@kokorolx/ai-sandbox-wrapper 3.0.1 → 3.0.2

package/README.md

@@ -198,6 +198,10 @@ When running nano-brain inside the sandbox, `ai-run` performs a targeted preflig
 
 It also suppresses known **non-fatal** tree-sitter symbol-graph warnings when the command succeeds, so normal query output stays clean. To see suppressed diagnostics, run with debug mode (`AI_RUN_DEBUG=1`).
 
+This behavior applies to both:
+- direct mode (`ai-run npx nano-brain ...`)
+- interactive shell mode (`ai-run`, then run `npx nano-brain ...` inside the container shell)
+
 ```bash
 # Auto-repair enabled by default
 ai-run npx nano-brain status

package/bin/ai-run

@@ -2299,6 +2299,61 @@ run_with_capture() {
 run_with_capture
 '
 
+NANO_BRAIN_SHELL_HOOK=$(cat <<'EOF'
+nano_brain_shell_wrapper() {
+  local ORIG_CMD=("$@")
+  local REPAIR_PATTERN="(tree-sitter|native binding|Cannot find module.*tree-sitter|compiled against a different Node.js version|Exec format error|invalid ELF header|Native bindings not available)"
+  local WARN_PATTERN="(\\[treesitter\\] Native bindings not available|symbol graph disabled|tree-sitter-typescript\\.node|No such file or directory)"
+
+  local err_file
+  err_file=$(mktemp)
+
+  set +e
+  "${ORIG_CMD[@]}" 2>"$err_file"
+  local exit_code=$?
+  set -e
+
+  if [[ $exit_code -ne 0 ]] && grep -Eqi "$REPAIR_PATTERN" "$err_file"; then
+    cat "$err_file" >&2
+    echo "⚠️  Detected nano-brain native module issue."
+    echo "🔧 Running automatic repair (clearing npx/node-gyp caches)..."
+    rm -rf /home/agent/.npm/_npx /home/agent/.cache/node-gyp 2>/dev/null || true
+    npm cache clean --force >/dev/null 2>&1 || true
+    echo "🔁 Retrying nano-brain command once..."
+    "${ORIG_CMD[@]}"
+    local retry_code=$?
+    rm -f "$err_file"
+    return $retry_code
+  fi
+
+  if [[ $exit_code -eq 0 ]] && grep -Eqi "$WARN_PATTERN" "$err_file"; then
+    if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
+      echo "ℹ️  nano-brain: non-fatal tree-sitter warning captured." >&2
+      cat "$err_file" >&2
+    else
+      grep -Eiv "$WARN_PATTERN" "$err_file" >&2 || true
+    fi
+    rm -f "$err_file"
+    return 0
+  fi
+
+  cat "$err_file" >&2
+  rm -f "$err_file"
+  return $exit_code
+}
+
+npx() {
+  if [[ "${1:-}" == "nano-brain" ]]; then
+    nano_brain_shell_wrapper command npx "$@"
+    return $?
+  fi
+  command npx "$@"
+}
+
+export -f nano_brain_shell_wrapper npx
+EOF
+)
+
 # Prepare command based on mode
 ENTRYPOINT_OVERRIDE=""
 if [[ -n "$TOOL" && "$SHELL_MODE" != "true" ]]; then
@@ -2332,6 +2387,10 @@ else
 fi
 
 # Nano-brain targeted preflight + auto-repair wrapper
+if [[ "$SHELL_MODE" == "true" ]] && [[ "$NANO_BRAIN_AUTO_REPAIR" == "true" ]] && [[ "${DOCKER_COMMAND[0]:-}" == "-c" ]]; then
+  DOCKER_COMMAND[1]="$NANO_BRAIN_SHELL_HOOK ${DOCKER_COMMAND[1]}"
+fi
+
 if [[ "$SHELL_MODE" != "true" ]] && is_nano_brain_command; then
   if [[ "$NANO_BRAIN_AUTO_REPAIR" == "true" ]]; then
     ENTRYPOINT_OVERRIDE="--entrypoint bash"

package/dockerfiles/base/Dockerfile

@@ -90,6 +90,7 @@ RUN mkdir -p /opt/playwright-browsers && \
 ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
 RUN npm install -g chrome-devtools-mcp@latest && \
     touch /opt/.mcp-chrome-devtools-installed
+RUN touch /opt/.mcp-playwright-installed
 
 # Create workspace
 WORKDIR /workspace

package/dockerfiles/sandbox/Dockerfile

@@ -90,6 +90,7 @@ RUN mkdir -p /opt/playwright-browsers && \
 ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
 RUN npm install -g chrome-devtools-mcp@latest && \
     touch /opt/.mcp-chrome-devtools-installed
+RUN touch /opt/.mcp-playwright-installed
 
 # Create workspace
 WORKDIR /workspace

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",