diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 16d66e9..a156204 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -17,7 +17,7 @@ env:
 jobs:
   Check:
     name: Check
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -47,7 +47,7 @@ jobs:
 
   BuildPackage:
     name: Build Package Artifact
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     needs: Check
     steps:
       - name: Checkout
@@ -84,7 +84,7 @@ jobs:
 
   PackageE2E:
     name: Package Install E2E
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     needs: BuildPackage
     steps:
       - name: Setup Node
diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml
index 758e597..710912e 100644
--- a/.github/workflows/publish-package.yml
+++ b/.github/workflows/publish-package.yml
@@ -16,7 +16,7 @@ permissions:
 jobs:
   resolve-merge-context:
     name: Resolve Merge Context
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     permissions:
       contents: read
       pull-requests: read
@@ -122,7 +122,7 @@ jobs:
 
   publish-and-manage-bump:
     name: Publish Package + Manage Bump PR
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     needs: resolve-merge-context
     permissions:
       contents: write
diff --git a/.github/workflows/validate-pr-title.yml b/.github/workflows/validate-pr-title.yml
index df3e0a2..eac2bce 100644
--- a/.github/workflows/validate-pr-title.yml
+++ b/.github/workflows/validate-pr-title.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   ValidatePrTitle:
     name: ValidatePrTitle
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
       - name: Validate pull request title
         env:
diff --git a/README.md b/README.md
index 31fcc83..ebc2cc9 100644
--- a/README.md
+++ b/README.md
@@ -185,6 +185,7 @@ bun run start -- --no-open
 - Auto-installs missing `git` and `node/npm` inside sandbox
 - Forwards provider env vars (`OPENAI_*`, `ANTHROPIC_*`, `XAI_*`, `OPENROUTER_*`, `ZHIPU_*`, `MINIMAX_*`, etc.)
 - Syncs local OpenCode config files from `~/.config/opencode` when present
+- Uses a fixed Daytona lifecycle policy: auto-stop after 15 minutes, auto-archive after 30 minutes, auto-delete disabled
 - Auto-catalogs findings into Obsidian when enabled via `shpit.toml`, with optional automatic `ob sync` in headless mode
 
 ### Examples
diff --git a/src/analyze-repos.ts b/src/analyze-repos.ts
index 4c64287..c541b3a 100644
--- a/src/analyze-repos.ts
+++ b/src/analyze-repos.ts
@@ -22,6 +22,12 @@ type CliOptions = {
   urls: string[];
 };
 
+const SANDBOX_LIFECYCLE_POLICY = {
+  autoStopInterval: 15,
+  autoArchiveInterval: 30,
+  autoDeleteInterval: -1,
+} as const;
+
 type DaytonaCompatClient = {
   configApi: {
     configControllerGetConfig: () => Promise<{
@@ -615,14 +621,16 @@ async function analyzeOneRepo(params: {
     const sandboxName = sanitizeSlug(
       `audit-${slug}-${Date.now().toString(36)}${Math.random().toString(36).slice(2, 6)}`,
     ).slice(0, 63);
-    sandbox = await daytona.create(
-      {
-        name: sandboxName,
-        language: "typescript",
-        autoStopInterval: 0,
-      },
-      { timeout: options.createTimeoutSec },
-    );
+
+    const createParams = {
+      name: sandboxName,
+      language: "typescript",
+      autoStopInterval: SANDBOX_LIFECYCLE_POLICY.autoStopInterval,
+      autoArchiveInterval: SANDBOX_LIFECYCLE_POLICY.autoArchiveInterval,
+      autoDeleteInterval: SANDBOX_LIFECYCLE_POLICY.autoDeleteInterval,
+    };
+
+    sandbox = await daytona.create(createParams, { timeout: options.createTimeoutSec });
     console.log(`[analyze] (${runPrefix}) Sandbox ready: ${sandbox.id}`);
 
     const userHome = (await sandbox.getUserHomeDir()) ?? "/home/daytona";
diff --git a/src/start-opencode-daytona.ts b/src/start-opencode-daytona.ts
index 9c5b2a5..7e22f27 100644
--- a/src/start-opencode-daytona.ts
+++ b/src/start-opencode-daytona.ts
@@ -17,6 +17,12 @@ type CliOptions = {
   openUi: boolean;
 };
 
+const SANDBOX_LIFECYCLE_POLICY = {
+  autoStopInterval: 15,
+  autoArchiveInterval: 30,
+  autoDeleteInterval: -1,
+} as const;
+
 type LogCursor = { value: string };
 type DaytonaCompatClient = {
   configApi: {
@@ -410,14 +416,15 @@ async function main(): Promise<void> {
 
   try {
     console.log("[local] Creating Daytona sandbox...");
-    sandbox = await daytona.create(
-      {
-        name: options.sandboxName,
-        language: "typescript",
-        autoStopInterval: 0,
-      },
-      { timeout: options.createTimeoutSec },
-    );
+    const createParams = {
+      name: options.sandboxName,
+      language: "typescript",
+      autoStopInterval: SANDBOX_LIFECYCLE_POLICY.autoStopInterval,
+      autoArchiveInterval: SANDBOX_LIFECYCLE_POLICY.autoArchiveInterval,
+      autoDeleteInterval: SANDBOX_LIFECYCLE_POLICY.autoDeleteInterval,
+    };
+
+    sandbox = await daytona.create(createParams, { timeout: options.createTimeoutSec });
     console.log(`[local] Sandbox ready: ${sandbox.id}`);
 
     const userHome = (await sandbox.getUserHomeDir()) ?? "/home/daytona";