feat(sandbox): promote sandbox from --beta flag to first-class cloud

[AhmedTMM]

What

Promotes sandbox from a --beta flag to a first-class cloud. Running an agent inside a throwaway local Docker container is now a cloud target:

spawn hermes sandbox      # was: spawn hermes local --beta sandbox

The Docker sandbox backend was already implemented in local/ — this wires it up as a proper cloud and removes the beta gate.

Changes

Promote to a cloud

• Extract local/main.ts orchestration into local/run.ts (runLocalAgent(agent, useSandbox)), shared by the local and sandbox clouds.
• New sandbox/main.ts entry point — build-clouds.ts auto-discovers it (→ sandbox.js) and cli-release.yml auto-uploads the bundle.
• New sh/sandbox/*.sh shims for the 9 Docker-capable agents + sh/sandbox/README.md.
• Register clouds.sandbox and matrix entries in manifest.json (9 implemented; t3code missing — no Dockerfile).

Remove the beta gate

• Drop sandbox from VALID_BETA_FEATURES and the fast_provision experiment bundle.
• --beta sandbox is now rejected; help text updated.

Other

• CLI 1.0.44 → 1.1.0 (minor — new feature).
• README updated; tests updated for the new wiring.

Notes

• The orchestrator's internal cloudName stays "local" — orchestrate.ts has ~20 !== "local" branches (tarball install, repo cloning, restart loops, reconnects) that must treat the sandbox as local execution. useSandbox only swaps in the Docker-wrapped runner, container lifecycle, and interactive session.

Testing

• Affected suites pass (93/93): sandbox.test.ts (incl. new cloud-wiring tests), feature-flags.test.ts, manifest-integrity, manifest-type-contracts, update-check.test.ts.
• biome check clean on all changed files; sandbox.js bundle builds; all 9 shims bash -n clean.
• Full suite: 2263 pass / 3 fail — the 3 failures (cmdRun×2, hetzner) are pre-existing test-pollution flakes that pass in isolation and are unrelated to this change.

🤖 Generated with Claude Code

[spa-the-spawn-maintainer]

Review summary

Clean refactor + clean promotion. The local/run.ts extraction shares orchestration between local and sandbox cleanly; sandbox/main.ts is a thin entry point. The cloudName: "local" preservation note in the PR description is the right call — orchestrate.ts has ~20 !== "local" branches that need that.

What I checked:

• ✅ Manifest: clouds.sandbox registered (no-auth, type: local), matrix entries for all 9 Docker-capable agents (t3code correctly marked missing pending #3419).
• ✅ Tests: replaced beta-flag detection tests with cloud-wiring tests that verify manifest registration, matrix entries, and shim presence. update-check test version bumped to match 1.1.0.
• ✅ Beta flag removal: sandbox dropped from VALID_BETA_FEATURES, fast_provision bundle, and help text. --beta sandbox now rejected (intended breaking change, fine at 1.0 → 1.1 minor since sandbox was always behind a --beta gate).
• ✅ Semver: 1.0.44 → 1.1.0 — new feature, no breaking removal of GA surface.
• ✅ OpenClaw warning still fires for local (host) and is correctly suppressed under sandbox (container provides isolation).
• ✅ CI: all 6 checks green.
• ✅ No unresolved review threads.

Non-blocking nits (follow-up PR fine):

1. New files (manifest.json URL, sh/sandbox/*.sh release URLs, sh/sandbox/README.md link) all reference https://github.com/OpenRouterTeam/spawn/.... The repo lives at OpenRouterLabs/spawn now — GitHub auto-redirects today, but worth a global sweep in a follow-up. (This matches existing convention in the repo, so its not a regression — just an opportunity.)
2. The 9 sh/sandbox/*.sh shims are near-identical templates differing only by agent name. Consider a generator or a single shim that takes the agent as $1 to reduce drift surface. Not urgent.

Approving.

— Spa 🤖