sandbox-v2-lifecycle
$
npx mdskill add vercel-labs/vercel-openclaw/sandbox-v2-lifecycleManage persistent OpenClaw sandboxes with Vercel SDK v2 semantics.
- Automate sandbox creation, resumption, and lifecycle control.
- Integrates with Vercel Sandbox v2 and OpenClaw runtime.
- Executes SDK commands based on persistent auto-save state.
- Delivers sandbox status and diagnostic snapshots to agents.
SKILL.md
.github/skills/sandbox-v2-lifecycleView on GitHub ↗
---
name: sandbox-v2-lifecycle
description: "Vercel Sandbox v2 lifecycle expertise for vercel-openclaw: named persistent OpenClaw sandbox create/resume/stop/delete, persistent auto-save truth, manual snapshot diagnostics, short-lived worker sandboxes, hot spares, and SDK v2 semantics."
---
# Sandbox v2 Lifecycle
Use this skill for `vercel-openclaw` sandbox lifecycle, restore, stop, reset, hot-spare, worker sandbox, and debug timing work.
## Source Of Truth
Official Vercel Sandbox v2 docs are authoritative. Repo docs or agent guidance that assumes v1/manual snapshot restore is stale unless already updated.
Load references only as needed:
- `references/vercel-sandbox-v2-persistent.md` — persistent sandbox auto-save/resume/name/session model.
- `references/vercel-sandbox-v2-sdk.md` — SDK calls, resume flags, delete, command behavior, and network policy notes.
- `references/vercel-sandbox-v2-snapshots.md` — manual Snapshot API semantics.
- `references/vercel-openclaw-lifecycle-map.md` — repo-specific invariants and owner files.
## Core Model
- Main OpenClaw runtime is one named persistent sandbox.
- Persistent `stop()` auto-saves filesystem state; no manual `snapshot()` is needed for normal stop.
- Normal wake resumes by name with `Sandbox.get({ name, resume: true })` through the repo controller.
- `resume` defaults false; use `resume:false` for observation/status reconciliation.
- Commands may auto-resume stopped persistent sandboxes; `stop()` and `update()` do not.
- Manual `snapshot()` is explicit/debug/checkpoint only. It shuts the sandbox down; do not call `stop()` afterward.
- `delete()` permanently removes the persistent sandbox and its sessions/snapshots.
- Worker/debug sandboxes are short-lived; pass `persistent:false`.
## Repo Invariants
- Preserve one persistent OpenClaw sandbox, Redis metadata, channel wake/restore, and short-lived workers.
- Keep SDK access behind `src/server/sandbox/controller.ts` except documented raw SDK debug routes.
- Distinguish host metadata status, SDK status/session, gateway readiness, persistent auto-saved state, and manual Snapshot APIs.
- Do not use manual `snapshotId` as the normal restore gate.
- Preserve `resume:false` during snapshotting/stopped observation.
- Keep lifecycle locks and fail-closed firewall behavior.
## Workflow
1. Read `lat.md/sandbox-lifecycle.md`, `docs/lifecycle-and-restore.md`, and relevant references from this skill.
2. Inspect `src/server/sandbox/lifecycle.ts`, `controller.ts`, `restore-attestation.ts`, `hot-spare.ts`, and worker sandbox code.
3. Classify whether the change affects persistent resume, manual snapshots, reset/delete, workers, or debug diagnostics.
4. Patch the smallest surface that fixes the v2 truth model.
5. Add or adjust targeted tests before broad verification.
## Verification
Run the narrowest covering test first, then broader gates for lifecycle changes:
```bash
node --import tsx --test src/server/sandbox/restore-attestation.test.ts
pnpm run test:lifecycle
pnpm run typecheck
pnpm run lint
lat check
```
When touching launch verification or preflight, also run `pnpm run verify:observability-pass`.
More from vercel-labs/vercel-openclaw
- admin-ui-debugAdmin UI and operator surface debugging for vercel-openclaw: command shell design, admin actions, request core, status panels, launch verification UI, channel readiness UI, and local read-only production-data workflows. Use when the root admin UI, controls, visual state, or operator copy is wrong.
- auth-store-debugAuth and store debugging for vercel-openclaw: admin-secret mode, Sign in with Vercel, session cookies, CSRF, LOCAL_READ_ONLY, Redis vs memory store, keyspace namespacing, and metadata shape migrations. Use when login, route authorization, Redis persistence, or metadata state is suspect.
- channel-debug-coreChannel webhook triage for vercel-openclaw Slack/Telegram/Discord/WhatsApp issues: prove deployment state, collect admin readiness endpoints, build evidence-first handoff before fixes.
- channel-forward-parityWebhook route parity audit for channel delivery changes: ensure terminal paths log, record lastForward, classify failures, and refresh stale sandbox port URLs.
- cron-watchdog-debugCron and watchdog debugging for vercel-openclaw: Vercel Cron auth, persisted OpenClaw jobs, cron wake keys, token refresh, restore oracle, hot spare, and watchdog reports. Use when scheduled OpenClaw jobs fail to wake or run, watchdog status is wrong, cron persistence is suspect, or /api/cron/watchdog behavior changes.
- discord-deliveryDiscord channel specialist workflow: debug interaction webhooks, Ed25519 signatures, deferred replies, workflow forwarding to /discord-webhook, integration reconcile, and token expiry.
- firewall-ai-gateway-debugFirewall and Vercel AI Gateway debugging for vercel-openclaw: network policy allowlists, OIDC token refresh, AI Gateway transform rules, firewall learning/enforcement, and sandbox.update networkPolicy calls. Use when model calls, egress, token refresh, or firewall policy application fails.
- gateway-proxy-debugGateway and proxy debugging for vercel-openclaw: /gateway routing, HTML injection, WebSocket rewrite, gateway-token handoff, waiting page, status heartbeat, sandbox port URL cache, and proxy auth. Use when the OpenClaw UI, WebSockets, gateway proxying, or waiting-page flow breaks.
- lat-md>-
- launch-verify-debugLaunch verification and remote smoke debugging for vercel-openclaw: preflight, queue ping, ensureRunning, chatCompletions, wakeFromSleep, restorePrepared, channelReadiness, NDJSON progress, and vclaw create readiness. Use when launch verification, vclaw create validation, or remote smoke checks fail.