docs(sandbox): clarify harness routing boundaries

.github/workflows/checks.yml

@@ -91,6 +91,25 @@ jobs:
           yarn install
           yarn format:check
 
+  copy:
+    name: copy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/cancel-workflow-action@0.11.0
+        with:
+          access_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/checkout@v3
+
+      - name: Use Node.js 22.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+
+      - name: harness copy
+        run: node ./scripts/check-harness-copy.mjs
+
   links:
     name: links
     runs-on: ubuntu-latest

components/LandingPage.tsx

@@ -14,14 +14,15 @@ const getStartedCards = [
   },
   {
     icon: <GrNodes />,
-    title: "Run work in secure sandboxes",
+    title: "Run work in isolated sandboxes",
     description: "Work executes in isolated runtimes with policies and limits.",
     link: "/infrastructure/introduction",
   },
   {
     icon: <GiToken />,
     title: "Operate the runtime",
-    description: "Host secure sandboxes and get paid through the protocol.",
+    description:
+      "Host protocol-backed runtimes and get paid through the protocol.",
     link: "/operators/introduction",
   },
   {
@@ -51,9 +52,10 @@ const LandingPage = () => {
             </h1>
             <p className="text-lg font-bold text-gray-700 md:font-normal lg:text-lg dark:text-gray-400">
               Teams and agents collaborate in shared workbenches or separate
-              ones, work runs in secure sandboxes, and the protocol pays the
-              operators who host the runtime. Workflows improve through agent
-              and task evaluations collected from each run.
+              ones, work runs in isolated sandboxes with explicit limits, and
+              the protocol pays operators who host protocol-backed services.
+              Workflows improve through agent and task evaluations collected
+              from each run.
             </p>
           </div>
 
@@ -79,8 +81,8 @@ const LandingPage = () => {
           </h2>
           <p className="mb-6 text-base text-gray-700 dark:text-gray-400">
             Teams and agents collaborate in shared workbenches or separate ones,
-            work runs in secure sandboxes, and the protocol pays the operators
-            who host the runtime.
+            work runs in isolated sandboxes with explicit limits, and the
+            protocol pays operators who host protocol-backed services.
           </p>
           <figure className="w-full">
             <div className="relative w-full min-h-[280px]">

package.json

@@ -11,6 +11,7 @@
     "build:sitemap": "next-sitemap --config next-sitemap.config.js",
     "build:pagefind": "pagefind --site .next/server/pages --output-path dist/_pagefind",
     "export": "next export",
+    "check:harness-copy": "node ./scripts/check-harness-copy.mjs",
     "check:tnt-core-sync": "node ./scripts/check-tnt-core-sync.mjs",
     "lint": "next lint && yarn format",
     "schema": "turbo-gen ./public/schema.json",

pages/ai/index.mdx

@@ -1,11 +1,11 @@
 ---
 title: AI
-description: The shared operating layer for autonomous work, unifying the agentic workbench, secure sandboxes, and operator payments.
+description: The shared operating layer for autonomous work, unifying the agentic workbench, isolated sandboxes, and operator payments.
 ---
 
 # AI
 
-Tangle is the shared operating layer for autonomous work. Teams and agents collaborate in shared workbenches or separate ones, work runs in secure sandboxes, and the protocol pays the operators who host the runtime. Workflows improve through agent and task evaluations collected from each run.
+Tangle is the shared operating layer for autonomous work. Teams and agents collaborate in shared workbenches or separate ones, work runs in isolated sandboxes with explicit policies and resource limits, and the protocol pays the operators who host protocol-backed services. Workflows improve through agent and task evaluations collected from each run.
 
 <figure>
   <img
@@ -30,9 +30,9 @@ Key traits:
 - **Simulations** for evaluating workflows across many tasks.
 - **Integrations** for connecting internal tools and data.
 
-## Secure Sandbox Runtime
+## Sandbox Runtime
 
-Work executes inside isolated sandboxes so tasks are contained and repeatable. The runtime is built to host autonomous work safely at scale.
+Work executes inside isolated sandboxes so tasks are contained and repeatable. The runtime separates lifecycle control from execution through an orchestrator and sidecar, then applies policy and resource limits before the task runs.
 
 Core capabilities:
 
@@ -46,18 +46,18 @@ Each run produces task and agent evaluations. That data feeds back into the work
 
 ## Inference Gateway
 
-The [Tangle Gateway](/gateway) is the inference routing layer. Agents and applications call a single API to access hundreds of models across centralized providers and decentralized operators. The gateway handles model selection, compliance routing, billing, and payment settlement.
+The [Tangle Gateway](/gateway) is the hosted inference routing layer. Agents and applications call one API, and the gateway applies provider policy, model selection, compliance filters, billing, and settlement rules before forwarding the request.
 
 Key capabilities:
 
 - **One API, any model.** OpenAI, Anthropic, Google, Groq, and 20+ providers.
-- **Decentralized operators.** Route to operators on the Tangle network who compete on price and latency.
+- **Operator routing.** Route to registered operators when a request pins an operator path or uses SpendAuth.
 - **Compliance.** [Zero Data Retention](/gateway/zdr) and [no-train](/gateway/no-train) routing with verified provider agreements.
-- **On-chain payments.** [SpendAuth](/gateway/spend-auth) — pay operators directly without a credit card.
+- **On-chain payments.** [SpendAuth](/gateway/spend-auth) lets users pay operators directly without a credit card.
 
 ## Learn More
 
-- [Gateway — Getting Started](/gateway/getting-started)
+- [Gateway: Getting Started](/gateway/getting-started)
 - [Workbench details](/vibe/introduction)
 - [Runtime and sandboxing](/infrastructure/introduction)
 - [Operator onboarding](/operators/introduction)

pages/blueprints/ai-agent-sandbox/dapp-and-indexer.mdx

@@ -60,10 +60,10 @@ The sandbox app is iframe-first. The parent dapp should:
 
 ## Bad copy to avoid
 
-Do not name the product after one harness. The sandbox may run opencode, Codex, Claude Code, Kimi, Gemini, or another advertised runtime, but the product is the sandbox service instance and operator API.
+Do not name the product after one harness. The Sandbox SDK supports OpenCode plus 12 peer backend types: Claude Code, Kimi Code, Codex, AMP, Factory Droids, Pi, Hermes, Forge, OpenClaw, ACP, Cursor, and CLI base. The current Sandbox UI picker exposes a subset plus NanoClaw. The AI Agent Sandbox blueprint's current all-harness sidecar advertises Claude Code, Codex, OpenCode, Kimi Code, and Gemini CLI. The product boundary is the sandbox service instance and operator API.
 
 Use capability language instead:
 
 - "This operator advertises `all_harness` support."
-- "This sidecar currently lists Claude Code, Codex, opencode, Kimi Code, and Gemini CLI."
+- "This sidecar currently lists Claude Code, Codex, OpenCode, Kimi Code, and Gemini CLI."
 - "The exact harness list comes from `/api/capabilities`."

pages/blueprints/ai-agent-sandbox/runtime-and-harnesses.mdx

@@ -7,7 +7,7 @@ description: Runtime backends, capability discovery, harnesses, and AI credentia
 
 The sandbox is the product. Harnesses are tools inside the sandbox.
 
-Do not describe this blueprint as an OpenCode integration, a Codex integration, or a Claude integration. A service instance asks the operator for runtime capabilities. The operator answers through `GET /api/capabilities`.
+Do not describe this blueprint as an OpenCode integration, a Codex integration, or a Claude integration. The Sandbox SDK supports OpenCode plus 12 peer backend types: Claude Code, Kimi Code, Codex, AMP, Factory Droids, Pi, Hermes, Forge, OpenClaw, ACP, Cursor, and CLI base. A blueprint service instance asks its operator for the live runtime set through `GET /api/capabilities`.
 
 ## Runtime backends
 
@@ -32,17 +32,17 @@ The current operator API returns two categories:
 | `computer_use` | Enables browser/computer-use sidecar services. |
 | `all_harness`  | Requests the all-harness sidecar runtime.      |
 
-The current all-harness sidecar in this repo installs:
+The current AI Agent Sandbox blueprint all-harness sidecar in this repo installs:
 
 | Harness     | ID            |
 | ----------- | ------------- |
 | Claude Code | `claude-code` |
 | Codex       | `codex`       |
-| opencode    | `opencode`    |
+| OpenCode    | `opencode`    |
 | Kimi Code   | `kimi-code`   |
 | Gemini CLI  | `gemini`      |
 
-This list is not the blueprint ABI. It is the operator's advertised capability set. A new sidecar image can add or remove harnesses while the blueprint jobs stay the same.
+This list is not the blueprint ABI, and it is smaller than the centralized sandbox picker. It is the operator's advertised capability set. A new sidecar image can add or remove harnesses while the blueprint jobs stay the same.
 
 ## Sidecar image
 
@@ -70,13 +70,13 @@ Operators should scope provider keys to the service instance. The blueprint ABI
 
 Common credential locations remain harness-specific:
 
-| Harness family | Typical config                                                         |
-| -------------- | ---------------------------------------------------------------------- |
-| Claude Code    | `/root/.claude` or `ANTHROPIC_API_KEY` style provider config.          |
-| Codex          | `/root/.codex` or OpenAI provider config.                              |
-| opencode       | `/root/.config/opencode`, `/root/.opencode`, or opencode provider env. |
-| Kimi           | `/root/.kimi` or `/root/.config/kimi`.                                 |
-| Gemini         | `/root/.gemini` or Google provider config.                             |
+| Harness family | Typical config                                                               |
+| -------------- | ---------------------------------------------------------------------------- |
+| Claude Code    | `/root/.claude` or `ANTHROPIC_API_KEY` style provider config.                |
+| Codex          | `/root/.codex` or OpenAI provider config.                                    |
+| OpenCode       | `/root/.config/opencode`, `/root/.opencode`, or OpenCode model/env settings. |
+| Kimi           | `/root/.kimi` or `/root/.config/kimi`.                                       |
+| Gemini         | `/root/.gemini` or Google provider config.                                   |
 
 The operator protects the session token, sidecar auth token, provider keys, and sandbox secrets. Losing one of those is a product incident, not a docs footnote.
 

pages/blueprints/ai-trading/operator-requirements.mdx

@@ -62,7 +62,7 @@ Public admission means public cost exposure. Every accepted bot can use CPU, dis
 
 The operator install path defaults new bots to paper trading. Paper mode uses live market data and simulated fills; it should not move capital.
 
-AI keys are optional. If you set `ZAI_API_KEY`, `ANTHROPIC_API_KEY`, `TANGLE_API_KEY`, or opencode provider env vars, agentic activation and chat can use your provider account. The operator docs are clear: there is no built-in per-bot, per-day, or total LLM spend cap today. Use provider-side billing limits.
+AI keys are optional. If you set `ZAI_API_KEY`, `ANTHROPIC_API_KEY`, `TANGLE_API_KEY`, or OpenCode model/env settings, agentic activation and chat can use those settings when the selected sidecar advertises OpenCode. Treat OpenCode as one harness inside the same capability model as Claude Code, Kimi Code, Codex, AMP, Factory Droids, Pi, Hermes, Forge, OpenClaw, ACP, Cursor, CLI base, or a smaller blueprint sidecar subset. The operator docs are clear: there is no built-in per-bot, per-day, or total LLM spend cap today. Use provider-side billing limits.
 
 ## Public endpoint
 

pages/blueprints/ai-trading/runtime-and-risk.mdx

@@ -58,12 +58,12 @@ Trading bots can run deterministic ticks without model provider keys. Agentic ac
 
 Current repo examples include:
 
-| Key                 | Used for                                                                 |
-| ------------------- | ------------------------------------------------------------------------ |
-| `ZAI_API_KEY`       | Z.ai based agentic flows.                                                |
-| `ANTHROPIC_API_KEY` | Anthropic model access.                                                  |
-| `TANGLE_API_KEY`    | Tangle-hosted/Router-backed model or telemetry paths depending on setup. |
-| `OPENCODE_MODEL_*`  | opencode provider/model routing inside the sidecar.                      |
+| Key                 | Used for                                                                                           |
+| ------------------- | -------------------------------------------------------------------------------------------------- |
+| `ZAI_API_KEY`       | Z.ai based agentic flows.                                                                          |
+| `ANTHROPIC_API_KEY` | Anthropic model access.                                                                            |
+| `TANGLE_API_KEY`    | Tangle Router model calls or Tangle-hosted telemetry paths depending on setup.                     |
+| `OPENCODE_MODEL_*`  | OpenCode model settings when the sidecar advertises OpenCode beside the other supported harnesses. |
 
 If an operator sets keys, the operator pays unless another billing path is wired. There is no default per-bot LLM budget guard. Use allowlists, capacity caps, and provider billing limits.
 

pages/blueprints/operator-matrix.mdx

@@ -35,15 +35,15 @@ The three first-party blueprints do not fail the same way. A sandbox operator ru
 
 ## AI and inference credentials
 
-| Blueprint        | Can boot without model keys?                                                                               | Keys needed for                                                                                                                                                       | Budget risk                                                                                                                                    |
-| ---------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
-| AI Agent Sandbox | Yes. Lifecycle, terminals, files, ports, snapshots, and non-model commands can work without provider keys. | Prompt, task, and workflow execution through a selected harness or model provider.                                                                                    | Provider spend belongs to whoever injects the key into the service instance.                                                                   |
-| AI Trading       | Yes. Deterministic strategy ticks and paper bots can run without model keys.                               | Agentic activation, chat, and model-driven strategy work. Current examples include `ZAI_API_KEY`, `ANTHROPIC_API_KEY`, `TANGLE_API_KEY`, and opencode model env vars. | The operator pays unless the product adds a separate customer billing rail. Default operator docs warn there is no built-in per-bot spend cap. |
-| Surplus Market   | The order book and dry-run venue can run without inference.                                                | Bonded credit redemption needs a real backend such as managed vLLM or an OpenAI-compatible API the operator controls.                                                 | A bonded issuer is financially exposed if it sells credits it cannot redeem. Router fallback is not acceptable for bonded issuance.            |
+| Blueprint        | Can boot without model keys?                                                                               | Keys needed for                                                                                                                     | Budget risk                                                                                                                                    |
+| ---------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
+| AI Agent Sandbox | Yes. Lifecycle, terminals, files, ports, snapshots, and non-model commands can work without provider keys. | Prompt, task, and workflow execution through a selected harness or model provider.                                                  | Provider spend belongs to whoever injects the key into the service instance.                                                                   |
+| AI Trading       | Yes. Deterministic strategy ticks and paper bots can run without model keys.                               | Agentic activation, chat, and model-driven strategy work. OpenCode model env vars apply only when the sidecar advertises that path. | The operator pays unless the product adds a separate customer billing rail. Default operator docs warn there is no built-in per-bot spend cap. |
+| Surplus Market   | The order book and dry-run venue can run without inference.                                                | Bonded credit redemption needs a real backend such as managed vLLM or an OpenAI-compatible API the operator controls.               | A bonded issuer is financially exposed if it sells credits it cannot redeem. Router fallback is not acceptable for bonded issuance.            |
 
 ## Harnesses are not the product boundary
 
-The sandbox product is the sandbox service instance plus its operator API. The current all-harness sidecar in the sandbox blueprint advertises Claude Code, Codex, opencode, Kimi Code, and Gemini CLI through `GET /api/capabilities`.
+The sandbox product is the sandbox service instance plus its operator API. The Sandbox SDK supports OpenCode, Claude Code, Kimi Code, Codex, AMP, Factory Droids, Pi, Hermes, Forge, OpenClaw, ACP, Cursor, and CLI base. The current all-harness sidecar in the sandbox blueprint advertises Claude Code, Codex, OpenCode, Kimi Code, and Gemini CLI through `GET /api/capabilities`.
 
 That endpoint is the contract the app should read. Do not make docs or UI copy pretend OpenCode, Codex, or any one harness is the integration. Harness support can change by publishing a new sidecar image without changing the blueprint ABI.
 

pages/blueprints/protocol-model.mdx

@@ -7,7 +7,7 @@ description: "The blueprint lifecycle: template, operator registration, service
 
 Blueprints are easy to explain badly because one word gets used for too many things. Keep the layers separate.
 
-A blueprint is the template. It defines what can be run: jobs, metadata, binaries, app routing, and optional Blueprint Service Manager logic. Operators register for that template. A user requests a service instance from a set of registered operators. That service instance is the thing the user actually uses.
+A blueprint is the template. It defines what can be run: jobs, metadata, binaries, app routing, and optional Blueprint Service Manager logic. Operators register for that template. A user requests a service instance from a set of registered operators. The user interacts with the service instance, not the template.
 
 ## The lifecycle