@kokorolx/ai-sandbox-wrapper 3.2.0 → 3.3.0-beta.0

package/bin/ai-run

@@ -783,6 +783,83 @@ if [[ -d "$HOST_SKILLS_DIR" ]]; then
   SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/opencode/skills:ro"
 fi
 
+# Host Chrome for Playwright MCP (via CDP - Chrome DevTools Protocol)
+# NOTE: macOS Chrome binary (Mach-O) cannot run inside a Linux container.
+# Instead, we launch Chrome on the host with --remote-debugging-port and
+# connect from the container via CDP. Each container gets its own port and
+# its own MCP entry; entries are sweep-cleaned on every start.
+HOST_CHROME_CDP=false
+HOST_CHROME_CDP_PORT=19222
+PLAYWRIGHT_MCP_NAME=""
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+# shellcheck source=lib/playwright-mcp-config.sh
+[[ -f "$SCRIPT_DIR/lib/playwright-mcp-config.sh" ]] && source "$SCRIPT_DIR/lib/playwright-mcp-config.sh"
+
+if [[ "$TOOL" == "opencode" ]] && command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]] && declare -f pmcp::sanitize_name >/dev/null; then
+  PLAYWRIGHT_HOST_CHROME=$(jq -r '.mcp.chromePath // empty' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+  if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+    HOST_CHROME_CDP=true
+    echo "🌐 Host Chrome CDP mode: $PLAYWRIGHT_HOST_CHROME"
+
+    # CONTAINER_NAME has the form "--name foo" or is empty. Extract the value
+    # for hashing only — the MCP key uses just the port (containers that
+    # collide on a port intentionally share the same Chrome / MCP entry).
+    CONTAINER_NAME_VALUE="${CONTAINER_NAME#--name }"
+    [[ "$CONTAINER_NAME_VALUE" == "$CONTAINER_NAME" ]] && CONTAINER_NAME_VALUE="anon-$$"
+
+    # Deterministic port per container name
+    CONTAINER_HASH=$(echo "$CONTAINER_NAME_VALUE" | md5sum | cut -c1-4)
+    HOST_CHROME_CDP_PORT=$((19222 + 0x$CONTAINER_HASH % 100))
+    PLAYWRIGHT_MCP_NAME="playwright_port_${HOST_CHROME_CDP_PORT}"
+
+    # Reuse-if-alive: probe before launching
+    if pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then
+      echo "  ✅ Chrome already running on port $HOST_CHROME_CDP_PORT (reusing)"
+    else
+      echo "  🚀 Launching Chrome with remote debugging on port $HOST_CHROME_CDP_PORT..."
+      mkdir -p "$SANDBOX_DIR/chrome-profile-$HOST_CHROME_CDP_PORT"
+      "$PLAYWRIGHT_HOST_CHROME" \
+        --remote-debugging-port="$HOST_CHROME_CDP_PORT" \
+        --user-data-dir="$SANDBOX_DIR/chrome-profile-$HOST_CHROME_CDP_PORT" \
+        --no-first-run \
+        --no-default-browser-check \
+        &>/dev/null &
+      CHROME_PID=$!
+      for i in {1..20}; do
+        if pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then
+          echo "  ✅ Chrome ready (PID: $CHROME_PID, port: $HOST_CHROME_CDP_PORT)"
+          echo "  👀 You can watch the browser window to see what the AI is doing"
+          break
+        fi
+        sleep 0.25
+      done
+      if ! pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then
+        echo "  ⚠️  Chrome failed to start. Falling back to container Chromium."
+        HOST_CHROME_CDP=false
+        kill "$CHROME_PID" 2>/dev/null || true
+        PLAYWRIGHT_MCP_NAME=""
+      fi
+    fi
+
+    # Locked sweep+append on the shared OpenCode config
+    if [[ "$HOST_CHROME_CDP" == "true" ]]; then
+      OPENCODE_CONFIG_FILE="$HOME/.config/opencode/opencode.json"
+      LOCK_FILE="$HOME/.config/opencode/.playwright.lock"
+      mkdir -p "$(dirname "$OPENCODE_CONFIG_FILE")"
+      [[ -f "$OPENCODE_CONFIG_FILE" ]] || echo '{}' > "$OPENCODE_CONFIG_FILE"
+      pmcp::with_lock "$LOCK_FILE" pmcp::sweep_and_append "$OPENCODE_CONFIG_FILE" "$PLAYWRIGHT_MCP_NAME" "$HOST_CHROME_CDP_PORT"
+      rc=$?
+      if [[ "$rc" == "99" ]]; then
+        echo "  ⚠️  Could not acquire MCP config lock within 5s; skipping registration."
+        PLAYWRIGHT_MCP_NAME=""
+      elif [[ "$rc" != "0" ]]; then
+        echo "  ⚠️  MCP config update failed (rc=$rc); skipping registration."
+        PLAYWRIGHT_MCP_NAME=""
+      fi
+    fi
+  fi
+fi
+
 # Nano-brain mount: writable so container can modify config, write memory, logs, etc.
 NANO_BRAIN_MOUNT=""
 if [[ -d "$HOME/.nano-brain" ]]; then
@@ -1921,6 +1998,12 @@ configure_opencode_mcp() {
     is_mcp_configured "playwright" && playwright_configured=true
   fi
 
+  # Get host Chrome path if using playwright-host
+  local PLAYWRIGHT_HOST_CHROME=""
+  if command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+    PLAYWRIGHT_HOST_CHROME=$(jq -r '.mcp.chromePath // empty' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+  fi
+
   # If no MCP tools installed in image, return
   if [[ "$chrome_installed" == "false" && "$playwright_installed" == "false" ]]; then
     return 0
@@ -1957,7 +2040,11 @@ configure_opencode_mcp() {
           echo "  ✓ Chrome DevTools MCP"
           ;;
         playwright)
-          echo "  ✓ Playwright MCP"
+          if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+            echo "  ✓ Playwright MCP (host Chrome)"
+          else
+            echo "  ✓ Playwright MCP"
+          fi
           ;;
       esac
     done
@@ -1973,7 +2060,11 @@ configure_opencode_mcp() {
           echo "  • Chrome DevTools MCP - browser automation + performance profiling"
           ;;
         playwright)
-          echo "  • Playwright MCP - multi-browser automation"
+          if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+            echo "  • Playwright MCP (host Chrome) - use your installed Chrome browser"
+          else
+            echo "  • Playwright MCP - multi-browser automation"
+          fi
           ;;
       esac
     done
@@ -2006,9 +2097,16 @@ configure_opencode_mcp() {
             fi
             ;;
           playwright)
-            if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
-              echo "  ✓ Configured Playwright MCP"
+            # Check if using host Chrome via CDP
+            if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+              echo "  ℹ️  Playwright MCP entry will be registered per-container at runtime (host Chrome mode)."
               configured_any=true
+            else
+              # Use container Chromium
+              if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
+                echo "  ✓ Configured Playwright MCP"
+                configured_any=true
+              fi
             fi
             ;;
         esac
@@ -2042,9 +2140,16 @@ configure_opencode_mcp() {
               fi
               ;;
             playwright)
-              if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
-                echo "    ✓ Configured"
+              # Check if using host Chrome via CDP
+              if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+                echo "  ℹ️  Playwright MCP entry will be registered per-container at runtime (host Chrome mode)."
                 configured_any=true
+              else
+                # Use container Chromium
+                if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
+                  echo "    ✓ Configured"
+                  configured_any=true
+                fi
               fi
               ;;
           esac
@@ -2581,27 +2686,38 @@ EOF
     up --remove-orphans
 fi
 
-docker run $CONTAINER_NAME --rm $TTY_FLAGS \
-  --init \
-  --platform "$PLATFORM" \
-  $ENTRYPOINT_OVERRIDE \
-  $VOLUME_MOUNTS \
-  $CONFIG_MOUNT \
-  $TOOL_CONFIG_MOUNTS \
-  $RG_COMPAT_MOUNT \
-  $GIT_MOUNTS \
-  $SSH_AGENT_ENV \
-  $NETWORK_OPTIONS \
-  $DISPLAY_FLAGS \
-  $HOST_ACCESS_ARGS \
-  $PORT_MAPPINGS \
-  $OPENCODE_PASSWORD_ENV \
-  -v "$HOME_DIR":/home/agent \
-  $SHARED_CACHE_MOUNTS \
-  $NANO_BRAIN_MOUNT \
-  -w "$CURRENT_DIR" \
-  --env-file "$ENV_FILE" \
-  -e TERM="$TERM" \
-  -e COLORTERM="$COLORTERM" \
-  $TERMINAL_SIZE \
-  "$IMAGE" "${DOCKER_COMMAND[@]}"
+# Build docker run arguments as an array (handles paths with spaces correctly)
+DOCKER_ARGS=()
+DOCKER_ARGS+=($CONTAINER_NAME --rm $TTY_FLAGS)
+DOCKER_ARGS+=(--init)
+DOCKER_ARGS+=(--platform "$PLATFORM")
+DOCKER_ARGS+=($ENTRYPOINT_OVERRIDE)
+DOCKER_ARGS+=($VOLUME_MOUNTS)
+DOCKER_ARGS+=($CONFIG_MOUNT)
+DOCKER_ARGS+=($TOOL_CONFIG_MOUNTS)
+DOCKER_ARGS+=($RG_COMPAT_MOUNT)
+DOCKER_ARGS+=($GIT_MOUNTS)
+DOCKER_ARGS+=($SSH_AGENT_ENV)
+DOCKER_ARGS+=($NETWORK_OPTIONS)
+DOCKER_ARGS+=($DISPLAY_FLAGS)
+DOCKER_ARGS+=($HOST_ACCESS_ARGS)
+DOCKER_ARGS+=($PORT_MAPPINGS)
+DOCKER_ARGS+=($OPENCODE_PASSWORD_ENV)
+DOCKER_ARGS+=(-v "$HOME_DIR":/home/agent)
+DOCKER_ARGS+=($SHARED_CACHE_MOUNTS)
+DOCKER_ARGS+=($NANO_BRAIN_MOUNT)
+DOCKER_ARGS+=(-w "$CURRENT_DIR")
+DOCKER_ARGS+=(--env-file "$ENV_FILE")
+DOCKER_ARGS+=(-e TERM="$TERM")
+DOCKER_ARGS+=(-e COLORTERM="$COLORTERM")
+if [[ -n "${PLAYWRIGHT_MCP_NAME:-}" ]]; then
+  DOCKER_ARGS+=(-e "PLAYWRIGHT_MCP_NAME=$PLAYWRIGHT_MCP_NAME")
+  DOCKER_ARGS+=(-e "PLAYWRIGHT_PORT=$HOST_CHROME_CDP_PORT")
+fi
+DOCKER_ARGS+=($TERMINAL_SIZE)
+
+DOCKER_ARGS+=("$IMAGE")
+DOCKER_ARGS+=("${DOCKER_COMMAND[@]}")
+
+# Execute docker run with proper argument handling
+docker run "${DOCKER_ARGS[@]}"

package/lib/install-base.sh

@@ -170,13 +170,25 @@ if [[ "${INSTALL_CHROME_DEVTOOLS_MCP:-0}" -eq 1 ]] || [[ "${INSTALL_PLAYWRIGHT_M
     wget \
     && rm -rf /var/lib/apt/lists/*
 ENV PLAYWRIGHT_BROWSERS_PATH=/opt/playwright-browsers
-RUN mkdir -p /opt/playwright-browsers && \
+'
+  
+  # Only install Chromium if not using host Chrome
+  if [[ "${INSTALL_PLAYWRIGHT_HOST:-0}" -eq 1 ]]; then
+    echo "  📦 Using host Chrome - skipping Chromium installation"
+    ADDITIONAL_TOOLS_INSTALL+='RUN mkdir -p /opt/playwright-browsers && \
+    npm install -g @playwright/mcp@latest && \
+    touch /opt/.mcp-playwright-installed
+'
+  else
+    echo "  📦 Installing Chromium browser for MCP tools"
+    ADDITIONAL_TOOLS_INSTALL+='RUN mkdir -p /opt/playwright-browsers && \
     npm install -g @playwright/mcp@latest && \
     npx playwright-core install --no-shell chromium && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
     ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
 '
+  fi
 fi
 
 if [[ "${INSTALL_CHROME_DEVTOOLS_MCP:-0}" -eq 1 ]]; then

package/lib/playwright-mcp-config.sh

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+# Helpers for managing per-container Playwright MCP entries in the shared
+# OpenCode config (~/.config/opencode/opencode.json). All functions are pure
+# except where noted. Callers are responsible for holding the flock around
+# pmcp::sweep_and_append.
+
+# Replace any character outside [A-Za-z0-9_-] with underscore. Empty input
+# becomes "unnamed". Used to keep MCP keys jq-safe.
+pmcp::sanitize_name() {
+  local input="${1:-}"
+  if [[ -z "$input" ]]; then
+    echo "unnamed"
+    return
+  fi
+  printf '%s' "$input" | tr -c 'A-Za-z0-9_-' '_'
+}
+
+# Probe a port for a valid Chrome CDP endpoint. Returns 0 if /json/version
+# responds with JSON containing a "Browser" field within the timeout.
+# Args: $1 = port
+pmcp::probe_chrome() {
+  local port="$1"
+  local body
+  body=$(curl -fsS --max-time 0.5 "http://localhost:$port/json/version" 2>/dev/null) || return 1
+  [[ "$body" == *'"Browser"'* ]] || return 1
+  return 0
+}
+
+# Host address from container (Docker Desktop on Mac).
+PMCP_DOCKER_HOST_IP="${PMCP_DOCKER_HOST_IP:-192.168.65.254}"
+
+# Sweep dead playwright_* entries and append a new one. MUST be called inside
+# a flock by the caller. Does not acquire the lock itself, by design — locking
+# happens around a larger critical section in the caller.
+# Args: $1 = config file path, $2 = full MCP key (e.g. playwright_foo_19223), $3 = port
+pmcp::sweep_and_append() {
+  local cfg="$1" name="$2" port="$3"
+
+  if [[ ! -f "$cfg" ]]; then
+    echo "  ⚠️  pmcp: config file not found: $cfg" >&2
+    return 1
+  fi
+
+  # Collect dead keys
+  local keys dead_keys=()
+  keys=$(jq -r '(.mcp // {}) | keys[] | select(startswith("playwright_"))' "$cfg" 2>/dev/null || true)
+  while IFS= read -r key; do
+    [[ -z "$key" ]] && continue
+    local cmd_url
+    cmd_url=$(jq -r --arg k "$key" '.mcp[$k].command[]? | select(startswith("http://"))' "$cfg" 2>/dev/null | head -1)
+    [[ -z "$cmd_url" ]] && continue
+    local entry_port="${cmd_url##*:}"
+    if ! pmcp::probe_chrome "$entry_port"; then
+      dead_keys+=("$key")
+    fi
+  done <<< "$keys"
+
+  # Build --arg flags for each dead key, then run a single jq invocation
+  # that deletes them all and appends the new entry.
+  local tmp="$cfg.tmp.$$"
+  local args=()
+  local i=0
+  for k in "${dead_keys[@]+"${dead_keys[@]}"}"; do
+    args+=(--arg "k$i" "$k")
+    i=$((i + 1))
+  done
+  jq "${args[@]+"${args[@]}"}" --arg name "$name" --arg host "$PMCP_DOCKER_HOST_IP" --arg port "$port" \
+    '
+      def setup($args; $name; $host; $port):
+        .mcp = (.mcp // {})
+        | reduce ($args[]) as $k (.; del(.mcp[$k]))
+        | .mcp[$name] = {"type":"local","command":["playwright-mcp","--cdp-endpoint","http://" + $host + ":" + $port]};
+      setup([$ARGS.named | to_entries[] | select(.key|startswith("k")) | .value]; $name; $host; $port)
+    ' "$cfg" > "$tmp"
+
+  mv "$tmp" "$cfg"
+  chmod 600 "$cfg"
+
+  if (( ${#dead_keys[@]} > 0 )); then
+    echo "  🧹 pmcp: removed ${#dead_keys[@]} stale entr$([ ${#dead_keys[@]} -eq 1 ] && echo y || echo ies): ${dead_keys[*]}"
+  fi
+  echo "  ➕ pmcp: registered $name → http://$PMCP_DOCKER_HOST_IP:$port"
+}
+
+# Run a command while holding an exclusive lock on $1. Uses flock(1) if available,
+# else falls back to a mkdir-based mutex (portable across macOS where flock is
+# not built-in). Times out after 5 seconds; on timeout, returns 99 without
+# running the command. Returns the command's exit status otherwise.
+# Args: $1 = lockfile path, $2... = command + args
+pmcp::with_lock() {
+  local lockfile="$1"; shift
+  local timeout=5
+
+  if command -v flock >/dev/null 2>&1; then
+    (
+      flock -w "$timeout" 9 || exit 99
+      "$@"
+    ) 9>"$lockfile"
+    return $?
+  fi
+
+  # mkdir-based fallback. mkdir is atomic on POSIX filesystems.
+  local mutex="${lockfile}.d"
+  local waited=0
+  while ! mkdir "$mutex" 2>/dev/null; do
+    if (( waited >= timeout * 10 )); then
+      return 99
+    fi
+    sleep 0.1
+    waited=$((waited + 1))
+  done
+  trap "rmdir '$mutex' 2>/dev/null || true" EXIT
+  "$@"
+  local rc=$?
+  rmdir "$mutex" 2>/dev/null || true
+  trap - EXIT
+  return $rc
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.2.0",
+  "version": "3.3.0-beta.0",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",

package/dockerfiles/base/skills/rtk/SKILL.md

@@ -1,103 +0,0 @@
----
-name: rtk
-description: "Token optimizer for AI coding agents. Wraps common CLI commands with rtk to reduce LLM token consumption by 60-90%."
-compatibility: "OpenCode with RTK binary installed"
-metadata:
-  author: Sisyphus
-  version: "1.0.0"
----
-
-# RTK — Rust Token Killer
-
-**Purpose**: Reduce token consumption by 60-90% on shell commands. RTK filters and compresses command output before it reaches your context.
-
-## When This Skill Activates
-
-This skill is loaded automatically. Once active, **always** prefix supported commands with `rtk`.
-
-## Command Mappings (MANDATORY)
-
-When running shell commands via Bash tool, use `rtk` prefix for these commands:
-
-| Instead of | Use | Savings |
-|-----------|-----|---------|
-| `git status` | `rtk git status` | ~80% |
-| `git diff` | `rtk git diff` | ~75% |
-| `git log` | `rtk git log` | ~80% |
-| `git add/commit/push/pull` | `rtk git add/commit/push/pull` | ~90% |
-| `ls` / `ls -la` | `rtk ls` | ~80% |
-| `cat file` | `rtk read file` | ~70% |
-| `grep pattern .` | `rtk grep pattern .` | ~80% |
-| `rg pattern` | `rtk grep pattern .` | ~80% |
-| `npm test` / `cargo test` / `pytest` | `rtk test <cmd>` | ~90% |
-| `npm run build` / `cargo build` | `rtk err <cmd>` | ~80% |
-| `gh pr list/view` | `rtk gh pr list/view` | ~70% |
-| `docker ps` | `rtk docker ps` | ~80% |
-| `eslint` / `tsc` | `rtk lint` / `rtk tsc` | ~80% |
-
-## Searching Inside `node_modules` / Ignored Directories
-
-By default, `rtk grep` respects `.gitignore` rules — meaning `node_modules`, `.nuxt`, `dist`, etc. are **excluded**. This is the right behavior 99% of the time.
-
-When you **need** to search inside ignored directories (debugging a library, checking an API signature, tracing a dependency bug):
-
-```bash
-# Search all files including node_modules (--no-ignore bypasses .gitignore)
-rtk grep "defineStore" . --no-ignore
-
-# Search a specific package only (combine --no-ignore with --glob)
-rtk grep "defineStore" . --no-ignore --glob 'node_modules/pinia/**'
-```
-
-**What does NOT work:**
-- `rtk grep "pattern" node_modules/pinia/` — still excluded even with direct path
-- `rtk grep "pattern" . --glob 'node_modules/**'` — glob alone doesn't override .gitignore
-
-**Key flag: `--no-ignore`** — this is the ONLY way to search ignored directories with rtk grep.
-
-### Other useful `rtk grep` flags
-
-```bash
-rtk grep "pattern" . -t ts          # Filter by file type (ts, py, rust, etc.)
-rtk grep "pattern" . -m 100         # Increase max results (default: 50)
-rtk grep "pattern" . -u             # Ultra-compact mode (even fewer tokens)
-rtk grep "pattern" . -l 120         # Max line length before truncation (default: 80)
-```
-
-## Commands to NOT Wrap
-
-Do NOT prefix these with `rtk` (unsupported or counterproductive):
-
-- `npx`, `npm install`, `pip install` (package managers)
-- `node`, `python3`, `ruby` (interpreters)
-- `nano-brain`, `openspec`, `opencode` (custom tools)
-- Heredocs (`<<EOF`)
-- Piped commands (`cmd1 | cmd2`) — wrap only the first command if applicable
-- Commands already prefixed with `rtk`
-
-## How RTK Works
-
-```
-Without RTK:  git status → 50 lines raw output → 2,000 tokens
-With RTK:     rtk git status → "3 modified, 1 untracked ✓" → 200 tokens
-```
-
-RTK runs the real command, then filters/compresses the output. The agent sees a compact summary instead of verbose raw output.
-
-## Detection
-
-Before using RTK commands, verify it's installed:
-```bash
-rtk --version
-```
-
-If `rtk` is not found, skip this skill — run commands normally without the `rtk` prefix.
-
-## Token Savings Reference
-
-Typical 30-min coding session:
-- Without RTK: ~150,000 tokens
-- With RTK: ~45,000 tokens
-- **Savings: ~70%**
-
-Biggest wins: test output (`rtk test` — 90%), git operations (`rtk git` — 80%), file reading (`rtk read` — 70%).

package/dockerfiles/base/skills/rtk-setup/SKILL.md

@@ -1,118 +0,0 @@
----
-name: rtk-setup
-description: "One-time setup + ongoing enforcement of RTK (Rust Token Killer) across sessions and subagents. Persists RTK instructions to AGENTS.md and propagates to delegated tasks."
-compatibility: "OpenCode with RTK binary installed"
-metadata:
-  author: Sisyphus
-  version: "1.0.0"
----
-
-# RTK Setup — Persistent RTK Enforcement
-
-This skill performs **setup** (persist RTK instructions) and **ongoing enforcement** (use rtk, propagate to subagents).
-
-## Phase 1: Detection (ALWAYS run first)
-
-Run these checks before anything else:
-
-```bash
-rtk --version
-```
-
-- If `rtk` is NOT found → **STOP**. Tell the user: "RTK is not installed. Install it first: `cargo install --git https://github.com/rtk-ai/rtk --locked`". Do NOT proceed with setup.
-- If `rtk` IS found → continue.
-
-### Check oh-my-opencode
-
-```bash
-ls ~/.config/opencode/oh-my-opencode.json 2>/dev/null
-```
-
-- If found → omo is installed. Note this for Phase 2.
-- If not found → skip omo-specific steps.
-
-## Phase 2: Setup (persist to AGENTS.md)
-
-Check BOTH of these files for the RTK managed block:
-
-1. **User-level**: `~/.config/opencode/AGENTS.md`
-2. **Project-level**: `./AGENTS.md` (current workspace)
-
-For EACH file, check if `<!-- RTK:START -->` exists. If it does NOT exist, **append** the following managed block to the file (create the file if it doesn't exist). NEVER replace existing content — only append.
-
-```markdown
-<!-- RTK:START -->
-<!-- Managed block - do not edit manually. Updated by: rtk-setup skill -->
-
-## RTK Token Optimizer
-
-This project uses **RTK** (Rust Token Killer) to reduce LLM token consumption by 60-90%.
-
-### Rules for ALL agents (including subagents)
-
-**ALWAYS** prefix these commands with `rtk`:
-
-| Command | Use instead |
-|---------|-------------|
-| `git status/diff/log/add/commit/push/pull` | `rtk git ...` |
-| `ls`, `ls -la` | `rtk ls` |
-| `cat file` | `rtk read file` |
-| `grep pattern .` / `rg pattern` | `rtk grep pattern .` |
-| `npm test` / `cargo test` / `pytest` | `rtk test <cmd>` |
-| `npm run build` / `cargo build` | `rtk err <cmd>` |
-| `gh pr list/view` | `rtk gh pr list/view` |
-| `docker ps` | `rtk docker ps` |
-| `eslint` / `tsc` | `rtk lint` / `rtk tsc` |
-
-**Do NOT** prefix: `npx`, `npm install`, `pip install`, `node`, `python3`, heredocs, piped commands.
-
-<!-- RTK:END -->
-```
-
-### If oh-my-opencode is installed
-
-After updating AGENTS.md files, check if the omo config at `~/.config/opencode/oh-my-opencode.json` has `prompt_append` fields on agents. If it does, inform the user:
-
-> "omo is installed. For maximum coverage, you can add RTK instructions to agent `prompt_append` fields in `oh-my-opencode.json`. This ensures subagents always use rtk even when AGENTS.md is not loaded. Want me to do this?"
-
-**Only modify `oh-my-opencode.json` if the user explicitly confirms.** If they confirm, append this line to the `prompt_append` of `sisyphus-junior` agent (the primary coder):
-
-```
-\n\nRTK: ALWAYS prefix shell commands with `rtk` when available (git, ls, grep, test, build). Example: `rtk git status` not `git status`.
-```
-
-Do NOT modify other agents' prompt_append unless asked.
-
-## Phase 3: Ongoing Enforcement (EVERY time this skill is loaded)
-
-### For the current agent
-
-From this point forward in this session, **you MUST**:
-
-1. **Use `rtk` prefix** for all supported shell commands (see table above)
-2. **Verify rtk is available** before first use: `rtk --version`
-3. If rtk is not available in the current environment, fall back to normal commands silently
-
-### For subagent delegation
-
-When delegating ANY task that involves shell commands (via `task()`, `delegate_task()`, or any delegation mechanism), **ALWAYS** add this to the `MUST DO` section of the delegation prompt:
-
-```
-- Use `rtk` prefix for shell commands when available (git, ls, grep, test, build). Run `rtk --version` first to check. If not installed, use normal commands. Examples: `rtk git status`, `rtk ls`, `rtk grep pattern .`, `rtk test npm test`.
-```
-
-This is NON-NEGOTIABLE. Subagents do not read AGENTS.md, so RTK instructions MUST be passed explicitly in every delegation prompt.
-
-### Quick reference for subagent prompts
-
-Copy-paste this one-liner into MUST DO sections:
-
-> Use `rtk` prefix for all shell commands (git, ls, grep, test, build, docker). Example: `rtk git status` not `git status`. If `rtk` is not found, use normal commands.
-
-## Summary
-
-| Phase | When | What |
-|-------|------|------|
-| Detection | Always first | Check rtk installed, check omo |
-| Setup | Once (idempotent) | Append RTK block to AGENTS.md (user + project) |
-| Enforcement | Every session | Use rtk yourself, propagate to all subagents |

package/dockerfiles/opencode/Dockerfile

@@ -1,9 +0,0 @@
-FROM ai-base:latest
-
-USER root
-RUN curl -fsSL https://opencode.ai/install | bash && \
-    mv /home/agent/.opencode/bin/opencode /usr/local/bin/opencode && \
-    rm -rf /home/agent/.opencode
-
-USER agent
-ENTRYPOINT ["opencode"]

package/dockerfiles/sandbox/skills/rtk/SKILL.md

@@ -1,103 +0,0 @@
----
-name: rtk
-description: "Token optimizer for AI coding agents. Wraps common CLI commands with rtk to reduce LLM token consumption by 60-90%."
-compatibility: "OpenCode with RTK binary installed"
-metadata:
-  author: Sisyphus
-  version: "1.0.0"
----
-
-# RTK — Rust Token Killer
-
-**Purpose**: Reduce token consumption by 60-90% on shell commands. RTK filters and compresses command output before it reaches your context.
-
-## When This Skill Activates
-
-This skill is loaded automatically. Once active, **always** prefix supported commands with `rtk`.
-
-## Command Mappings (MANDATORY)
-
-When running shell commands via Bash tool, use `rtk` prefix for these commands:
-
-| Instead of | Use | Savings |
-|-----------|-----|---------|
-| `git status` | `rtk git status` | ~80% |
-| `git diff` | `rtk git diff` | ~75% |
-| `git log` | `rtk git log` | ~80% |
-| `git add/commit/push/pull` | `rtk git add/commit/push/pull` | ~90% |
-| `ls` / `ls -la` | `rtk ls` | ~80% |
-| `cat file` | `rtk read file` | ~70% |
-| `grep pattern .` | `rtk grep pattern .` | ~80% |
-| `rg pattern` | `rtk grep pattern .` | ~80% |
-| `npm test` / `cargo test` / `pytest` | `rtk test <cmd>` | ~90% |
-| `npm run build` / `cargo build` | `rtk err <cmd>` | ~80% |
-| `gh pr list/view` | `rtk gh pr list/view` | ~70% |
-| `docker ps` | `rtk docker ps` | ~80% |
-| `eslint` / `tsc` | `rtk lint` / `rtk tsc` | ~80% |
-
-## Searching Inside `node_modules` / Ignored Directories
-
-By default, `rtk grep` respects `.gitignore` rules — meaning `node_modules`, `.nuxt`, `dist`, etc. are **excluded**. This is the right behavior 99% of the time.
-
-When you **need** to search inside ignored directories (debugging a library, checking an API signature, tracing a dependency bug):
-
-```bash
-# Search all files including node_modules (--no-ignore bypasses .gitignore)
-rtk grep "defineStore" . --no-ignore
-
-# Search a specific package only (combine --no-ignore with --glob)
-rtk grep "defineStore" . --no-ignore --glob 'node_modules/pinia/**'
-```
-
-**What does NOT work:**
-- `rtk grep "pattern" node_modules/pinia/` — still excluded even with direct path
-- `rtk grep "pattern" . --glob 'node_modules/**'` — glob alone doesn't override .gitignore
-
-**Key flag: `--no-ignore`** — this is the ONLY way to search ignored directories with rtk grep.
-
-### Other useful `rtk grep` flags
-
-```bash
-rtk grep "pattern" . -t ts          # Filter by file type (ts, py, rust, etc.)
-rtk grep "pattern" . -m 100         # Increase max results (default: 50)
-rtk grep "pattern" . -u             # Ultra-compact mode (even fewer tokens)
-rtk grep "pattern" . -l 120         # Max line length before truncation (default: 80)
-```
-
-## Commands to NOT Wrap
-
-Do NOT prefix these with `rtk` (unsupported or counterproductive):
-
-- `npx`, `npm install`, `pip install` (package managers)
-- `node`, `python3`, `ruby` (interpreters)
-- `nano-brain`, `openspec`, `opencode` (custom tools)
-- Heredocs (`<<EOF`)
-- Piped commands (`cmd1 | cmd2`) — wrap only the first command if applicable
-- Commands already prefixed with `rtk`
-
-## How RTK Works
-
-```
-Without RTK:  git status → 50 lines raw output → 2,000 tokens
-With RTK:     rtk git status → "3 modified, 1 untracked ✓" → 200 tokens
-```
-
-RTK runs the real command, then filters/compresses the output. The agent sees a compact summary instead of verbose raw output.
-
-## Detection
-
-Before using RTK commands, verify it's installed:
-```bash
-rtk --version
-```
-
-If `rtk` is not found, skip this skill — run commands normally without the `rtk` prefix.
-
-## Token Savings Reference
-
-Typical 30-min coding session:
-- Without RTK: ~150,000 tokens
-- With RTK: ~45,000 tokens
-- **Savings: ~70%**
-
-Biggest wins: test output (`rtk test` — 90%), git operations (`rtk git` — 80%), file reading (`rtk read` — 70%).

package/dockerfiles/sandbox/skills/rtk-setup/SKILL.md

@@ -1,118 +0,0 @@
----
-name: rtk-setup
-description: "One-time setup + ongoing enforcement of RTK (Rust Token Killer) across sessions and subagents. Persists RTK instructions to AGENTS.md and propagates to delegated tasks."
-compatibility: "OpenCode with RTK binary installed"
-metadata:
-  author: Sisyphus
-  version: "1.0.0"
----
-
-# RTK Setup — Persistent RTK Enforcement
-
-This skill performs **setup** (persist RTK instructions) and **ongoing enforcement** (use rtk, propagate to subagents).
-
-## Phase 1: Detection (ALWAYS run first)
-
-Run these checks before anything else:
-
-```bash
-rtk --version
-```
-
-- If `rtk` is NOT found → **STOP**. Tell the user: "RTK is not installed. Install it first: `cargo install --git https://github.com/rtk-ai/rtk --locked`". Do NOT proceed with setup.
-- If `rtk` IS found → continue.
-
-### Check oh-my-opencode
-
-```bash
-ls ~/.config/opencode/oh-my-opencode.json 2>/dev/null
-```
-
-- If found → omo is installed. Note this for Phase 2.
-- If not found → skip omo-specific steps.
-
-## Phase 2: Setup (persist to AGENTS.md)
-
-Check BOTH of these files for the RTK managed block:
-
-1. **User-level**: `~/.config/opencode/AGENTS.md`
-2. **Project-level**: `./AGENTS.md` (current workspace)
-
-For EACH file, check if `<!-- RTK:START -->` exists. If it does NOT exist, **append** the following managed block to the file (create the file if it doesn't exist). NEVER replace existing content — only append.
-
-```markdown
-<!-- RTK:START -->
-<!-- Managed block - do not edit manually. Updated by: rtk-setup skill -->
-
-## RTK Token Optimizer
-
-This project uses **RTK** (Rust Token Killer) to reduce LLM token consumption by 60-90%.
-
-### Rules for ALL agents (including subagents)
-
-**ALWAYS** prefix these commands with `rtk`:
-
-| Command | Use instead |
-|---------|-------------|
-| `git status/diff/log/add/commit/push/pull` | `rtk git ...` |
-| `ls`, `ls -la` | `rtk ls` |
-| `cat file` | `rtk read file` |
-| `grep pattern .` / `rg pattern` | `rtk grep pattern .` |
-| `npm test` / `cargo test` / `pytest` | `rtk test <cmd>` |
-| `npm run build` / `cargo build` | `rtk err <cmd>` |
-| `gh pr list/view` | `rtk gh pr list/view` |
-| `docker ps` | `rtk docker ps` |
-| `eslint` / `tsc` | `rtk lint` / `rtk tsc` |
-
-**Do NOT** prefix: `npx`, `npm install`, `pip install`, `node`, `python3`, heredocs, piped commands.
-
-<!-- RTK:END -->
-```
-
-### If oh-my-opencode is installed
-
-After updating AGENTS.md files, check if the omo config at `~/.config/opencode/oh-my-opencode.json` has `prompt_append` fields on agents. If it does, inform the user:
-
-> "omo is installed. For maximum coverage, you can add RTK instructions to agent `prompt_append` fields in `oh-my-opencode.json`. This ensures subagents always use rtk even when AGENTS.md is not loaded. Want me to do this?"
-
-**Only modify `oh-my-opencode.json` if the user explicitly confirms.** If they confirm, append this line to the `prompt_append` of `sisyphus-junior` agent (the primary coder):
-
-```
-\n\nRTK: ALWAYS prefix shell commands with `rtk` when available (git, ls, grep, test, build). Example: `rtk git status` not `git status`.
-```
-
-Do NOT modify other agents' prompt_append unless asked.
-
-## Phase 3: Ongoing Enforcement (EVERY time this skill is loaded)
-
-### For the current agent
-
-From this point forward in this session, **you MUST**:
-
-1. **Use `rtk` prefix** for all supported shell commands (see table above)
-2. **Verify rtk is available** before first use: `rtk --version`
-3. If rtk is not available in the current environment, fall back to normal commands silently
-
-### For subagent delegation
-
-When delegating ANY task that involves shell commands (via `task()`, `delegate_task()`, or any delegation mechanism), **ALWAYS** add this to the `MUST DO` section of the delegation prompt:
-
-```
-- Use `rtk` prefix for shell commands when available (git, ls, grep, test, build). Run `rtk --version` first to check. If not installed, use normal commands. Examples: `rtk git status`, `rtk ls`, `rtk grep pattern .`, `rtk test npm test`.
-```
-
-This is NON-NEGOTIABLE. Subagents do not read AGENTS.md, so RTK instructions MUST be passed explicitly in every delegation prompt.
-
-### Quick reference for subagent prompts
-
-Copy-paste this one-liner into MUST DO sections:
-
-> Use `rtk` prefix for all shell commands (git, ls, grep, test, build, docker). Example: `rtk git status` not `git status`. If `rtk` is not found, use normal commands.
-
-## Summary
-
-| Phase | When | What |
-|-------|------|------|
-| Detection | Always first | Check rtk installed, check omo |
-| Setup | Once (idempotent) | Append RTK block to AGENTS.md (user + project) |
-| Enforcement | Every session | Use rtk yourself, propagate to all subagents |