@kokorolx/ai-sandbox-wrapper 3.2.0 → 3.3.0-beta.1

package/bin/ai-run

@@ -783,6 +783,83 @@ if [[ -d "$HOST_SKILLS_DIR" ]]; then
   SHARED_CACHE_MOUNTS="$SHARED_CACHE_MOUNTS -v $HOST_SKILLS_DIR:/home/agent/.config/opencode/skills:ro"
 fi
 
+# Host Chrome for Playwright MCP (via CDP - Chrome DevTools Protocol)
+# NOTE: macOS Chrome binary (Mach-O) cannot run inside a Linux container.
+# Instead, we launch Chrome on the host with --remote-debugging-port and
+# connect from the container via CDP. Each container gets its own port and
+# its own MCP entry; entries are sweep-cleaned on every start.
+HOST_CHROME_CDP=false
+HOST_CHROME_CDP_PORT=19222
+PLAYWRIGHT_MCP_NAME=""
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+# shellcheck source=lib/playwright-mcp-config.sh
+[[ -f "$SCRIPT_DIR/lib/playwright-mcp-config.sh" ]] && source "$SCRIPT_DIR/lib/playwright-mcp-config.sh"
+
+if [[ "$TOOL" == "opencode" ]] && command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]] && declare -f pmcp::sanitize_name >/dev/null; then
+  PLAYWRIGHT_HOST_CHROME=$(jq -r '.mcp.chromePath // empty' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+  if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+    HOST_CHROME_CDP=true
+    echo "🌐 Host Chrome CDP mode: $PLAYWRIGHT_HOST_CHROME"
+
+    # CONTAINER_NAME has the form "--name foo" or is empty. Extract the value
+    # for hashing only — the MCP key uses just the port (containers that
+    # collide on a port intentionally share the same Chrome / MCP entry).
+    CONTAINER_NAME_VALUE="${CONTAINER_NAME#--name }"
+    [[ "$CONTAINER_NAME_VALUE" == "$CONTAINER_NAME" ]] && CONTAINER_NAME_VALUE="anon-$$"
+
+    # Deterministic port per container name
+    CONTAINER_HASH=$(echo "$CONTAINER_NAME_VALUE" | md5sum | cut -c1-4)
+    HOST_CHROME_CDP_PORT=$((19222 + 0x$CONTAINER_HASH % 100))
+    PLAYWRIGHT_MCP_NAME="playwright_port_${HOST_CHROME_CDP_PORT}"
+
+    # Reuse-if-alive: probe before launching
+    if pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then
+      echo "  ✅ Chrome already running on port $HOST_CHROME_CDP_PORT (reusing)"
+    else
+      echo "  🚀 Launching Chrome with remote debugging on port $HOST_CHROME_CDP_PORT..."
+      mkdir -p "$SANDBOX_DIR/chrome-profile-$HOST_CHROME_CDP_PORT"
+      "$PLAYWRIGHT_HOST_CHROME" \
+        --remote-debugging-port="$HOST_CHROME_CDP_PORT" \
+        --user-data-dir="$SANDBOX_DIR/chrome-profile-$HOST_CHROME_CDP_PORT" \
+        --no-first-run \
+        --no-default-browser-check \
+        &>/dev/null &
+      CHROME_PID=$!
+      for i in {1..20}; do
+        if pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then
+          echo "  ✅ Chrome ready (PID: $CHROME_PID, port: $HOST_CHROME_CDP_PORT)"
+          echo "  👀 You can watch the browser window to see what the AI is doing"
+          break
+        fi
+        sleep 0.25
+      done
+      if ! pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then
+        echo "  ⚠️  Chrome failed to start. Falling back to container Chromium."
+        HOST_CHROME_CDP=false
+        kill "$CHROME_PID" 2>/dev/null || true
+        PLAYWRIGHT_MCP_NAME=""
+      fi
+    fi
+
+    # Locked sweep+append on the shared OpenCode config
+    if [[ "$HOST_CHROME_CDP" == "true" ]]; then
+      OPENCODE_CONFIG_FILE="$HOME/.config/opencode/opencode.json"
+      LOCK_FILE="$HOME/.config/opencode/.playwright.lock"
+      mkdir -p "$(dirname "$OPENCODE_CONFIG_FILE")"
+      [[ -f "$OPENCODE_CONFIG_FILE" ]] || echo '{}' > "$OPENCODE_CONFIG_FILE"
+      pmcp::with_lock "$LOCK_FILE" pmcp::sweep_and_append "$OPENCODE_CONFIG_FILE" "$PLAYWRIGHT_MCP_NAME" "$HOST_CHROME_CDP_PORT"
+      rc=$?
+      if [[ "$rc" == "99" ]]; then
+        echo "  ⚠️  Could not acquire MCP config lock within 5s; skipping registration."
+        PLAYWRIGHT_MCP_NAME=""
+      elif [[ "$rc" != "0" ]]; then
+        echo "  ⚠️  MCP config update failed (rc=$rc); skipping registration."
+        PLAYWRIGHT_MCP_NAME=""
+      fi
+    fi
+  fi
+fi
+
 # Nano-brain mount: writable so container can modify config, write memory, logs, etc.
 NANO_BRAIN_MOUNT=""
 if [[ -d "$HOME/.nano-brain" ]]; then
@@ -1921,6 +1998,12 @@ configure_opencode_mcp() {
     is_mcp_configured "playwright" && playwright_configured=true
   fi
 
+  # Get host Chrome path if using playwright-host
+  local PLAYWRIGHT_HOST_CHROME=""
+  if command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]]; then
+    PLAYWRIGHT_HOST_CHROME=$(jq -r '.mcp.chromePath // empty' "$AI_SANDBOX_CONFIG" 2>/dev/null)
+  fi
+
   # If no MCP tools installed in image, return
   if [[ "$chrome_installed" == "false" && "$playwright_installed" == "false" ]]; then
     return 0
@@ -1957,7 +2040,11 @@ configure_opencode_mcp() {
           echo "  ✓ Chrome DevTools MCP"
           ;;
         playwright)
-          echo "  ✓ Playwright MCP"
+          if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+            echo "  ✓ Playwright MCP (host Chrome)"
+          else
+            echo "  ✓ Playwright MCP"
+          fi
           ;;
       esac
     done
@@ -1973,7 +2060,11 @@ configure_opencode_mcp() {
           echo "  • Chrome DevTools MCP - browser automation + performance profiling"
           ;;
         playwright)
-          echo "  • Playwright MCP - multi-browser automation"
+          if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+            echo "  • Playwright MCP (host Chrome) - use your installed Chrome browser"
+          else
+            echo "  • Playwright MCP - multi-browser automation"
+          fi
           ;;
       esac
     done
@@ -2006,9 +2097,16 @@ configure_opencode_mcp() {
             fi
             ;;
           playwright)
-            if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
-              echo "  ✓ Configured Playwright MCP"
+            # Check if using host Chrome via CDP
+            if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+              echo "  ℹ️  Playwright MCP entry will be registered per-container at runtime (host Chrome mode)."
               configured_any=true
+            else
+              # Use container Chromium
+              if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
+                echo "  ✓ Configured Playwright MCP"
+                configured_any=true
+              fi
             fi
             ;;
         esac
@@ -2042,9 +2140,16 @@ configure_opencode_mcp() {
               fi
               ;;
             playwright)
-              if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
-                echo "    ✓ Configured"
+              # Check if using host Chrome via CDP
+              if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
+                echo "  ℹ️  Playwright MCP entry will be registered per-container at runtime (host Chrome mode)."
                 configured_any=true
+              else
+                # Use container Chromium
+                if add_mcp_config "playwright" '["playwright-mcp", "--headless", "--browser", "chromium"]'; then
+                  echo "    ✓ Configured"
+                  configured_any=true
+                fi
               fi
               ;;
           esac
@@ -2581,27 +2686,38 @@ EOF
     up --remove-orphans
 fi
 
-docker run $CONTAINER_NAME --rm $TTY_FLAGS \
-  --init \
-  --platform "$PLATFORM" \
-  $ENTRYPOINT_OVERRIDE \
-  $VOLUME_MOUNTS \
-  $CONFIG_MOUNT \
-  $TOOL_CONFIG_MOUNTS \
-  $RG_COMPAT_MOUNT \
-  $GIT_MOUNTS \
-  $SSH_AGENT_ENV \
-  $NETWORK_OPTIONS \
-  $DISPLAY_FLAGS \
-  $HOST_ACCESS_ARGS \
-  $PORT_MAPPINGS \
-  $OPENCODE_PASSWORD_ENV \
-  -v "$HOME_DIR":/home/agent \
-  $SHARED_CACHE_MOUNTS \
-  $NANO_BRAIN_MOUNT \
-  -w "$CURRENT_DIR" \
-  --env-file "$ENV_FILE" \
-  -e TERM="$TERM" \
-  -e COLORTERM="$COLORTERM" \
-  $TERMINAL_SIZE \
-  "$IMAGE" "${DOCKER_COMMAND[@]}"
+# Build docker run arguments as an array (handles paths with spaces correctly)
+DOCKER_ARGS=()
+DOCKER_ARGS+=($CONTAINER_NAME --rm $TTY_FLAGS)
+DOCKER_ARGS+=(--init)
+DOCKER_ARGS+=(--platform "$PLATFORM")
+DOCKER_ARGS+=($ENTRYPOINT_OVERRIDE)
+DOCKER_ARGS+=($VOLUME_MOUNTS)
+DOCKER_ARGS+=($CONFIG_MOUNT)
+DOCKER_ARGS+=($TOOL_CONFIG_MOUNTS)
+DOCKER_ARGS+=($RG_COMPAT_MOUNT)
+DOCKER_ARGS+=($GIT_MOUNTS)
+DOCKER_ARGS+=($SSH_AGENT_ENV)
+DOCKER_ARGS+=($NETWORK_OPTIONS)
+DOCKER_ARGS+=($DISPLAY_FLAGS)
+DOCKER_ARGS+=($HOST_ACCESS_ARGS)
+DOCKER_ARGS+=($PORT_MAPPINGS)
+DOCKER_ARGS+=($OPENCODE_PASSWORD_ENV)
+DOCKER_ARGS+=(-v "$HOME_DIR":/home/agent)
+DOCKER_ARGS+=($SHARED_CACHE_MOUNTS)
+DOCKER_ARGS+=($NANO_BRAIN_MOUNT)
+DOCKER_ARGS+=(-w "$CURRENT_DIR")
+DOCKER_ARGS+=(--env-file "$ENV_FILE")
+DOCKER_ARGS+=(-e TERM="$TERM")
+DOCKER_ARGS+=(-e COLORTERM="$COLORTERM")
+if [[ -n "${PLAYWRIGHT_MCP_NAME:-}" ]]; then
+  DOCKER_ARGS+=(-e "PLAYWRIGHT_MCP_NAME=$PLAYWRIGHT_MCP_NAME")
+  DOCKER_ARGS+=(-e "PLAYWRIGHT_PORT=$HOST_CHROME_CDP_PORT")
+fi
+DOCKER_ARGS+=($TERMINAL_SIZE)
+
+DOCKER_ARGS+=("$IMAGE")
+DOCKER_ARGS+=("${DOCKER_COMMAND[@]}")
+
+# Execute docker run with proper argument handling
+docker run "${DOCKER_ARGS[@]}"

package/lib/install-base.sh

@@ -170,13 +170,25 @@ if [[ "${INSTALL_CHROME_DEVTOOLS_MCP:-0}" -eq 1 ]] || [[ "${INSTALL_PLAYWRIGHT_M
     wget \
     && rm -rf /var/lib/apt/lists/*
 ENV PLAYWRIGHT_BROWSERS_PATH=/opt/playwright-browsers
-RUN mkdir -p /opt/playwright-browsers && \
+'
+  
+  # Only install Chromium if not using host Chrome
+  if [[ "${INSTALL_PLAYWRIGHT_HOST:-0}" -eq 1 ]]; then
+    echo "  📦 Using host Chrome - skipping Chromium installation"
+    ADDITIONAL_TOOLS_INSTALL+='RUN mkdir -p /opt/playwright-browsers && \
+    npm install -g @playwright/mcp@latest && \
+    touch /opt/.mcp-playwright-installed
+'
+  else
+    echo "  📦 Installing Chromium browser for MCP tools"
+    ADDITIONAL_TOOLS_INSTALL+='RUN mkdir -p /opt/playwright-browsers && \
     npm install -g @playwright/mcp@latest && \
     npx playwright-core install --no-shell chromium && \
     npx playwright-core install-deps chromium && \
     chmod -R 777 /opt/playwright-browsers && \
     ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
 '
+  fi
 fi
 
 if [[ "${INSTALL_CHROME_DEVTOOLS_MCP:-0}" -eq 1 ]]; then

package/lib/playwright-mcp-config.sh

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+# Helpers for managing per-container Playwright MCP entries in the shared
+# OpenCode config (~/.config/opencode/opencode.json). All functions are pure
+# except where noted. Callers are responsible for holding the flock around
+# pmcp::sweep_and_append.
+
+# Replace any character outside [A-Za-z0-9_-] with underscore. Empty input
+# becomes "unnamed". Used to keep MCP keys jq-safe.
+pmcp::sanitize_name() {
+  local input="${1:-}"
+  if [[ -z "$input" ]]; then
+    echo "unnamed"
+    return
+  fi
+  printf '%s' "$input" | tr -c 'A-Za-z0-9_-' '_'
+}
+
+# Probe a port for a valid Chrome CDP endpoint. Returns 0 if /json/version
+# responds with JSON containing a "Browser" field within the timeout.
+# Args: $1 = port
+pmcp::probe_chrome() {
+  local port="$1"
+  local body
+  body=$(curl -fsS --max-time 0.5 "http://localhost:$port/json/version" 2>/dev/null) || return 1
+  [[ "$body" == *'"Browser"'* ]] || return 1
+  return 0
+}
+
+# Host address from container (Docker Desktop on Mac).
+PMCP_DOCKER_HOST_IP="${PMCP_DOCKER_HOST_IP:-192.168.65.254}"
+
+# Sweep dead playwright_* entries and append a new one. MUST be called inside
+# a flock by the caller. Does not acquire the lock itself, by design — locking
+# happens around a larger critical section in the caller.
+# Args: $1 = config file path, $2 = full MCP key (e.g. playwright_foo_19223), $3 = port
+pmcp::sweep_and_append() {
+  local cfg="$1" name="$2" port="$3"
+
+  if [[ ! -f "$cfg" ]]; then
+    echo "  ⚠️  pmcp: config file not found: $cfg" >&2
+    return 1
+  fi
+
+  # Collect dead keys
+  local keys dead_keys=()
+  keys=$(jq -r '(.mcp // {}) | keys[] | select(startswith("playwright_"))' "$cfg" 2>/dev/null || true)
+  while IFS= read -r key; do
+    [[ -z "$key" ]] && continue
+    local cmd_url
+    cmd_url=$(jq -r --arg k "$key" '.mcp[$k].command[]? | select(startswith("http://"))' "$cfg" 2>/dev/null | head -1)
+    [[ -z "$cmd_url" ]] && continue
+    local entry_port="${cmd_url##*:}"
+    if ! pmcp::probe_chrome "$entry_port"; then
+      dead_keys+=("$key")
+    fi
+  done <<< "$keys"
+
+  # Build --arg flags for each dead key, then run a single jq invocation
+  # that deletes them all and appends the new entry.
+  local tmp="$cfg.tmp.$$"
+  local args=()
+  local i=0
+  for k in "${dead_keys[@]+"${dead_keys[@]}"}"; do
+    args+=(--arg "k$i" "$k")
+    i=$((i + 1))
+  done
+  jq "${args[@]+"${args[@]}"}" --arg name "$name" --arg host "$PMCP_DOCKER_HOST_IP" --arg port "$port" \
+    '
+      def setup($args; $name; $host; $port):
+        .mcp = (.mcp // {})
+        | reduce ($args[]) as $k (.; del(.mcp[$k]))
+        | .mcp[$name] = {"type":"local","command":["playwright-mcp","--cdp-endpoint","http://" + $host + ":" + $port]};
+      setup([$ARGS.named | to_entries[] | select(.key|startswith("k")) | .value]; $name; $host; $port)
+    ' "$cfg" > "$tmp"
+
+  mv "$tmp" "$cfg"
+  chmod 600 "$cfg"
+
+  if (( ${#dead_keys[@]} > 0 )); then
+    echo "  🧹 pmcp: removed ${#dead_keys[@]} stale entr$([ ${#dead_keys[@]} -eq 1 ] && echo y || echo ies): ${dead_keys[*]}"
+  fi
+  echo "  ➕ pmcp: registered $name → http://$PMCP_DOCKER_HOST_IP:$port"
+}
+
+# Run a command while holding an exclusive lock on $1. Uses flock(1) if available,
+# else falls back to a mkdir-based mutex (portable across macOS where flock is
+# not built-in). Times out after 5 seconds; on timeout, returns 99 without
+# running the command. Returns the command's exit status otherwise.
+# Args: $1 = lockfile path, $2... = command + args
+pmcp::with_lock() {
+  local lockfile="$1"; shift
+  local timeout=5
+
+  if command -v flock >/dev/null 2>&1; then
+    (
+      flock -w "$timeout" 9 || exit 99
+      "$@"
+    ) 9>"$lockfile"
+    return $?
+  fi
+
+  # mkdir-based fallback. mkdir is atomic on POSIX filesystems.
+  local mutex="${lockfile}.d"
+  local waited=0
+  while ! mkdir "$mutex" 2>/dev/null; do
+    if (( waited >= timeout * 10 )); then
+      return 99
+    fi
+    sleep 0.1
+    waited=$((waited + 1))
+  done
+  trap "rmdir '$mutex' 2>/dev/null || true" EXIT
+  "$@"
+  local rc=$?
+  rmdir "$mutex" 2>/dev/null || true
+  trap - EXIT
+  return $rc
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.2.0",
+  "version": "3.3.0-beta.1",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",
@@ -23,7 +23,9 @@
   },
   "license": "MIT",
   "author": "kokorolx",
-  "bin": "./bin/cli.js",
+  "bin": {
+    "ai-sandbox-wrapper": "bin/cli.js"
+  },
   "files": [
     "bin/",
     "lib/",