From d1fca442b4ee3342c820a231c3ce73546534951a Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Mon, 16 Feb 2026 04:33:35 +0100
Subject: [PATCH] refactor(sandbox): centralize sha256 helpers

---
 src/agents/sandbox/config-hash.ts | 4 ++--
 src/agents/sandbox/hash.ts        | 5 +++++
 src/agents/sandbox/shared.ts      | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 src/agents/sandbox/hash.ts

diff --git a/src/agents/sandbox/config-hash.ts b/src/agents/sandbox/config-hash.ts
index a21852026a4..ca99dbf4ddb 100644
--- a/src/agents/sandbox/config-hash.ts
+++ b/src/agents/sandbox/config-hash.ts
@@ -1,5 +1,5 @@
-import crypto from "node:crypto";
 import type { SandboxBrowserConfig, SandboxDockerConfig, SandboxWorkspaceAccess } from "./types.js";
+import { hashTextSha256 } from "./hash.js";
 
 type SandboxHashInput = {
   docker: SandboxDockerConfig;
@@ -51,5 +51,5 @@ export function computeSandboxBrowserConfigHash(input: SandboxBrowserHashInput):
 function computeHash(input: unknown): string {
   const payload = normalizeForHash(input);
   const raw = JSON.stringify(payload);
-  return crypto.createHash("sha256").update(raw).digest("hex");
+  return hashTextSha256(raw);
 }
diff --git a/src/agents/sandbox/hash.ts b/src/agents/sandbox/hash.ts
new file mode 100644
index 00000000000..d1d0e8dc430
--- /dev/null
+++ b/src/agents/sandbox/hash.ts
@@ -0,0 +1,5 @@
+import crypto from "node:crypto";
+
+export function hashTextSha256(value: string): string {
+  return crypto.createHash("sha256").update(value).digest("hex");
+}
diff --git a/src/agents/sandbox/shared.ts b/src/agents/sandbox/shared.ts
index 0c9bc849c4d..cb3585aad77 100644
--- a/src/agents/sandbox/shared.ts
+++ b/src/agents/sandbox/shared.ts
@@ -1,12 +1,12 @@
-import crypto from "node:crypto";
 import path from "node:path";
 import { normalizeAgentId } from "../../routing/session-key.js";
 import { resolveUserPath } from "../../utils.js";
 import { resolveAgentIdFromSessionKey } from "../agent-scope.js";
+import { hashTextSha256 } from "./hash.js";
 
 export function slugifySessionKey(value: string) {
   const trimmed = value.trim() || "session";
-  const hash = crypto.createHash("sha1").update(trimmed).digest("hex").slice(0, 8);
+  const hash = hashTextSha256(trimmed).slice(0, 8);
   const safe = trimmed
     .toLowerCase()
     .replace(/[^a-z0-9._-]+/g, "-")