Pass sandbox management auth from server

[ben-fornefeld]

Summary

• pass sandbox SDK auth through a route-specific prop only for terminal and filesystem inspect
• construct sandbox SDK auth headers in a server-only helper instead of inline in client-boundary JSX
• keep client-safe AuthUser in the auth module models while AuthContext stays server-side
• remove browser Supabase session lookups from sandbox SDK client helpers
• update the e2b SDK to 2.27.1

Boundary check

• client-only scan has no authContext/accessToken/access_token/server-auth imports
• sandboxManagementAuth remains only on terminal and filesystem inspect client surfaces

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
web	Ready	Preview, Comment	Jun 5, 2026 11:28pm
web-juliett	Ready	Preview, Comment	Jun 5, 2026 11:28pm

[cursor]

PR Summary

Medium Risk
Access tokens and team headers still reach client components for E2B SDK calls; behavior depends on server routes always gating pages (filesystem page newly enforces this).

Overview
Bumps the e2b SDK from ^2.14.0 to ^2.27.1 (lockfile also picks up newer tar / undici).

Sandbox terminal and filesystem inspect no longer call Supabase getSession() in the browser. Server routes build a sandboxManagementAuth object (createSandboxManagementAuth: API headers + userId) and pass it into DashboardTerminal, SandboxInspectView / SandboxInspectProvider, and openTerminalSandbox / Sandbox.connect.

AuthUser lives in @/core/modules/auth/models so dashboard client code does not import server auth types. The filesystem inspect page adds server-side auth and team slug resolution before rendering.

^{Reviewed by Cursor Bugbot for commit 2a747ca. Bugbot is set up for automated code reviews on this repo. Configure here.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b18de9a12a

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[Copilot]

Pull request overview

This PR refactors dashboard sandbox SDK usage so that sandbox-management authentication (Supabase token + team header + user id) is provided by server-rendered routes and then passed into client-side helpers/components, instead of being fetched from the browser Supabase client at call time.

Changes:

• Introduces a SandboxManagementAuth shape and threads it through terminal and sandbox-inspect client code.
• Removes browser Supabase session lookups from terminal sandbox session logic and inspect connection logic.
• Updates the terminal and filesystem inspect server pages to construct and pass sandbox-management auth headers from the server.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/unit/dashboard-terminal.test.ts	Updates unit tests to pass sandboxManagementAuth instead of mocking browser Supabase session lookups.
src/features/dashboard/terminal/sandbox-session.ts	Refactors terminal sandbox open/connect/create to use provided sandboxManagementAuth headers/userId.
src/features/dashboard/terminal/dashboard-terminal.tsx	Updates terminal component API to accept and forward sandboxManagementAuth.
src/features/dashboard/sandbox/sandbox-management-auth.ts	Adds shared SandboxManagementAuth interface.
src/features/dashboard/sandbox/inspect/view.tsx	Threads sandboxManagementAuth into the inspect provider.
src/features/dashboard/sandbox/inspect/context.tsx	Uses provided headers for Sandbox.connect instead of fetching browser session.
src/app/dashboard/terminal/page.tsx	Constructs sandboxManagementAuth server-side and passes into the terminal client component.
src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/filesystem/page.tsx	Fetches auth context + team id server-side and passes sandboxManagementAuth into sandbox inspect view.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 94193ff. Configure here.}