@kokorolx/ai-sandbox-wrapper 3.0.0 → 3.0.2

package/README.md

@@ -192,6 +192,30 @@ npx @kokorolx/ai-sandbox-wrapper git fetch-only ~/projects/myrepo
 npx @kokorolx/ai-sandbox-wrapper git full ~/projects/myrepo
 ```
 
+### Nano-brain Auto-Repair
+
+When running nano-brain inside the sandbox, `ai-run` performs a targeted preflight and automatic retry for common native-module failures (for example tree-sitter binding issues).
+
+It also suppresses known **non-fatal** tree-sitter symbol-graph warnings when the command succeeds, so normal query output stays clean. To see suppressed diagnostics, run with debug mode (`AI_RUN_DEBUG=1`).
+
+This behavior applies to both:
+- direct mode (`ai-run npx nano-brain ...`)
+- interactive shell mode (`ai-run`, then run `npx nano-brain ...` inside the container shell)
+
+```bash
+# Auto-repair enabled by default
+ai-run npx nano-brain status
+
+# Disable per-command
+ai-run npx nano-brain status --no-nano-brain-auto-repair
+
+# Disable via environment variable
+AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR=1 ai-run npx nano-brain status
+
+# Show suppressed non-fatal warning details
+AI_RUN_DEBUG=1 ai-run npx nano-brain query "hello"
+```
+
 ### Clipboard
 
 Clipboard access in containers requires a terminal that supports **OSC52** protocol.
@@ -320,6 +344,10 @@ opencode -n mynetwork         # Join Docker network
 # Git fetch-only
 opencode --git-fetch            # Fetch only (no push)
 
+# Nano-brain
+ai-run npx nano-brain status                      # With auto-repair
+AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR=1 ai-run npx nano-brain status
+
 # Management
 npx @kokorolx/ai-sandbox-wrapper workspace list
 npx @kokorolx/ai-sandbox-wrapper clean
@@ -336,6 +364,7 @@ npx @kokorolx/ai-sandbox-wrapper clean
 | Port already in use | Stop the process or use different port |
 | Docker not found | Install and start Docker Desktop |
 | Clipboard not working | Use OSC52-compatible terminal. See [CLIPBOARD_SUPPORT.md](CLIPBOARD_SUPPORT.md) |
+| nano-brain native binding/tree-sitter error | Fatal errors auto-repair and retry once by default; known non-fatal symbol-graph warnings are suppressed unless `AI_RUN_DEBUG=1` |
 
 ---
 

package/bin/ai-run

@@ -17,6 +17,8 @@ Options:
       --password-env <VAR> Read OpenCode server password from environment variable
       --allow-unsecured    Allow OpenCode server to run without password (suppresses warning)
       --git-fetch          Enable git fetch-only mode (blocks push)
+      --no-nano-brain-auto-repair
+                            Disable nano-brain preflight/auto-repair logic
   -h, --help               Show this help message
       --help-env           Show environment variables reference
 
@@ -65,6 +67,10 @@ Runtime Environment Variables (inline with ai-run):
   AI_RUN_PLATFORM=linux/amd64 Force specific platform (useful for cross-arch)
                               Example: AI_RUN_PLATFORM=linux/amd64 ai-run opencode
 
+  AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR=1
+                              Disable nano-brain preflight and automatic repair behavior
+                              Example: AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR=1 ai-run npx nano-brain status
+
   PORT_BIND=all               Bind exposed ports to all interfaces (0.0.0.0) instead of localhost
                               ⚠️  Security risk - use only when needed
                               Example: PORT_BIND=all ai-run opencode web -e 4096
@@ -155,8 +161,13 @@ SERVER_PASSWORD=""
 PASSWORD_ENV_VAR=""
 ALLOW_UNSECURED=false
 GIT_FETCH_ONLY_FLAG=false
+NANO_BRAIN_AUTO_REPAIR=true
 TOOL_ARGS=()
 
+if [[ "${AI_RUN_DISABLE_NANO_BRAIN_AUTO_REPAIR:-}" == "1" ]]; then
+  NANO_BRAIN_AUTO_REPAIR=false
+fi
+
 while [[ $# -gt 0 ]]; do
   case "$1" in
     --shell|-s)
@@ -201,6 +212,10 @@ while [[ $# -gt 0 ]]; do
       GIT_FETCH_ONLY_FLAG=true
       shift
       ;;
+    --no-nano-brain-auto-repair)
+      NANO_BRAIN_AUTO_REPAIR=false
+      shift
+      ;;
     *)
       TOOL_ARGS+=("$1")
       shift
@@ -521,7 +536,7 @@ if [[ "$(uname)" == "Darwin" ]] && [[ -t 0 ]]; then
 
   # 2. Check if valid directory
   if [[ -d "$SCREENSHOT_DIR" ]]; then
-    
+
     # 3. Check if ALREADY whitelisted (exact match or parent)
     IS_WHITELISTED=false
     while IFS= read -r ws; do
@@ -544,7 +559,7 @@ if [[ "$(uname)" == "Darwin" ]] && [[ -t 0 ]]; then
       echo ""
       # Use /dev/tty to ensure we read from user even if stdin is redirected
       read -p "Whitelist screenshots folder? [y/N]: " CONFIRM_SS < /dev/tty
-      
+
       if [[ "$CONFIRM_SS" =~ ^[Yy]$ ]]; then
         add_workspace "$SCREENSHOT_DIR"
         echo "✅ Added to whitelist."
@@ -734,6 +749,21 @@ SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $CACHE_DIR/bun:/home/agent/.bun/ins
 SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $CACHE_DIR/pip:/home/agent/.cache/pip:delegated"
 SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $CACHE_DIR/playwright-browsers:/opt/playwright-browsers:delegated"
 
+# Shared skills mount (from host, read-only)
+HOST_SKILLS_DIR="$HOME/.config/agents/skills"
+if [[ -d "$HOST_SKILLS_DIR" ]]; then
+  SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/agents/skills:ro"
+  SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/opencode/skills:ro"
+fi
+
+# Nano-brain mount disabled to prevent SQLite conflicts between host and container
+# All tools should use the MCP interface to interact with nano-brain on the host
+if [[ -d "$HOME/.nano-brain" ]]; then
+  echo "ℹ️  Skipping .nano-brain mount to prevent SQLite database corruption"
+  echo "   Use MCP interface for nano-brain access instead of direct CLI"
+fi
+
+
 # Project-level config mount (if exists and tool specified)
 CONFIG_MOUNT=""
 if [[ -n "$TOOL" ]]; then
@@ -1137,8 +1167,55 @@ if [[ ${#SELECTED_NETWORKS[@]} -gt 0 ]]; then
   done < <(validate_networks "${SELECTED_NETWORKS[@]}")
 fi
 
+# Detect SSH agent socket (prefer agent forwarding over key copying)
+get_ssh_agent_socket() {
+  # macOS Docker Desktop: special socket path
+  if [[ "$(uname)" == "Darwin" ]]; then
+    local docker_sock="/run/host-services/ssh-auth.sock"
+    # Docker Desktop forwards the host agent to this path inside the VM
+    if [[ -n "$SSH_AUTH_SOCK" ]] && [[ -S "$SSH_AUTH_SOCK" ]]; then
+      echo "$SSH_AUTH_SOCK"
+      return 0
+    fi
+  fi
+  # Standard SSH agent socket (Linux, macOS with regular agent)
+  if [[ -n "$SSH_AUTH_SOCK" ]] && [[ -S "$SSH_AUTH_SOCK" ]]; then
+    echo "$SSH_AUTH_SOCK"
+    return 0
+  fi
+  return 1
+}
+
+# Mount SSH agent socket + known_hosts/config (no private keys)
+setup_ssh_agent_forwarding() {
+  local agent_sock="$1"
+
+  # Mount the agent socket
+  GIT_MOUNTS="$GIT_MOUNTS -v $agent_sock:/ssh-agent"
+  SSH_AGENT_ENV="-e SSH_AUTH_SOCK=/ssh-agent"
+
+  # Still need known_hosts and config for host verification
+  mkdir -p "$GIT_CACHE_DIR/ssh"
+
+  if [ -f "$HOME/.ssh/known_hosts" ]; then
+    cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+    chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+  fi
+
+  if [ -f "$HOME/.ssh/config" ]; then
+    cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+    chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+  fi
+
+  chmod 700 "$GIT_CACHE_DIR/ssh"
+  GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
+
+  echo "🔒 SSH agent forwarding active (keys never enter container)"
+}
+
 # Git access control (opt-in per workspace)
 GIT_MOUNTS=""
+SSH_AGENT_ENV=""
 GIT_ALLOWED_FILE="$SANDBOX_DIR/git-allowed"
 GIT_CACHE_DIR="$GIT_SHARED_DIR"  # V2: Uses shared/git instead of cache/git
 touch "$GIT_ALLOWED_FILE" 2>/dev/null || true
@@ -1204,68 +1281,79 @@ if is_git_allowed "$CURRENT_DIR" || is_git_fetch_only "$CURRENT_DIR" || [[ "$GIT
   SAVED_KEYS_FILE="$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"  # V2: Uses shared/git/keys/
 
   if [ -f "$SAVED_KEYS_FILE" ]; then
-    # Use previously saved key selection
-    echo "📋 Syncing Git credentials..."
-    if [ -d "$GIT_CACHE_DIR/ssh" ]; then
-      chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
-      rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
-    fi
-    mkdir -p "$GIT_CACHE_DIR/ssh"
-
-    # Read saved keys and copy them
-    SAVED_KEYS=()
-    while IFS= read -r key; do
-      [ -n "$key" ] && SAVED_KEYS+=("$key")
-    done < "$SAVED_KEYS_FILE"
-
-    for key in "${SAVED_KEYS[@]}"; do
-      [ -z "$key" ] && continue
-      src_file="$HOME/.ssh/$key"
-      dst_file="$GIT_CACHE_DIR/ssh/$key"
-
-      dst_dir=$(dirname "$dst_file")
-      mkdir -p "$dst_dir" 2>/dev/null || true
-      chmod 700 "$dst_dir" 2>/dev/null || true
-
-      if [ -f "$src_file" ]; then
-        cp "$src_file" "$dst_file" 2>/dev/null || true
-        chmod 600 "$dst_file" 2>/dev/null || true
+    # Try SSH agent forwarding first (more secure)
+    AGENT_SOCK=""
+    if AGENT_SOCK=$(get_ssh_agent_socket); then
+      echo "📋 Setting up Git credentials (agent forwarding)..."
+      setup_ssh_agent_forwarding "$AGENT_SOCK"
+      echo "✅ Git credentials ready (agent forwarding)"
+    else
+      # Fallback: copy key files (less secure)
+      echo "📋 Syncing Git credentials..."
+      echo "⚠️  SSH agent not detected. Falling back to key file mounting."
+      echo "   For better security, start ssh-agent: eval \"\$(ssh-agent -s)\" && ssh-add"
+
+      if [ -d "$GIT_CACHE_DIR/ssh" ]; then
+        chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
+        rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
       fi
-    done
+      mkdir -p "$GIT_CACHE_DIR/ssh"
+
+      # Read saved keys and copy them
+      SAVED_KEYS=()
+      while IFS= read -r key; do
+        [ -n "$key" ] && SAVED_KEYS+=("$key")
+      done < "$SAVED_KEYS_FILE"
+
+      for key in "${SAVED_KEYS[@]}"; do
+        [ -z "$key" ] && continue
+        src_file="$HOME/.ssh/$key"
+        dst_file="$GIT_CACHE_DIR/ssh/$key"
+
+        dst_dir=$(dirname "$dst_file")
+        mkdir -p "$dst_dir" 2>/dev/null || true
+        chmod 700 "$dst_dir" 2>/dev/null || true
+
+        if [ -f "$src_file" ]; then
+          cp "$src_file" "$dst_file" 2>/dev/null || true
+          chmod 600 "$dst_file" 2>/dev/null || true
+        fi
+      done
 
-    # Copy filtered SSH config (only hosts needed for this repo)
-    if [ -f "$HOME/.ssh/config" ]; then
-      SETUP_SSH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/setup-ssh-config"
-      if [ -x "$SETUP_SSH" ]; then
-        # Join SAVED_KEYS into a comma-separated string for --keys
-        KEYS_ARG=$(IFS=,; echo "${SAVED_KEYS[*]}")
-        output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
-        TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
-        if [ -f "$TEMP_CONFIG" ]; then
-          cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-          chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+      # Copy filtered SSH config (only hosts needed for this repo)
+      if [ -f "$HOME/.ssh/config" ]; then
+        SETUP_SSH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/setup-ssh-config"
+        if [ -x "$SETUP_SSH" ]; then
+          # Join SAVED_KEYS into a comma-separated string for --keys
+          KEYS_ARG=$(IFS=,; echo "${SAVED_KEYS[*]}")
+          output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
+          TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
+          if [ -f "$TEMP_CONFIG" ]; then
+            cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+            chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+          else
+            cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+            chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+          fi
         else
           cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
           chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
         fi
-      else
-        cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-        chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
       fi
-    fi
 
-    if [ -f "$HOME/.ssh/known_hosts" ]; then
-      cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-      chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-    fi
+      if [ -f "$HOME/.ssh/known_hosts" ]; then
+        cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+        chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+      fi
 
-    # Ensure all directories have correct permissions (recursive)
-    chmod 700 "$GIT_CACHE_DIR/ssh"
-    find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
-    find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
+      # Ensure all directories have correct permissions (recursive)
+      chmod 700 "$GIT_CACHE_DIR/ssh"
+      find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
+      find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
 
-    GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
-    echo "✅ Git credentials synced"
+      GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
+      echo "✅ Git credentials synced"
+    fi
   fi
 
   if [ -f "$HOME/.gitconfig" ]; then
@@ -1296,136 +1384,179 @@ else
 
     case "$git_choice" in
       1|2|4|5)
-        # Interactive SSH key selection
-        echo ""
-        echo "🔑 SSH Key Selection"
-        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        # Try SSH agent forwarding first (more secure - no key selection needed)
+        AGENT_SOCK=""
+        if AGENT_SOCK=$(get_ssh_agent_socket); then
+          echo ""
+          echo "🔒 SSH Agent Forwarding"
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+          setup_ssh_agent_forwarding "$AGENT_SOCK"
 
-        # Source the SSH key selector library
-        # Resolve symlink to get actual project directory
-        SCRIPT_PATH="${BASH_SOURCE[0]}"
-        while [ -L "$SCRIPT_PATH" ]; do
-          SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
-          SCRIPT_PATH="$(readlink "$SCRIPT_PATH")"
-          [[ $SCRIPT_PATH != /* ]] && SCRIPT_PATH="$SCRIPT_DIR/$SCRIPT_PATH"
-        done
-        SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
-        source "$SCRIPT_DIR/../lib/ssh-key-selector.sh"
-
-        # Let user select keys
-        if select_ssh_keys; then
-          if [ ${#SELECTED_SSH_KEYS[@]} -gt 0 ]; then
-            echo "📋 Copying selected credentials to cache..."
-            if [ -d "$GIT_CACHE_DIR/ssh" ]; then
-              chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
-              rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
+          # Copy gitconfig
+          if [ -f "$HOME/.gitconfig" ]; then
+            cp "$HOME/.gitconfig" "$HOME_DIR/.gitconfig" 2>/dev/null || true
+          fi
+
+          if [[ "$git_choice" == "4" || "$git_choice" == "5" ]]; then
+            GIT_FETCH_ONLY_MODE=true
+          fi
+
+          # Save workspace preference (same logic as before)
+          if [ "$git_choice" = "2" ]; then
+            echo "$CURRENT_DIR" >> "$GIT_ALLOWED_FILE"
+            if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+              jq --arg ws "$CURRENT_DIR" '.git.allowedWorkspaces += [$ws] | .git.allowedWorkspaces |= unique' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+              chmod 600 "$AI_SANDBOX_CONFIG"
             fi
-            mkdir -p "$GIT_CACHE_DIR/ssh"
-
-            # Copy selected SSH keys (preserve directory structure exactly)
-            for key in "${SELECTED_SSH_KEYS[@]}"; do
-              echo "  → Copying $key..."
-              src_file="$HOME/.ssh/$key"
-              dst_file="$GIT_CACHE_DIR/ssh/$key"
-
-              # Create parent directory with correct permissions
-              dst_dir=$(dirname "$dst_file")
-              mkdir -p "$dst_dir"
-              chmod 700 "$dst_dir"
-
-              # Copy the file and set permissions
-              if [ -f "$src_file" ]; then
-                cp "$src_file" "$dst_file"
-                chmod 600 "$dst_file"
-              else
-                echo "    ⚠️  Warning: $src_file not found, skipping"
+            echo "✅ Git access enabled and saved for: $CURRENT_DIR"
+          elif [ "$git_choice" = "5" ]; then
+            if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+              jq --arg ws "$CURRENT_DIR" '.git.fetchOnlyWorkspaces = ((.git.fetchOnlyWorkspaces // []) + [$ws] | unique)' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+              chmod 600 "$AI_SANDBOX_CONFIG"
+            fi
+            echo "✅ Git fetch-only access enabled and saved for: $CURRENT_DIR"
+          elif [ "$git_choice" = "4" ]; then
+            echo "✅ Git fetch-only access enabled for this session"
+          else
+            echo "✅ Git access enabled for this session"
+          fi
+        else
+          # No SSH agent — fall back to key selection + copy
+          echo ""
+          echo "⚠️  SSH agent not detected. Using key file mounting."
+          echo "   For better security: eval \"\$(ssh-agent -s)\" && ssh-add"
+          echo ""
+          echo "🔑 SSH Key Selection"
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+          # Source the SSH key selector library
+          # Resolve symlink to get actual project directory
+          SCRIPT_PATH="${BASH_SOURCE[0]}"
+          while [ -L "$SCRIPT_PATH" ]; do
+            SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
+            SCRIPT_PATH="$(readlink "$SCRIPT_PATH")"
+            [[ $SCRIPT_PATH != /* ]] && SCRIPT_PATH="$SCRIPT_DIR/$SCRIPT_PATH"
+          done
+          SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
+          source "$SCRIPT_DIR/../lib/ssh-key-selector.sh"
+
+          # Let user select keys
+          if select_ssh_keys; then
+            if [ ${#SELECTED_SSH_KEYS[@]} -gt 0 ]; then
+              echo "📋 Copying selected credentials to cache..."
+              if [ -d "$GIT_CACHE_DIR/ssh" ]; then
+                chmod -R 700 "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
+                rm -rf "$GIT_CACHE_DIR/ssh" 2>/dev/null || true
               fi
-            done
-
-            # Copy filtered SSH config (only hosts needed for this repo)
-            if [ -f "$HOME/.ssh/config" ]; then
-              echo "  → Generating filtered SSH config..."
-              # Run setup-ssh-config to get filtered config
-              SETUP_SSH="$SCRIPT_DIR/setup-ssh-config"
-              if [ -x "$SETUP_SSH" ]; then
-                # Join SELECTED_SSH_KEYS into a comma-separated string for --keys
-                KEYS_ARG=$(IFS=,; echo "${SELECTED_SSH_KEYS[*]}")
-                # Run it and capture the filtered config path
-                output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
-                TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
-                if [ -f "$TEMP_CONFIG" ]; then
-                  cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-                  chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+              mkdir -p "$GIT_CACHE_DIR/ssh"
+
+              # Copy selected SSH keys (preserve directory structure exactly)
+              for key in "${SELECTED_SSH_KEYS[@]}"; do
+                echo "  → Copying $key..."
+                src_file="$HOME/.ssh/$key"
+                dst_file="$GIT_CACHE_DIR/ssh/$key"
+
+                # Create parent directory with correct permissions
+                dst_dir=$(dirname "$dst_file")
+                mkdir -p "$dst_dir"
+                chmod 700 "$dst_dir"
+
+                # Copy the file and set permissions
+                if [ -f "$src_file" ]; then
+                  cp "$src_file" "$dst_file"
+                  chmod 600 "$dst_file"
+                else
+                  echo "    ⚠️  Warning: $src_file not found, skipping"
+                fi
+              done
+
+              # Copy filtered SSH config (only hosts needed for this repo)
+              if [ -f "$HOME/.ssh/config" ]; then
+                echo "  → Generating filtered SSH config..."
+                # Run setup-ssh-config to get filtered config
+                SETUP_SSH="$SCRIPT_DIR/setup-ssh-config"
+                if [ -x "$SETUP_SSH" ]; then
+                  # Join SELECTED_SSH_KEYS into a comma-separated string for --keys
+                  KEYS_ARG=$(IFS=,; echo "${SELECTED_SSH_KEYS[*]}")
+                  # Run it and capture the filtered config path
+                  output=$( "$SETUP_SSH" --keys "$KEYS_ARG" 2>&1 ) || true
+                  TEMP_CONFIG=$(echo "$output" | grep "Config:" | tail -1 | awk '{print $NF}')
+                  if [ -f "$TEMP_CONFIG" ]; then
+                    cp "$TEMP_CONFIG" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                    chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                  else
+                    # Fallback to copying full config if setup-ssh-config fails
+                    cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                    chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
+                  fi
                 else
-                  # Fallback to copying full config if setup-ssh-config fails
+                  # Fallback: copy full config
                   cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
                   chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
                 fi
-              else
-                # Fallback: copy full config
-                cp "$HOME/.ssh/config" "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
-                chmod 600 "$GIT_CACHE_DIR/ssh/config" 2>/dev/null || true
               fi
-            fi
 
-            if [ -f "$HOME/.ssh/known_hosts" ]; then
-              echo "  → Copying known_hosts..."
-              cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-              chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
-            fi
+              if [ -f "$HOME/.ssh/known_hosts" ]; then
+                echo "  → Copying known_hosts..."
+                cp "$HOME/.ssh/known_hosts" "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+                chmod 600 "$GIT_CACHE_DIR/ssh/known_hosts" 2>/dev/null || true
+              fi
 
-            # Ensure all directories and files have correct permissions (recursive)
-            chmod 700 "$GIT_CACHE_DIR/ssh"
-            find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
-            find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
+              # Ensure all directories and files have correct permissions (recursive)
+              chmod 700 "$GIT_CACHE_DIR/ssh"
+              find "$GIT_CACHE_DIR/ssh" -type d -exec chmod 700 {} \;
+              find "$GIT_CACHE_DIR/ssh" -type f ! -name "config" ! -name "known_hosts" -exec chmod 600 {} \;
 
-            GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
+              GIT_MOUNTS="$GIT_MOUNTS -v $GIT_CACHE_DIR/ssh:/home/agent/.ssh:ro"
 
-            # Copy gitconfig
-            if [ -f "$HOME/.gitconfig" ]; then
-              echo "  → Copying .gitconfig..."
-              cp "$HOME/.gitconfig" "$HOME_DIR/.gitconfig" 2>/dev/null || true
-            fi
+              # Copy gitconfig
+              if [ -f "$HOME/.gitconfig" ]; then
+                echo "  → Copying .gitconfig..."
+                cp "$HOME/.gitconfig" "$HOME_DIR/.gitconfig" 2>/dev/null || true
+              fi
 
-            if [[ "$git_choice" == "4" || "$git_choice" == "5" ]]; then
-              GIT_FETCH_ONLY_MODE=true
-            fi
-            if [ "$git_choice" = "2" ]; then
-              # Save workspace and selected keys for future sessions
-              echo "$CURRENT_DIR" >> "$GIT_ALLOWED_FILE"
-              # Also save to config.json
-              if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
-                jq --arg ws "$CURRENT_DIR" '.git.allowedWorkspaces += [$ws] | .git.allowedWorkspaces |= unique' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
-                  && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
-                chmod 600 "$AI_SANDBOX_CONFIG"
+              if [[ "$git_choice" == "4" || "$git_choice" == "5" ]]; then
+                GIT_FETCH_ONLY_MODE=true
               fi
-              # Save selected keys (one per line for easier parsing)
-              WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
-              mkdir -p "$GIT_SHARED_DIR/keys"
-              printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
-              echo "✅ Git access enabled and saved for: $CURRENT_DIR"
-            elif [ "$git_choice" = "5" ]; then
-              # Save workspace to fetchOnlyWorkspaces
-              if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
-                jq --arg ws "$CURRENT_DIR" '.git.fetchOnlyWorkspaces = ((.git.fetchOnlyWorkspaces // []) + [$ws] | unique)' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
-                  && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
-                chmod 600 "$AI_SANDBOX_CONFIG"
+              if [ "$git_choice" = "2" ]; then
+                # Save workspace and selected keys for future sessions
+                echo "$CURRENT_DIR" >> "$GIT_ALLOWED_FILE"
+                # Also save to config.json
+                if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+                  jq --arg ws "$CURRENT_DIR" '.git.allowedWorkspaces += [$ws] | .git.allowedWorkspaces |= unique' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                    && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+                  chmod 600 "$AI_SANDBOX_CONFIG"
+                fi
+                # Save selected keys (one per line for easier parsing)
+                WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
+                mkdir -p "$GIT_SHARED_DIR/keys"
+                printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
+                echo "✅ Git access enabled and saved for: $CURRENT_DIR"
+              elif [ "$git_choice" = "5" ]; then
+                # Save workspace to fetchOnlyWorkspaces
+                if has_jq && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+                  jq --arg ws "$CURRENT_DIR" '.git.fetchOnlyWorkspaces = ((.git.fetchOnlyWorkspaces // []) + [$ws] | unique)' "$AI_SANDBOX_CONFIG" > "$AI_SANDBOX_CONFIG.tmp" \
+                    && mv "$AI_SANDBOX_CONFIG.tmp" "$AI_SANDBOX_CONFIG"
+                  chmod 600 "$AI_SANDBOX_CONFIG"
+                fi
+                # Save selected keys (one per line for easier parsing)
+                WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
+                mkdir -p "$GIT_SHARED_DIR/keys"
+                printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
+                echo "✅ Git fetch-only access enabled and saved for: $CURRENT_DIR"
+              elif [ "$git_choice" = "4" ]; then
+                echo "✅ Git fetch-only access enabled for this session"
+              else
+                echo "✅ Git access enabled for this session"
               fi
-              # Save selected keys (one per line for easier parsing)
-              WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
-              mkdir -p "$GIT_SHARED_DIR/keys"
-              printf "%s\n" "${SELECTED_SSH_KEYS[@]}" > "$GIT_SHARED_DIR/keys/$WORKSPACE_MD5"
-              echo "✅ Git fetch-only access enabled and saved for: $CURRENT_DIR"
-            elif [ "$git_choice" = "4" ]; then
-              echo "✅ Git fetch-only access enabled for this session"
             else
-              echo "✅ Git access enabled for this session"
+              echo "⚠️  No SSH keys selected. Git access disabled."
             fi
           else
-            echo "⚠️  No SSH keys selected. Git access disabled."
+            echo "⚠️  SSH key selection cancelled. Git access disabled."
           fi
-        else
-          echo "⚠️  SSH key selection cancelled. Git access disabled."
         fi
         ;;
       *)
@@ -1600,7 +1731,7 @@ resolve_opencode_password() {
     echo "  3) No password (⚠️  unsecured - localhost only)"
     echo ""
     read -p "Choice [1-3]: " password_choice
-    
+
     case "$password_choice" in
       1)
         local generated_password=$(openssl rand -base64 24 | tr -d '/+=' | head -c 24)
@@ -1669,11 +1800,11 @@ is_mcp_installed() {
 is_mcp_configured() {
   local mcp_name="$1"
   local config_file="$HOME/.config/opencode/opencode.json"
-  
+
   if [[ ! -f "$config_file" ]]; then
     return 1
   fi
-  
+
   if has_jq; then
     jq -e --arg name "$mcp_name" '.mcp[$name] // empty' "$config_file" &>/dev/null
   else
@@ -1687,7 +1818,7 @@ add_mcp_config() {
   local mcp_command="$2"
   local force="${3:-false}"
   local config_file="$HOME/.config/opencode/opencode.json"
-  
+
   # Check if already configured and warn user
   if [[ "$force" != "true" ]] && is_mcp_configured "$mcp_name"; then
     echo ""
@@ -1700,9 +1831,9 @@ add_mcp_config() {
       return 1
     fi
   fi
-  
+
   mkdir -p "$(dirname "$config_file")"
-  
+
   if [[ ! -f "$config_file" ]]; then
     # Create new config with MCP
     echo "{\"mcp\": {\"$mcp_name\": {\"type\": \"local\", \"command\": $mcp_command}}}" > "$config_file"
@@ -1735,47 +1866,47 @@ configure_opencode_mcp() {
   # Only run for opencode tool in interactive mode
   [[ "$TOOL" != "opencode" ]] && return 0
   [[ ! -t 0 ]] && return 0
-  
+
   local config_file="$HOME/.config/opencode/opencode.json"
-  
+
   # Generate workspace hash for skip tracking
   WORKSPACE_MD5=$(echo "$CURRENT_DIR" | md5sum | cut -c1-8)
-  
+
   # Check if already skipped for this workspace
   if is_mcp_skipped; then
     return 0
   fi
-  
+
   # Detect installed MCP tools (from config.json, set during setup.sh)
   local chrome_installed=false
   local playwright_installed=false
   local chrome_configured=false
   local playwright_configured=false
-  
+
   if is_mcp_installed "chrome-devtools"; then
     chrome_installed=true
     is_mcp_configured "chrome-devtools" && chrome_configured=true
   fi
-  
+
   if is_mcp_installed "playwright"; then
     playwright_installed=true
     is_mcp_configured "playwright" && playwright_configured=true
   fi
-  
+
   # If no MCP tools installed in image, return
   if [[ "$chrome_installed" == "false" && "$playwright_installed" == "false" ]]; then
     return 0
   fi
-  
+
   # If all installed tools are already configured, return silently
   local all_configured=true
   [[ "$chrome_installed" == "true" && "$chrome_configured" == "false" ]] && all_configured=false
   [[ "$playwright_installed" == "true" && "$playwright_configured" == "false" ]] && all_configured=false
-  
+
   if [[ "$all_configured" == "true" ]]; then
     return 0
   fi
-  
+
   # Build lists of configured and unconfigured tools
   local unconfigured=()
   local configured=()
@@ -1783,12 +1914,12 @@ configure_opencode_mcp() {
   [[ "$chrome_installed" == "true" && "$chrome_configured" == "true" ]] && configured+=("chrome-devtools")
   [[ "$playwright_installed" == "true" && "$playwright_configured" == "false" ]] && unconfigured+=("playwright")
   [[ "$playwright_installed" == "true" && "$playwright_configured" == "true" ]] && configured+=("playwright")
-  
+
   # Show prompt
   echo ""
   echo "🔌 MCP Tools Detected"
   echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-  
+
   # Show already configured tools
   if [[ ${#configured[@]} -gt 0 ]]; then
     echo "Already configured:"
@@ -1804,7 +1935,7 @@ configure_opencode_mcp() {
     done
     echo ""
   fi
-  
+
   # Show unconfigured tools
   if [[ ${#unconfigured[@]} -gt 0 ]]; then
     echo "Not yet configured:"
@@ -1820,7 +1951,7 @@ configure_opencode_mcp() {
     done
     echo ""
   fi
-  
+
   echo "Configure MCP tools in OpenCode?"
   echo "  1) Yes, configure all detected tools"
   echo "  2) Yes, let me choose which ones"
@@ -1828,16 +1959,16 @@ configure_opencode_mcp() {
   echo "  4) No, don't ask again for this workspace"
   echo ""
   read -p "Choice [1-4]: " mcp_choice
-  
+
   local configured_any=false
-  
+
   case "$mcp_choice" in
     1)
       # Configure all (both unconfigured and offer to reconfigure configured ones)
       local all_tools=()
       [[ "$chrome_installed" == "true" ]] && all_tools+=("chrome-devtools")
       [[ "$playwright_installed" == "true" ]] && all_tools+=("playwright")
-      
+
       for tool in "${all_tools[@]}"; do
         case "$tool" in
           chrome-devtools)
@@ -1847,7 +1978,7 @@ configure_opencode_mcp() {
             fi
             ;;
           playwright)
-            if add_mcp_config "playwright" '["npx", "@playwright/mcp@latest", "--headless", "--browser", "chromium"]'; then
+            if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
               echo "  ✓ Configured Playwright MCP"
               configured_any=true
             fi
@@ -1860,7 +1991,7 @@ configure_opencode_mcp() {
       local all_tools=()
       [[ "$chrome_installed" == "true" ]] && all_tools+=("chrome-devtools")
       [[ "$playwright_installed" == "true" ]] && all_tools+=("playwright")
-      
+
       for tool in "${all_tools[@]}"; do
         local tool_desc=""
         local status_hint=""
@@ -1884,7 +2015,7 @@ configure_opencode_mcp() {
               fi
               ;;
             playwright)
-              if add_mcp_config "playwright" '["npx", "@playwright/mcp@latest", "--headless", "--browser", "chromium"]'; then
+              if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
                 echo "    ✓ Configured"
                 configured_any=true
               fi
@@ -1903,7 +2034,7 @@ configure_opencode_mcp() {
       echo "ℹ️  Skipped."
       ;;
   esac
-  
+
   # Show config file path for easy editing
   echo ""
   if [[ "$configured_any" == "true" ]]; then
@@ -1969,7 +2100,7 @@ check_port_in_use() {
   else
     return 2
   fi
-  
+
   docker ps --format "{{.Ports}}" 2>/dev/null | grep -q ":$port->" && return 0
   return 1
 }
@@ -2023,10 +2154,10 @@ if detect_opencode_web; then
   if [[ -z "$WEB_PORT" ]]; then
     WEB_PORT=4096
   fi
-  
+
   add_port_to_list "$WEB_PORT" "auto-detected"
   echo "🌐 Detected web command. Auto-exposing port $WEB_PORT."
-  
+
   if ! has_hostname_arg; then
     TOOL_ARGS+=("--hostname" "0.0.0.0")
   fi
@@ -2081,7 +2212,7 @@ if [[ -n "$EXPOSE_PORTS_LIST" ]]; then
   done
 
   echo "🔌 Port mappings: $EXPOSE_PORTS_LIST"
-  
+
   if [[ "$WEB_DETECTED" == "true" ]]; then
     echo "🌐 Web UI available at http://localhost:$WEB_PORT"
   fi
@@ -2101,6 +2232,128 @@ if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
   echo "🔧 Debug: EXPOSE_PORTS_LIST='$EXPOSE_PORTS_LIST'"
 fi
 
+is_nano_brain_command() {
+  if [[ "$TOOL" == "nano-brain" ]]; then
+    return 0
+  fi
+
+  if [[ "$TOOL" == "npx" ]]; then
+    for arg in "${TOOL_ARGS[@]}"; do
+      if [[ "$arg" == "nano-brain" ]]; then
+        return 0
+      fi
+    done
+  fi
+
+  return 1
+}
+
+NANO_BRAIN_AUTOREPAIR_SCRIPT='
+set -e
+ORIG_CMD=("$@")
+REPAIR_PATTERN="(tree-sitter|native binding|Cannot find module.*tree-sitter|compiled against a different Node.js version|Exec format error|invalid ELF header|Native bindings not available)"
+
+echo "🔎 nano-brain preflight: checking runtime cache paths..."
+mkdir -p /home/agent/.npm /home/agent/.cache/node-gyp 2>/dev/null || true
+
+run_with_capture() {
+  local err_file
+  err_file=$(mktemp)
+
+  set +e
+  "${ORIG_CMD[@]}" 2>"$err_file"
+  local exit_code=$?
+  set -e
+
+  if [[ $exit_code -ne 0 ]] && grep -Eqi "$REPAIR_PATTERN" "$err_file"; then
+    cat "$err_file" >&2
+    echo "⚠️  Detected nano-brain native module issue."
+    echo "🔧 Running automatic repair (clearing npx/node-gyp caches)..."
+    rm -rf /home/agent/.npm/_npx /home/agent/.cache/node-gyp 2>/dev/null || true
+    npm cache clean --force >/dev/null 2>&1 || true
+    echo "🔁 Retrying nano-brain command once..."
+    set +e
+    "${ORIG_CMD[@]}"
+    local retry_code=$?
+    set -e
+    rm -f "$err_file"
+    return $retry_code
+  fi
+
+  if [[ $exit_code -eq 0 ]] && grep -Eqi "(\\[treesitter\\] Native bindings not available|symbol graph disabled|tree-sitter-typescript\\.node|No such file or directory)" "$err_file"; then
+    if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
+      echo "ℹ️  nano-brain: non-fatal tree-sitter warning captured." >&2
+      cat "$err_file" >&2
+    else
+      grep -Eiv "(\\[treesitter\\] Native bindings not available|symbol graph disabled|tree-sitter-typescript\\.node|No such file or directory)" "$err_file" >&2 || true
+    fi
+    rm -f "$err_file"
+    return 0
+  fi
+
+  cat "$err_file" >&2
+  rm -f "$err_file"
+  return $exit_code
+}
+
+run_with_capture
+'
+
+NANO_BRAIN_SHELL_HOOK=$(cat <<'EOF'
+nano_brain_shell_wrapper() {
+  local ORIG_CMD=("$@")
+  local REPAIR_PATTERN="(tree-sitter|native binding|Cannot find module.*tree-sitter|compiled against a different Node.js version|Exec format error|invalid ELF header|Native bindings not available)"
+  local WARN_PATTERN="(\\[treesitter\\] Native bindings not available|symbol graph disabled|tree-sitter-typescript\\.node|No such file or directory)"
+
+  local err_file
+  err_file=$(mktemp)
+
+  set +e
+  "${ORIG_CMD[@]}" 2>"$err_file"
+  local exit_code=$?
+  set -e
+
+  if [[ $exit_code -ne 0 ]] && grep -Eqi "$REPAIR_PATTERN" "$err_file"; then
+    cat "$err_file" >&2
+    echo "⚠️  Detected nano-brain native module issue."
+    echo "🔧 Running automatic repair (clearing npx/node-gyp caches)..."
+    rm -rf /home/agent/.npm/_npx /home/agent/.cache/node-gyp 2>/dev/null || true
+    npm cache clean --force >/dev/null 2>&1 || true
+    echo "🔁 Retrying nano-brain command once..."
+    "${ORIG_CMD[@]}"
+    local retry_code=$?
+    rm -f "$err_file"
+    return $retry_code
+  fi
+
+  if [[ $exit_code -eq 0 ]] && grep -Eqi "$WARN_PATTERN" "$err_file"; then
+    if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
+      echo "ℹ️  nano-brain: non-fatal tree-sitter warning captured." >&2
+      cat "$err_file" >&2
+    else
+      grep -Eiv "$WARN_PATTERN" "$err_file" >&2 || true
+    fi
+    rm -f "$err_file"
+    return 0
+  fi
+
+  cat "$err_file" >&2
+  rm -f "$err_file"
+  return $exit_code
+}
+
+npx() {
+  if [[ "${1:-}" == "nano-brain" ]]; then
+    nano_brain_shell_wrapper command npx "$@"
+    return $?
+  fi
+  command npx "$@"
+}
+
+export -f nano_brain_shell_wrapper npx
+EOF
+)
+
 # Prepare command based on mode
 ENTRYPOINT_OVERRIDE=""
 if [[ -n "$TOOL" && "$SHELL_MODE" != "true" ]]; then
@@ -2133,6 +2386,20 @@ else
   DOCKER_COMMAND=("${TOOL_ARGS[@]}")
 fi
 
+# Nano-brain targeted preflight + auto-repair wrapper
+if [[ "$SHELL_MODE" == "true" ]] && [[ "$NANO_BRAIN_AUTO_REPAIR" == "true" ]] && [[ "${DOCKER_COMMAND[0]:-}" == "-c" ]]; then
+  DOCKER_COMMAND[1]="$NANO_BRAIN_SHELL_HOOK ${DOCKER_COMMAND[1]}"
+fi
+
+if [[ "$SHELL_MODE" != "true" ]] && is_nano_brain_command; then
+  if [[ "$NANO_BRAIN_AUTO_REPAIR" == "true" ]]; then
+    ENTRYPOINT_OVERRIDE="--entrypoint bash"
+    DOCKER_COMMAND=("-lc" "$NANO_BRAIN_AUTOREPAIR_SCRIPT" "nano-brain-wrapper" "$TOOL" "${TOOL_ARGS[@]}")
+  else
+    echo "ℹ️  nano-brain auto-repair disabled"
+  fi
+fi
+
 # Detect platform architecture (avoid slow emulation)
 PLATFORM="${AI_RUN_PLATFORM:-}"
 if [[ -z "$PLATFORM" ]]; then
@@ -2184,20 +2451,20 @@ DISPLAY_FLAGS=$(detect_display_config)
 # ============================================================================
 if [[ "$TOOL" == "openclaw" ]]; then
   OPENCLAW_REPO_DIR="$HOME/.ai-sandbox/tools/openclaw/repo"
-  
+
   if [[ ! -d "$OPENCLAW_REPO_DIR" ]]; then
     echo "❌ ERROR: OpenClaw repository not found at $OPENCLAW_REPO_DIR"
     echo "   Run: npx @kokorolx/ai-sandbox-wrapper setup"
     exit 1
   fi
-  
+
   cd "$OPENCLAW_REPO_DIR"
-  
+
   OPENCLAW_COMPOSE_FILE="$OPENCLAW_REPO_DIR/docker-compose.yml"
   OPENCLAW_OVERRIDE_FILE="$OPENCLAW_REPO_DIR/docker-compose.override.yml"
-  
+
   echo "🔄 Generating OpenClaw docker-compose override..."
-  
+
   cat > "$OPENCLAW_OVERRIDE_FILE" <<EOF
 services:
   openclaw-gateway:
@@ -2207,18 +2474,18 @@ services:
     volumes:
       - $HOME/.openclaw:/home/node/.openclaw
 EOF
-  
+
   for workspace in "${WORKSPACES[@]}"; do
     echo "      - $workspace:$workspace" >> "$OPENCLAW_OVERRIDE_FILE"
   done
-  
+
   cat >> "$OPENCLAW_OVERRIDE_FILE" <<EOF
     ports:
       - "18789:18789"
       - "18790:18790"
     working_dir: $CURRENT_DIR
 EOF
-  
+
   if [[ -n "$NETWORK_OPTIONS" ]]; then
     echo "    networks:" >> "$OPENCLAW_OVERRIDE_FILE"
     for net in ${DOCKER_NETWORKS//,/ }; do
@@ -2231,12 +2498,12 @@ EOF
       echo "    external: true" >> "$OPENCLAW_OVERRIDE_FILE"
     done
   fi
-  
+
   echo "🚀 Starting OpenClaw with docker-compose..."
   echo "🌐 Gateway: http://localhost:18789"
   echo "🌐 Bridge: http://localhost:18790"
   echo ""
-  
+
   exec docker compose -f "$OPENCLAW_COMPOSE_FILE" -f "$OPENCLAW_OVERRIDE_FILE" \
     --env-file "$ENV_FILE" \
     up --remove-orphans
@@ -2250,6 +2517,7 @@ docker run $CONTAINER_NAME --rm $TTY_FLAGS \
   $CONFIG_MOUNT \
   $TOOL_CONFIG_MOUNTS \
   $GIT_MOUNTS \
+  $SSH_AGENT_ENV \
   $NETWORK_OPTIONS \
   $DISPLAY_FLAGS \
   $HOST_ACCESS_ARGS \

package/dockerfiles/base/Dockerfile

@@ -6,7 +6,10 @@ FROM node:22-bookworm-slim
 
 ARG AGENT_UID=1001
 
-RUN apt-get update && apt-get install -y --no-install-recommends     git     curl     ssh     ca-certificates     jq     python3     python3-pip     python3-venv     python3-dev     python3-setuptools     build-essential     libopenblas-dev     pipx     unzip     xclip     wl-clipboard     ripgrep     && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh     && rm -rf /var/lib/apt/lists/*     && pipx ensurepath
+RUN apt-get update && apt-get install -y --no-install-recommends     git     curl     ssh     ca-certificates     jq     python3     python3-pip     python3-venv     python3-dev     python3-setuptools     build-essential     libopenblas-dev     pipx     unzip     xclip     wl-clipboard     ripgrep     tmux     fd-find     sqlite3     poppler-utils     qpdf     tesseract-ocr     && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh     && rm -rf /var/lib/apt/lists/*     && pipx ensurepath
+
+# Install Python PDF processing tools for PDF skill
+RUN pip3 install --no-cache-dir --break-system-packages pypdf pdfplumber reportlab pytesseract pdf2image
 
 RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg     && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null     && apt-get update     && apt-get install -y gh     && rm -rf /var/lib/apt/lists/*
 
@@ -17,7 +20,7 @@ RUN npm install -g bun
 RUN npm install -g pnpm
 
 # Install TypeScript and LSP tools using npm
-RUN npm install -g typescript typescript-language-server
+RUN npm install -g typescript typescript-language-server pyright vscode-langservers-extracted
 
 # Verify installations
 RUN node --version && npm --version && pnpm --version && tsc --version
@@ -84,6 +87,9 @@ RUN mkdir -p /opt/playwright-browsers && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
     ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | head -1) /opt/chromium
+ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
+RUN npm install -g chrome-devtools-mcp@latest && \
+    touch /opt/.mcp-chrome-devtools-installed
 RUN touch /opt/.mcp-playwright-installed
 
 # Create workspace

package/dockerfiles/sandbox/Dockerfile

@@ -6,7 +6,10 @@ FROM node:22-bookworm-slim
 
 ARG AGENT_UID=1001
 
-RUN apt-get update && apt-get install -y --no-install-recommends     git     curl     ssh     ca-certificates     jq     python3     python3-pip     python3-venv     python3-dev     python3-setuptools     build-essential     libopenblas-dev     pipx     unzip     xclip     wl-clipboard     ripgrep     && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh     && rm -rf /var/lib/apt/lists/*     && pipx ensurepath
+RUN apt-get update && apt-get install -y --no-install-recommends     git     curl     ssh     ca-certificates     jq     python3     python3-pip     python3-venv     python3-dev     python3-setuptools     build-essential     libopenblas-dev     pipx     unzip     xclip     wl-clipboard     ripgrep     tmux     fd-find     sqlite3     poppler-utils     qpdf     tesseract-ocr     && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh     && rm -rf /var/lib/apt/lists/*     && pipx ensurepath
+
+# Install Python PDF processing tools for PDF skill
+RUN pip3 install --no-cache-dir --break-system-packages pypdf pdfplumber reportlab pytesseract pdf2image
 
 RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg     && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null     && apt-get update     && apt-get install -y gh     && rm -rf /var/lib/apt/lists/*
 
@@ -17,7 +20,7 @@ RUN npm install -g bun
 RUN npm install -g pnpm
 
 # Install TypeScript and LSP tools using npm
-RUN npm install -g typescript typescript-language-server
+RUN npm install -g typescript typescript-language-server pyright vscode-langservers-extracted
 
 # Verify installations
 RUN node --version && npm --version && pnpm --version && tsc --version
@@ -84,6 +87,9 @@ RUN mkdir -p /opt/playwright-browsers && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
     ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | head -1) /opt/chromium
+ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
+RUN npm install -g chrome-devtools-mcp@latest && \
+    touch /opt/.mcp-chrome-devtools-installed
 RUN touch /opt/.mcp-playwright-installed
 
 # Create workspace
@@ -109,6 +115,20 @@ RUN curl -fsSL https://opencode.ai/install | bash && \
     mv /root/.opencode/bin/opencode /usr/local/bin/opencode && \
     rm -rf /root/.opencode
 
+# === claude ===
+USER root
+RUN apt-get update && apt-get install -y --no-install-recommends tmux && rm -rf /var/lib/apt/lists/*
+RUN npm install -g @kaitranntt/ccs --ignore-scripts && \
+    mkdir -p /home/agent/.ccs && \
+    chown -R agent:agent /home/agent/.ccs && \
+    which ccs && ccs --version && \
+    sed -i 's/fs\.symlinkSync(sourcePath, targetPath, symlinkType)/fs\.symlinkSync(require("path").relative(require("path").dirname(targetPath), sourcePath), targetPath, symlinkType)/g' /usr/local/lib/node_modules/@kaitranntt/ccs/dist/utils/claude-symlink-manager.js
+RUN export HOME=/root && curl -fsSL https://claude.ai/install.sh | bash && \
+    mkdir -p /usr/local/share && \
+    mv /root/.local/share/claude /usr/local/share/claude && \
+    ln -sf /usr/local/share/claude/versions/$(ls /usr/local/share/claude/versions | head -1) /usr/local/bin/claude
+USER agent
+
 USER agent
 ENV HOME=/home/agent
 CMD ["bash"]

package/lib/AGENTS.md

@@ -49,6 +49,20 @@ lib/
 | CodeServer | `install-codeserver.sh` | VSCode browser |
 | VSCode | `install-vscode.sh` | Desktop X11 |
 
+## File Writing Rules (MANDATORY)
+
+**NEVER write an entire file at once.** Always use chunk-by-chunk editing:
+
+1. **Use the Edit tool** (find-and-replace) for all file modifications — insert, update, or delete content in targeted chunks
+2. **Only use the Write tool** for brand-new files that don't exist yet, AND only if the file is small (< 50 lines)
+3. **For new large files (50+ lines):** Write a skeleton first (headers/structure only), then use Edit to fill in each section chunk by chunk
+4. **Why:** Writing entire files at once causes truncation, context window overflow, and silent data loss on large files
+
+**Anti-patterns (NEVER do these):**
+- `Write` tool to overwrite an existing file with full content
+- `Write` tool to create a file with 100+ lines in one shot
+- Regenerating an entire file to change a few lines
+
 ## Conventions
 
 - Scripts use `set -e` for fail-fast

package/lib/install-base.sh

@@ -128,7 +128,7 @@ ENV PATH=$RBENV_ROOT/bin:$RBENV_ROOT/shims:$PATH
 
 RUN rbenv install 3.3.0 && rbenv global 3.3.0 && rbenv rehash
 
-RUN gem install rails -v 8.0.2 && gem install bundler && rbenv rehash
+RUN gem install rails -v 8.0.2 && gem install bundler solargraph && rbenv rehash
 '
 fi
 
@@ -217,10 +217,19 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     xclip \
     wl-clipboard \
     ripgrep \
+    tmux \
+    fd-find \
+    sqlite3 \
+    poppler-utils \
+    qpdf \
+    tesseract-ocr \
     && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh \
     && rm -rf /var/lib/apt/lists/* \
     && pipx ensurepath
 
+# Install Python PDF processing tools for PDF skill
+RUN pip3 install --no-cache-dir --break-system-packages pypdf pdfplumber reportlab pytesseract pdf2image
+
 RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
     && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
     && echo "deb [arch=\$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
@@ -235,7 +244,7 @@ RUN npm install -g bun
 RUN npm install -g pnpm
 
 # Install TypeScript and LSP tools using npm
-RUN npm install -g typescript typescript-language-server
+RUN npm install -g typescript typescript-language-server pyright vscode-langservers-extracted
 
 # Verify installations
 RUN node --version && npm --version && pnpm --version && tsc --version

package/lib/install-claude.sh

@@ -8,10 +8,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends tmux && rm -rf
 RUN npm install -g @kaitranntt/ccs --ignore-scripts && \
     mkdir -p /home/agent/.ccs && \
     chown -R agent:agent /home/agent/.ccs && \
-    which ccs && ccs --version
-RUN curl -fsSL https://claude.ai/install.sh | bash && \
+    which ccs && ccs --version && \
+    sed -i 's/fs\.symlinkSync(sourcePath, targetPath, symlinkType)/fs\.symlinkSync(require("path").relative(require("path").dirname(targetPath), sourcePath), targetPath, symlinkType)/g' /usr/local/lib/node_modules/@kaitranntt/ccs/dist/utils/claude-symlink-manager.js
+RUN export HOME=/root && curl -fsSL https://claude.ai/install.sh | bash && \
     mkdir -p /usr/local/share && \
-    mv /home/agent/.local/share/claude /usr/local/share/claude && \
+    mv /root/.local/share/claude /usr/local/share/claude && \
     ln -sf /usr/local/share/claude/versions/$(ls /usr/local/share/claude/versions | head -1) /usr/local/bin/claude
 USER agent
 SNIPPET
@@ -43,12 +44,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends tmux && rm -rf
 RUN npm install -g @kaitranntt/ccs --ignore-scripts && \
     mkdir -p /home/agent/.ccs && \
     chown -R agent:agent /home/agent/.ccs && \
-    which ccs && ccs --version
+    which ccs && ccs --version && \
+    sed -i 's/fs\.symlinkSync(sourcePath, targetPath, symlinkType)/fs\.symlinkSync(require("path").relative(require("path").dirname(targetPath), sourcePath), targetPath, symlinkType)/g' /usr/local/lib/node_modules/@kaitranntt/ccs/dist/utils/claude-symlink-manager.js
 
 # Install Claude Code using official native installer
-RUN curl -fsSL https://claude.ai/install.sh | bash && \
+RUN export HOME=/root && curl -fsSL https://claude.ai/install.sh | bash && \
     mkdir -p /usr/local/share && \
-    mv /home/agent/.local/share/claude /usr/local/share/claude && \
+    mv /root/.local/share/claude /usr/local/share/claude && \
     ln -sf /usr/local/share/claude/versions/$(ls /usr/local/share/claude/versions | head -1) /usr/local/bin/claude
 
 USER agent

package/lib/install-droid.sh

@@ -4,10 +4,9 @@ set -e
 dockerfile_snippet() {
   cat <<'SNIPPET'
 USER root
-RUN mkdir -p /home/agent/.factory && \
-    bash -c "curl -fsSL https://app.factory.ai/cli | sh" && \
-    mv /home/agent/.local/bin/droid /usr/local/bin/droid && \
-    chown -R agent:agent /home/agent/.factory
+RUN mkdir -p /home/agent/.factory && chown -R agent:agent /home/agent/.factory && \
+    export HOME=/root && bash -c "curl -fsSL https://app.factory.ai/cli | sh" && \
+    mv /root/.local/bin/droid /usr/local/bin/droid
 USER agent
 SNIPPET
 }
@@ -27,10 +26,9 @@ mkdir -p "$HOME/.ai-sandbox/tools/droid/home"
 cat <<'EOF' > "dockerfiles/droid/Dockerfile"
 FROM ai-base:latest
 USER root
-RUN mkdir -p /home/agent/.factory && \
-    bash -c "curl -fsSL https://app.factory.ai/cli | sh" && \
-    mv /home/agent/.local/bin/droid /usr/local/bin/droid && \
-    chown -R agent:agent /home/agent/.factory
+RUN mkdir -p /home/agent/.factory && chown -R agent:agent /home/agent/.factory && \
+    export HOME=/root && bash -c "curl -fsSL https://app.factory.ai/cli | sh" && \
+    mv /root/.local/bin/droid /usr/local/bin/droid
 USER agent
 ENTRYPOINT ["bash", "-c", "exec droid \"$@\"", "--"]
 EOF

package/lib/install-shai.sh

@@ -4,8 +4,8 @@ set -e
 dockerfile_snippet() {
   cat <<'SNIPPET'
 USER root
-RUN curl -fsSL https://raw.githubusercontent.com/ovh/shai/main/install.sh | bash && \
-    mv /home/agent/.local/bin/shai /usr/local/bin/shai
+RUN export HOME=/root && curl -fsSL https://raw.githubusercontent.com/ovh/shai/main/install.sh | bash && \
+    mv /root/.local/bin/shai /usr/local/bin/shai
 USER agent
 SNIPPET
 }
@@ -29,8 +29,8 @@ FROM ai-base:latest
 USER root
 
 # Install SHAI native binary and relocate to /usr/local/bin
-RUN curl -fsSL https://raw.githubusercontent.com/ovh/shai/main/install.sh | bash && \
-    mv /home/agent/.local/bin/shai /usr/local/bin/shai
+RUN export HOME=/root && curl -fsSL https://raw.githubusercontent.com/ovh/shai/main/install.sh | bash && \
+    mv /root/.local/bin/shai /usr/local/bin/shai
 
 USER agent
 ENTRYPOINT ["shai"]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.0.0",
+  "version": "3.0.2",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",