feat(cloud-agent): re-enable kilo cli fingerprint for web sessions

[eshurakov]

Summary

• Re-enable Kilo CLI filesystem snapshots for cloud-agent-web sessions while keeping snapshots disabled for non-web origins.
• Pass snapshotInitialization: 'wait' for web prompts and generic slash commands so slow snapshot initialization completes silently before each turn.
• Align the Cloud Agent Next Kilo SDK and CLI pins to 7.3.21, regenerate fallback slash-command metadata, and add pin-consistency coverage.
• Stabilize local Cloud Agent development by launching tmux service commands directly and only granting Docker privileged mode to local SandboxDIND containers.

Verification

• Tested locally with the Cloud Agent web fake-LLM smoke path; the web session completed successfully and metadata showed createdOnPlatform: 'cloud-agent-web'.
• Checked local session-ingest data for ses_1574df0e6ffffmi3ZlgYG62Uao; message-level diffs and the legacy session_diff row both contained the expected three file diffs.

Visual Changes

N/A

Reviewer Notes

• The scope is intentionally web-only. Wrapper-local /compact keeps its dedicated summarize path.
• WRAPPER_VERSION remains unchanged because the Worker-to-wrapper contract is protocol-compatible; active leased wrappers can drain naturally.
• @kilocode/sdk is exempted from pnpm maturity aging because the package is internally released and adopted with pinned runtime validation.
• Local macOS Docker proxy privilege injection is now scoped to SandboxDIND; ordinary Sandbox and SandboxSmall containers remain unprivileged.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

Incremental review of the new commit (68858da) covering dev-tooling stabilization: scoped privileged injection in the Docker proxy, tmux window startup via execFileSync + interactive-shell wrapper, floating-promise fixes in the dashboard, and test coverage for both changes. No issues found.

Files Reviewed (new commit — 7 files)

• dev/local/dashboard.tsx — void refresh().catch(...) for initial call; mouse regex rewritten without literal ESC; waitUntilExit() gets .catch() handler; showGroupInTmux call simplified (dropped removed param)
• dev/local/runner.ts — startServiceInTmux passes startup command to createWindow; buildInfraLogCommand extracted; showGroupInTmux signature simplified
• dev/local/tmux.ts — createWindow accepts optional startupCommand, uses execFileSync; buildInteractiveShellCommand exported
• dev/local/tmux.test.ts — new test validates shell-syntax correctness of buildInteractiveShellCommand
• services/cloud-agent-next/scripts/docker-privileged-proxy.mjs — privilege injection now gated on both container name containing -SandboxDIND- and image prefix cloudflare-dev/sandboxdind:
• services/cloud-agent-next/src/docker-privileged-proxy-script.test.ts — four tests covering SandboxSmall (unchanged), SandboxDIND (privileged), sidecar proxy (unchanged), and name-without-image mismatch (unchanged)
• Previously reviewed files (18 files) — no changes; findings carried forward as resolved

---

_{Reviewed by claude-4.6-sonnet-20260217 · 955,691 tokens}

_{Review guidance: REVIEW.md from base branch main}