Rename API routes /v1/sandboxes → /v1/capsules

CLAUDE.md

@@ -68,7 +68,7 @@ envd is a **completely independent Go module**. It is never imported by the main
 
 Startup (`cmd/control-plane/main.go`) wires: config (env vars) → pgxpool → `db.Queries` (sqlc-generated) → Connect RPC client to host agent → `api.Server`. Everything flows through constructor injection.
 
-- **API Server** (`internal/api/server.go`): chi router with middleware. Creates handler structs (`sandboxHandler`, `execHandler`, `filesHandler`, etc.) injected with `db.Queries` and the host agent Connect RPC client. Routes under `/v1/sandboxes/*`.
+- **API Server** (`internal/api/server.go`): chi router with middleware. Creates handler structs (`sandboxHandler`, `execHandler`, `filesHandler`, etc.) injected with `db.Queries` and the host agent Connect RPC client. Routes under `/v1/capsules/*`.
 - **Reconciler** (`internal/api/reconciler.go`): background goroutine (every 30s) that compares DB records against `agent.ListSandboxes()` RPC. Marks orphaned DB entries as "stopped".
 - **Dashboard** (SvelteKit + Tailwind + Bits UI, statically built and embedded via `go:embed`, served as catch-all at root)
 - **Database**: PostgreSQL via pgx/v5. Queries generated by sqlc from `db/queries/sandboxes.sql`. Migrations in `db/migrations/` (goose, plain SQL).
@@ -147,19 +147,19 @@ HIBERNATED → RUNNING (cold snapshot resume, slower)
 
 ### Key Request Flows
 
-**Sandbox creation** (`POST /v1/sandboxes`):
+**Sandbox creation** (`POST /v1/capsules`):
 1. API handler generates sandbox ID, inserts into DB as "pending"
 2. RPC `CreateSandbox` → host agent → `sandbox.Manager.Create()`
 3. Manager: resolve base rootfs → acquire shared loop device → create dm-snapshot (sparse CoW file) → allocate network slot → `CreateNetwork()` (netns + veth + tap + NAT) → `vm.Create()` (start Firecracker with `/dev/mapper/wrenn-{id}`, configure via HTTP API, boot) → `envdclient.WaitUntilReady()` (poll /health) → store in-memory state
 4. API handler updates DB to "running" with host_ip
 
-**Command execution** (`POST /v1/sandboxes/{id}/exec`):
+**Command execution** (`POST /v1/capsules/{id}/exec`):
 1. API handler verifies sandbox is "running" in DB
 2. RPC `Exec` → host agent → `sandbox.Manager.Exec()` → `envdclient.Exec()`
 3. envd client opens bidirectional Connect RPC stream (`process.Start`), collects stdout/stderr/exit_code
 4. API handler checks UTF-8 validity (base64-encodes if binary), updates last_active_at, returns result
 
-**Streaming exec** (`WS /v1/sandboxes/{id}/exec/stream`):
+**Streaming exec** (`WS /v1/capsules/{id}/exec/stream`):
 1. WebSocket upgrade, read first message for cmd/args
 2. RPC `ExecStream` → host agent → `sandbox.Manager.ExecStream()` → `envdclient.ExecStream()`
 3. envd client returns a channel of events; host agent forwards events through the RPC stream