugins are warned-and-skipped. Exposes workspaceMcpServers
and projectAcpWorkspace.

Add an end-to-end sandbox-provisioning test suite driving a fake ACP agent in a
real local-process sandbox: asserts secrets reach the agent env, fileSkill +
instructions land as files, setup runs, permission modes behave (bypass allows /
default rejects / interactive emits an approval event), workspace MCP skills
reach newSession, and gitSkills link into skillsDir.

Fix a cross-provider path bug: the projector now runs shell copies relative to
the workspace root (the exec cwd) instead of the virtual /workspace absolute
path, which only fs.* remaps.
The package was removed from the workspace, so the changeset's reference to it
failed Changeset Preview ("package ... not in the workspace").
- Drop the @daytona/* minimumReleaseAge exclusions: 0.191.0 published
  2026-06-25, well past the 1-day gate, so they're no-ops (the lockfile pins
  the matched set).
- Remove the ad-hoc repro-local-grok.mjs / sandbox-live-smoke.mjs dev helpers
  (not part of the shipped surface) and the ai-sandbox README section that
  referenced the smoke script.
# Conflicts:
#	docs/config.json
#	examples/ts-react-chat/package.json
#	pnpm-lock.yaml
#	testing/e2e/package.json
@AlemTuzlak AlemTuzlak merged commit b628a4d into main Jun 30, 2026
10 checks passed
@AlemTuzlak AlemTuzlak deleted the feat/sandboxes branch June 30, 2026 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants