refactor(box): remove legacy in-process runtime code and clean up smells

After the architecture settled on always using an independent Box Runtime
service, several pieces of compatibility code and design shortcuts were
left behind. This commit cleans them up:

- Remove `LocalBoxRuntimeClient` and `create_box_runtime_client` from
  production code (moved to test-only helper).
- Remove unused `_clip_bytes` method from backend.
- Remove `__langbot_session_placeholder__` hack by making `BoxSpec.cmd`
  default to empty and validating non-empty only in `runtime.execute()`.
- Extract `get_box_config()` helper to eliminate 5× duplicated config
  access boilerplate.
- Remove `session_id`/`host_path`/`host_path_mode` from the LLM-facing
  tool schema to enforce request-scoped session isolation.
- Fix dual shutdown path: `NativeToolLoader.shutdown()` no longer calls
  `box_service.shutdown()` (handled by `Application.dispose()`).
- Simplify `_assert_session_compatible` with a loop.
- Inline client creation in `BoxRuntimeConnector`.
- Remove redundant `BOX__RUNTIME_URL` env var from docker-compose
  (auto-detected by code).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/langbot/pkg/provider/tools/loaders/native.py

@@ -28,8 +28,7 @@ class NativeToolLoader(loader.ToolLoader):
         return await self.ap.box_service.execute_sandbox_tool(parameters, query)
 
     async def shutdown(self):
-        if getattr(self.ap, 'box_service', None) is not None:
-            await self.ap.box_service.shutdown()
+        pass
 
     def _build_sandbox_exec_tool(self) -> resource_tool.LLMTool:
         return resource_tool.LLMTool(
@@ -64,23 +63,6 @@ class NativeToolLoader(loader.ToolLoader):
                         'enum': ['off', 'on'],
                         'default': 'off',
                     },
-                    'session_id': {
-                        'type': 'string',
-                        'description': 'Optional sandbox session id. Defaults to the current request id for reuse.',
-                    },
-                    'host_path': {
-                        'type': 'string',
-                        'description': (
-                            'Optional absolute host directory path to mount into the sandbox as /workspace. '
-                            'The path must be under an allowed host mount root.'
-                        ),
-                    },
-                    'host_path_mode': {
-                        'type': 'string',
-                        'description': 'Mount mode for host_path. Use rw to create or modify host files.',
-                        'enum': ['ro', 'rw'],
-                        'default': 'rw',
-                    },
                     'env': {
                         'type': 'object',
                         'description': 'Optional environment variables to expose inside the sandbox.',