fix(triage-flow): drain queued tasks during shutdown (DEREM-38)

closeActiveSandboxes snapshots both maps and clears them, then awaits
sandbox.close() / coder delete on the snapshots. While those awaits
resolve, the sandboxes whose run() they're closing reject; that
resolves the in-flight runTriageAgent calls; pLimit's microtask-driven
runNext() then dequeues the next task; that task's runTriageAgent
calls createSandbox(), repopulating the maps with workspaces that
will not be reaped before process.exit() fires.

Add a module-level shutdownRequested flag set SYNCHRONOUSLY at the top
of the signal handler (before any await, so the flip is visible to
every microtask the cleanup unblocks). runTriageAgent checks it as
its first synchronous step and returns
{ status: 'skipped', message: 'shutdown requested' } without
provisioning a workspace, so post-snapshot tasks never reach the
createSandbox call site.

Testing: typecheck, lint, format:check clean. All 55 sandcastle tests
still pass; the new path is exercised on the signal pipeline which
unit tests don't cover, but the synchronous flag check is a
straight-line guard with no other branching.

Author: ThomasK33

.sandcastle/main.ts

@@ -348,6 +348,15 @@ const activeSandboxes = new Map<Sandbox, number>();
 // so we can also de-duplicate concurrent attempts on the same issue.
 const pendingWorkspaceNames = new Map<string, number>();
 
+// Set synchronously by the signal handler before any await. Checked at
+// the top of `runTriageAgent` so any task pLimit dequeues during cleanup
+// (in-flight runs completing as their sandboxes are closed cause queued
+// tasks to start) returns early without provisioning a new workspace.
+// Without this, those late-starting tasks would populate the maps that
+// `closeActiveSandboxes` already snapshotted, and the new workspaces
+// would be orphaned when `process.exit()` fires.
+let shutdownRequested = false;
+
 async function runTriageAgent(
   issue: TriageIssue,
   runId: string,
@@ -360,6 +369,20 @@ async function runTriageAgent(
   let sandbox: Sandbox | undefined;
   let result: TriageIssueSummary | undefined;
 
+  // Skip queued tasks that pLimit dequeues after a shutdown signal. The
+  // signal handler sets `shutdownRequested` synchronously before the
+  // first await in closeActiveSandboxes; any task that starts here after
+  // that point would otherwise call `createSandbox()`, populate the
+  // already-snapshotted maps, and orphan a workspace when
+  // `process.exit()` fires.
+  if (shutdownRequested) {
+    return {
+      issueNumber: issue.number,
+      status: 'skipped',
+      message: 'shutdown requested',
+    };
+  }
+
   try {
     workspaceName = workspaceNameForIssue(issue.number);
     const { createSandbox, claudeCode } = await import('@ai-hero/sandcastle');
@@ -586,6 +609,11 @@ function installSignalHandlers(): void {
       process.exit(signalExitCode(signal));
     }
     signalled = true;
+    // Set the shutdown flag SYNCHRONOUSLY before any await so queued
+    // pLimit tasks that get dequeued during cleanup (in-flight runs
+    // completing as their sandboxes are closed) see it and skip
+    // provisioning new workspaces.
+    shutdownRequested = true;
     console.error(
       `[afk-triage] received ${signal}; closing ${activeSandboxes.size} active sandboxes and ${pendingWorkspaceNames.size} in-flight workspaces (send ${signal} again to force-exit)`,
     );