npm - @kokorolx/ai-sandbox-wrapper - Versions diffs - 3.0.5 → 3.0.7 - Mend

@kokorolx/ai-sandbox-wrapper 3.0.5 → 3.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/bin/ai-run +15 -12
package/dockerfiles/base/Dockerfile +1 -2
package/dockerfiles/sandbox/Dockerfile +1 -24
package/lib/ssh-key-selector.sh +2 -2
package/package.json +1 -1
package/setup.sh +8 -8

package/bin/ai-run CHANGED Viewed

@@ -783,12 +783,15 @@ if [[ -d "$HOST_SKILLS_DIR" ]]; then
   SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/opencode/skills:ro"
 fi
-# Nano-brain read-only mount
-# Exposes logs/index/sqlite files to container while preventing writes
+# Nano-brain mount: data/index read-only, logs + memory writable
+# Parent :ro protects index/sqlite/config from container writes
+# Sub-mount :rw on logs/ allows CLI logging (appendFileSync in logger.ts)
+# Sub-mount :rw on memory/ allows CLI write command (npx nano-brain write)
 NANO_BRAIN_MOUNT=""
 if [[ -d "$HOME/.nano-brain" ]]; then
-  NANO_BRAIN_MOUNT="-v $HOME/.nano-brain:/home/agent/.nano-brain:ro"
-  echo "ℹ️  Mounted .nano-brain as read-only at /home/agent/.nano-brain"
+  mkdir -p "$HOME/.nano-brain/logs" "$HOME/.nano-brain/memory"
+  NANO_BRAIN_MOUNT="-v $HOME/.nano-brain:/home/agent/.nano-brain:ro -v $HOME/.nano-brain/logs:/home/agent/.nano-brain/logs:rw -v $HOME/.nano-brain/memory:/home/agent/.nano-brain/memory:rw"
+  echo "ℹ️  Mounted .nano-brain (ro) with logs/ + memory/ overlay (rw)"
 fi
@@ -1036,8 +1039,8 @@ show_network_menu() {
     if [[ "$key" == $'\x1b' ]]; then
       read -rsn2 -t 1 escape_seq
       case "$escape_seq" in
-        '[A') ((cursor > 0)) && ((cursor--)) ;;
-        '[B') ((cursor < ${#all_nets[@]} - 1)) && ((cursor++)) ;;
+        '[A') ((cursor > 0)) && ((cursor--)) || true ;;
+        '[B') ((cursor < ${#all_nets[@]} - 1)) && ((cursor++)) || true ;;
       esac
     else
       case "$key" in
@@ -1083,8 +1086,8 @@ show_network_menu() {
         ''|$'\n'|$'\r')
           break
           ;;
-        k) ((cursor > 0)) && ((cursor--)) ;;
-        j) ((cursor < ${#all_nets[@]} - 1)) && ((cursor++)) ;;
+        k) ((cursor > 0)) && ((cursor--)) || true ;;
+        j) ((cursor < ${#all_nets[@]} - 1)) && ((cursor++)) || true ;;
       esac
     fi
   done
@@ -1139,14 +1142,14 @@ show_save_prompt() {
     if [[ "$key" == $'\x1b' ]]; then
       read -rsn2 -t 1 escape_seq
       case "$escape_seq" in
-        '[A') ((cursor > 0)) && ((cursor--)) ;;
-        '[B') ((cursor < 2)) && ((cursor++)) ;;
+        '[A') ((cursor > 0)) && ((cursor--)) || true ;;
+        '[B') ((cursor < 2)) && ((cursor++)) || true ;;
       esac
     else
       case "$key" in
         ''|$'\n'|$'\r') break ;;
-        k) ((cursor > 0)) && ((cursor--)) ;;
-        j) ((cursor < 2)) && ((cursor++)) ;;
+        k) ((cursor > 0)) && ((cursor--)) || true ;;
+        j) ((cursor < 2)) && ((cursor++)) || true ;;
       esac
     fi
   done

package/dockerfiles/base/Dockerfile CHANGED Viewed

@@ -86,11 +86,10 @@ RUN mkdir -p /opt/playwright-browsers && \
     npx playwright-core install --no-shell chromium && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
-    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | head -1) /opt/chromium
+    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
 ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
 RUN npm install -g chrome-devtools-mcp@latest && \
     touch /opt/.mcp-chrome-devtools-installed
-RUN touch /opt/.mcp-playwright-installed
 # Create workspace
 WORKDIR /workspace

package/dockerfiles/sandbox/Dockerfile CHANGED Viewed

@@ -86,11 +86,10 @@ RUN mkdir -p /opt/playwright-browsers && \
     npx playwright-core install --no-shell chromium && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
-    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | head -1) /opt/chromium
+    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
 ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
 RUN npm install -g chrome-devtools-mcp@latest && \
     touch /opt/.mcp-chrome-devtools-installed
-RUN touch /opt/.mcp-playwright-installed
 # Create workspace
 WORKDIR /workspace
@@ -101,34 +100,12 @@ RUN useradd -m -u ${AGENT_UID} -d /home/agent agent && \
     chown -R agent:agent /home/agent/.cache /home/agent/.npm /home/agent/.opencode /home/agent/.config /workspace && \
     ([ -d /opt/playwright-browsers ] && chown -R agent:agent /opt/playwright-browsers || true)
-# === amp ===
-USER root
-RUN mkdir -p /usr/local/lib/amp && \
-    cd /usr/local/lib/amp && \
-    bun init -y && \
-    bun add @sourcegraph/amp && \
-    ln -s /usr/local/lib/amp/node_modules/.bin/amp /usr/local/bin/amp
 # === opencode ===
 USER root
 RUN curl -fsSL https://opencode.ai/install | bash && \
     mv /root/.opencode/bin/opencode /usr/local/bin/opencode && \
     rm -rf /root/.opencode
-# === claude ===
-USER root
-RUN apt-get update && apt-get install -y --no-install-recommends tmux && rm -rf /var/lib/apt/lists/*
-RUN npm install -g @kaitranntt/ccs --ignore-scripts && \
-    mkdir -p /home/agent/.ccs && \
-    chown -R agent:agent /home/agent/.ccs && \
-    which ccs && ccs --version && \
-    sed -i 's/fs\.symlinkSync(sourcePath, targetPath, symlinkType)/fs\.symlinkSync(require("path").relative(require("path").dirname(targetPath), sourcePath), targetPath, symlinkType)/g' /usr/local/lib/node_modules/@kaitranntt/ccs/dist/utils/claude-symlink-manager.js
-RUN export HOME=/root && curl -fsSL https://claude.ai/install.sh | bash && \
-    mkdir -p /usr/local/share && \
-    mv /root/.local/share/claude /usr/local/share/claude && \
-    ln -sf /usr/local/share/claude/versions/$(ls /usr/local/share/claude/versions | head -1) /usr/local/bin/claude
-USER agent
 USER agent
 ENV HOME=/home/agent
 CMD ["bash"]

package/lib/ssh-key-selector.sh CHANGED Viewed

@@ -127,10 +127,10 @@ select_ssh_keys() {
       read -rsn1 -t 1 next2
       case "$next1$next2" in
         '[A') # Up arrow
-          ((cursor--))
+          ((cursor--)) || true
           ;;
         '[B') # Down arrow
-          ((cursor++))
+          ((cursor++)) || true
           ;;
       esac
     # Handle regular keys

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.0.5",
+  "version": "3.0.7",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",

package/setup.sh CHANGED Viewed

@@ -63,13 +63,13 @@ multi_select() {
       read -rsn1 -t 1 next1
       read -rsn1 -t 1 next2
       case "$next1$next2" in
-        '[A') ((cursor--)) ;; # Up
-        '[B') ((cursor++)) ;; # Down
+        '[A') ((cursor--)) || true ;; # Up
+        '[B') ((cursor++)) || true ;; # Down
       esac
     else
       case "$key" in
-        k) ((cursor--)) ;; # k for Up
-        j) ((cursor++)) ;; # j for Down
+        k) ((cursor--)) || true ;; # k for Up
+        j) ((cursor++)) || true ;; # j for Down
         " ") # Space (toggle)
           if [ "${selected[$cursor]}" -eq 1 ]; then
             selected[$cursor]=0
@@ -137,13 +137,13 @@ single_select() {
       read -rsn1 -t 1 next1
       read -rsn1 -t 1 next2
       case "$next1$next2" in
-        '[A') ((cursor--)) ;;
-        '[B') ((cursor++)) ;;
+        '[A') ((cursor--)) || true ;;
+        '[B') ((cursor++)) || true ;;
       esac
     else
       case "$key" in
-        k) ((cursor--)) ;;
-        j) ((cursor++)) ;;
+        k) ((cursor--)) || true ;;
+        j) ((cursor++)) || true ;;
         "") break ;;
         $'\n'|$'\r') break ;;
       esac