feat(sandboxes): Wedge 1.13 — heartbeat + pluggable state snapshot/restore (S3 first)

Three additions on top of Wedge 1.12's warm sandbox pool:

1) Auto-warm: POST /sandboxes/:id/heartbeat refreshes idleExpiresAt
   without an LLM round-trip. Client (browser) fires it on keystroke +
   tab focus so the substrate doesn't die while the user is composing.
   ~5ms; returns the new clock.

2) Snapshot: POST /sandboxes/:id/snapshot captures the workdir
   (gzipped tar, built via tar-stream from agent.listWorkdir + fetchArtifact)
   plus metadata (config, turnCount, usage, sessionStoreRef if any)
   to a pluggable StateStore. 409 if state=busy.

3) Restore: POST /sandboxes/restore with target="new" creates a fresh
   sandbox from a snapshot (workdir overlaid via the existing
   attachments wire; conversation memory replays if a sessionStore was
   wired). target="<existingId>" disposes the substrate of an existing
   slot and swaps in a new ComputerAgent with the same sandboxId — a
   new "restoring" state guards against concurrent /chat during this
   surgery.

   Plus: GET /sandboxes/snapshots, DELETE /sandboxes/snapshots/:id.

   And `autoSave: { stateStore: {...} }` on POST /sandboxes runs a
   snapshot in the registry's preDispose hook before agent.dispose()
   fires (TTL, DELETE, or shutdown) — survives flaky backends, never
   blocks tear-down.

Architecture:

- New protocol/src/state-store.ts: StateStore interface, SandboxSnapshot,
  SnapshotFilter, SessionStoreRef, StateStoreConfig — mirrors TaskStore
  shape from Wedge 1.11.
- New @computeragent/state-store-s3 package: S3StateStore (PutObject
  meta.json + workdir.tar.gz under <prefix>/<id>/), s3StateStoreBuilder.
  AWS SDK credential chain (env / instance role) — no plaintext creds
  in the wire.
- MemoryStateStore in the example as the always-registered fallback.
- ComputerAgentServer gains stateStores registry + 5 new routes +
  takeSnapshot/createRestoredSandbox/replaceAgentInPlace helpers.
- examples/package.json: tar-stream (snapshot/restore packing).
- test.html: keystroke heartbeat pinger, snapshot/restore buttons,
  stateStore + autoSave toggles.
- scripts/test-sandboxes.py: +5 tests (heartbeat refresh, heartbeat 404,
  snapshot round-trip with memory store, snapshot 409 while busy,
  autoSave on dispose).

No SDK or runtime changes — listWorkdir/fetchArtifact + attachments
were already the right primitives.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: kapaleshreyas

examples/computeragent-server.ts

@@ -27,7 +27,12 @@
     "@computeragent/sdk": "workspace:*",
     "@computeragent/session-store-mongo": "workspace:*",
     "@computeragent/task-store-mongo": "workspace:*",
+    "@computeragent/state-store-s3": "workspace:*",
     "hono": "^4.6.0",
-    "@hono/node-server": "^1.13.0"
+    "@hono/node-server": "^1.13.0",
+    "tar-stream": "^3.1.7"
+  },
+  "devDependencies": {
+    "@types/tar-stream": "^3.1.3"
   }
 }

examples/package.json

@@ -17,6 +17,15 @@ export type {
   TaskArtifactRef,
   PersistedEvent,
 } from "./task-store.js";
+export { StateStoreConfig } from "./state-store.js";
+export type {
+  StateStore,
+  SandboxSnapshot,
+  SnapshotSummary,
+  SnapshotFilter,
+  SandboxUsage,
+  SessionStoreRef,
+} from "./state-store.js";
 export type { Logger, LogLevel, CreateLoggerOptions } from "./logger.js";
 export { createLogger, nopLogger } from "./logger.js";
 export type {

packages/protocol/src/index.ts

@@ -0,0 +1,128 @@
+import { z } from "zod";
+
+/**
+ * Sandbox state snapshot + restore.
+ *
+ * A `SandboxSnapshot` is a point-in-time capture of a warm sandbox's
+ * external state — the workdir (tarball) + metadata + an optional reference
+ * to a SessionStore where conversation memory lives. Engine subprocess state
+ * isn't snapshotted byte-for-byte; restoration relies on conversation log
+ * replay (via SessionStore) + workdir overlay (via attachments) to bring a
+ * fresh ComputerAgent back to "where it left off".
+ *
+ * The shape deliberately mirrors `TaskStore` (Wedge 1.11): the interface
+ * lives here; backends implement it; a `kind` wire descriptor lets clients
+ * pick a backend per-request.
+ */
+
+// ── Wire descriptor (the only thing crossing HTTP) ────────────────────────
+
+/**
+ * Lightweight descriptor a client POSTs to choose where snapshots go.
+ * `kind` matches a registered builder in the harness server's `stateStores`
+ * registry. `options` is opaque — the builder shape decides what it accepts.
+ */
+export const StateStoreConfig = z.object({
+  kind: z.string().min(1),
+  options: z.unknown().optional(),
+});
+export type StateStoreConfig = z.infer<typeof StateStoreConfig>;
+
+// ── Per-snapshot shape ────────────────────────────────────────────────────
+
+/**
+ * Aggregated token + cost rollup, accumulated from every `ca_usage_snapshot`
+ * during the sandbox's lifetime. Mirrors `TaskUsage` from `task-store.ts` so
+ * dashboards can reuse the same renderer. Duplicated rather than re-imported
+ * to keep the state-store module self-contained.
+ */
+export interface SandboxUsage {
+  readonly inputTokens?: number;
+  readonly outputTokens?: number;
+  readonly cacheCreationInputTokens?: number;
+  readonly cacheReadInputTokens?: number;
+  readonly costUsd?: number;
+}
+
+/**
+ * Optional pointer to where the conversation log lives. If set, restore
+ * pins the new sandbox's `sessionStore` to the same kind+options+sessionId
+ * so the engine replays prior turns on its first chat. If absent, restored
+ * sandbox starts with a fresh conversation (workdir is still recovered).
+ *
+ * `options` may contain credentials (mongo URL with password). The CALLER
+ * is responsible for redacting before save if they don't want them stored
+ * — the protocol doesn't second-guess. Bucket-level encryption / scoped
+ * IAM is the right defense.
+ */
+export interface SessionStoreRef {
+  readonly kind: string;
+  readonly options?: unknown;
+  readonly sessionId: string;
+}
+
+/**
+ * One complete snapshot. Backends serialize this however they like —
+ * S3 splits it into `meta.json` + `workdir.tar.gz`; memory keeps it intact;
+ * a future GCS backend could do the same as S3.
+ */
+export interface SandboxSnapshot {
+  readonly snapshotId: string;
+  readonly sourceSandboxId: string;
+  readonly sourceSessionId: string;
+  readonly takenAt: Date;
+  /** Redacted POST /sandboxes body — used by restore to recreate the agent. */
+  readonly config: Record<string, unknown>;
+  readonly turnCount: number;
+  readonly usage: SandboxUsage;
+  readonly sessionStoreRef?: SessionStoreRef;
+  /**
+   * gzipped tar of the workdir. Stored alongside the metadata; the wire
+   * format is the backend's choice. The protocol passes through Buffer
+   * — streams are a follow-up wedge if snapshots routinely exceed memory.
+   */
+  readonly workdirTar: Buffer;
+  /** Tarball byte size (compressed). */
+  readonly workdirBytes: number;
+  /** Number of files captured (uncompressed entry count). For UX in `list`. */
+  readonly workdirFileCount: number;
+}
+
+/** Snapshot minus the workdir bytes — for cheap listings. */
+export type SnapshotSummary = Omit<SandboxSnapshot, "workdirTar">;
+
+/**
+ * Filter for `listSnapshots`. All fields optional; backends apply them as
+ * additive predicates. Implementations that can't push filters into the
+ * underlying store may post-filter (S3 falls back to a prefix scan).
+ */
+export interface SnapshotFilter {
+  readonly sourceSandboxId?: string;
+  readonly since?: Date;
+  readonly limit?: number;
+}
+
+// ── The interface backends implement ──────────────────────────────────────
+
+/**
+ * Abstract state storage adapter. Implementations live in their own
+ * packages (`@computeragent/state-store-s3`, future redis/gcs/azure
+ * backends). The harness server only depends on this interface.
+ */
+export interface StateStore {
+  /**
+   * Persist a snapshot. Returns the canonical id (in case the backend
+   * normalizes it) + the on-the-wire size. MUST be atomic from the
+   * client's perspective — partial uploads should not surface in `list()`.
+   */
+  save(snap: SandboxSnapshot): Promise<{ snapshotId: string; sizeBytes: number }>;
+
+  /** Full snapshot + tarball. Returns `null` if the id doesn't exist. */
+  load(snapshotId: string): Promise<SandboxSnapshot | null>;
+
+  /** Snapshot summaries matching the filter, most-recent first. */
+  list(filter?: SnapshotFilter): Promise<readonly SnapshotSummary[]>;
+
+  /** Hard delete. Idempotent — deleting a missing id MUST NOT throw. */
+  delete(snapshotId: string): Promise<void>;
+}

packages/protocol/src/state-store.ts

@@ -132330,6 +132330,12 @@ var TaskStoreConfig = exports_external.object({
   kind: exports_external.string().min(1),
   options: exports_external.unknown().optional()
 });
+// ../protocol/dist/state-store.js
+init_zod();
+var StateStoreConfig = exports_external.object({
+  kind: exports_external.string().min(1),
+  options: exports_external.unknown().optional()
+});
 // ../protocol/dist/logger.js
 var LEVEL_ORDER = {
   debug: 10,

packages/runtime-e2b/assets/harness-bundle.mjs

@@ -173449,6 +173449,12 @@ var TaskStoreConfig = exports_external.object({
   kind: exports_external.string().min(1),
   options: exports_external.unknown().optional()
 });
+// ../protocol/dist/state-store.js
+init_zod();
+var StateStoreConfig = exports_external.object({
+  kind: exports_external.string().min(1),
+  options: exports_external.unknown().optional()
+});
 // ../protocol/dist/logger.js
 var LEVEL_ORDER = {
   debug: 10,

packages/runtime-local/assets/harness-bundle.mjs

@@ -132330,6 +132330,12 @@ var TaskStoreConfig = exports_external.object({
   kind: exports_external.string().min(1),
   options: exports_external.unknown().optional()
 });
+// ../protocol/dist/state-store.js
+init_zod();
+var StateStoreConfig = exports_external.object({
+  kind: exports_external.string().min(1),
+  options: exports_external.unknown().optional()
+});
 // ../protocol/dist/logger.js
 var LEVEL_ORDER = {
   debug: 10,

packages/runtime-vzvm/assets/harness-bundle.mjs

@@ -0,0 +1,46 @@
+{
+  "name": "@computeragent/state-store-s3",
+  "version": "0.1.0",
+  "description": "S3-backed StateStore for the ComputerAgent harness — persists workdir tarball + metadata per sandbox snapshot so clients can save and restore live sandbox state across the network.",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest run --passWithNoTests",
+    "clean": "rm -rf dist .turbo *.tsbuildinfo"
+  },
+  "dependencies": {
+    "@computeragent/protocol": "workspace:*",
+    "@aws-sdk/client-s3": "^3.700.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.5.0",
+    "vitest": "^2.0.0"
+  },
+  "keywords": [
+    "ai-agents",
+    "state-store",
+    "s3",
+    "snapshot",
+    "computeragent"
+  ],
+  "homepage": "https://github.com/open-gitagent/ComputerAgent",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/open-gitagent/ComputerAgent.git",
+    "directory": "packages/state-store-s3"
+  }
+}

packages/state-store-s3/package.json

@@ -0,0 +1,27 @@
+import type { StateStore } from "@computeragent/protocol";
+import { S3StateStore, type S3StateStoreOptions } from "./s3-store.js";
+
+/**
+ * One-call builder for the harness server's `stateStores` registry. Mirrors
+ * `mongoTaskStoreBuilder` / `mongoSessionStoreBuilder` — defaults supplied
+ * at registration time get merged with per-call options from the wire.
+ *
+ *   new ComputerAgentServer({
+ *     ...,
+ *     stateStores: { s3: s3StateStoreBuilder({ bucket: process.env.S3_BUCKET! }) },
+ *   });
+ *
+ * Per-request options merge ON TOP of the defaults — useful when different
+ * snapshots want different prefixes under the same bucket:
+ *
+ *   client body: stateStore: { kind: "s3", options: { prefix: "tenant-a/" } }
+ */
+export function s3StateStoreBuilder(
+  defaults: S3StateStoreOptions,
+): (options?: unknown) => StateStore {
+  if (!defaults.bucket) throw new Error("s3StateStoreBuilder: defaults.bucket is required");
+  return (options) => {
+    const overrides = (options ?? {}) as Partial<S3StateStoreOptions>;
+    return new S3StateStore({ ...defaults, ...overrides });
+  };
+}

packages/state-store-s3/src/builder.ts

@@ -0,0 +1,18 @@
+/**
+ * `@computeragent/state-store-s3` — S3 backend for the harness's
+ * `StateStore` interface. Persists sandbox snapshots (workdir tarball +
+ * metadata) so clients can save and restore live sandbox state.
+ *
+ *   import { s3StateStoreBuilder } from "@computeragent/state-store-s3";
+ *
+ *   new ComputerAgentServer({
+ *     ...,
+ *     stateStores: { s3: s3StateStoreBuilder({ bucket: process.env.S3_BUCKET! }) },
+ *   });
+ *
+ * Credentials follow the standard AWS SDK chain — prefer EC2 instance
+ * role or env vars over plaintext in `S3StateStoreOptions`.
+ */
+export { S3StateStore } from "./s3-store.js";
+export type { S3StateStoreOptions } from "./s3-store.js";
+export { s3StateStoreBuilder } from "./builder.js";