@kokorolx/ai-sandbox-wrapper 2.7.0 → 3.0.1

package/bin/ai-run

@@ -4,9 +4,10 @@ set -e
 # Show help if requested
 show_help() {
   cat << 'EOF'
-Usage: ai-run <tool> [options] [-- tool-args...]
+Usage: ai-run [tool] [options] [-- tool-args...]
 
 Run AI tools in a secure Docker sandbox.
+When no tool is specified, opens an interactive shell with all installed tools.
 
 Options:
   -s, --shell              Start interactive shell instead of running tool directly
@@ -16,6 +17,8 @@ Options:
       --password-env <VAR> Read OpenCode server password from environment variable
       --allow-unsecured    Allow OpenCode server to run without password (suppresses warning)
       --git-fetch          Enable git fetch-only mode (blocks push)
+      --no-nano-brain-auto-repair
+                            Disable nano-brain preflight/auto-repair logic
   -h, --help               Show this help message
       --help-env           Show environment variables reference
 
@@ -35,12 +38,13 @@ OpenCode Server Authentication (web/serve mode only):
   Precedence: --password > --password-env > OPENCODE_SERVER_PASSWORD env > interactive prompt
 
 Examples:
+  ai-run                                  # Open interactive shell with all tools
   ai-run claude                           # Run Claude in sandbox
   ai-run opencode web -e 4096             # Run OpenCode web with port exposed
   ai-run opencode web -p secret           # Run with password
   ai-run opencode --shell                 # Start shell, run tool manually
   ai-run aider -n mynetwork               # Connect to Docker network
-  ai-run opencode --git-fetch              # Git fetch only (no push)
+  ai-run opencode --git-fetch             # Git fetch only (no push)
 
 Documentation: https://github.com/kokorolx/ai-sandbox-wrapper
 EOF
@@ -63,6 +67,10 @@ Runtime Environment Variables (inline with ai-run):
   AI_RUN_PLATFORM=linux/amd64 Force specific platform (useful for cross-arch)
                               Example: AI_RUN_PLATFORM=linux/amd64 ai-run opencode
 
+  AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR=1
+                              Disable nano-brain preflight and automatic repair behavior
+                              Example: AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR=1 ai-run npx nano-brain status
+
   PORT_BIND=all               Bind exposed ports to all interfaces (0.0.0.0) instead of localhost
                               ⚠️  Security risk - use only when needed
                               Example: PORT_BIND=all ai-run opencode web -e 4096
@@ -126,11 +134,26 @@ if [[ "${1:-}" == "--help-env" ]]; then
   show_help_env
 fi
 
-TOOL="$1"
-shift 2>/dev/null || { echo "❌ ERROR: No tool specified. Use 'ai-run --help' for usage."; exit 1; }
+TOOL="${1:-}"
+if [[ -n "$TOOL" && ! "$TOOL" =~ ^- ]]; then
+  shift
+else
+  TOOL=""
+fi
+
+# Handle no tool specified
+if [[ -z "$TOOL" ]]; then
+  if [[ ! -t 0 ]] || [[ ! -t 1 ]]; then
+    echo "❌ ERROR: No tool specified and no TTY available."
+    echo "   Use: ai-run <tool> [args...]"
+    exit 1
+  fi
+  SHELL_MODE=true
+fi
 
 # Parse flags
-SHELL_MODE=false
+# Note: SHELL_MODE may already be true if no tool was specified
+SHELL_MODE="${SHELL_MODE:-false}"
 NETWORK_FLAG=false
 NETWORK_ARG=""
 EXPOSE_ARG=""
@@ -138,8 +161,13 @@ SERVER_PASSWORD=""
 PASSWORD_ENV_VAR=""
 ALLOW_UNSECURED=false
 GIT_FETCH_ONLY_FLAG=false
+NANO_BRAIN_AUTO_REPAIR=true
 TOOL_ARGS=()
 
+if [[ "${AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR:-}" == "1" ]]; then
+  NANO_BRAIN_AUTO_REPAIR=false
+fi
+
 while [[ $# -gt 0 ]]; do
   case "$1" in
     --shell|-s)
@@ -184,6 +212,10 @@ while [[ $# -gt 0 ]]; do
       GIT_FETCH_ONLY_FLAG=true
       shift
       ;;
+    --no-nano-brain-auto-repair)
+      NANO_BRAIN_AUTO_REPAIR=false
+      shift
+      ;;
     *)
       TOOL_ARGS+=("$1")
       shift
@@ -462,7 +494,7 @@ while IFS= read -r ws; do
 done < <(read_workspaces)
 
 if [[ "$ALLOWED" != "true" ]]; then
-  echo "⚠️  SECURITY WARNING: You are running $TOOL outside a whitelisted workspace."
+  echo "⚠️  SECURITY WARNING: You are running ${TOOL:-shell} outside a whitelisted workspace."
   echo "   Current path: $CURRENT_DIR"
   echo ""
   echo "Allowing this path gives the AI container access to this folder."
@@ -504,7 +536,7 @@ if [[ "$(uname)" == "Darwin" ]] && [[ -t 0 ]]; then
 
   # 2. Check if valid directory
   if [[ -d "$SCREENSHOT_DIR" ]]; then
-    
+
     # 3. Check if ALREADY whitelisted (exact match or parent)
     IS_WHITELISTED=false
     while IFS= read -r ws; do
@@ -527,7 +559,7 @@ if [[ "$(uname)" == "Darwin" ]] && [[ -t 0 ]]; then
       echo ""
       # Use /dev/tty to ensure we read from user even if stdin is redirected
       read -p "Whitelist screenshots folder? [y/N]: " CONFIRM_SS < /dev/tty
-      
+
       if [[ "$CONFIRM_SS" =~ ^[Yy]$ ]]; then
         add_workspace "$SCREENSHOT_DIR"
         echo "✅ Added to whitelist."
@@ -540,17 +572,86 @@ if [[ "$(uname)" == "Darwin" ]] && [[ -t 0 ]]; then
 fi
 
 if [[ "$AI_IMAGE_SOURCE" == "registry" ]]; then
-  IMAGE="registry.gitlab.com/kokorolee/ai-sandbox-wrapper/ai-${TOOL}:latest"
+  IMAGE="registry.gitlab.com/kokorolee/ai-sandbox-wrapper/ai-sandbox:latest"
 else
-  IMAGE="ai-${TOOL}:latest"
+  IMAGE="ai-sandbox:latest"
+fi
+
+# Tool validation (warn if tool not in config.json)
+if [[ -n "$TOOL" ]]; then
+  if command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+    INSTALLED_TOOLS=$(jq -r '.tools.installed // [] | .[]' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+    if [[ -n "$INSTALLED_TOOLS" ]] && ! echo "$INSTALLED_TOOLS" | grep -qx "$TOOL"; then
+      echo "⚠️  WARNING: Tool '$TOOL' may not be installed in the sandbox image."
+      echo "   Installed tools: $(echo "$INSTALLED_TOOLS" | tr '\n' ', ' | sed 's/,$//')"
+      echo "   Run setup.sh to add tools."
+      echo ""
     fi
+  fi
+fi
 
-# V2 tool-centric paths
-HOME_DIR="$SANDBOX_DIR/tools/$TOOL/home"
+# Shared home directory for all tools (unified image)
+HOME_DIR="$SANDBOX_DIR/home"
 GIT_SHARED_DIR="$SANDBOX_DIR/shared/git"
+CACHE_DIR="$SANDBOX_DIR/cache"
 
 mkdir -p "$HOME_DIR"
 mkdir -p "$GIT_SHARED_DIR"
+mkdir -p "$CACHE_DIR/npm" "$CACHE_DIR/bun" "$CACHE_DIR/pip" "$CACHE_DIR/playwright-browsers"
+
+# ============================================================================
+# MIGRATION V3: Merge per-tool home directories into unified home
+# ============================================================================
+migrate_to_unified_home() {
+  local marker_file="$SANDBOX_DIR/.migrated-unified-home"
+
+  # Skip if already migrated
+  [[ -f "$marker_file" ]] && return 0
+
+  # Check if any per-tool home directories exist
+  local needs_migration=false
+  for tool_home in "$SANDBOX_DIR"/tools/*/home; do
+    if [[ -d "$tool_home" ]]; then
+      needs_migration=true
+      break
+    fi
+  done
+
+  [[ "$needs_migration" == "false" ]] && { touch "$marker_file"; return 0; }
+
+  echo "🔄 Migrating per-tool home directories to unified home..."
+
+  local migrated_count=0
+  for tool_home in "$SANDBOX_DIR"/tools/*/home; do
+    [[ -d "$tool_home" ]] || continue
+    local tool_name
+    tool_name=$(basename "$(dirname "$tool_home")")
+    echo "  🔄 Migrating tools/$tool_name/home/ → home/"
+
+    # Use cp -rn (no-clobber) - works on macOS and Linux
+    # Falls back to rsync if cp -rn fails (some older systems)
+    # KNOWN ISSUE: glob * doesn't match dotfiles (.nano-brain, .config, etc.)
+    # TODO: fix with dotglob or rsync-first approach
+    if cp -rn "$tool_home/"* "$HOME_DIR/" 2>/dev/null; then
+      ((migrated_count++))
+    elif command -v rsync &>/dev/null; then
+      rsync -a --ignore-existing "$tool_home/" "$HOME_DIR/" 2>/dev/null && ((migrated_count++))
+    else
+      echo "  ⚠️  Could not migrate $tool_name (cp -rn and rsync unavailable)"
+    fi
+  done
+
+  # Create marker file
+  date -Iseconds > "$marker_file" 2>/dev/null || date > "$marker_file"
+
+  if [[ $migrated_count -gt 0 ]]; then
+    echo "✅ Migration complete! Merged $migrated_count tool home directories."
+    echo ""
+    echo "ℹ️  Old per-tool home directories preserved. Run 'npx @kokorolx/ai-sandbox-wrapper clean' to remove them."
+  fi
+}
+
+migrate_to_unified_home
 
 # Build volume mounts for all whitelisted workspaces
 VOLUME_MOUNTS=""
@@ -558,13 +659,47 @@ while IFS= read -r ws; do
   VOLUME_MOUNTS="$VOLUME_MOUNTS -v $ws:$ws:delegated"
 done < "$WORKSPACES_FILE"
 
-# Tool-specific config migration and setup
-# All tool configs now live in HOME_DIR (~/.ai-sandbox/home/$TOOL/)
-# which is mounted as /home/agent in the container
+# Config mount registry for all tools
+# Maps tool name to space-separated config paths (relative to $HOME)
+get_tool_configs() {
+  case "$1" in
+    amp)       echo ".config/amp .local/share/amp" ;;
+    opencode)  echo ".config/opencode .local/share/opencode" ;;
+    claude)    echo ".claude .ccs" ;;
+    openclaw)  echo ".openclaw" ;;
+    droid)     echo ".config/droid" ;;
+    qoder)     echo ".config/qoder" ;;
+    auggie)    echo ".config/auggie" ;;
+    codebuddy) echo ".config/codebuddy" ;;
+    jules)     echo ".config/jules" ;;
+    shai)      echo ".config/shai" ;;
+    gemini)    echo ".config/gemini" ;;
+    aider)     echo ".config/aider .aider" ;;
+    kilo)      echo ".config/kilo" ;;
+    codex)     echo ".config/codex" ;;
+    qwen)      echo ".config/qwen" ;;
+  esac
+}
+
+# All known tools (for fallback)
+ALL_KNOWN_TOOLS="amp opencode claude openclaw droid qoder auggie codebuddy jules shai gemini aider kilo codex qwen"
+
+# Get list of installed tools from config.json, fallback to all known tools
+get_installed_tools() {
+  local installed
+  if command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+    installed=$(jq -r '.tools.installed[]? // empty' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+  fi
+  if [[ -z "$installed" ]]; then
+    # Fallback: return all known tools in registry
+    echo "$ALL_KNOWN_TOOLS"
+  else
+    echo "$installed"
+  fi
+}
 
-# Tool-specific config persistence
-# Instead of copying (one-way), we now bind-mount host paths directly
-# to ensure changes inside the container persist to the host.
+# Tool config persistence via bind mounts
+# Bind-mount host paths directly to ensure changes persist to the host.
 TOOL_CONFIG_MOUNTS=""
 
 mount_tool_config() {
@@ -582,81 +717,60 @@ mount_tool_config() {
   fi
 }
 
-case "$TOOL" in
-  amp)
-    mount_tool_config "$HOME/.config/amp" ".config/amp"
-    mount_tool_config "$HOME/.local/share/amp" ".local/share/amp"
-    ;;
-  opencode)
-    mount_tool_config "$HOME/.config/opencode" ".config/opencode"
-    mount_tool_config "$HOME/.local/share/opencode" ".local/share/opencode"
-    # Bundle default skills (copy if not already present)
-    AIRUN_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-    BUNDLED_SKILLS_DIR="$AIRUN_DIR/../skills"
-    if [[ -d "$BUNDLED_SKILLS_DIR" ]]; then
-      for skill_dir in "$BUNDLED_SKILLS_DIR"/*/; do
-        [[ ! -d "$skill_dir" ]] && continue
-        skill_name=$(basename "$skill_dir")
-        target_dir="$HOME/.config/opencode/skills/$skill_name"
-        if [[ ! -d "$target_dir" ]]; then
-          mkdir -p "$target_dir"
-          cp -r "$skill_dir"* "$target_dir/" 2>/dev/null || true
-        fi
-      done
-    fi
-    ;;
-  openclaw)
-    mount_tool_config "$HOME/.openclaw" ".openclaw"
-    ;;
-  claude)
-    mount_tool_config "$HOME/.claude" ".claude"
-    mount_tool_config "$HOME/.ccs" ".ccs"
-    ;;
-  droid)
-    mount_tool_config "$HOME/.config/droid" ".config/droid"
-    ;;
-  qoder)
-    mount_tool_config "$HOME/.config/qoder" ".config/qoder"
-    ;;
-  auggie)
-    mount_tool_config "$HOME/.config/auggie" ".config/auggie"
-    ;;
-  codebuddy)
-    mount_tool_config "$HOME/.config/codebuddy" ".config/codebuddy"
-    ;;
-  jules)
-    mount_tool_config "$HOME/.config/jules" ".config/jules"
-    ;;
-  shai)
-    mount_tool_config "$HOME/.config/shai" ".config/shai"
-    ;;
-  gemini)
-    mount_tool_config "$HOME/.config/gemini" ".config/gemini"
-    ;;
-  aider)
-    mount_tool_config "$HOME/.config/aider" ".config/aider"
-    mount_tool_config "$HOME/.aider" ".aider"
-    ;;
-  kilo)
-    mount_tool_config "$HOME/.config/kilo" ".config/kilo"
-    ;;
-  codex)
-    mount_tool_config "$HOME/.config/codex" ".config/codex"
-    ;;
-  qwen)
-    mount_tool_config "$HOME/.config/qwen" ".config/qwen"
-    ;;
-esac
+# Mount configs for all installed tools (unified image)
+for tool in $(get_installed_tools); do
+  for cfg_path in $(get_tool_configs "$tool"); do
+    mount_tool_config "$HOME/$cfg_path" "$cfg_path"
+  done
+done
+
+# Bundle OpenCode default skills (if opencode is installed)
+if get_installed_tools | grep -qw "opencode"; then
+  AIRUN_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+  BUNDLED_SKILLS_DIR="$AIRUN_DIR/../skills"
+  if [[ -d "$BUNDLED_SKILLS_DIR" ]]; then
+    for skill_dir in "$BUNDLED_SKILLS_DIR"/*/; do
+      [[ ! -d "$skill_dir" ]] && continue
+      skill_name=$(basename "$skill_dir")
+      target_dir="$HOME/.config/opencode/skills/$skill_name"
+      if [[ ! -d "$target_dir" ]]; then
+        mkdir -p "$target_dir"
+        cp -r "$skill_dir"* "$target_dir/" 2>/dev/null || true
+      fi
+    done
+  fi
+fi
 
 # Ensure required directories exist in HOME_DIR
 mkdir -p "$HOME_DIR/.config" "$HOME_DIR/.local/share" "$HOME_DIR/.cache" "$HOME_DIR/.bun"
 
-# Project-level config mount (if exists)
-CONFIG_MOUNT=""
-PROJECT_CONFIG="$CURRENT_DIR/.$TOOL.json"
+SHARED_CACHE_MOUNTS="-v $CACHE_DIR/npm:/home/agent/.npm:delegated"
+SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $CACHE_DIR/bun:/home/agent/.bun/install/cache:delegated"
+SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $CACHE_DIR/pip:/home/agent/.cache/pip:delegated"
+SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $CACHE_DIR/playwright-browsers:/opt/playwright-browsers:delegated"
+
+# Shared skills mount (from host, read-only)
+HOST_SKILLS_DIR="$HOME/.config/agents/skills"
+if [[ -d "$HOST_SKILLS_DIR" ]]; then
+  SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/agents/skills:ro"
+  SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/opencode/skills:ro"
+fi
 
-if [[ -f "$PROJECT_CONFIG" ]]; then
-  CONFIG_MOUNT="-v $PROJECT_CONFIG:$CURRENT_DIR/.$TOOL.json:delegated"
+# Nano-brain mount disabled to prevent SQLite conflicts between host and container
+# All tools should use the MCP interface to interact with nano-brain on the host
+if [[ -d "$HOME/.nano-brain" ]]; then
+  echo "ℹ️  Skipping .nano-brain mount to prevent SQLite database corruption"
+  echo "   Use MCP interface for nano-brain access instead of direct CLI"
+fi
+
+
+# Project-level config mount (if exists and tool specified)
+CONFIG_MOUNT=""
+if [[ -n "$TOOL" ]]; then
+  PROJECT_CONFIG="$CURRENT_DIR/.$TOOL.json"
+  if [[ -f "$PROJECT_CONFIG" ]]; then
+    CONFIG_MOUNT="-v $PROJECT_CONFIG:$CURRENT_DIR/.$TOOL.json:delegated"
+  fi
 fi
 
 # ============================================================================
@@ -1053,8 +1167,55 @@ if [[ ${#SELECTED_NETWORKS[@]} -gt 0 ]]; then
   done < <(validate_networks "${SELECTED_NETWORKS[@]}")
 fi
 
+# Detect SSH agent socket (prefer agent forwarding over key copying)
+get_ssh_agent_socket() {
+  # macOS Docker Desktop: special socket path
+  if [[ "$(uname)" == "Darwin" ]]; then
+    local docker_sock="/run/host-services/ssh-auth.sock"
+    # Docker Desktop forwards the host agent to this path inside the VM
+    if [[ -n "$SSH_AUTH_SOCK" ]] && [[ -S "$SSH_AUTH_SOCK" ]]; then
+      echo "$SSH_AUTH_SOCK"
+      return 0
+    fi
+  fi
+  # Standard SSH agent socket (Linux, macOS with regular agent)
+  if [[ -n "$SSH_AUTH_SOCK" ]] && [[ -S "$SSH_AUTH_SOCK" ]]; then
+    echo "$SSH_AUTH_SOCK"
+    return 0
+  fi
+  return 1
+}
+
+# Mount SSH agent socket + known_hosts/config (no private keys)
+setup_ssh_agent_forwarding() {
+  local agent_sock="$1"
+
+  # Mount the agent socket
+  GIT_MOUNTS="$GIT_MOUNTS -v $agent_sock:/ssh-agent"
+  SSH_AGENT_ENV="-e SSH_AUTH_SOCK=/ssh-agent"
+
+  # Still need known_hosts and config for host verification
+  mkdir -p "$GIT_CACHE_DIR/ssh"
+
+  if [ -f "$HOME/.ssh/known_hosts" ]; then
+    cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+    chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+  fi
+
+  if [ -f "$HOME/.ssh/config" ]; then
+    cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+    chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+  fi
+
+  chmod 700 "$GIT_CACHE_DIR/ssh"
+  GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
+
+  echo "🔒 SSH agent forwarding active (keys never enter container)"
+}
+
 # Git access control (opt-in per workspace)
 GIT_MOUNTS=""
+SSH_AGENT_ENV=""
 GIT_ALLOWED_FILE="$SANDBOX_DIR/git-allowed"
 GIT_CACHE_DIR="$GIT_SHARED_DIR"  # V2: Uses shared/git instead of cache/git
 touch "$GIT_ALLOWED_FILE" 2>/dev/null || true
@@ -1120,68 +1281,79 @@ if is_git_allowed "$CURRENT_DIR" || is_git_fetch_only "$CURRENT_DIR" || [[ "$GIT
   SAVED_KEYS_FILE="$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"  # V2: Uses shared/git/keys/
 
   if [ -f "$SAVED_KEYS_FILE" ]; then
-    # Use previously saved key selection
-    echo "📋 Syncing Git credentials..."
-    if [ -d "$GIT_CACHE_DIR/ssh" ]; then
-      chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
-      rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
-    fi
-    mkdir -p "$GIT_CACHE_DIR/ssh"
-
-    # Read saved keys and copy them
-    SAVED_KEYS=()
-    while IFS= read -r key; do
-      [ -n "$key" ] && SAVED_KEYS+=("$key")
-    done < "$SAVED_KEYS_FILE"
-
-    for key in "${SAVED_KEYS[@]}"; do
-      [ -z "$key" ] && continue
-      src_file="$HOME/.ssh/$key"
-      dst_file="$GIT_CACHE_DIR/ssh/$key"
-
-      dst_dir=$(dirname "$dst_file")
-      mkdir -p "$dst_dir" 2>/dev/null || true
-      chmod 700 "$dst_dir" 2>/dev/null || true
-
-      if [ -f "$src_file" ]; then
-        cp "$src_file" "$dst_file" 2>/dev/null || true
-        chmod 600 "$dst_file" 2>/dev/null || true
+    # Try SSH agent forwarding first (more secure)
+    AGENT_SOCK=""
+    if AGENT_SOCK=$(get_ssh_agent_socket); then
+      echo "📋 Setting up Git credentials (agent forwarding)..."
+      setup_ssh_agent_forwarding "$AGENT_SOCK"
+      echo "✅ Git credentials ready (agent forwarding)"
+    else
+      # Fallback: copy key files (less secure)
+      echo "📋 Syncing Git credentials..."
+      echo "⚠️  SSH agent not detected. Falling back to key file mounting."
+      echo "   For better security, start ssh-agent: eval \"\$(ssh-agent -s)\" && ssh-add"
+
+      if [ -d "$GIT_CACHE_DIR/ssh" ]; then
+        chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
+        rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
       fi
-    done
+      mkdir -p "$GIT_CACHE_DIR/ssh"
+
+      # Read saved keys and copy them
+      SAVED_KEYS=()
+      while IFS= read -r key; do
+        [ -n "$key" ] && SAVED_KEYS+=("$key")
+      done < "$SAVED_KEYS_FILE"
+
+      for key in "${SAVED_KEYS[@]}"; do
+        [ -z "$key" ] && continue
+        src_file="$HOME/.ssh/$key"
+        dst_file="$GIT_CACHE_DIR/ssh/$key"
+
+        dst_dir=$(dirname "$dst_file")
+        mkdir -p "$dst_dir" 2>/dev/null || true
+        chmod 700 "$dst_dir" 2>/dev/null || true
+
+        if [ -f "$src_file" ]; then
+          cp "$src_file" "$dst_file" 2>/dev/null || true
+          chmod 600 "$dst_file" 2>/dev/null || true
+        fi
+      done
 
-    # Copy filtered SSH config (only hosts needed for this repo)
-    if [ -f "$HOME/.ssh/config" ]; then
-      SETUP_SSH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/setup-ssh-config"
-      if [ -x "$SETUP_SSH" ]; then
-        # Join SAVED_KEYS into a comma-separated string for --keys
-        KEYS_ARG=$(IFS=,; echo "${SAVED_KEYS[*]}")
-        output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
-        TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
-        if [ -f "$TEMP_CONFIG" ]; then
-          cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-          chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+      # Copy filtered SSH config (only hosts needed for this repo)
+      if [ -f "$HOME/.ssh/config" ]; then
+        SETUP_SSH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/setup-ssh-config"
+        if [ -x "$SETUP_SSH" ]; then
+          # Join SAVED_KEYS into a comma-separated string for --keys
+          KEYS_ARG=$(IFS=,; echo "${SAVED_KEYS[*]}")
+          output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
+          TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
+          if [ -f "$TEMP_CONFIG" ]; then
+            cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+            chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+          else
+            cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+            chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+          fi
         else
           cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
           chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
         fi
-      else
-        cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-        chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
       fi
-    fi
 
-    if [ -f "$HOME/.ssh/known_hosts" ]; then
-      cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-      chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-    fi
+      if [ -f "$HOME/.ssh/known_hosts" ]; then
+        cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+        chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+      fi
 
-    # Ensure all directories have correct permissions (recursive)
-    chmod 700 "$GIT_CACHE_DIR/ssh"
-    find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
-    find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
+      # Ensure all directories have correct permissions (recursive)
+      chmod 700 "$GIT_CACHE_DIR/ssh"
+      find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
+      find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
 
-    GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
-    echo "✅ Git credentials synced"
+      GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
+      echo "✅ Git credentials synced"
+    fi
   fi
 
   if [ -f "$HOME/.gitconfig" ]; then
@@ -1212,136 +1384,179 @@ else
 
     case "$git_choice" in
       1|2|4|5)
-        # Interactive SSH key selection
-        echo ""
-        echo "🔑 SSH Key Selection"
-        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        # Try SSH agent forwarding first (more secure - no key selection needed)
+        AGENT_SOCK=""
+        if AGENT_SOCK=$(get_ssh_agent_socket); then
+          echo ""
+          echo "🔒 SSH Agent Forwarding"
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+          setup_ssh_agent_forwarding "$AGENT_SOCK"
 
-        # Source the SSH key selector library
-        # Resolve symlink to get actual project directory
-        SCRIPT_PATH="${BASH_SOURCE[0]}"
-        while [ -L "$SCRIPT_PATH" ]; do
-          SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
-          SCRIPT_PATH="$(readlink "$SCRIPT_PATH")"
-          [[ $SCRIPT_PATH != /* ]] && SCRIPT_PATH="$SCRIPT_DIR/$SCRIPT_PATH"
-        done
-        SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
-        source "$SCRIPT_DIR/../lib/ssh-key-selector.sh"
-
-        # Let user select keys
-        if select_ssh_keys; then
-          if [ ${#SELECTED_SSH_KEYS[@]} -gt 0 ]; then
-            echo "📋 Copying selected credentials to cache..."
-            if [ -d "$GIT_CACHE_DIR/ssh" ]; then
-              chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
-              rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
+          # Copy gitconfig
+          if [ -f "$HOME/.gitconfig" ]; then
+            cp "$HOME/.gitconfig" "$HOME_DIR/.gitconfig" 2>/dev/null || true
+          fi
+
+          if [[ "$git_choice" == "4" || "$git_choice" == "5" ]]; then
+            GIT_FETCH_ONLY_MODE=true
+          fi
+
+          # Save workspace preference (same logic as before)
+          if [ "$git_choice" = "2" ]; then
+            echo "$CURRENT_DIR" >> "$GIT_ALLOWED_FILE"
+            if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+              jq --arg ws "$CURRENT_DIR" '.git.allowedWorkspaces += [$ws] | .git.allowedWorkspaces |= unique' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+              chmod 600 "$AI_SANDBOX_CONFIG"
             fi
-            mkdir -p "$GIT_CACHE_DIR/ssh"
-
-            # Copy selected SSH keys (preserve directory structure exactly)
-            for key in "${SELECTED_SSH_KEYS[@]}"; do
-              echo "  → Copying $key..."
-              src_file="$HOME/.ssh/$key"
-              dst_file="$GIT_CACHE_DIR/ssh/$key"
-
-              # Create parent directory with correct permissions
-              dst_dir=$(dirname "$dst_file")
-              mkdir -p "$dst_dir"
-              chmod 700 "$dst_dir"
-
-              # Copy the file and set permissions
-              if [ -f "$src_file" ]; then
-                cp "$src_file" "$dst_file"
-                chmod 600 "$dst_file"
-              else
-                echo "    ⚠️  Warning: $src_file not found, skipping"
+            echo "✅ Git access enabled and saved for: $CURRENT_DIR"
+          elif [ "$git_choice" = "5" ]; then
+            if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+              jq --arg ws "$CURRENT_DIR" '.git.fetchOnlyWorkspaces = ((.git.fetchOnlyWorkspaces // []) + [$ws] | unique)' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+              chmod 600 "$AI_SANDBOX_CONFIG"
+            fi
+            echo "✅ Git fetch-only access enabled and saved for: $CURRENT_DIR"
+          elif [ "$git_choice" = "4" ]; then
+            echo "✅ Git fetch-only access enabled for this session"
+          else
+            echo "✅ Git access enabled for this session"
+          fi
+        else
+          # No SSH agent — fall back to key selection + copy
+          echo ""
+          echo "⚠️  SSH agent not detected. Using key file mounting."
+          echo "   For better security: eval \"\$(ssh-agent -s)\" && ssh-add"
+          echo ""
+          echo "🔑 SSH Key Selection"
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+          # Source the SSH key selector library
+          # Resolve symlink to get actual project directory
+          SCRIPT_PATH="${BASH_SOURCE[0]}"
+          while [ -L "$SCRIPT_PATH" ]; do
+            SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
+            SCRIPT_PATH="$(readlink "$SCRIPT_PATH")"
+            [[ $SCRIPT_PATH != /* ]] && SCRIPT_PATH="$SCRIPT_DIR/$SCRIPT_PATH"
+          done
+          SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
+          source "$SCRIPT_DIR/../lib/ssh-key-selector.sh"
+
+          # Let user select keys
+          if select_ssh_keys; then
+            if [ ${#SELECTED_SSH_KEYS[@]} -gt 0 ]; then
+              echo "📋 Copying selected credentials to cache..."
+              if [ -d "$GIT_CACHE_DIR/ssh" ]; then
+                chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
+                rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
               fi
-            done
-
-            # Copy filtered SSH config (only hosts needed for this repo)
-            if [ -f "$HOME/.ssh/config" ]; then
-              echo "  → Generating filtered SSH config..."
-              # Run setup-ssh-config to get filtered config
-              SETUP_SSH="$SCRIPT_DIR/setup-ssh-config"
-              if [ -x "$SETUP_SSH" ]; then
-                # Join SELECTED_SSH_KEYS into a comma-separated string for --keys
-                KEYS_ARG=$(IFS=,; echo "${SELECTED_SSH_KEYS[*]}")
-                # Run it and capture the filtered config path
-                output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
-                TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
-                if [ -f "$TEMP_CONFIG" ]; then
-                  cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-                  chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+              mkdir -p "$GIT_CACHE_DIR/ssh"
+
+              # Copy selected SSH keys (preserve directory structure exactly)
+              for key in "${SELECTED_SSH_KEYS[@]}"; do
+                echo "  → Copying $key..."
+                src_file="$HOME/.ssh/$key"
+                dst_file="$GIT_CACHE_DIR/ssh/$key"
+
+                # Create parent directory with correct permissions
+                dst_dir=$(dirname "$dst_file")
+                mkdir -p "$dst_dir"
+                chmod 700 "$dst_dir"
+
+                # Copy the file and set permissions
+                if [ -f "$src_file" ]; then
+                  cp "$src_file" "$dst_file"
+                  chmod 600 "$dst_file"
                 else
-                  # Fallback to copying full config if setup-ssh-config fails
+                  echo "    ⚠️  Warning: $src_file not found, skipping"
+                fi
+              done
+
+              # Copy filtered SSH config (only hosts needed for this repo)
+              if [ -f "$HOME/.ssh/config" ]; then
+                echo "  → Generating filtered SSH config..."
+                # Run setup-ssh-config to get filtered config
+                SETUP_SSH="$SCRIPT_DIR/setup-ssh-config"
+                if [ -x "$SETUP_SSH" ]; then
+                  # Join SELECTED_SSH_KEYS into a comma-separated string for --keys
+                  KEYS_ARG=$(IFS=,; echo "${SELECTED_SSH_KEYS[*]}")
+                  # Run it and capture the filtered config path
+                  output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
+                  TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
+                  if [ -f "$TEMP_CONFIG" ]; then
+                    cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                    chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                  else
+                    # Fallback to copying full config if setup-ssh-config fails
+                    cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                    chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                  fi
+                else
+                  # Fallback: copy full config
                   cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
                   chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
                 fi
-              else
-                # Fallback: copy full config
-                cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-                chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
               fi
-            fi
 
-            if [ -f "$HOME/.ssh/known_hosts" ]; then
-              echo "  → Copying known_hosts..."
-              cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-              chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-            fi
+              if [ -f "$HOME/.ssh/known_hosts" ]; then
+                echo "  → Copying known_hosts..."
+                cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+                chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+              fi
 
-            # Ensure all directories and files have correct permissions (recursive)
-            chmod 700 "$GIT_CACHE_DIR/ssh"
-            find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
-            find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
+              # Ensure all directories and files have correct permissions (recursive)
+              chmod 700 "$GIT_CACHE_DIR/ssh"
+              find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
+              find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
 
-            GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
+              GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
 
-            # Copy gitconfig
-            if [ -f "$HOME/.gitconfig" ]; then
-              echo "  → Copying .gitconfig..."
-              cp "$HOME/.gitconfig" "$HOME_DIR/.gitconfig" 2>/dev/null || true
-            fi
+              # Copy gitconfig
+              if [ -f "$HOME/.gitconfig" ]; then
+                echo "  → Copying .gitconfig..."
+                cp "$HOME/.gitconfig" "$HOME_DIR/.gitconfig" 2>/dev/null || true
+              fi
 
-            if [[ "$git_choice" == "4" || "$git_choice" == "5" ]]; then
-              GIT_FETCH_ONLY_MODE=true
-            fi
-            if [ "$git_choice" = "2" ]; then
-              # Save workspace and selected keys for future sessions
-              echo "$CURRENT_DIR" >> "$GIT_ALLOWED_FILE"
-              # Also save to config.json
-              if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
-                jq --arg ws "$CURRENT_DIR" '.git.allowedWorkspaces += [$ws] | .git.allowedWorkspaces |= unique' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
-                  && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
-                chmod 600 "$AI_SANDBOX_CONFIG"
+              if [[ "$git_choice" == "4" || "$git_choice" == "5" ]]; then
+                GIT_FETCH_ONLY_MODE=true
               fi
-              # Save selected keys (one per line for easier parsing)
-              WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
-              mkdir -p "$GIT_SHARED_DIR/keys"
-              printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
-              echo "✅ Git access enabled and saved for: $CURRENT_DIR"
-            elif [ "$git_choice" = "5" ]; then
-              # Save workspace to fetchOnlyWorkspaces
-              if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
-                jq --arg ws "$CURRENT_DIR" '.git.fetchOnlyWorkspaces = ((.git.fetchOnlyWorkspaces // []) + [$ws] | unique)' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
-                  && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
-                chmod 600 "$AI_SANDBOX_CONFIG"
+              if [ "$git_choice" = "2" ]; then
+                # Save workspace and selected keys for future sessions
+                echo "$CURRENT_DIR" >> "$GIT_ALLOWED_FILE"
+                # Also save to config.json
+                if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+                  jq --arg ws "$CURRENT_DIR" '.git.allowedWorkspaces += [$ws] | .git.allowedWorkspaces |= unique' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                    && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+                  chmod 600 "$AI_SANDBOX_CONFIG"
+                fi
+                # Save selected keys (one per line for easier parsing)
+                WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
+                mkdir -p "$GIT_SHARED_DIR/keys"
+                printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
+                echo "✅ Git access enabled and saved for: $CURRENT_DIR"
+              elif [ "$git_choice" = "5" ]; then
+                # Save workspace to fetchOnlyWorkspaces
+                if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+                  jq --arg ws "$CURRENT_DIR" '.git.fetchOnlyWorkspaces = ((.git.fetchOnlyWorkspaces // []) + [$ws] | unique)' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                    && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+                  chmod 600 "$AI_SANDBOX_CONFIG"
+                fi
+                # Save selected keys (one per line for easier parsing)
+                WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
+                mkdir -p "$GIT_SHARED_DIR/keys"
+                printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
+                echo "✅ Git fetch-only access enabled and saved for: $CURRENT_DIR"
+              elif [ "$git_choice" = "4" ]; then
+                echo "✅ Git fetch-only access enabled for this session"
+              else
+                echo "✅ Git access enabled for this session"
               fi
-              # Save selected keys (one per line for easier parsing)
-              WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
-              mkdir -p "$GIT_SHARED_DIR/keys"
-              printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
-              echo "✅ Git fetch-only access enabled and saved for: $CURRENT_DIR"
-            elif [ "$git_choice" = "4" ]; then
-              echo "✅ Git fetch-only access enabled for this session"
             else
-              echo "✅ Git access enabled for this session"
+              echo "⚠️  No SSH keys selected. Git access disabled."
             fi
           else
-            echo "⚠️  No SSH keys selected. Git access disabled."
+            echo "⚠️  SSH key selection cancelled. Git access disabled."
           fi
-        else
-          echo "⚠️  SSH key selection cancelled. Git access disabled."
         fi
         ;;
       *)
@@ -1436,7 +1651,7 @@ generate_container_name() {
   # Generate random 6-character suffix (hex)
   local random_suffix=$(openssl rand -hex 3)
 
-  echo "${TOOL}-${folder_name}-${random_suffix}"
+  echo "${TOOL:-shell}-${folder_name}-${random_suffix}"
 }
 
 # Container name and TTY allocation
@@ -1516,7 +1731,7 @@ resolve_opencode_password() {
     echo "  3) No password (⚠️  unsecured - localhost only)"
     echo ""
     read -p "Choice [1-3]: " password_choice
-    
+
     case "$password_choice" in
       1)
         local generated_password=$(openssl rand -base64 24 | tr -d '/+=' | head -c 24)
@@ -1585,11 +1800,11 @@ is_mcp_installed() {
 is_mcp_configured() {
   local mcp_name="$1"
   local config_file="$HOME/.config/opencode/opencode.json"
-  
+
   if [[ ! -f "$config_file" ]]; then
     return 1
   fi
-  
+
   if has_jq; then
     jq -e --arg name "$mcp_name" '.mcp[$name] // empty' "$config_file" &>/dev/null
   else
@@ -1603,7 +1818,7 @@ add_mcp_config() {
   local mcp_command="$2"
   local force="${3:-false}"
   local config_file="$HOME/.config/opencode/opencode.json"
-  
+
   # Check if already configured and warn user
   if [[ "$force" != "true" ]] && is_mcp_configured "$mcp_name"; then
     echo ""
@@ -1616,9 +1831,9 @@ add_mcp_config() {
       return 1
     fi
   fi
-  
+
   mkdir -p "$(dirname "$config_file")"
-  
+
   if [[ ! -f "$config_file" ]]; then
     # Create new config with MCP
     echo "{\"mcp\": {\"$mcp_name\": {\"type\": \"local\", \"command\": $mcp_command}}}" > "$config_file"
@@ -1651,47 +1866,47 @@ configure_opencode_mcp() {
   # Only run for opencode tool in interactive mode
   [[ "$TOOL" != "opencode" ]] && return 0
   [[ ! -t 0 ]] && return 0
-  
+
   local config_file="$HOME/.config/opencode/opencode.json"
-  
+
   # Generate workspace hash for skip tracking
   WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
-  
+
   # Check if already skipped for this workspace
   if is_mcp_skipped; then
     return 0
   fi
-  
+
   # Detect installed MCP tools (from config.json, set during setup.sh)
   local chrome_installed=false
   local playwright_installed=false
   local chrome_configured=false
   local playwright_configured=false
-  
+
   if is_mcp_installed "chrome-devtools"; then
     chrome_installed=true
     is_mcp_configured "chrome-devtools" && chrome_configured=true
   fi
-  
+
   if is_mcp_installed "playwright"; then
     playwright_installed=true
     is_mcp_configured "playwright" && playwright_configured=true
   fi
-  
+
   # If no MCP tools installed in image, return
   if [[ "$chrome_installed" == "false" && "$playwright_installed" == "false" ]]; then
     return 0
   fi
-  
+
   # If all installed tools are already configured, return silently
   local all_configured=true
   [[ "$chrome_installed" == "true" && "$chrome_configured" == "false" ]] && all_configured=false
   [[ "$playwright_installed" == "true" && "$playwright_configured" == "false" ]] && all_configured=false
-  
+
   if [[ "$all_configured" == "true" ]]; then
     return 0
   fi
-  
+
   # Build lists of configured and unconfigured tools
   local unconfigured=()
   local configured=()
@@ -1699,12 +1914,12 @@ configure_opencode_mcp() {
   [[ "$chrome_installed" == "true" && "$chrome_configured" == "true" ]] && configured+=("chrome-devtools")
   [[ "$playwright_installed" == "true" && "$playwright_configured" == "false" ]] && unconfigured+=("playwright")
   [[ "$playwright_installed" == "true" && "$playwright_configured" == "true" ]] && configured+=("playwright")
-  
+
   # Show prompt
   echo ""
   echo "🔌 MCP Tools Detected"
   echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-  
+
   # Show already configured tools
   if [[ ${#configured[@]} -gt 0 ]]; then
     echo "Already configured:"
@@ -1720,7 +1935,7 @@ configure_opencode_mcp() {
     done
     echo ""
   fi
-  
+
   # Show unconfigured tools
   if [[ ${#unconfigured[@]} -gt 0 ]]; then
     echo "Not yet configured:"
@@ -1736,7 +1951,7 @@ configure_opencode_mcp() {
     done
     echo ""
   fi
-  
+
   echo "Configure MCP tools in OpenCode?"
   echo "  1) Yes, configure all detected tools"
   echo "  2) Yes, let me choose which ones"
@@ -1744,16 +1959,16 @@ configure_opencode_mcp() {
   echo "  4) No, don't ask again for this workspace"
   echo ""
   read -p "Choice [1-4]: " mcp_choice
-  
+
   local configured_any=false
-  
+
   case "$mcp_choice" in
     1)
       # Configure all (both unconfigured and offer to reconfigure configured ones)
       local all_tools=()
       [[ "$chrome_installed" == "true" ]] && all_tools+=("chrome-devtools")
       [[ "$playwright_installed" == "true" ]] && all_tools+=("playwright")
-      
+
       for tool in "${all_tools[@]}"; do
         case "$tool" in
           chrome-devtools)
@@ -1763,7 +1978,7 @@ configure_opencode_mcp() {
             fi
             ;;
           playwright)
-            if add_mcp_config "playwright" '["npx", "@playwright/mcp@latest", "--headless", "--browser", "chromium"]'; then
+            if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
               echo "  ✓ Configured Playwright MCP"
               configured_any=true
             fi
@@ -1776,7 +1991,7 @@ configure_opencode_mcp() {
       local all_tools=()
       [[ "$chrome_installed" == "true" ]] && all_tools+=("chrome-devtools")
       [[ "$playwright_installed" == "true" ]] && all_tools+=("playwright")
-      
+
       for tool in "${all_tools[@]}"; do
         local tool_desc=""
         local status_hint=""
@@ -1800,7 +2015,7 @@ configure_opencode_mcp() {
               fi
               ;;
             playwright)
-              if add_mcp_config "playwright" '["npx", "@playwright/mcp@latest", "--headless", "--browser", "chromium"]'; then
+              if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
                 echo "    ✓ Configured"
                 configured_any=true
               fi
@@ -1819,7 +2034,7 @@ configure_opencode_mcp() {
       echo "ℹ️  Skipped."
       ;;
   esac
-  
+
   # Show config file path for easy editing
   echo ""
   if [[ "$configured_any" == "true" ]]; then
@@ -1885,7 +2100,7 @@ check_port_in_use() {
   else
     return 2
   fi
-  
+
   docker ps --format "{{.Ports}}" 2>/dev/null | grep -q ":$port->" && return 0
   return 1
 }
@@ -1939,10 +2154,10 @@ if detect_opencode_web; then
   if [[ -z "$WEB_PORT" ]]; then
     WEB_PORT=4096
   fi
-  
+
   add_port_to_list "$WEB_PORT" "auto-detected"
   echo "🌐 Detected web command. Auto-exposing port $WEB_PORT."
-  
+
   if ! has_hostname_arg; then
     TOOL_ARGS+=("--hostname" "0.0.0.0")
   fi
@@ -1997,7 +2212,7 @@ if [[ -n "$EXPOSE_PORTS_LIST" ]]; then
   done
 
   echo "🔌 Port mappings: $EXPOSE_PORTS_LIST"
-  
+
   if [[ "$WEB_DETECTED" == "true" ]]; then
     echo "🌐 Web UI available at http://localhost:$WEB_PORT"
   fi
@@ -2017,20 +2232,115 @@ if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
   echo "🔧 Debug: EXPOSE_PORTS_LIST='$EXPOSE_PORTS_LIST'"
 fi
 
+is_nano_brain_command() {
+  if [[ "$TOOL" == "nano-brain" ]]; then
+    return 0
+  fi
+
+  if [[ "$TOOL" == "npx" ]]; then
+    for arg in "${TOOL_ARGS[@]}"; do
+      if [[ "$arg" == "nano-brain" ]]; then
+        return 0
+      fi
+    done
+  fi
+
+  return 1
+}
+
+NANO_BRAIN_AUTOREPAIR_SCRIPT='
+set -e
+ORIG_CMD=("$@")
+REPAIR_PATTERN="(tree-sitter|native binding|Cannot find module.*tree-sitter|compiled against a different Node.js version|Exec format error|invalid ELF header|Native bindings not available)"
+
+echo "🔎 nano-brain preflight: checking runtime cache paths..."
+mkdir -p /home/agent/.npm /home/agent/.cache/node-gyp 2>/dev/null || true
+
+run_with_capture() {
+  local err_file
+  err_file=$(mktemp)
+
+  set +e
+  "${ORIG_CMD[@]}" 2>"$err_file"
+  local exit_code=$?
+  set -e
+
+  if [[ $exit_code -ne 0 ]] && grep -Eqi "$REPAIR_PATTERN" "$err_file"; then
+    cat "$err_file" >&2
+    echo "⚠️  Detected nano-brain native module issue."
+    echo "🔧 Running automatic repair (clearing npx/node-gyp caches)..."
+    rm -rf /home/agent/.npm/_npx /home/agent/.cache/node-gyp 2>/dev/null || true
+    npm cache clean --force >/dev/null 2>&1 || true
+    echo "🔁 Retrying nano-brain command once..."
+    set +e
+    "${ORIG_CMD[@]}"
+    local retry_code=$?
+    set -e
+    rm -f "$err_file"
+    return $retry_code
+  fi
+
+  if [[ $exit_code -eq 0 ]] && grep -Eqi "(\\[treesitter\\] Native bindings not available|symbol graph disabled|tree-sitter-typescript\\.node|No such file or directory)" "$err_file"; then
+    if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
+      echo "ℹ️  nano-brain: non-fatal tree-sitter warning captured." >&2
+      cat "$err_file" >&2
+    else
+      grep -Eiv "(\\[treesitter\\] Native bindings not available|symbol graph disabled|tree-sitter-typescript\\.node|No such file or directory)" "$err_file" >&2 || true
+    fi
+    rm -f "$err_file"
+    return 0
+  fi
+
+  cat "$err_file" >&2
+  rm -f "$err_file"
+  return $exit_code
+}
+
+run_with_capture
+'
+
 # Prepare command based on mode
 ENTRYPOINT_OVERRIDE=""
-if [[ "$SHELL_MODE" == "true" ]]; then
-  # Shell mode: override entrypoint to bash and show welcome message
+if [[ -n "$TOOL" && "$SHELL_MODE" != "true" ]]; then
+  # Direct tool execution: override entrypoint to the tool
+  ENTRYPOINT_OVERRIDE="--entrypoint $TOOL"
+  DOCKER_COMMAND=("${TOOL_ARGS[@]}")
+elif [[ "$SHELL_MODE" == "true" || -z "$TOOL" ]]; then
+  # Shell mode (explicit --shell or no tool specified)
   ENTRYPOINT_OVERRIDE="--entrypoint bash"
-  DOCKER_COMMAND=(
-    "-c"
-    "echo ''; echo '🚀 AI Tool Container - Interactive Shell'; echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'; echo ''; echo \"Tool available: ${TOOL}\"; echo 'Run the tool: ${TOOL}'; echo 'Exit container: exit or Ctrl+D'; echo ''; echo \"Additional tools:\"; echo '  - specify (spec-kit): Spec-driven development'; echo '  - uipro (ux-ui-promax): UI/UX design intelligence'; echo '  - openspec: OpenSpec workflow'; echo ''; echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'; echo ''; exec bash"
-  )
+  # Build welcome message with installed tools
+  INSTALLED_TOOLS_MSG=""
+  if command -v jq &>/dev/null && [[ -f "$SANDBOX_DIR/config.json" ]]; then
+    INSTALLED_TOOLS_MSG=$(jq -r '.tools.installed // [] | join(", ")' "$SANDBOX_DIR/config.json" 2>/dev/null || echo "")
+  fi
+  if [[ -n "$TOOL" ]]; then
+    # Shell mode with specific tool (ai-run claude --shell)
+    DOCKER_COMMAND=(
+      "-c"
+      "echo ''; echo '🚀 AI Tool Container - Interactive Shell'; echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'; echo ''; echo \"Tool available: ${TOOL}\"; echo 'Run the tool: ${TOOL}'; echo 'Exit container: exit or Ctrl+D'; echo ''; echo \"Additional tools:\"; echo '  - specify (spec-kit): Spec-driven development'; echo '  - uipro (ux-ui-promax): UI/UX design intelligence'; echo '  - openspec: OpenSpec workflow'; echo ''; echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'; echo ''; exec bash"
+    )
+  else
+    # Shell mode without tool (ai-run with no args)
+    DOCKER_COMMAND=(
+      "-c"
+      "echo ''; echo '🚀 AI Sandbox - Interactive Shell'; echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'; echo ''; echo 'Installed tools: ${INSTALLED_TOOLS_MSG:-unknown}'; echo ''; echo 'Run any tool by name: claude, opencode, gemini, etc.'; echo 'Exit: exit or Ctrl+D'; echo ''; echo 'Enhancement tools: specify, uipro, openspec, rtk'; echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'; echo ''; exec bash"
+    )
+  fi
 else
-  # Direct mode: use image's default entrypoint with arguments
+  # Fallback: direct mode with image's default entrypoint
   DOCKER_COMMAND=("${TOOL_ARGS[@]}")
 fi
 
+# Nano-brain targeted preflight + auto-repair wrapper
+if [[ "$SHELL_MODE" != "true" ]] && is_nano_brain_command; then
+  if [[ "$NANO_BRAIN_AUTO_REPAIR" == "true" ]]; then
+    ENTRYPOINT_OVERRIDE="--entrypoint bash"
+    DOCKER_COMMAND=("-lc" "$NANO_BRAIN_AUTOREPAIR_SCRIPT" "nano-brain-wrapper" "$TOOL" "${TOOL_ARGS[@]}")
+  else
+    echo "ℹ️  nano-brain auto-repair disabled"
+  fi
+fi
+
 # Detect platform architecture (avoid slow emulation)
 PLATFORM="${AI_RUN_PLATFORM:-}"
 if [[ -z "$PLATFORM" ]]; then
@@ -2061,13 +2371,17 @@ fi
 mkdir -p "$HOME_DIR" "$GIT_SHARED_DIR"
 chmod -R u+w "$HOME_DIR" "$GIT_SHARED_DIR" 2>/dev/null || true
 
-# Selective Cache Isolation (Anonymous Volumes)
-# Use anonymous volumes to "hide" host-poisoned node_modules and caches
-# while keeping configurations and auth data.
-CACHE_MOUNTS=""
-if [[ "$TOOL" == "opencode" ]]; then
-  # Isolate heavy caches and node_modules to prevent Bun/Node conflicts
-  CACHE_MOUNTS="-v /home/agent/.npm -v /home/agent/.cache -v /home/agent/.opencode/node_modules"
+if [[ ! -f "$CACHE_DIR/playwright-browsers/.seeded" ]]; then
+  if docker run --rm "$IMAGE" test -d /opt/playwright-browsers 2>/dev/null; then
+    echo "🔄 Seeding shared Playwright browser cache..."
+    docker run --rm -v "$CACHE_DIR/playwright-browsers":/export "$IMAGE" \
+      cp -a /opt/playwright-browsers/. /export/ 2>/dev/null && \
+      touch "$CACHE_DIR/playwright-browsers/.seeded" && \
+      echo "✅ Playwright browsers cached" || \
+      echo "⚠️  Playwright browser seeding failed (will retry next run)"
+  else
+    touch "$CACHE_DIR/playwright-browsers/.seeded"
+  fi
 fi
 
 # Detect display configuration (clipboard integration)
@@ -2078,20 +2392,20 @@ DISPLAY_FLAGS=$(detect_display_config)
 # ============================================================================
 if [[ "$TOOL" == "openclaw" ]]; then
   OPENCLAW_REPO_DIR="$HOME/.ai-sandbox/tools/openclaw/repo"
-  
+
   if [[ ! -d "$OPENCLAW_REPO_DIR" ]]; then
     echo "❌ ERROR: OpenClaw repository not found at $OPENCLAW_REPO_DIR"
     echo "   Run: npx @kokorolx/ai-sandbox-wrapper setup"
     exit 1
   fi
-  
+
   cd "$OPENCLAW_REPO_DIR"
-  
+
   OPENCLAW_COMPOSE_FILE="$OPENCLAW_REPO_DIR/docker-compose.yml"
   OPENCLAW_OVERRIDE_FILE="$OPENCLAW_REPO_DIR/docker-compose.override.yml"
-  
+
   echo "🔄 Generating OpenClaw docker-compose override..."
-  
+
   cat > "$OPENCLAW_OVERRIDE_FILE" <<EOF
 services:
   openclaw-gateway:
@@ -2101,18 +2415,18 @@ services:
     volumes:
       - $HOME/.openclaw:/home/node/.openclaw
 EOF
-  
+
   for workspace in "${WORKSPACES[@]}"; do
     echo "      - $workspace:$workspace" >> "$OPENCLAW_OVERRIDE_FILE"
   done
-  
+
   cat >> "$OPENCLAW_OVERRIDE_FILE" <<EOF
     ports:
       - "18789:18789"
       - "18790:18790"
     working_dir: $CURRENT_DIR
 EOF
-  
+
   if [[ -n "$NETWORK_OPTIONS" ]]; then
     echo "    networks:" >> "$OPENCLAW_OVERRIDE_FILE"
     for net in ${DOCKER_NETWORKS//,/ }; do
@@ -2125,12 +2439,12 @@ EOF
       echo "    external: true" >> "$OPENCLAW_OVERRIDE_FILE"
     done
   fi
-  
+
   echo "🚀 Starting OpenClaw with docker-compose..."
   echo "🌐 Gateway: http://localhost:18789"
   echo "🌐 Bridge: http://localhost:18790"
   echo ""
-  
+
   exec docker compose -f "$OPENCLAW_COMPOSE_FILE" -f "$OPENCLAW_OVERRIDE_FILE" \
     --env-file "$ENV_FILE" \
     up --remove-orphans
@@ -2144,13 +2458,14 @@ docker run $CONTAINER_NAME --rm $TTY_FLAGS \
   $CONFIG_MOUNT \
   $TOOL_CONFIG_MOUNTS \
   $GIT_MOUNTS \
+  $SSH_AGENT_ENV \
   $NETWORK_OPTIONS \
-  $CACHE_MOUNTS \
   $DISPLAY_FLAGS \
   $HOST_ACCESS_ARGS \
   $PORT_MAPPINGS \
   $OPENCODE_PASSWORD_ENV \
   -v "$HOME_DIR":/home/agent \
+  $SHARED_CACHE_MOUNTS \
   -w "$CURRENT_DIR" \
   --env-file "$ENV_FILE" \
   -e TERM="$TERM" \