@kokorolx/ai-sandbox-wrapper 3.4.0 → 3.4.2

package/bin/ai-run

@@ -823,8 +823,17 @@ if [[ "$TOOL" == "opencode" ]] && command -v jq &>/dev/null && [[ -f "$AI_SANDBO
     # Deterministic port per container name
     CONTAINER_HASH=$(echo "$CONTAINER_NAME_VALUE" | md5sum | cut -c1-4)
     HOST_CHROME_CDP_PORT=$((19222 + 0x$CONTAINER_HASH % 100))
-    PLAYWRIGHT_MCP_NAME="playwright_port_${HOST_CHROME_CDP_PORT}"
-    CHROME_DEVTOOLS_MCP_NAME="chrome-devtools_port_${HOST_CHROME_CDP_PORT}"
+
+    # Only register entries for MCP binaries actually present in the image
+    # (tracked in $AI_SANDBOX_CONFIG by setup.sh). Otherwise opencode would
+    # try to spawn a missing binary and fail. (is_mcp_installed is defined
+    # later in the file, so use jq inline here.)
+    if jq -e '.mcp.installed // [] | index("playwright") != null' "$AI_SANDBOX_CONFIG" &>/dev/null; then
+      PLAYWRIGHT_MCP_NAME="playwright_port_${HOST_CHROME_CDP_PORT}"
+    fi
+    if jq -e '.mcp.installed // [] | index("chrome-devtools") != null' "$AI_SANDBOX_CONFIG" &>/dev/null; then
+      CHROME_DEVTOOLS_MCP_NAME="chrome-devtools_port_${HOST_CHROME_CDP_PORT}"
+    fi
 
     # Reuse-if-alive: probe before launching
     if pmcp::probe_chrome "$HOST_CHROME_CDP_PORT"; then

package/bin/cli.js

@@ -21,6 +21,7 @@ Usage:
 
 Commands:
   setup                 Run interactive setup (configure workspaces, select tools)
+  rebuild               Rebuild Docker image using existing config (no menu required)
   update                Interactive menu to manage config (workspaces, git, networks)
   clean                 Interactive cleanup for caches/configs
   clean cache [type]    Clear shared package caches (npm, bun, pip, playwright-browsers)
@@ -51,6 +52,8 @@ Options:
 
 Examples:
   npx @kokorolx/ai-sandbox-wrapper setup
+  npx @kokorolx/ai-sandbox-wrapper rebuild
+  npx @kokorolx/ai-sandbox-wrapper rebuild --no-cache
   npx @kokorolx/ai-sandbox-wrapper update
   npx @kokorolx/ai-sandbox-wrapper config show --json
   npx @kokorolx/ai-sandbox-wrapper config tool claude
@@ -108,6 +111,69 @@ function runSetup() {
   });
 }
 
+function runRebuild() {
+  const buildScript = path.join(packageRoot, 'lib', 'build-sandbox.sh');
+
+  if (!fs.existsSync(buildScript)) {
+    console.error('❌ Error: lib/build-sandbox.sh not found at', buildScript);
+    process.exit(1);
+  }
+
+  const config = readConfig();
+  const toolsInstalled = (config.tools && config.tools.installed) || [];
+  const mcpInstalled = (config.mcp && config.mcp.installed) || [];
+
+  if (toolsInstalled.length === 0) {
+    console.error('❌ No tools found in ~/.ai-sandbox/config.json');
+    console.error('   Run `npx @kokorolx/ai-sandbox-wrapper setup` first.');
+    process.exit(1);
+  }
+
+  const hasMcp = (name) => mcpInstalled.includes(name);
+  const useHostChrome = !!(config.mcp && config.mcp.chromePath);
+
+  const buildEnv = {
+    ...process.env,
+    TOOLS: toolsInstalled.join(','),
+    INSTALL_PLAYWRIGHT_MCP: hasMcp('playwright') ? '1' : '0',
+    INSTALL_CHROME_DEVTOOLS_MCP: hasMcp('chrome-devtools') ? '1' : '0',
+    INSTALL_PLAYWRIGHT_HOST: useHostChrome ? '1' : '0',
+    INSTALL_RTK: '0',
+    INSTALL_SPEC_KIT: '0',
+    INSTALL_UX_UI_PROMAX: '0',
+    INSTALL_OPENSPEC: '0',
+    INSTALL_PLAYWRIGHT: '0',
+    INSTALL_RUBY: '0'
+  };
+  if (flags.noCache) {
+    buildEnv.DOCKER_NO_CACHE = '1';
+  }
+
+  console.log('🔨 Rebuilding Docker image with current config...');
+  console.log(`   Tools: ${toolsInstalled.join(', ')}`);
+  if (mcpInstalled.length > 0) {
+    console.log(`   MCP: ${mcpInstalled.join(', ')}`);
+  }
+  if (flags.noCache) {
+    console.log('   --no-cache: skipping Docker layer cache');
+  }
+
+  const child = spawn('bash', [buildScript], {
+    cwd: packageRoot,
+    stdio: 'inherit',
+    env: buildEnv
+  });
+
+  child.on('error', (err) => {
+    console.error('❌ Error running rebuild:', err.message);
+    process.exit(1);
+  });
+
+  child.on('close', (code) => {
+    process.exit(code || 0);
+  });
+}
+
 function expandHome(inputPath) {
   if (!inputPath) {
     return inputPath;
@@ -1313,6 +1379,9 @@ switch (command) {
   case undefined:
     runSetup();
     break;
+  case 'rebuild':
+    runRebuild();
+    break;
   case 'help':
   case '--help':
   case '-h':

package/dockerfiles/base/Dockerfile

@@ -1,6 +1,3 @@
-# Build RTK from source (multi-stage: only binary is kept, Rust toolchain discarded)
-FROM rust:bookworm AS rtk-builder
-RUN cargo install --git https://github.com/rtk-ai/rtk --locked
 
 FROM node:22-bookworm-slim
 
@@ -26,30 +23,6 @@ RUN npm install -g typescript typescript-language-server pyright vscode-langserv
 RUN node --version && npm --version && pnpm --version && tsc --version
 
 # Install additional tools (if selected)
-RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install specify-cli --pip-args="git+https://github.com/github/spec-kit.git" && \
-    chmod +x /usr/local/bin/specify && \
-    ln -sf /usr/local/bin/specify /usr/local/bin/specify-cli
-RUN mkdir -p /usr/local/lib/uipro-cli && \
-    cd /usr/local/lib/uipro-cli && \
-    npm init -y && \
-    npm install uipro-cli && \
-    ln -sf /usr/local/lib/uipro-cli/node_modules/.bin/uipro /usr/local/bin/uipro && \
-    ln -sf /usr/local/bin/uipro /usr/local/bin/uipro-cli && \
-    chmod -R 755 /usr/local/lib/uipro-cli && \
-    chmod +x /usr/local/bin/uipro
-RUN mkdir -p /usr/local/lib/openspec && \
-    cd /usr/local/lib/openspec && \
-    npm init -y && \
-    npm install @fission-ai/openspec && \
-    ln -sf /usr/local/lib/openspec/node_modules/.bin/openspec /usr/local/bin/openspec && \
-    chmod -R 755 /usr/local/lib/openspec && \
-    chmod +x /usr/local/bin/openspec
-# Install RTK - token optimizer for AI coding agents (built from source)
-COPY --from=rtk-builder /usr/local/cargo/bin/rtk /usr/local/bin/rtk
-# Install RTK OpenCode skills (auto-discovered by OpenCode agents)
-RUN mkdir -p /home/agent/.config/opencode/skills/rtk /home/agent/.config/opencode/skills/rtk-setup
-COPY skills/rtk/SKILL.md /home/agent/.config/opencode/skills/rtk/SKILL.md
-COPY skills/rtk-setup/SKILL.md /home/agent/.config/opencode/skills/rtk-setup/SKILL.md
 RUN apt-get update && apt-get install -y --no-install-recommends \
     libglib2.0-0 \
     libnspr4 \
@@ -83,13 +56,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 ENV PLAYWRIGHT_BROWSERS_PATH=/opt/playwright-browsers
 RUN mkdir -p /opt/playwright-browsers && \
     npm install -g @playwright/mcp@latest && \
-    npx playwright-core install --no-shell chromium && \
-    npx playwright-core install-deps chromium && \
-    chmod -R 777 /opt/playwright-browsers && \
-    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
+    touch /opt/.mcp-playwright-installed
 ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
 RUN npm install -g chrome-devtools-mcp@latest && \
     touch /opt/.mcp-chrome-devtools-installed
+RUN touch /opt/.mcp-playwright-installed
 
 # Create workspace
 WORKDIR /workspace

package/dockerfiles/sandbox/Dockerfile

@@ -1,6 +1,3 @@
-# Build RTK from source (multi-stage: only binary is kept, Rust toolchain discarded)
-FROM rust:bookworm AS rtk-builder
-RUN cargo install --git https://github.com/rtk-ai/rtk --locked
 
 FROM node:22-bookworm-slim
 
@@ -26,30 +23,6 @@ RUN npm install -g typescript typescript-language-server pyright vscode-langserv
 RUN node --version && npm --version && pnpm --version && tsc --version
 
 # Install additional tools (if selected)
-RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install specify-cli --pip-args="git+https://github.com/github/spec-kit.git" && \
-    chmod +x /usr/local/bin/specify && \
-    ln -sf /usr/local/bin/specify /usr/local/bin/specify-cli
-RUN mkdir -p /usr/local/lib/uipro-cli && \
-    cd /usr/local/lib/uipro-cli && \
-    npm init -y && \
-    npm install uipro-cli && \
-    ln -sf /usr/local/lib/uipro-cli/node_modules/.bin/uipro /usr/local/bin/uipro && \
-    ln -sf /usr/local/bin/uipro /usr/local/bin/uipro-cli && \
-    chmod -R 755 /usr/local/lib/uipro-cli && \
-    chmod +x /usr/local/bin/uipro
-RUN mkdir -p /usr/local/lib/openspec && \
-    cd /usr/local/lib/openspec && \
-    npm init -y && \
-    npm install @fission-ai/openspec && \
-    ln -sf /usr/local/lib/openspec/node_modules/.bin/openspec /usr/local/bin/openspec && \
-    chmod -R 755 /usr/local/lib/openspec && \
-    chmod +x /usr/local/bin/openspec
-# Install RTK - token optimizer for AI coding agents (built from source)
-COPY --from=rtk-builder /usr/local/cargo/bin/rtk /usr/local/bin/rtk
-# Install RTK OpenCode skills (auto-discovered by OpenCode agents)
-RUN mkdir -p /home/agent/.config/opencode/skills/rtk /home/agent/.config/opencode/skills/rtk-setup
-COPY skills/rtk/SKILL.md /home/agent/.config/opencode/skills/rtk/SKILL.md
-COPY skills/rtk-setup/SKILL.md /home/agent/.config/opencode/skills/rtk-setup/SKILL.md
 RUN apt-get update && apt-get install -y --no-install-recommends \
     libglib2.0-0 \
     libnspr4 \
@@ -83,13 +56,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 ENV PLAYWRIGHT_BROWSERS_PATH=/opt/playwright-browsers
 RUN mkdir -p /opt/playwright-browsers && \
     npm install -g @playwright/mcp@latest && \
-    npx playwright-core install --no-shell chromium && \
-    npx playwright-core install-deps chromium && \
-    chmod -R 777 /opt/playwright-browsers && \
-    ln -sf $(ls -d /opt/playwright-browsers/chromium-*/chrome-linux/chrome | sort -V | tail -1) /opt/chromium
+    touch /opt/.mcp-playwright-installed
 ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
 RUN npm install -g chrome-devtools-mcp@latest && \
     touch /opt/.mcp-chrome-devtools-installed
+RUN touch /opt/.mcp-playwright-installed
 
 # Create workspace
 WORKDIR /workspace
@@ -106,12 +77,13 @@ RUN curl -fsSL https://opencode.ai/install | bash && \
     mv /root/.opencode/bin/opencode /usr/local/bin/opencode && \
     rm -rf /root/.opencode
 
-# === claude ===
+# === codex ===
 USER root
-RUN export HOME=/root && curl -fsSL https://claude.ai/install.sh | bash && \
-    mkdir -p /usr/local/share && \
-    mv /root/.local/share/claude /usr/local/share/claude && \
-    ln -sf /usr/local/share/claude/versions/$(ls /usr/local/share/claude/versions | head -1) /usr/local/bin/claude
+RUN mkdir -p /usr/local/lib/codex && \
+    cd /usr/local/lib/codex && \
+    bun init -y && \
+    bun add @openai/codex && \
+    ln -s /usr/local/lib/codex/node_modules/.bin/codex /usr/local/bin/codex
 USER agent
 
 USER agent

package/lib/playwright-mcp-config.sh

@@ -88,20 +88,25 @@ pmcp::register() {
   echo "  ➕ pmcp: registered $key"
 }
 
-# Register both playwright-mcp and chrome-devtools-mcp for a host Chrome on
+# Register playwright-mcp and/or chrome-devtools-mcp for a host Chrome on
 # a given CDP port. Sweeps dead entries of both prefixes first, then writes
-# the new entries. MUST be called inside a flock.
-# Args: $1 = cfg, $2 = port, $3 = playwright key, $4 = chrome-devtools key
+# the requested entries. Pass empty string for a key to skip that one.
+# MUST be called inside a flock.
+# Args: $1 = cfg, $2 = port, $3 = playwright key (or ""), $4 = chrome-devtools key (or "")
 pmcp::register_host_chrome() {
   local cfg="$1" port="$2" pw_key="$3" cd_key="$4"
   local url="http://$PMCP_DOCKER_HOST_IP:$port"
 
   pmcp::sweep_dead "$cfg" "playwright_"
   pmcp::sweep_dead "$cfg" "chrome-devtools_"
-  pmcp::register "$cfg" "$pw_key" \
-    "[\"playwright-mcp\",\"--cdp-endpoint\",\"$url\"]"
-  pmcp::register "$cfg" "$cd_key" \
-    "[\"chrome-devtools-mcp\",\"--browserUrl\",\"$url\"]"
+  if [[ -n "$pw_key" ]]; then
+    pmcp::register "$cfg" "$pw_key" \
+      "[\"playwright-mcp\",\"--cdp-endpoint\",\"$url\"]"
+  fi
+  if [[ -n "$cd_key" ]]; then
+    pmcp::register "$cfg" "$cd_key" \
+      "[\"chrome-devtools-mcp\",\"--browserUrl\",\"$url\"]"
+  fi
 }
 
 # Sweep dead playwright_* entries and append a new one. MUST be called inside

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kokorolx/ai-sandbox-wrapper",
-  "version": "3.4.0",
+  "version": "3.4.2",
   "description": "Docker-based security sandbox for AI coding agents. Isolate Claude, Gemini, Aider, and other AI tools from your host system.",
   "keywords": [
     "ai",

package/setup.sh

@@ -382,14 +382,14 @@ if [[ ${#CONTAINERIZED_TOOLS[@]} -gt 0 || ${#ADDITIONAL_TOOLS[@]} -gt 0 ]]; then
 fi
 
 if [[ $NEEDS_BASE_IMAGE -eq 1 ]]; then
-  INSTALL_SPEC_KIT=0
-  INSTALL_UX_UI_PROMAX=0
-  INSTALL_OPENSPEC=0
-  INSTALL_PLAYWRIGHT=0
-  INSTALL_RUBY=0
-  INSTALL_CHROME_DEVTOOLS_MCP=0
-  INSTALL_PLAYWRIGHT_MCP=0
-  INSTALL_RTK=0
+  INSTALL_SPEC_KIT="${INSTALL_SPEC_KIT:-0}"
+  INSTALL_UX_UI_PROMAX="${INSTALL_UX_UI_PROMAX:-0}"
+  INSTALL_OPENSPEC="${INSTALL_OPENSPEC:-0}"
+  INSTALL_PLAYWRIGHT="${INSTALL_PLAYWRIGHT:-0}"
+  INSTALL_RUBY="${INSTALL_RUBY:-0}"
+  INSTALL_CHROME_DEVTOOLS_MCP="${INSTALL_CHROME_DEVTOOLS_MCP:-0}"
+  INSTALL_PLAYWRIGHT_MCP="${INSTALL_PLAYWRIGHT_MCP:-0}"
+  INSTALL_RTK="${INSTALL_RTK:-0}"
 
   for addon in "${ADDITIONAL_TOOLS[@]}"; do
     case "$addon" in