@kokorolx/ai-sandbox-wrapper 1.1.2 → 1.2.1

package/README.md

@@ -252,6 +252,50 @@ echo '/path/to/project' >> ~/.ai-workspaces
 cat ~/.ai-workspaces
 ```
 
+### Network Configuration
+
+AI containers can join Docker networks to communicate with other services (databases, APIs, MetaMCP).
+
+#### Runtime Selection (Recommended)
+
+```bash
+# Interactive network selection
+ai-run opencode -n
+
+# Direct network specification
+ai-run opencode -n metamcp_metamcp-network
+ai-run opencode -n network1,network2,network3
+```
+
+#### Saved Configuration
+
+Network selections are saved to `~/.ai-sandbox/config.json`:
+- **Per-workspace**: Saved for specific project directories
+- **Global**: Default for all workspaces
+
+```bash
+# View current config
+cat ~/.ai-sandbox/config.json
+
+# Example config structure
+{
+  "version": 1,
+  "networks": {
+    "global": ["shared-services"],
+    "workspaces": {
+      "/Users/you/projects/my-app": ["my-app_default", "redis_network"]
+    }
+  }
+}
+```
+
+#### Without `-n` Flag
+
+When running without the flag, saved networks are used silently:
+- Workspace-specific config takes priority
+- Falls back to global config
+- Non-existent networks are skipped silently
+
 ### Environment Variables
 
 All environment variables are configured in `~/.ai-env` or passed at runtime:
@@ -596,4 +640,4 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
 
 ## 📝 License
 
-MIT
+MIT

package/bin/ai-run

@@ -6,6 +6,8 @@ shift
 
 # Parse flags
 SHELL_MODE=false
+NETWORK_FLAG=false
+NETWORK_ARG=""
 TOOL_ARGS=()
 
 while [[ $# -gt 0 ]]; do
@@ -14,6 +16,15 @@ while [[ $# -gt 0 ]]; do
       SHELL_MODE=true
       shift
       ;;
+    --network|-n)
+      NETWORK_FLAG=true
+      shift
+      # Check if next arg is a network name (not another flag)
+      if [[ $# -gt 0 && ! "$1" =~ ^- ]]; then
+        NETWORK_ARG="$1"
+        shift
+      fi
+      ;;
     *)
       TOOL_ARGS+=("$1")
       shift
@@ -148,131 +159,418 @@ else
   esac
 fi
 
-# Git access control (opt-in per workspace)
-GIT_MOUNTS=""
-GIT_ALLOWED_FILE="$HOME/.ai-git-allowed"
-GIT_CACHE_DIR="$HOME/.ai-cache/git"
-touch "$GIT_ALLOWED_FILE"
+# ============================================================================
+# NETWORK CONFIGURATION
+# ============================================================================
 
-# Network configuration for Docker network access
-NETWORK_FILE="$HOME/.ai-networks"
-NETWORK_MOUNTS=""
-NETWORK_OPTIONS=""
-HOST_ACCESS_ARGS=""
-METAMCP_JOINED=false
+AI_SANDBOX_CONFIG="$HOME/.ai-sandbox/config.json"
 
-# Read configured networks (with deduplication)
-if [[ -f "$NETWORK_FILE" ]]; then
-  while IFS= read -r network; do
-    [ -z "$network" ] && continue
-    
-    # Skip if already added to NETWORK_OPTIONS (deduplication)
-    if [[ "$NETWORK_OPTIONS" == *"--network $network"* ]]; then
-      continue
+# Ensure jq is available (fallback to basic parsing if not)
+has_jq() {
+  command -v jq &>/dev/null
+}
+
+# Initialize config file if it doesn't exist
+init_config() {
+  mkdir -p "$(dirname "$AI_SANDBOX_CONFIG")"
+  if [[ ! -f "$AI_SANDBOX_CONFIG" ]]; then
+    echo '{"version":1,"networks":{"global":[],"workspaces":{}}}' > "$AI_SANDBOX_CONFIG"
+    chmod 600 "$AI_SANDBOX_CONFIG"
+  fi
+}
+
+# Read networks for current workspace (workspace > global > empty)
+read_network_config() {
+  init_config
+  local workspace="$CURRENT_DIR"
+  
+  if has_jq; then
+    # Try workspace-specific first
+    local ws_networks=$(jq -r --arg ws "$workspace" '.networks.workspaces[$ws] // empty | .[]?' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+    if [[ -n "$ws_networks" ]]; then
+      echo "$ws_networks"
+      return
     fi
+    # Fall back to global
+    jq -r '.networks.global[]?' "$AI_SANDBOX_CONFIG" 2>/dev/null
+  else
+    # Fallback: grep-based parsing (basic)
+    grep -o '"global":\s*\[[^]]*\]' "$AI_SANDBOX_CONFIG" 2>/dev/null | grep -o '"[^"]*"' | tr -d '"' | grep -v global
+  fi
+}
+
+# Write networks to config (scope: workspace or global)
+write_network_config() {
+  local scope="$1"  # "workspace" or "global"
+  shift
+  local networks=("$@")
+  
+  init_config
+  
+  if has_jq; then
+    local json_array=$(printf '%s\n' "${networks[@]}" | jq -R . | jq -s .)
     
-    # Check if network exists
-    if docker network inspect "$network" >/dev/null 2>&1; then
-      NETWORK_OPTIONS="$NETWORK_OPTIONS --network $network"
-      
-      # Check if this network requires host access
-      if [[ "$network" == *"metamcp"* ]]; then
-        # Add host.docker.internal for host service access (Linux requires --add-host)
-        # Docker Desktop on Mac/Windows has this by default
-        HOST_ACCESS_ARGS="--add-host=host.docker.internal:host-gateway"
-        METAMCP_JOINED=true
-      fi
+    if [[ "$scope" == "workspace" ]]; then
+      jq --arg ws "$CURRENT_DIR" --argjson nets "$json_array" \
+        '.networks.workspaces[$ws] = $nets' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+        && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
     else
-      echo "⚠️  Network '$network' not found (may have been removed)"
+      jq --argjson nets "$json_array" \
+        '.networks.global = $nets' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+        && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
     fi
-  done < "$NETWORK_FILE"
-fi
+    chmod 600 "$AI_SANDBOX_CONFIG"
+  else
+    echo "⚠️  jq not found. Please install jq to save network configuration."
+    return 1
+  fi
+}
 
-# Check if we should prompt about detected MetaMCP network
-# Only prompt if: network exists AND not already joined AND interactive mode
-if [[ "$METAMCP_JOINED" != "true" ]] && docker network inspect "metamcp_metamcp-network" >/dev/null 2>&1; then
-  if [[ -t 0 ]]; then
-    # Interactive arrow-key menu
-    cursor=0
-    options=("Join network (container-to-container)" "Use host.docker.internal (host access)")
+# Validate networks exist, return only valid ones
+validate_networks() {
+  local networks=("$@")
+  local valid=()
+  
+  for net in "${networks[@]}"; do
+    [[ -z "$net" ]] && continue
+    if docker network inspect "$net" &>/dev/null; then
+      valid+=("$net")
+    fi
+  done
+  
+  printf '%s\n' "${valid[@]}"
+}
+
+# Discover Docker Compose networks (have com.docker.compose.project label)
+discover_compose_networks() {
+  docker network ls --filter "label=com.docker.compose.project" --format "{{.Name}}" 2>/dev/null | sort
+}
+
+# Discover custom networks (not system, not compose)
+discover_custom_networks() {
+  local compose_nets=$(discover_compose_networks)
+  docker network ls --format "{{.Name}}" 2>/dev/null | while read -r net; do
+    # Skip system networks
+    [[ "$net" == "bridge" || "$net" == "host" || "$net" == "none" ]] && continue
+    # Skip compose networks
+    echo "$compose_nets" | grep -q "^${net}$" && continue
+    echo "$net"
+  done | sort
+}
+
+# Get containers in a network
+get_network_containers() {
+  local network="$1"
+  docker network inspect "$network" --format '{{range .Containers}}{{.Name}} {{end}}' 2>/dev/null | xargs | tr ' ' ', '
+}
+
+# Interactive network selection menu (multi-select)
+show_network_menu() {
+  local compose_nets=()
+  local custom_nets=()
+  local all_nets=()
+  local selected=()
+  
+  echo "🔍 Discovering Docker networks..."
+  echo ""
+  
+  # Gather networks
+  while IFS= read -r net; do
+    [[ -n "$net" ]] && compose_nets+=("$net")
+  done < <(discover_compose_networks)
+  
+  while IFS= read -r net; do
+    [[ -n "$net" ]] && custom_nets+=("$net")
+  done < <(discover_custom_networks)
+  
+  # Build combined list: select-all first, then compose, then custom, then "none"
+  # Index layout: [0]=select-all, [1..compose_count]=compose, [compose_count+1..custom_end]=custom, [last]=none
+  local network_count=$((${#compose_nets[@]} + ${#custom_nets[@]}))
+  all_nets=("select-all" "${compose_nets[@]}" "${custom_nets[@]}" "none")
+  
+  if [[ $network_count -eq 0 ]]; then
+    echo "ℹ️  No Docker networks found (besides system networks)."
+    SELECTED_NETWORKS=()
+    return 0
+  fi
+  
+  # Initialize selection array (none is pre-selected)
+  local sel=()
+  local select_all_idx=0
+  local compose_start=1
+  local compose_end=$((1 + ${#compose_nets[@]}))
+  local custom_start=$compose_end
+  local none_idx=$((${#all_nets[@]} - 1))
+  
+  for ((i=0; i<${#all_nets[@]}; i++)); do
+    if [[ "${all_nets[$i]}" == "none" ]]; then
+      sel[$i]=1
+    else
+      sel[$i]=0
+    fi
+  done
+  
+  local cursor=0
+  
+  tput civis
+  trap 'tput cnorm' INT TERM EXIT
+  
+  while true; do
+    clear
+    echo "🔗 Network Selection"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo ""
     
-    tput civis
-    trap 'tput cnorm; exit' INT TERM
+    # Select All option
+    local check="[ ]"
+    [[ ${sel[$select_all_idx]} -eq 1 ]] && check="[x]"
+    if [[ $cursor -eq $select_all_idx ]]; then
+      tput setaf 6
+      printf "  ➔ %s Select All\n" "$check"
+    else
+      printf "    %s Select All\n" "$check"
+    fi
+    tput sgr0
+    echo ""
     
-    while true; do
-      clear
-      echo "🔗 MetaMCP Network Configuration"
-      echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-      echo "A Docker network 'metamcp_metamcp-network' was detected."
-      echo ""
-      echo "Choose how AI tools should access MetaMCP:"
+    # Compose Networks section
+    if [[ ${#compose_nets[@]} -gt 0 ]]; then
+      echo "Compose Networks:"
+      for ((i=compose_start; i<compose_end; i++)); do
+        local net="${all_nets[$i]}"
+        local containers=$(get_network_containers "$net")
+        local check="[ ]"
+        [[ ${sel[$i]} -eq 1 ]] && check="[x]"
+        
+        if [[ $i -eq $cursor ]]; then
+          tput setaf 6
+          printf "  ➔ %s %-30s" "$check" "$net"
+        else
+          printf "    %s %-30s" "$check" "$net"
+        fi
+        
+        if [[ -n "$containers" ]]; then
+          tput setaf 8
+          printf " (%s)" "$containers"
+        fi
+        tput sgr0
+        echo ""
+      done
       echo ""
-      
-      for i in "${!options[@]}"; do
-        if [ "$i" -eq "$cursor" ]; then
-          prefix="➔ "
+    fi
+    
+    # Custom Networks section
+    if [[ ${#custom_nets[@]} -gt 0 ]]; then
+      echo "Other Networks:"
+      for ((i=custom_start; i<none_idx; i++)); do
+        local net="${all_nets[$i]}"
+        local containers=$(get_network_containers "$net")
+        local check="[ ]"
+        [[ ${sel[$i]} -eq 1 ]] && check="[x]"
+        
+        if [[ $i -eq $cursor ]]; then
           tput setaf 6
+          printf "  ➔ %s %-30s" "$check" "$net"
         else
-          prefix="  "
+          printf "    %s %-30s" "$check" "$net"
         fi
         
-        printf "%s %s\n" "$prefix" "${options[$i]}"
+        if [[ -n "$containers" ]]; then
+          tput setaf 8
+          printf " (%s)" "$containers"
+        fi
         tput sgr0
+        echo ""
       done
-      
       echo ""
-      echo "Use ARROWS to move, ENTER to select"
-      
-      IFS= read -rsn1 key
-      if [[ "$key" == $'\x1b' ]]; then
-        read -rsn1 -t 1 next1
-        read -rsn1 -t 1 next2
-        case "$next1$next2" in
-          '[A') ((cursor--)) ;;
-          '[B') ((cursor++)) ;;
-        esac
+    fi
+    
+    # None option
+    echo ""
+    local check="[ ]"
+    [[ ${sel[$none_idx]} -eq 1 ]] && check="[x]"
+    if [[ $cursor -eq $none_idx ]]; then
+      tput setaf 6
+      printf "  ➔ %s None (no network)\n" "$check"
+    else
+      printf "    %s None (no network)\n" "$check"
+    fi
+    tput sgr0
+    
+    echo ""
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "↑↓ Move  SPACE Select  a Select All  ENTER Confirm"
+    
+    # Read input
+    IFS= read -rsn1 key
+    if [[ "$key" == $'\x1b' ]]; then
+      read -rsn2 -t 1 escape_seq
+      case "$escape_seq" in
+        '[A') ((cursor > 0)) && ((cursor--)) ;;
+        '[B') ((cursor < ${#all_nets[@]} - 1)) && ((cursor++)) ;;
+      esac
+    else
+      case "$key" in
+        ' ')
+          # Toggle selection
+          if [[ $cursor -eq $select_all_idx ]]; then
+            # Toggle select all
+            if [[ ${sel[$select_all_idx]} -eq 1 ]]; then
+              # Deselect all, select none
+              for ((i=0; i<${#all_nets[@]}; i++)); do sel[$i]=0; done
+              sel[$none_idx]=1
+            else
+              # Select all networks, deselect none
+              for ((i=0; i<${#all_nets[@]}; i++)); do sel[$i]=1; done
+              sel[$none_idx]=0
+            fi
+          elif [[ $cursor -eq $none_idx ]]; then
+            # Selecting "none" clears all others
+            for ((i=0; i<${#all_nets[@]}; i++)); do sel[$i]=0; done
+            sel[$none_idx]=1
+          else
+            # Selecting a network clears "none" and updates select-all state
+            sel[$none_idx]=0
+            if [[ ${sel[$cursor]} -eq 1 ]]; then
+              sel[$cursor]=0
+              sel[$select_all_idx]=0
+            else
+              sel[$cursor]=1
+              # Check if all networks are now selected
+              local all_selected=1
+              for ((i=compose_start; i<none_idx; i++)); do
+                [[ ${sel[$i]} -eq 0 ]] && all_selected=0 && break
+              done
+              sel[$select_all_idx]=$all_selected
+            fi
+          fi
+          ;;
+        'a'|'A')
+          # Quick select all
+          for ((i=0; i<${#all_nets[@]}; i++)); do sel[$i]=1; done
+          sel[$none_idx]=0
+          ;;
+        ''|$'\n'|$'\r')
+          break
+          ;;
+        k) ((cursor > 0)) && ((cursor--)) ;;
+        j) ((cursor < ${#all_nets[@]} - 1)) && ((cursor++)) ;;
+      esac
+    fi
+  done
+  
+  tput cnorm
+  trap - INT TERM EXIT
+  
+  # Collect selected networks (exclude select-all and none)
+  SELECTED_NETWORKS=()
+  for ((i=1; i<${#all_nets[@]}; i++)); do
+    if [[ ${sel[$i]} -eq 1 && "${all_nets[$i]}" != "none" && "${all_nets[$i]}" != "select-all" ]]; then
+      SELECTED_NETWORKS+=("${all_nets[$i]}")
+    fi
+  done
+}
+
+# Save prompt after selection
+show_save_prompt() {
+  local options=("This workspace" "Global (all workspaces)" "Don't save")
+  local cursor=0
+  
+  echo ""
+  
+  tput civis
+  trap 'tput cnorm' INT TERM EXIT
+  
+  while true; do
+    # Move cursor up to redraw (3 options + header)
+    tput cuu 5 2>/dev/null || true
+    tput ed 2>/dev/null || true
+    
+    echo "Save selection?"
+    for ((i=0; i<${#options[@]}; i++)); do
+      if [[ $i -eq $cursor ]]; then
+        tput setaf 6
+        if [[ $i -eq 0 ]]; then
+          printf "  ➔ %s (%s)\n" "${options[$i]}" "$CURRENT_DIR"
+        else
+          printf "  ➔ %s\n" "${options[$i]}"
+        fi
       else
-        case "$key" in
-          k) ((cursor--)) ;;
-          j) ((cursor++)) ;;
-          "") break ;;
-          $'\n'|$'\r') break ;;
-        esac
+        if [[ $i -eq 0 ]]; then
+          printf "    %s (%s)\n" "${options[$i]}" "$CURRENT_DIR"
+        else
+          printf "    %s\n" "${options[$i]}"
+        fi
       fi
-      
-      if [ "$cursor" -lt 0 ]; then cursor=$((${#options[@]} - 1)); fi
-      if [ "$cursor" -ge "${#options[@]}" ]; then cursor=0; fi
+      tput sgr0
     done
     
-    tput cnorm
-    
-    if [ "$cursor" -eq 0 ]; then
-      # Join network - but only if not already in file
-      if ! grep -q "^metamcp_metamcp-network$" "$NETWORK_FILE" 2>/dev/null; then
-        echo "metamcp_metamcp-network" >> "$NETWORK_FILE"
-      fi
-      NETWORK_OPTIONS="$NETWORK_OPTIONS --network metamcp_metamcp-network"
-      HOST_ACCESS_ARGS="--add-host=host.docker.internal:host-gateway"
-      METAMCP_JOINED=true
-      echo ""
-      echo "✅ Network joined. Both host.docker.internal and MetaMCP network enabled."
+    IFS= read -rsn1 key
+    if [[ "$key" == $'\x1b' ]]; then
+      read -rsn2 -t 1 escape_seq
+      case "$escape_seq" in
+        '[A') ((cursor > 0)) && ((cursor--)) ;;
+        '[B') ((cursor < 2)) && ((cursor++)) ;;
+      esac
     else
-      # Use host.docker.internal
-      HOST_ACCESS_ARGS="--add-host=host.docker.internal:host-gateway"
-      echo ""
-      echo "ℹ️  Using host.docker.internal only. MetaMCP accessible at localhost:12008 on host."
+      case "$key" in
+        ''|$'\n'|$'\r') break ;;
+        k) ((cursor > 0)) && ((cursor--)) ;;
+        j) ((cursor < 2)) && ((cursor++)) ;;
+      esac
+    fi
+  done
+  
+  tput cnorm
+  trap - INT TERM EXIT
+  
+  SAVE_CHOICE=$cursor  # 0=workspace, 1=global, 2=don't save
+}
+
+# Network configuration
+NETWORK_OPTIONS=""
+HOST_ACCESS_ARGS="--add-host=host.docker.internal:host-gateway"
+SELECTED_NETWORKS=()
+
+if [[ "$NETWORK_FLAG" == "true" ]]; then
+  if [[ -n "$NETWORK_ARG" ]]; then
+    # Direct specification: -n net1,net2
+    IFS=',' read -ra SELECTED_NETWORKS <<< "$NETWORK_ARG"
+  elif [[ -t 0 ]]; then
+    # Interactive mode: show menu
+    show_network_menu
+    
+    if [[ ${#SELECTED_NETWORKS[@]} -gt 0 ]]; then
+      show_save_prompt
+      case $SAVE_CHOICE in
+        0) write_network_config "workspace" "${SELECTED_NETWORKS[@]}" && echo "✅ Saved for this workspace" ;;
+        1) write_network_config "global" "${SELECTED_NETWORKS[@]}" && echo "✅ Saved globally" ;;
+        *) echo "ℹ️  Using for this session only" ;;
+      esac
     fi
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    echo ""
   else
-    # Non-interactive: just use host.docker.internal
-    HOST_ACCESS_ARGS="--add-host=host.docker.internal:host-gateway"
+    echo "⚠️  Non-interactive mode. Use -n network1,network2 to specify networks."
   fi
-elif [[ "$METAMCP_JOINED" != "true" ]]; then
-  # No network, but ensure host.docker.internal is available
-  HOST_ACCESS_ARGS="--add-host=host.docker.internal:host-gateway"
+else
+  # No flag: use saved config silently
+  while IFS= read -r net; do
+    [[ -n "$net" ]] && SELECTED_NETWORKS+=("$net")
+  done < <(read_network_config)
 fi
 
+# Validate and build network options
+if [[ ${#SELECTED_NETWORKS[@]} -gt 0 ]]; then
+  while IFS= read -r net; do
+    [[ -n "$net" ]] && NETWORK_OPTIONS="$NETWORK_OPTIONS --network $net"
+  done < <(validate_networks "${SELECTED_NETWORKS[@]}")
+fi
+
+# Git access control (opt-in per workspace)
+GIT_MOUNTS=""
+GIT_ALLOWED_FILE="$HOME/.ai-git-allowed"
+GIT_CACHE_DIR="$HOME/.ai-cache/git"
+touch "$GIT_ALLOWED_FILE"
+
 # Check if Git access is allowed for this workspace
 if grep -q "^$CURRENT_DIR$" "$GIT_ALLOWED_FILE" 2>/dev/null; then
   # Previously allowed for this workspace

package/dockerfiles/base/Dockerfile

@@ -26,11 +26,13 @@ RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \
 # Install pnpm globally via npm
 RUN npm install -g pnpm
 
+# Install TypeScript and LSP tools for AI coding assistants
+RUN npm install -g typescript typescript-language-server
+
 # Verify installations
-RUN node --version && npm --version && pnpm --version && bun --version
+RUN node --version && npm --version && pnpm --version && bun --version && tsc --version
 
 # Install additional tools (if selected)
-RUN pipx install specify-cli --pip-args="git+https://github.com/github/spec-kit.git"
 RUN bun install -g uipro-cli
 RUN mkdir -p /usr/local/lib/openspec && \
     cd /usr/local/lib/openspec && \
@@ -62,6 +64,36 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 # Install Playwright and browsers via npm (avoids pnpm global bin issues)
 RUN npm install -g playwright && npx playwright install
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libssl-dev \
+    libreadline-dev \
+    zlib1g-dev \
+    libyaml-dev \
+    libffi-dev \
+    libgdbm-dev \
+    libncurses5-dev \
+    libpq-dev \
+    default-libmysqlclient-dev \
+    libsqlite3-dev \
+    imagemagick \
+    libmagickwand-dev \
+    libvips-dev \
+    autoconf \
+    bison \
+    rustc \
+    libxml2-dev \
+    libxslt1-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN git clone https://github.com/rbenv/rbenv.git /usr/local/rbenv && \
+    git clone https://github.com/rbenv/ruby-build.git /usr/local/rbenv/plugins/ruby-build
+
+ENV RBENV_ROOT=/usr/local/rbenv
+ENV PATH=$RBENV_ROOT/bin:$RBENV_ROOT/shims:$PATH
+
+RUN rbenv install 3.3.0 && rbenv global 3.3.0 && rbenv rehash
+
+RUN gem install rails -v 8.0.2 && gem install bundler && rbenv rehash
 
 # Create workspace
 WORKDIR /workspace

package/lib/install-base.sh

@@ -60,8 +60,7 @@ fi
 
 if [[ "${INSTALL_RUBY:-0}" -eq 1 ]]; then
   echo "📦 Ruby 3.3.0 + Rails 8.0.2 will be installed in base image"
-  ADDITIONAL_TOOLS_INSTALL+='# Install Ruby build dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+  ADDITIONAL_TOOLS_INSTALL+='RUN apt-get update && apt-get install -y --no-install-recommends \
     libssl-dev \
     libreadline-dev \
     zlib1g-dev \
@@ -69,19 +68,27 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libffi-dev \
     libgdbm-dev \
     libncurses5-dev \
+    libpq-dev \
+    default-libmysqlclient-dev \
+    libsqlite3-dev \
+    imagemagick \
+    libmagickwand-dev \
+    libvips-dev \
+    autoconf \
+    bison \
+    rustc \
+    libxml2-dev \
+    libxslt1-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# Install rbenv and ruby-build
 RUN git clone https://github.com/rbenv/rbenv.git /usr/local/rbenv && \
     git clone https://github.com/rbenv/ruby-build.git /usr/local/rbenv/plugins/ruby-build
 
 ENV RBENV_ROOT=/usr/local/rbenv
 ENV PATH=$RBENV_ROOT/bin:$RBENV_ROOT/shims:$PATH
 
-# Install Ruby 3.3.0
 RUN rbenv install 3.3.0 && rbenv global 3.3.0 && rbenv rehash
 
-# Install Rails 8.0.2 and Bundler
 RUN gem install rails -v 8.0.2 && gem install bundler && rbenv rehash
 '
 fi

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "1.1.2",
+  "version": "1.2.1",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",

package/setup.sh

@@ -231,66 +231,6 @@ echo "📁 Whitelisted workspaces saved to: $WORKSPACES_FILE"
 # Use first workspace as default for backwards compatibility
 WORKSPACE="${WORKSPACES[0]}"
 
-# Network configuration for Docker network access
-echo ""
-echo "🔗 Docker Network Configuration"
-echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-echo "You can configure AI tools to join existing Docker networks"
-echo "(e.g., for MetaMCP services, databases, or other containers)."
-echo ""
-
-# Check for existing MetaMCP network
-if docker network inspect "metamcp_metamcp-network" >/dev/null 2>&1; then
-  echo "✅ Found existing network: metamcp_metamcp-network"
-  echo ""
-  
-  # Use single_select for interactive choice
-  single_select "MetaMCP Access Method" "join,host-only" "Join network (container-to-container communication),Use host.docker.internal (host access)"
-  
-  case "$SELECTED_ITEM" in
-    join)
-      NETWORK_FILE="$HOME/.ai-networks"
-      echo "metamcp_metamcp-network" >> "$NETWORK_FILE"
-      chmod 600 "$NETWORK_FILE"
-      echo ""
-      echo "✅ Network joined. Both host.docker.internal and MetaMCP network enabled."
-      ;;
-    host-only|"")
-      echo ""
-      echo "ℹ️  Using host.docker.internal only. MetaMCP accessible at localhost:12008 on host."
-      ;;
-  esac
-else
-  echo "No existing MetaMCP network detected."
-  echo ""
-  echo "You have two options:"
-  echo ""
-  echo "Option 1: Use host.docker.internal (recommended for most cases)"
-  echo "          MetaMCP at localhost:12008 on your host machine"
-  echo "          Already enabled by default"
-  echo ""
-  echo "Option 2: Join a Docker network"
-  echo "          For container-to-container communication"
-  echo ""
-  read -p "Enter a Docker network name to join (leave empty to skip): " network_name
-  
-  if [[ -n "$network_name" ]]; then
-    if docker network inspect "$network_name" >/dev/null 2>&1; then
-      NETWORK_FILE="$HOME/.ai-networks"
-      echo "$network_name" >> "$NETWORK_FILE"
-      chmod 600 "$NETWORK_FILE"
-      echo "✅ Network '$network_name' saved"
-    else
-      echo "⚠️  Network '$network_name' not found. Skipping."
-    fi
-  else
-    echo "ℹ️  Skipped. host.docker.internal is enabled for host access."
-  fi
-fi
-
-echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-echo ""
-
 # Tool definitions
 TOOL_OPTIONS="amp,opencode,droid,claude,gemini,kilo,qwen,codex,qoder,auggie,codebuddy,jules,shai,vscode,codeserver"
 TOOL_DESCS="AI coding assistant from @sourcegraph/amp,Open-source coding tool from opencode-ai,Factory CLI from factory.ai,Claude Code CLI from Anthropic,Google Gemini CLI (free tier),AI pair programmer (Git-native),Kilo Code (500+ models),Alibaba Qwen CLI (1M context),OpenAI Codex terminal agent,Qoder AI CLI assistant,Augment Auggie CLI,Tencent CodeBuddy CLI,Google Jules CLI,OVHcloud SHAI agent,VSCode Desktop in Docker (X11),VSCode in browser (fast)"

package/bin/ai-network

@@ -1,144 +0,0 @@
-#!/usr/bin/env bash
-# Network management helper for AI Sandbox Wrapper
-# Usage: ai-network <command> [network-name]
-#
-# Commands:
-#   list          List configured networks
-#   add <name>    Add a network to join
-#   remove <name> Remove a network
-#   check <name>  Check if network exists
-#   metamcp       Quick command to add MetaMCP network
-
-set -e
-
-NETWORK_FILE="$HOME/.ai-networks"
-COMMAND="${1:-list}"
-
-# Ensure network file exists
-touch "$NETWORK_FILE"
-
-list_networks() {
-  echo "📋 Configured Networks:"
-  echo ""
-  if [[ -s "$NETWORK_FILE" ]]; then
-    while IFS= read -r network; do
-      if [[ -n "$network" ]]; then
-        if docker network inspect "$network" >/dev/null 2>&1; then
-          echo "  ✅ $network"
-        else
-          echo "  ❌ $network (not found)"
-        fi
-      fi
-    done < "$NETWORK_FILE"
-  else
-    echo "  No networks configured."
-    echo ""
-    echo "  To add a network:"
-    echo "    ai-network add <network-name>"
-  fi
-}
-
-add_network() {
-  local network_name="$2"
-  
-  if [[ -z "$network_name" ]]; then
-    echo "❌ Error: Network name required"
-    echo "   Usage: ai-network add <network-name>"
-    exit 1
-  fi
-  
-  # Check if network exists
-  if ! docker network inspect "$network_name" >/dev/null 2>&1; then
-    echo "⚠️  Network '$network_name' does not exist yet."
-    read -p "Add it anyway? [y/N]: " confirm
-    if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
-      exit 0
-    fi
-  fi
-  
-  # Add to config (avoid duplicates)
-  if grep -q "^${network_name}$" "$NETWORK_FILE" 2>/dev/null; then
-    echo "✅ Network '$network_name' already configured"
-  else
-    echo "$network_name" >> "$NETWORK_FILE"
-    chmod 600 "$NETWORK_FILE"
-    echo "✅ Added network: $network_name"
-  fi
-}
-
-remove_network() {
-  local network_name="$2"
-  
-  if [[ -z "$network_name" ]]; then
-    echo "❌ Error: Network name required"
-    echo "   Usage: ai-network remove <network-name>"
-    exit 1
-  fi
-  
-  if grep -q "^${network_name}$" "$NETWORK_FILE" 2>/dev/null; then
-    # Remove the network from file
-    grep -v "^${network_name}$" "$NETWORK_FILE" > "$NETWORK_FILE.tmp"
-    mv "$NETWORK_FILE.tmp" "$NETWORK_FILE"
-    chmod 600 "$NETWORK_FILE"
-    echo "✅ Removed network: $network_name"
-  else
-    echo "⚠️  Network '$network_name' not found in config"
-  fi
-}
-
-check_network() {
-  local network_name="${2:-metamcp_metamcp-network}"
-  
-  if docker network inspect "$network_name" >/dev/null 2>&1; then
-    echo "✅ Network '$network_name' exists"
-    return 0
-  else
-    echo "❌ Network '$network_name' not found"
-    return 1
-  fi
-}
-
-add_metamcp() {
-  echo "🔗 Adding MetaMCP network..."
-  add_network "metamcp_metamcp-network"
-}
-
-case "$COMMAND" in
-  list)
-    list_networks
-    ;;
-  add)
-    add_network "$@"
-    ;;
-  remove|rm|delete)
-    remove_network "$@"
-    ;;
-  check)
-    check_network "$@"
-    ;;
-  metamcp|meta)
-    add_metamcp
-    ;;
-  help|--help|-h)
-    echo "AI Network Manager"
-    echo ""
-    echo "Usage: ai-network <command> [network-name]"
-    echo ""
-    echo "Commands:"
-    echo "  list              Show all configured networks"
-    echo "  add <name>        Add a Docker network"
-    echo "  remove <name>     Remove a configured network"
-    echo "  check [name]      Check if a network exists"
-    echo "  metamcp           Quick-add MetaMCP network"
-    echo ""
-    echo "Examples:"
-    echo "  ai-network list"
-    echo "  ai-network add my-network"
-    echo "  ai-network metamcp"
-    ;;
-  *)
-    echo "Unknown command: $COMMAND"
-    echo "Run 'ai-network help' for usage"
-    exit 1
-    ;;
-esac