Update Turbo for sbx v0.28.0 features

[sagalbot]

Context

sbx v0.28.0 shipped with several features and fixes relevant to Turbo. This issue tracks updates needed to take advantage of new capabilities and keep documentation accurate.

---

Tier 1 — New user-facing features

1. Add --kit support to sandbox creation and interactive sessions

Kits are a new first-class mechanism for declaratively extending sandboxes with network policies, env vars, install/startup commands, and file injection. Syntax: sbx run --kit ./my-kit/ claude or sbx run --kit "git+https://..." claude.

What to do:

• Add turbo.docker.kits config option (array of kit paths/URLs)
• Pass --kit flags in DockerSandbox::createProcess() and runInteractive()
• Document kits in CLAUDE.md and README

This lets users compose kits (e.g. the code-server kit for web VS Code) on top of their Turbo sandbox. See sbx-kits-contrib for available community kits.

2. Add turbo:cp command wrapping sbx cp

New sbx cp command enables bidirectional host↔container file copying. Currently there's no easy way for users to copy files in/out of a running sandbox — file injection is either at build time (Dockerfile COPY) or via sbx exec with heredocs.

What to do:

• Add cpProcess() method to DockerSandbox
• Add turbo:cp artisan command
• Update CLAUDE.md capability matrix

3. Update CLAUDE.md capability matrix

Several additions/changes to document:

Section	Update
Capability Matrix	Add sbx cp, --kit flag, SSH agent forwarding
Main Commands	Add sbx cp reference, document --kit on create/run
Secret section	Note secret set-custom --host (renamed from --target)
Docker Sandbox Patterns	Note tini init process (zombie reaping), graceful agent shutdown
New section	.worktreeinclude for worktree branches
New section	Kits framework overview

---

Tier 2 — Improvements

4. Surface template update check output during turbo:install

sbx create/sbx run now check for updated template images. Currently InstallCommand::offerDockerSetup() runs createProcess()->run() without an output callback, so any template update messages are silently swallowed.

What to do: Add an output callback so users see when springloadedco/turbo:latest has a newer version available.

5. Document .worktreeinclude and kits in README

.worktreeinclude lets gitignored files (.env, vendor/, node_modules/) be included when using --branch worktrees. Useful for projects where the sandbox needs files that are normally gitignored.

---

Tier 3 — Nice to have

6. Enhance turbo:doctor to verify policy rules

sbx policy ls now surfaces the implicit deny baseline. turbo:doctor could parse this output to verify that expected host access policies are in place, rather than only checking /etc/hosts entries.

7. Consider expressing OAuth relay setup as a kit

The socat relay setup (setupOauthRelay) is currently imperative. A kit's initFiles + startup commands could potentially express this declaratively. Low priority since the current approach works well.

---

No action needed (awareness only)

• SSH agent forwarding — now automatic. The Dockerfile's SSH→HTTPS rewrite (git config --system url."https://github.com/".insteadOf) should remain as a fallback since not all users have SSH keys.
• tini init process — automatic in sandboxes now. Benefits the OAuth relay's socat fork mode (zombie children properly reaped). No Dockerfile changes needed.
• Graceful agent shutdown — sbx stop now signals agents gracefully instead of SIGKILL. The exit 137 detection in PromptCommand is still valid for abnormal terminations.
• secret set-custom --target → --host — Turbo uses standard sbx secret set, not set-custom. No impact.
• Policy scoping fix, domain deduplication — free correctness improvements, no code changes.
• Copilot CLI fully works — good for users selecting github-copilot as an agent target.
• Kitty terminal protocol fix — free improvement for Kitty terminal users running turbo:claude.