npm - @kokorolx/ai-sandbox-wrapper - Versions diffs - 3.0.2 → 3.0.4 - Mend

@kokorolx/ai-sandbox-wrapper 3.0.2 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bin/ai-run CHANGED Viewed

@@ -701,6 +701,7 @@ get_installed_tools() {
 # Tool config persistence via bind mounts
 # Bind-mount host paths directly to ensure changes persist to the host.
 TOOL_CONFIG_MOUNTS=""
+RG_COMPAT_MOUNT=""
 mount_tool_config() {
   local host_path="$1"
@@ -724,6 +725,32 @@ for tool in $(get_installed_tools); do
   done
 done
+setup_opencode_rg_compat() {
+  [[ "$TOOL" != "opencode" ]] && return 0
+  local bundled_rg="$HOME/.local/share/opencode/bin/rg"
+  local rg_shim_path="$SANDBOX_DIR/shared/rg-linux-shim"
+  [[ -f "$bundled_rg" ]] || return 0
+  command -v file &>/dev/null || return 0
+  local rg_file_info
+  rg_file_info=$(file -b "$bundled_rg" 2>/dev/null || true)
+  if echo "$rg_file_info" | grep -qi "Mach-O"; then
+    mkdir -p "$(dirname "$rg_shim_path")"
+    cat > "$rg_shim_path" << 'EOF'
+#!/usr/bin/env bash
+exec /usr/bin/rg "$@"
+EOF
+    chmod +x "$rg_shim_path"
+    RG_COMPAT_MOUNT="-v $rg_shim_path:/home/agent/.local/share/opencode/bin/rg:ro"
+    echo "⚠️  Detected incompatible OpenCode bundled rg (Mach-O). Using /usr/bin/rg in container."
+  fi
+}
+setup_opencode_rg_compat
 # Bundle OpenCode default skills (if opencode is installed)
 if get_installed_tools | grep -qw "opencode"; then
   AIRUN_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -756,11 +783,12 @@ if [[ -d "$HOST_SKILLS_DIR" ]]; then
   SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/opencode/skills:ro"
 fi
-# Nano-brain mount disabled to prevent SQLite conflicts between host and container
-# All tools should use the MCP interface to interact with nano-brain on the host
+# Nano-brain read-only mount
+# Exposes logs/index/sqlite files to container while preventing writes
+NANO_BRAIN_MOUNT=""
 if [[ -d "$HOME/.nano-brain" ]]; then
-  echo "ℹ️  Skipping .nano-brain mount to prevent SQLite database corruption"
-  echo "   Use MCP interface for nano-brain access instead of direct CLI"
+  NANO_BRAIN_MOUNT="-v $HOME/.nano-brain:/home/agent/.nano-brain:ro"
+  echo "ℹ️  Mounted .nano-brain as read-only at /home/agent/.nano-brain"
 fi
@@ -1972,7 +2000,7 @@ configure_opencode_mcp() {
       for tool in "${all_tools[@]}"; do
         case "$tool" in
           chrome-devtools)
-            if add_mcp_config "chrome-devtools" '["chrome-devtools-mcp", "--headless", "--isolated", "--executablePath", "/opt/chromium"]'; then
+            if add_mcp_config "chrome-devtools" "[\"chrome-devtools-mcp\", \"--headless\", \"--isolated\", \"--executablePath\", \"$CHROMIUM_PATH\", \"--chrome-arg=--no-sandbox\"]"; then
               echo "  ✓ Configured Chrome DevTools MCP"
               configured_any=true
             fi
@@ -2009,9 +2037,8 @@ configure_opencode_mcp() {
         if [[ "$tool_choice" =~ ^[Yy]$ ]]; then
           case "$tool" in
             chrome-devtools)
-              if add_mcp_config "chrome-devtools" '["chrome-devtools-mcp", "--headless", "--isolated", "--executablePath", "/opt/chromium"]'; then
+              if add_mcp_config "chrome-devtools" "[\"chrome-devtools-mcp\", \"--headless\", \"--isolated\", \"--executablePath\", \"$CHROMIUM_PATH\", \"--chrome-arg=--no-sandbox\"]"; then
                 echo "    ✓ Configured"
-                configured_any=true
               fi
               ;;
             playwright)
@@ -2230,6 +2257,7 @@ if [[ "${AI_RUN_DEBUG:-}" == "1" ]]; then
   echo "🔧 Debug: PORT_MAPPINGS='$PORT_MAPPINGS'"
   echo "🔧 Debug: WEB_DETECTED='$WEB_DETECTED'"
   echo "🔧 Debug: EXPOSE_PORTS_LIST='$EXPOSE_PORTS_LIST'"
+  echo "🔧 Debug: RG_COMPAT_MOUNT='$RG_COMPAT_MOUNT'"
 fi
 is_nano_brain_command() {
@@ -2443,6 +2471,15 @@ if [[ ! -f "$CACHE_DIR/playwright-browsers/.seeded" ]]; then
   fi
 fi
+# Resolve the latest chromium binary path from shared cache
+# The /opt/chromium symlink inside the image may point to a stale version
+CHROMIUM_PATH="/opt/chromium"
+LATEST_CHROMIUM=$(ls -d "$CACHE_DIR/playwright-browsers"/chromium-*/chrome-linux/chrome 2>/dev/null | sort -V | tail -1)
+if [[ -n "$LATEST_CHROMIUM" ]]; then
+  # Convert host cache path to container path
+  CHROMIUM_PATH="/opt/playwright-browsers/$(echo "$LATEST_CHROMIUM" | grep -oP 'chromium-[^/]+')/chrome-linux/chrome"
+fi
 # Detect display configuration (clipboard integration)
 DISPLAY_FLAGS=$(detect_display_config)
@@ -2516,6 +2553,7 @@ docker run $CONTAINER_NAME --rm $TTY_FLAGS \
   $VOLUME_MOUNTS \
   $CONFIG_MOUNT \
   $TOOL_CONFIG_MOUNTS \
+  $RG_COMPAT_MOUNT \
   $GIT_MOUNTS \
   $SSH_AGENT_ENV \
   $NETWORK_OPTIONS \
@@ -2525,6 +2563,7 @@ docker run $CONTAINER_NAME --rm $TTY_FLAGS \
   $OPENCODE_PASSWORD_ENV \
   -v "$HOME_DIR":/home/agent \
   $SHARED_CACHE_MOUNTS \
+  $NANO_BRAIN_MOUNT \
   -w "$CURRENT_DIR" \
   --env-file "$ENV_FILE" \
   -e TERM="$TERM" \

package/lib/install-base.sh CHANGED Viewed

@@ -175,7 +175,7 @@ RUN mkdir -p /opt/playwright-browsers && \
     npx playwright-core install --no-shell chromium && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
-    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | head -1) /opt/chromium
+    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
 '
 fi

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.0.2",
+  "version": "3.0.4",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",