@kokorolx/ai-sandbox-wrapper 1.0.0

package/bin/cli.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+
+const { spawn } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+
+const args = process.argv.slice(2);
+const command = args[0];
+const packageRoot = path.resolve(__dirname, '..');
+
+function showHelp() {
+  console.log(`
+🔒 AI Sandbox Wrapper
+
+Usage:
+  npx @kokorolx/ai-sandbox-wrapper <command>
+
+Commands:
+  setup     Run interactive setup (configure workspaces, select tools)
+  help      Show this help message
+
+Examples:
+  npx @kokorolx/ai-sandbox-wrapper setup
+
+Documentation: https://github.com/kokorolx/ai-sandbox-wrapper
+`);
+}
+
+function runSetup() {
+  const setupScript = path.join(packageRoot, 'setup.sh');
+  
+  if (!fs.existsSync(setupScript)) {
+    console.error('❌ Error: setup.sh not found at', setupScript);
+    console.error('This may indicate a corrupted installation.');
+    process.exit(1);
+  }
+
+  try {
+    fs.chmodSync(setupScript, '755');
+  } catch (err) {
+    /* Windows doesn't support chmod */
+  }
+
+  const child = spawn('bash', [setupScript], {
+    cwd: packageRoot,
+    stdio: 'inherit',
+    env: {
+      ...process.env,
+      AI_SANDBOX_ROOT: packageRoot
+    }
+  });
+
+  child.on('error', (err) => {
+    if (err.code === 'ENOENT') {
+      console.error('❌ Error: bash not found. Please install bash to run setup.');
+      console.error('  macOS/Linux: bash is usually pre-installed');
+      console.error('  Windows: Use WSL2 or Git Bash');
+    } else {
+      console.error('❌ Error running setup:', err.message);
+    }
+    process.exit(1);
+  });
+
+  child.on('close', (code) => {
+    process.exit(code || 0);
+  });
+}
+
+switch (command) {
+  case 'setup':
+  case undefined:
+    runSetup();
+    break;
+  case 'help':
+  case '--help':
+  case '-h':
+    showHelp();
+    break;
+  default:
+    console.error(`❌ Unknown command: ${command}`);
+    showHelp();
+    process.exit(1);
+}

package/bin/setup-ssh-config

@@ -0,0 +1,328 @@
+#!/bin/bash
+# Extract SSH config entries needed for this repo's git remotes
+# Also collects and fixes SSH keys for use in containers
+
+set -e
+
+SSH_CONFIG_FILE="${HOME}/.ssh/config"
+SSH_DIR="${HOME}/.ssh"
+TEMP_CONFIG="/tmp/ssh_config_filtered"
+TEMP_KEYS_DIR="/tmp/ssh_keys_filtered"
+COLLECTED_KEYS=()
+STRICT_MODE=0
+HOSTS=""
+
+# Show usage
+usage() {
+  cat << EOF
+Usage: $(basename "$0") [OPTIONS]
+
+Extract SSH config entries and keys needed for git remotes (or custom hosts).
+
+OPTIONS:
+  --hosts HOSTS         Comma/space-separated list of SSH host aliases to extract
+                        (default: auto-detect from git remotes)
+  --keys KEYS           Comma/space-separated list of SSH key filenames (e.g. id_rsa)
+                        to filter by. Only hosts using these keys will be included.
+  --strict              Fail if any key file is missing (default: warn and continue)
+  --help                Show this help message
+
+EXAMPLES:
+  # Use git remotes (default)
+  $(basename "$0")
+
+  # Extract specific hosts
+  $(basename "$0") --hosts github.com-kokorolx,gitlab.com-kokorolee
+
+  # Filter by specific keys
+  $(basename "$0") --keys id_rsa_work,id_ed25519_personal
+
+  # Fail on missing keys
+  $(basename "$0") --strict
+
+EOF
+  exit "${1:-0}"
+}
+
+# Parse arguments
+ALLOWED_KEYS_INPUT=""
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --hosts)
+      HOSTS="$2"
+      shift 2
+      ;;
+    --keys)
+      ALLOWED_KEYS_INPUT="$2"
+      shift 2
+      ;;
+    --strict)
+      STRICT_MODE=1
+      shift
+      ;;
+    --help|-h)
+      usage 0
+      ;;
+    *)
+      echo "❌ Unknown option: $1"
+      usage 1
+      ;;
+  esac
+done
+
+# Validate SSH files exist
+if [ ! -f "$SSH_CONFIG_FILE" ]; then
+  echo "❌ Error: SSH config not found at $SSH_CONFIG_FILE"
+  exit 1
+fi
+
+if [ ! -d "$SSH_DIR" ]; then
+  echo "❌ Error: SSH directory not found at $SSH_DIR"
+  exit 1
+fi
+
+# Normalize allowed keys to array of basenames
+ALLOWED_KEYS=()
+if [ -n "$ALLOWED_KEYS_INPUT" ]; then
+  IFS=', ' read -r -a keys_array <<< "$ALLOWED_KEYS_INPUT"
+  for k in "${keys_array[@]}"; do
+    [ -z "$k" ] && continue
+    ALLOWED_KEYS+=("$(basename "$k")")
+  done
+fi
+
+# Get hosts from keys if provided, otherwise from git remotes if --hosts not specified
+if [ ${#ALLOWED_KEYS[@]} -gt 0 ]; then
+  echo "🔑 Filtering by keys: ${ALLOWED_KEYS[*]}"
+
+  # Find all Host entries that use any of the allowed keys
+  # This awk script finds Host blocks and checks if any IdentityFile matches our allowed keys
+  MATCHING_HOSTS=$(awk -v keys="${ALLOWED_KEYS[*]}" '
+    BEGIN {
+      split(keys, k_arr, " ");
+      for (i in k_arr) allowed_keys[k_arr[i]] = 1;
+    }
+    /^Host / {
+      if (current_host != "" && host_matches) {
+        print current_host
+      }
+      current_host = $2;
+      host_matches = 0;
+    }
+    /^[[:space:]]*IdentityFile[[:space:]]+/ {
+      split($2, path_parts, "/");
+      filename = path_parts[length(path_parts)];
+      # Remove any trailing comments or quotes
+      gsub(/[[:space:]].*$/, "", filename);
+      gsub(/^"|"$/, "", filename);
+
+      if (allowed_keys[filename]) {
+        host_matches = 1;
+      }
+    }
+    END {
+      if (current_host != "" && host_matches) {
+        print current_host
+      }
+    }
+  ' "$SSH_CONFIG_FILE")
+
+  if [ -z "$HOSTS" ]; then
+    HOSTS="$MATCHING_HOSTS"
+  fi
+
+  if [ -z "$HOSTS" ]; then
+    echo "⚠️  No Host entries found in SSH config matching the provided keys."
+    # We allow it to continue if hosts were explicitly provided, otherwise exit
+    if [ -z "$ALLOWED_KEYS_INPUT" ]; then exit 1; fi
+  fi
+elif [ -z "$HOSTS" ]; then
+  HOSTS=$(git config --get-regexp 'remote\..*\.url' 2>/dev/null | sed -E 's/.*@([^:]+):.*/\1/' | sort -u)
+
+  if [ -z "$HOSTS" ]; then
+    echo "⚠️  No git remotes found with SSH URLs and no --hosts/--keys specified"
+    usage 1
+  fi
+fi
+
+# Normalize hosts to newline-separated
+HOSTS=$(echo "$HOSTS" | tr ',' '\n' | tr ' ' '\n' | sort -u | grep -v '^$')
+
+echo "📋 Processing hosts:"
+echo "$HOSTS" | sed 's/^/  - /'
+echo ""
+
+# Create temp directories
+rm -rf "$TEMP_CONFIG" "$TEMP_KEYS_DIR"
+mkdir -p "$TEMP_KEYS_DIR"
+
+# Start with Host * (global settings)
+{
+  awk '/^Host \*$/,/^Host [a-zA-Z0-9]/ { if (/^Host [a-zA-Z0-9]/ && !/^Host \*$/) exit; print }' "$SSH_CONFIG_FILE"
+  echo ""
+} >> "$TEMP_CONFIG"
+
+# Extract Host blocks for each needed host
+failed_keys=0
+while IFS= read -r host; do
+  [ -z "$host" ] && continue
+
+  echo "Processing SSH config for host: $host"
+
+  # Extract the Host block and filter IdentityFile entries if keys were provided
+  # We use awk to:
+  # 1. Find the Host block
+  # 2. Within that block, if --keys were provided, only keep IdentityFile lines that match
+  # 3. If no --keys provided, keep all IdentityFile lines
+  awk -v target="$host" -v keys="${ALLOWED_KEYS[*]}" '
+    BEGIN {
+      use_key_filter = (keys != "");
+      split(keys, k_arr, " ");
+      for (i in k_arr) allowed_keys[k_arr[i]] = 1;
+    }
+    /^Host / && $2 == target {
+      found=1;
+      print;
+      next;
+    }
+    found {
+      if (/^Host / && $2 != target) {
+        exit;
+      }
+
+      if (/^[[:space:]]*IdentityFile[[:space:]]+/) {
+        if (!use_key_filter) {
+          print;
+        } else {
+          # Check if this IdentityFile is allowed
+          line = $0;
+          split($2, path_parts, "/");
+          filename = path_parts[length(path_parts)];
+          gsub(/[[:space:]].*$/, "", filename);
+          gsub(/^"|"$/, "", filename);
+
+          if (allowed_keys[filename]) {
+            print line;
+          }
+        }
+      } else {
+        print;
+      }
+    }
+  ' "$SSH_CONFIG_FILE" >> "$TEMP_CONFIG"
+
+  # Extract IdentityFile paths to copy
+  keys_to_copy=$(awk -v target="$host" -v keys="${ALLOWED_KEYS[*]}" '
+    BEGIN {
+      use_key_filter = (keys != "");
+      split(keys, k_arr, " ");
+      for (i in k_arr) allowed_keys[k_arr[i]] = 1;
+    }
+    /^Host / && $2 == target {
+      found=1
+    }
+    found {
+      if (/^Host / && $2 != target) {
+        exit
+      }
+      if (/^[[:space:]]*IdentityFile[[:space:]]+/) {
+        orig_line = $0;
+        gsub(/^[[:space:]]*IdentityFile[[:space:]]+/, "")
+        path = $0
+        gsub(/[[:space:]].*$/, "", path); # Remove comments
+        gsub(/^"|"$/, "", path); # Remove quotes
+
+        # Check if allowed if filter is active
+        split(path, path_parts, "/");
+        filename = path_parts[length(path_parts)];
+
+        if (!use_key_filter || allowed_keys[filename]) {
+          # Expand tilde using shell variable
+          if (path ~ /^~/) {
+            sub(/^~/, "'"$HOME"'", path)
+          }
+          print path
+        }
+      }
+    }
+  ' "$SSH_CONFIG_FILE")
+
+  if [ -z "$keys_to_copy" ]; then
+    echo "  ⚠️  No matching IdentityFile entries found for this host"
+  else
+    while IFS= read -r keypath; do
+      [ -z "$keypath" ] && continue
+
+      if [ -f "$keypath" ]; then
+        COLLECTED_KEYS+=("$keypath")
+        echo "  ✓ Found key: $keypath"
+      else
+        # Try relative to SSH_DIR if not absolute and not found
+        if [[ "$keypath" != /* ]] && [ -f "$SSH_DIR/$keypath" ]; then
+          COLLECTED_KEYS+=("$SSH_DIR/$keypath")
+          echo "  ✓ Found key: $SSH_DIR/$keypath"
+        else
+          echo "  ✗ Key not found: $keypath"
+          ((failed_keys++))
+          if [ $STRICT_MODE -eq 1 ]; then
+            echo "❌ Strict mode: aborting due to missing key"
+            exit 1
+          fi
+        fi
+      fi
+    done <<< "$keys_to_copy"
+  fi
+
+  echo ""
+done <<< "$HOSTS"
+
+# Fix paths in config: change /Users/tamlh or ~ to ~/.ssh for portability
+echo "🔧 Fixing paths in SSH config..."
+# Also normalize any absolute paths to ~/.ssh/ for the container
+sed -i.bak \
+  -e "s|IdentityFile /Users/[^/]*/\.ssh/|IdentityFile ~/.ssh/|g" \
+  -e "s|IdentityFile /home/[^/]*/\.ssh/|IdentityFile ~/.ssh/|g" \
+  -e "s|IdentityFile \./|IdentityFile ~/.ssh/|g" \
+  "$TEMP_CONFIG"
+rm -f "$TEMP_CONFIG.bak"
+
+echo ""
+echo "📋 Filtered SSH config:"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+if [ -f "$TEMP_CONFIG" ]; then
+  cat "$TEMP_CONFIG"
+else
+  echo "(Empty config)"
+fi
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+if [ ${#COLLECTED_KEYS[@]} -gt 0 ]; then
+  # Remove duplicates (bash 3.2 compatible)
+  UNIQUE_KEYS=()
+  while IFS= read -r key; do
+    if [[ -n "$key" ]]; then
+      UNIQUE_KEYS+=("$key")
+    fi
+  done < <(printf '%s\n' "${COLLECTED_KEYS[@]}" | sort -u)
+
+  echo ""
+  echo "🔑 Collected SSH keys (${#UNIQUE_KEYS[@]} total):"
+
+  for keypath in "${UNIQUE_KEYS[@]}"; do
+    filename=$(basename "$keypath")
+    cp "$keypath" "$TEMP_KEYS_DIR/$filename"
+    echo "  ✓ $filename"
+  done
+
+  echo ""
+  echo "🚀 Info:"
+  echo "  Config: $TEMP_CONFIG"
+  echo "  Keys:   $TEMP_KEYS_DIR"
+else
+  echo "⚠️  No SSH keys were found!"
+fi
+
+if [ $failed_keys -gt 0 ]; then
+  echo ""
+  echo "⚠️  $failed_keys key(s) were missing (use --strict to fail on these)"
+fi

package/dockerfiles/AGENTS.md

@@ -0,0 +1,92 @@
+# Dockerfiles/ - Container Images
+
+**Purpose:** Docker container definitions for AI coding tool isolation
+
+## Overview
+
+One Dockerfile per supported AI tool. Each creates a secure, sandboxed environment with only the necessary runtime and access to whitelisted workspaces.
+
+## Structure
+
+```
+dockerfiles/
+├── base/        # Bun runtime, shared by most tools
+├── claude/      # Claude Code CLI
+├── gemini/      # Google Gemini CLI
+├── aider/       # Aider pair programmer
+├── opencode/    # Open-source AI coding
+├── kilo/        # 500+ model support
+├── codex/       # OpenAI Codex
+├── amp/         # Sourcegraph Amp
+├── qwen/        # Alibaba Qwen (1M context)
+├── droid/       # Factory CLI
+├── jules/       # Google Jules
+├── qoder/       # Qoder AI assistant
+├── auggie/      # Augment Auggie
+├── codebuddy/   # Tencent CodeBuddy
+└── shai/        # OVHcloud SHAI
+```
+
+## Where to Look
+
+| Task | Location | Notes |
+|------|----------|-------|
+| Modify base image | `base/Dockerfile` | Bun runtime, shared deps |
+| Tool-specific config | `{tool}/Dockerfile` | Tool install, env setup |
+| Security settings | All Dockerfiles | User, permissions, caps |
+
+## Image Patterns
+
+**Base Image (base/):**
+- Bun runtime installation
+- Non-root `agent` user
+- Workspace mount point at `/workspace`
+
+**Tool Images:**
+- FROM `ai-base:latest`
+- Tool-specific installation
+- Environment variables for API keys
+- Entry point configuration
+
+## Security Settings (All Images)
+
+```dockerfile
+# Non-root user
+RUN adduser -D agent
+
+# Workspace mount
+VOLUME ["/workspace"]
+
+# Entry point
+USER agent
+WORKDIR /home/agent
+```
+
+## Image Source Options
+
+- **Local build:** `AI_IMAGE_SOURCE=local` (default)
+- **Registry pull:** `AI_IMAGE_SOURCE=registry` (faster)
+
+Registry: `registry.gitlab.com/kokorolee/ai-sandbox-wrapper/ai-{tool}:latest`
+
+## Platform Support
+
+- linux/amd64 (x64)
+- linux/arm64 (Apple Silicon)
+- Configurable via `AI_RUN_PLATFORM` env var
+
+## Host Access
+
+**Accessing host services from containers:**
+
+When joining Docker networks (e.g., MetaMCP), containers can access host services via `host.docker.internal`:
+
+```bash
+# Inside container, access MetaMCP at port 12008
+curl http://host.docker.internal:12008/metamcp/default/sse
+
+# Access PostgreSQL on host at port 5432
+psql -h host.docker.internal -p 5432 -U myuser mydb
+```
+
+**Configuration:** See [METAMCP_GUIDE.md](../METAMCP_GUIDE.md) for detailed examples.

package/dockerfiles/aider/Dockerfile

@@ -0,0 +1,5 @@
+FROM ai-base:latest
+USER agent
+# Install aider via aider-install
+RUN python3 -m pip install --break-system-packages aider-install && aider-install
+ENTRYPOINT ["aider"]

package/dockerfiles/amp/Dockerfile

@@ -0,0 +1,10 @@
+FROM ai-base:latest
+USER root
+# Install Amp globally into a persistent directory (not shadowed by home)
+RUN mkdir -p /usr/local/lib/amp && \
+    cd /usr/local/lib/amp && \
+    bun init -y && \
+    bun add @sourcegraph/amp && \
+    ln -s /usr/local/lib/amp/node_modules/.bin/amp /usr/local/bin/amp
+USER agent
+ENTRYPOINT ["amp"]

package/dockerfiles/auggie/Dockerfile

@@ -0,0 +1,12 @@
+FROM ai-base:latest
+USER root
+
+# Install Auggie CLI to a non-shadowed path
+RUN mkdir -p /usr/local/lib/auggie && \
+    cd /usr/local/lib/auggie && \
+    bun init -y && \
+    bun add @augmentcode/auggie && \
+    ln -s /usr/local/lib/auggie/node_modules/.bin/auggie /usr/local/bin/auggie
+
+USER agent
+ENTRYPOINT ["auggie"]

package/dockerfiles/base/Dockerfile

@@ -0,0 +1,73 @@
+FROM oven/bun:latest
+
+# Install common dependencies (Bun + Node.js + Python for full package manager support)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    ssh \
+    ca-certificates \
+    python3 \
+    python3-pip \
+    python3-venv \
+    python3-dev \
+    python3-setuptools \
+    build-essential \
+    libopenblas-dev \
+    pipx \
+    && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh \
+    && rm -rf /var/lib/apt/lists/* \
+    && pipx ensurepath
+
+# Install Node.js LTS (includes npm) via NodeSource
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \
+    && apt-get install -y nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install pnpm globally via npm
+RUN npm install -g pnpm
+
+# Verify installations
+RUN node --version && npm --version && pnpm --version && bun --version
+
+# Install additional tools (if selected)
+RUN pipx install specify-cli --pip-args="git+https://github.com/github/spec-kit.git"
+RUN bun install -g uipro-cli
+RUN mkdir -p /usr/local/lib/openspec && \
+    cd /usr/local/lib/openspec && \
+    bun init -y && \
+    bun add @fission-ai/openspec && \
+    ln -sf /usr/local/lib/openspec/node_modules/.bin/openspec /usr/local/bin/openspec
+# Install Playwright system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libglib2.0-0 \
+    libnspr4 \
+    libnss3 \
+    libdbus-1-3 \
+    libatk1.0-0 \
+    libatk-bridge2.0-0 \
+    libcups2 \
+    libxcb1 \
+    libxkbcommon0 \
+    libatspi2.0-0 \
+    libx11-6 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxext6 \
+    libxfixes3 \
+    libxrandr2 \
+    libgbm1 \
+    libcairo2 \
+    libpango-1.0-0 \
+    libasound2 \
+    && rm -rf /var/lib/apt/lists/*
+# Install Playwright and browsers via npm (avoids pnpm global bin issues)
+RUN npm install -g playwright && npx playwright install
+
+# Create workspace
+WORKDIR /workspace
+
+# Non-root user for security
+RUN useradd -m -u 1001 -d /home/agent agent && \
+    chown -R agent:agent /workspace
+USER agent
+ENV HOME=/home/agent

package/dockerfiles/claude/Dockerfile

@@ -0,0 +1,11 @@
+FROM ai-base:latest
+
+USER root
+# Install Claude Code using official native installer
+RUN curl -fsSL https://claude.ai/install.sh | bash && \
+    mkdir -p /usr/local/share && \
+    mv /home/agent/.local/share/claude /usr/local/share/claude && \
+    ln -sf /usr/local/share/claude/versions/$(ls /usr/local/share/claude/versions | head -1) /usr/local/bin/claude
+
+USER agent
+ENTRYPOINT ["claude"]

package/dockerfiles/codebuddy/Dockerfile

@@ -0,0 +1,12 @@
+FROM ai-base:latest
+USER root
+
+# Install CodeBuddy CLI to a non-shadowed path
+RUN mkdir -p /usr/local/lib/codebuddy && \
+    cd /usr/local/lib/codebuddy && \
+    bun init -y && \
+    bun add @tencent-ai/codebuddy-code && \
+    ln -s /usr/local/lib/codebuddy/node_modules/.bin/codebuddy /usr/local/bin/codebuddy
+
+USER agent
+ENTRYPOINT ["codebuddy"]

package/dockerfiles/codex/Dockerfile

@@ -0,0 +1,9 @@
+FROM ai-base:latest
+USER root
+RUN mkdir -p /usr/local/lib/codex && \
+    cd /usr/local/lib/codex && \
+    bun init -y && \
+    bun add @openai/codex && \
+    ln -s /usr/local/lib/codex/node_modules/.bin/codex /usr/local/bin/codex
+USER agent
+ENTRYPOINT ["codex"]

package/dockerfiles/droid/Dockerfile

@@ -0,0 +1,8 @@
+FROM ai-base:latest
+USER root
+RUN mkdir -p /home/agent/.factory && \
+    bash -c "curl -fsSL https://app.factory.ai/cli | sh" && \
+    mv /home/agent/.local/bin/droid /usr/local/bin/droid && \
+    chown -R agent:agent /home/agent/.factory
+USER agent
+ENTRYPOINT ["bash", "-c", "exec droid \"$@\"", "--"]

package/dockerfiles/gemini/Dockerfile

@@ -0,0 +1,9 @@
+FROM ai-base:latest
+USER root
+RUN mkdir -p /usr/local/lib/gemini && \
+    cd /usr/local/lib/gemini && \
+    bun init -y && \
+    bun add @google/gemini-cli && \
+    ln -s /usr/local/lib/gemini/node_modules/.bin/gemini /usr/local/bin/gemini
+USER agent
+ENTRYPOINT ["gemini"]

package/dockerfiles/jules/Dockerfile

@@ -0,0 +1,12 @@
+FROM ai-base:latest
+USER root
+
+# Install Jules CLI to a non-shadowed path
+RUN mkdir -p /usr/local/lib/jules && \
+    cd /usr/local/lib/jules && \
+    bun init -y && \
+    bun add @google/jules && \
+    ln -s /usr/local/lib/jules/node_modules/.bin/jules /usr/local/bin/jules
+
+USER agent
+ENTRYPOINT ["jules"]