sandbox: dynamic directory mount & snapshot in go + adds detach

[thomasjpfan]

This PR cherry picks files from the following PRs to just implement the dynamic directory mounts for Go:

• Implement sandbox exec through command router - Go #242
• sandbox: dynamic directory mount & snapshot - Go #243

This includes the task command router. I think this is a smaller change and does not impact any public API around sb.exec. Once we have this in, then #242 is easier to review.

[cursor]

PR Summary

Medium Risk
Introduces a new gRPC client path (command router) with custom auth/retry logic and changes a public method signature (Sandbox.Terminate), which can impact sandbox lifecycle behavior and compatibility.

Overview
Adds explicit Sandbox connection lifecycle management and new experimental directory image mounts/snapshots in the Go SDK. Sandbox.Detach() is introduced, most Sandbox operations now fail with a new SandboxDetached error after detaching, and Sandbox.Terminate changes signature to Terminate(ctx, detach bool, params) with all examples/tests updated accordingly.

Sandbox directory mounts are implemented via a new taskCommandRouterClient (with JWT refresh + retry handling) and exposed as Sandbox.ExperimentalMountImage and Sandbox.ExperimentalSnapshotDirectory, plus a new end-to-end example and tests. Client gRPC dialing also bumps initial window sizes, and config gains Profile.isLocalhost() to relax router TLS for localhost dev.

^{Written by Cursor Bugbot for commit 9427661. This will update automatically on new commits. Configure here.}

[ehdr]

I think this whole thing should no longer be needing after @saltzm fixed something server side, so might work if you just remove it and use the default?

[thomasjpfan]

Updated PR with:

• Remove the ALPN workaround and verify that taking to the TCR still works
• Adds Detach back to both typescript and go

[thomasjpfan]

I updated PR:

• Disable almost every operation after Detach and added test for this behavior* (Details below)
• Removed the JS changes, the PR is already getting too big. I'll open a smaller PR to add Detach to JS.

While implementing this, I made some decisions that are debatable:

• Terminate is still allowed after Detach. It feels a little weird to not be able to terminate the sandbox after detach.
  • I'm open to changing this.
• Terminate does not mark the sandbox as detached, so you can still call sb.Wait after calling Terminate. Terminate will still close the task command routers.
  • An alternative is to allow Terminate , Wait and Poll for a detached sandbox and have Terminate mark the sandbox as detached.

[saltzm]

Everything looks good mod the comment about task_command_router_insecure which isn't being used anymore in the python client

[saltzm]

I think I might find this error message confusing if I do like sb.Exec() and get this back - I'll be like "why is it telling me not to call Detach, I'm calling Exec".

I'd expect something more like "Unable to perform operation on a detached sandbox" or "Operations on sandbox after Detach are not allowed" or some such thing

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}