Skip to content

deps: bump @ai-hero/sandcastle from 0.10.0 to 0.12.0 in /.sandcastle#101

Merged
github-actions[bot] merged 2 commits into
mainfrom
dependabot/npm_and_yarn/dot-sandcastle/ai-hero/sandcastle-0.12.0
Jul 4, 2026
Merged

deps: bump @ai-hero/sandcastle from 0.10.0 to 0.12.0 in /.sandcastle#101
github-actions[bot] merged 2 commits into
mainfrom
dependabot/npm_and_yarn/dot-sandcastle/ai-hero/sandcastle-0.12.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps @ai-hero/sandcastle from 0.10.0 to 0.12.0.

Release notes

Sourced from @​ai-hero/sandcastle's releases.

v0.12.0

Minor Changes

  • 1e15922: Bump default Claude Code model from claude-opus-4-7 to claude-opus-4-8. The new default applies to the DEFAULT_MODEL constant, the claude-code agent entry surfaced by sandcastle init, and the scaffolded templates (blank, parallel-planner, parallel-planner-with-review). Passing an explicit model to claudeCode(...) is unaffected.
  • 0f577a4: Add sandbox.exec(command, options?) to the Sandbox handle returned by createSandbox() (and by worktree.createSandbox()). The method delegates to the provider handle's exec() and returns the full ExecResult — non-zero exitCode is surfaced, not thrown — so harnesses can run shell commands (tests, lints, custom verification gates) directly in the same warm sandbox between run() calls without reaching for the underlying provider handle. cwd defaults to the sandbox repo path so behavior is consistent across providers; pass cwd to override.

Patch Changes

  • c505d49: Fix file-mode logging so streamed agent text flows as contiguous prose instead of one chunk per line. Added a dedicated textChunk streaming method to the display service (raw, no implied newline in file mode) and pointed the text-delta buffer at it, leaving the line-oriented text() for discrete entries like context-window summaries. Structured entries (tool calls, status, summaries) still always begin on their own line, even when they immediately follow a mid-line streamed chunk.
Changelog

Sourced from @​ai-hero/sandcastle's changelog.

0.12.0

Minor Changes

  • 1e15922: Bump default Claude Code model from claude-opus-4-7 to claude-opus-4-8. The new default applies to the DEFAULT_MODEL constant, the claude-code agent entry surfaced by sandcastle init, and the scaffolded templates (blank, parallel-planner, parallel-planner-with-review). Passing an explicit model to claudeCode(...) is unaffected.
  • 0f577a4: Add sandbox.exec(command, options?) to the Sandbox handle returned by createSandbox() (and by worktree.createSandbox()). The method delegates to the provider handle's exec() and returns the full ExecResult — non-zero exitCode is surfaced, not thrown — so harnesses can run shell commands (tests, lints, custom verification gates) directly in the same warm sandbox between run() calls without reaching for the underlying provider handle. cwd defaults to the sandbox repo path so behavior is consistent across providers; pass cwd to override.

Patch Changes

  • c505d49: Fix file-mode logging so streamed agent text flows as contiguous prose instead of one chunk per line. Added a dedicated textChunk streaming method to the display service (raw, no implied newline in file mode) and pointed the text-delta buffer at it, leaving the line-oriented text() for discrete entries like context-window summaries. Structured entries (tool calls, status, summaries) still always begin on their own line, even when they immediately follow a mid-line streamed chunk.

0.11.0

Minor Changes

  • 9f3f6d5: Add maxRetries to Output.object and Output.string for built-in retry of structured-output runs. When extraction or validation fails, run() resumes the failed agent session and feeds back a token-efficient description of the error so the agent can re-emit a corrected tag, up to maxRetries extra attempts (default: 0). Retries require an agent provider that supports session resumption (claudeCode, codex, pi); calling run() with maxRetries > 0 against a non-resumable provider (cursor, opencode, copilot) fails at entry with a clear error.
  • bce86dd: Add resumeSession to sandbox.run() and expose .resume(prompt, options?) / .fork(prompt, options?) on SandboxRunResult. The new options mirror RunOptions.resumeSession and RunResult.resume()/fork(), but continue the agent session inside an existing long-lived createSandbox() container — so the container, worktree, and on-ready dependencies stay warm across implement → review → edit phases instead of each phase paying container boot. Resume is gated on the session-capture fix in this release; non-bind-mount providers skip capture and therefore have nothing to resume from.

Patch Changes

  • bce86dd: Fix createSandbox().run() and createWorktree().run() not capturing the agent session on bind-mount providers — iterations[].usage stayed undefined, and the resulting "Context window: NNNk" line never printed. The reuseFactoryLayer that both entry points install was dropping bindMountHandle from the SandboxInfo it passed to the orchestrator, so the session-capture gate (provider.captureSessions && provider.sessionStorage && sessionId && bindMountHandle) silently no-op'd. The handle is now plumbed through, gated on sandbox.tag === "bind-mount" so isolated and no-sandbox providers still bypass capture cleanly.
  • f7879c5: Fix createWorktree({ branchStrategy: { type: "merge-to-head" } }) not merging the agent's commits back to the host's current branch. wt.run(), wt.interactive(), and wt.createSandbox() previously forwarded the worktree's temp branch as an explicit branch, which routed SandboxLifecycle through its "explicit branch" path and skipped the merge step entirely — commits landed on the temp branch but never on HEAD. They now pass branch: undefined (so the lifecycle records the host's current branch and merges back to it) while keeping the worktree's source branch alive for subsequent calls.
  • 0e1df92: Fix Cursor Dockerfile failing on macOS hosts where the user's GID is 20 (already used by the dialout group in node:22-bookworm). groupmod/usermod in the Cursor template now use -o (--non-unique), matching the other agent templates.
  • 702d829: Fix noSandbox() failing with spawn sh ENOENT in PowerShell / cmd.exe on Windows. The provider now routes exec commands through cmd.exe /d /s /c on Windows and spawns interactive agents with shell: true so npm .cmd/.ps1 wrappers (e.g. claude.cmd) resolve via PATHEXT. POSIX hosts are unchanged.
  • 9a895ba: Fix Docker bind-mount sandbox failing on Windows hosts with too many colons when launched via interactive() (non-head strategy), worktree.interactive(), or worktree.run(). These three entry points called resolveGitMounts but skipped the patchGitMountsForWindows step, so the parent .git mount kept its C:\... sandbox path and Docker rejected the resulting volume string. They now mirror the existing wiring in SandboxFactory and createSandbox.
  • 595e21e: Improve the WorktreeManager error raised when the requested branch is already checked out in the host's main working tree (or any other unmanaged worktree). The message now explains why this happens — sandcastle's branch and merge-to-head strategies run the agent in a git worktree under .sandcastle/worktrees/, and git refuses to check out the same branch in two worktrees at once — and tells the caller to pick a different branch or switch the main working tree first. No behaviour change: sandcastle still does not attempt smart recovery here.
Commits
  • e99f832 Merge pull request #832 from mattpocock/changeset-release/main
  • 085666a Version Packages
  • 73f15d1 Merge pull request #858 from mattpocock/agent/issue-857-filedisplay-text-appe...
  • badf657 fix: keep structured log entries on a fresh line after streamed chunks
  • c505d49 fix: stream agent text as raw chunks in file mode
  • 2d93226 Merge pull request #843 from mattpocock/agent/issue-838-bump-default-claude-o...
  • 1e15922 feat: bump default Claude opus model to claude-opus-4-8
  • fa13253 Merge pull request #822 from mattpocock/changeset-release/main
  • cb9a4b1 Merge pull request #831 from mattpocock/agent/issue-788-expose-exec-on-reusab...
  • 0f577a4 feat(createSandbox): expose exec() on reusable sandbox handles
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@ai-hero/sandcastle](https://github.com/mattpocock/sandcastle) from 0.10.0 to 0.12.0.
- [Release notes](https://github.com/mattpocock/sandcastle/releases)
- [Changelog](https://github.com/mattpocock/sandcastle/blob/main/CHANGELOG.md)
- [Commits](mattpocock/sandcastle@v0.10.0...v0.12.0)

---
updated-dependencies:
- dependency-name: "@ai-hero/sandcastle"
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, sandcastle-upgrade. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions github-actions Bot enabled auto-merge (squash) July 3, 2026 12:54
The patch only added a promptCompression field to sandcastle's own
.d.ts (from PR #85) — a design this codebase never adopted; compression
is applied directly to the prompt string before calling run()
(sandbox-runner.ts), not via a promptCompression callback passed into
it. No longer applies cleanly against 0.12.0 and isn't needed: nothing
in .sandcastle/*.ts references promptCompression.

Verified: npm install applies zero patches cleanly, 222/222 tests pass,
typecheck clean.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@github-actions github-actions Bot merged commit 7097fb4 into main Jul 4, 2026
3 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dot-sandcastle/ai-hero/sandcastle-0.12.0 branch July 4, 2026 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant