@kokorolx/ai-sandbox-wrapper 3.4.3-beta.2 → 3.4.3

package/bin/ai-run

@@ -141,293 +141,6 @@ else
   TOOL=""
 fi
 
-# ────────────────────────────────────────────────────────────────
-# OPEN-DESIGN SERVICE-TYPE TOOL DISPATCHER
-# Unlike ephemeral CLI tools, open-design is a long-running daemon.
-# Routes init/start/stop/restart/status/logs subcommands and exits.
-# ────────────────────────────────────────────────────────────────
-if [[ "$TOOL" == "open-design" ]]; then
-  OD_CONTAINER_NAME="ai-open-design"
-  OD_IMAGE="ai-open-design:latest"
-  OD_NETWORK="ai-sandbox"
-  OD_VOLUME="ai-open-design-data"
-  OD_ENV_FILE="$HOME/.ai-sandbox/env"
-  OD_DEFAULT_URL="http://ai-open-design:7456"
-
-  od_print_help() {
-    cat <<HLP
-Usage: ai-run open-design <subcommand> [options]
-
-Subcommands:
-  init [--force]              One-time setup: generate API token, create network/volume
-  start [--expose] [--port N] Boot daemon (detached). --expose publishes port to host
-  stop                        Stop daemon (preserves container for restart)
-  restart [start-flags...]    Stop then start
-  status                      Show daemon state, network, port, token, health
-  logs [-f|--follow]          Show daemon logs (-f to follow)
-  --help, -h                  Show this help
-
-Examples:
-  ai-run open-design init
-  ai-run open-design start
-  ai-run open-design start --expose            # publishes 7456 to host
-  ai-run open-design start --expose --port 17456
-  ai-run open-design status
-HLP
-  }
-
-  od_env_has_token() {
-    [[ -f "$OD_ENV_FILE" ]] && grep -q "^OD_API_TOKEN=" "$OD_ENV_FILE"
-  }
-
-  od_read_token() {
-    [[ -f "$OD_ENV_FILE" ]] && grep "^OD_API_TOKEN=" "$OD_ENV_FILE" | head -1 | cut -d= -f2-
-  }
-
-  od_init() {
-    local force=false
-    if [[ "${1:-}" == "--force" ]]; then
-      force=true
-    fi
-
-    mkdir -p "$(dirname "$OD_ENV_FILE")"
-    touch "$OD_ENV_FILE"
-    chmod 600 "$OD_ENV_FILE"
-
-    if od_env_has_token && [[ "$force" != "true" ]]; then
-      echo "ℹ️  OD_API_TOKEN already set in $OD_ENV_FILE — nothing to do"
-      echo "    Use 'ai-run open-design init --force' to regenerate (will invalidate running sessions)"
-    else
-      if [[ "$force" == "true" ]] && od_env_has_token; then
-        printf "⚠️  This will replace the existing OD_API_TOKEN. Continue? [y/N] "
-        read -r confirm
-        if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
-          echo "Aborted."
-          exit 0
-        fi
-        # Strip existing OD_API_TOKEN line
-        if [[ "$(uname)" == "Darwin" ]]; then
-          sed -i '' '/^OD_API_TOKEN=/d' "$OD_ENV_FILE"
-        else
-          sed -i '/^OD_API_TOKEN=/d' "$OD_ENV_FILE"
-        fi
-      fi
-      if ! command -v openssl >/dev/null 2>&1; then
-        echo "❌ ERROR: 'openssl' is required to generate a token" >&2
-        exit 1
-      fi
-      local token
-      token="$(openssl rand -hex 32)"
-      # Ensure trailing newline before append to avoid joining with previous line
-      if [[ -s "$OD_ENV_FILE" && -n "$(tail -c 1 "$OD_ENV_FILE" 2>/dev/null)" ]]; then
-        echo "" >> "$OD_ENV_FILE"
-      fi
-      echo "OD_API_TOKEN=$token" >> "$OD_ENV_FILE"
-      echo "✅ Generated OD_API_TOKEN (256-bit, written to $OD_ENV_FILE)"
-    fi
-
-    # Ensure OD_DAEMON_URL line
-    if ! grep -q "^OD_DAEMON_URL=" "$OD_ENV_FILE"; then
-      if [[ -s "$OD_ENV_FILE" && -n "$(tail -c 1 "$OD_ENV_FILE" 2>/dev/null)" ]]; then
-        echo "" >> "$OD_ENV_FILE"
-      fi
-      echo "OD_DAEMON_URL=$OD_DEFAULT_URL" >> "$OD_ENV_FILE"
-      echo "✅ Set OD_DAEMON_URL=$OD_DEFAULT_URL in $OD_ENV_FILE"
-    fi
-
-    chmod 600 "$OD_ENV_FILE"
-
-    # Ensure network
-    if ensure_network "$OD_NETWORK"; then
-      echo "✅ Docker network '$OD_NETWORK' ready"
-    fi
-
-    # Ensure volume
-    if ! docker volume inspect "$OD_VOLUME" >/dev/null 2>&1; then
-      docker volume create "$OD_VOLUME" >/dev/null
-      echo "✅ Docker volume '$OD_VOLUME' created"
-    else
-      echo "ℹ️  Docker volume '$OD_VOLUME' already exists"
-    fi
-
-    echo ""
-    echo "Next: ai-run open-design start"
-  }
-
-  od_start() {
-    local expose=false
-    local host_port=7456
-
-    while [[ $# -gt 0 ]]; do
-      case "$1" in
-        --expose) expose=true; shift ;;
-        --port)
-          shift
-          if [[ $# -gt 0 && "$1" =~ ^[0-9]+$ ]]; then
-            if (( $1 < 1 || $1 > 65535 )); then
-              echo "❌ ERROR: --port value '$1' out of range (1-65535)" >&2; exit 1
-            fi
-            host_port="$1"
-            shift
-          else
-            echo "❌ ERROR: --port requires a numeric value (e.g. 7456)" >&2; exit 1
-          fi
-          ;;
-        *) echo "❌ ERROR: unknown start flag: $1" >&2; exit 1 ;;
-      esac
-    done
-
-    if ! od_env_has_token; then
-      echo "❌ ERROR: OD_API_TOKEN not found in $OD_ENV_FILE"
-      echo "    Run: ai-run open-design init"
-      exit 1
-    fi
-
-    if ! docker image inspect "$OD_IMAGE" >/dev/null 2>&1; then
-      echo "❌ ERROR: image '$OD_IMAGE' not built"
-      echo "    Run: bash lib/install-open-design.sh"
-      exit 1
-    fi
-
-    ensure_network "$OD_NETWORK" || exit 1
-    docker volume inspect "$OD_VOLUME" >/dev/null 2>&1 || docker volume create "$OD_VOLUME" >/dev/null
-
-    # If a container with this name exists, handle it gracefully
-    if docker ps -a --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-      if docker ps --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-        echo "ℹ️  '$OD_CONTAINER_NAME' is already running"
-        echo "    Use 'ai-run open-design restart' to apply new flags"
-        return 0
-      else
-        echo "🔄 Removing stopped container '$OD_CONTAINER_NAME' to recreate with current flags..."
-        docker rm "$OD_CONTAINER_NAME" >/dev/null
-      fi
-    fi
-
-    local run_args=(
-      run -d
-      --name "$OD_CONTAINER_NAME"
-      --network "$OD_NETWORK"
-      --restart unless-stopped
-      -v "$OD_VOLUME:/app/.od"
-      --env-file "$OD_ENV_FILE"
-    )
-
-    if [[ "$expose" == "true" ]]; then
-      run_args+=(-p "${host_port}:7456")
-    fi
-
-    run_args+=("$OD_IMAGE")
-
-    echo "🔄 Starting $OD_CONTAINER_NAME..."
-    docker "${run_args[@]}" >/dev/null
-    echo "✅ $OD_CONTAINER_NAME running on network '$OD_NETWORK'"
-    if [[ "$expose" == "true" ]]; then
-      echo "   Published to host: http://localhost:${host_port}"
-    else
-      echo "   Internal-only: reachable from sandbox containers as http://ai-open-design:7456"
-    fi
-  }
-
-  od_stop() {
-    if docker ps --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-      echo "🔄 Stopping $OD_CONTAINER_NAME..."
-      docker stop "$OD_CONTAINER_NAME" >/dev/null
-      echo "✅ $OD_CONTAINER_NAME stopped (data preserved in volume '$OD_VOLUME')"
-    else
-      echo "ℹ️  $OD_CONTAINER_NAME is not running"
-    fi
-  }
-
-  od_restart() {
-    od_stop
-    od_start "$@"
-  }
-
-  od_status() {
-    echo "Container : $OD_CONTAINER_NAME"
-    if docker ps --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-      echo "State     : running"
-      local uptime
-      uptime="$(docker inspect -f '{{.State.StartedAt}}' "$OD_CONTAINER_NAME" 2>/dev/null || echo unknown)"
-      echo "Started   : $uptime"
-      local ports
-      ports="$(docker inspect -f '{{json .NetworkSettings.Ports}}' "$OD_CONTAINER_NAME" 2>/dev/null || echo '{}')"
-      echo "Ports     : $ports"
-    elif docker ps -a --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-      echo "State     : stopped"
-      echo "   Hint   : ai-run open-design start"
-    else
-      echo "State     : not installed"
-      echo "   Hint   : ai-run open-design init && ai-run open-design start"
-    fi
-
-    echo "Network   : $OD_NETWORK"
-    echo "Volume    : $OD_VOLUME"
-    if od_env_has_token; then
-      local tok
-      tok="$(od_read_token)"
-      echo "API token : set (***${tok: -4})"
-    else
-      echo "API token : (unset — run 'ai-run open-design init')"
-    fi
-
-    # Try health check (only meaningful if container is running)
-    if docker ps --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-      # Try in-container curl first (fast path); fall back to one-off container on same network
-      # because upstream daemon image may not bundle curl
-      local health_ok=false
-      if docker exec "$OD_CONTAINER_NAME" sh -c 'command -v curl' >/dev/null 2>&1; then
-        if docker exec "$OD_CONTAINER_NAME" curl -sf --max-time 3 http://127.0.0.1:7456/api/health >/dev/null 2>&1; then
-          health_ok=true
-        fi
-      else
-        # Fallback: probe via a tiny one-off container in the same network
-        if docker run --rm --network "$OD_NETWORK" curlimages/curl:latest \
-            -sf --max-time 3 "http://${OD_CONTAINER_NAME}:7456/api/health" >/dev/null 2>&1; then
-          health_ok=true
-        fi
-      fi
-      if [[ "$health_ok" == "true" ]]; then
-        echo "Health    : OK"
-      else
-        echo "Health    : FAIL (daemon not responding on /api/health)"
-      fi
-    fi
-  }
-
-  od_logs() {
-    if ! docker ps -a --format '{{.Names}}' | grep -q "^${OD_CONTAINER_NAME}$"; then
-      echo "❌ ERROR: container '$OD_CONTAINER_NAME' does not exist" >&2
-      exit 1
-    fi
-    docker logs "$@" "$OD_CONTAINER_NAME"
-  }
-
-  # Dispatch subcommand
-  SUBCMD="${1:-}"
-  if [[ -n "$SUBCMD" ]]; then shift; fi
-  case "$SUBCMD" in
-    init)    od_init "$@" ;;
-    start)   od_start "$@" ;;
-    stop)    od_stop ;;
-    restart) od_restart "$@" ;;
-    status)  od_status ;;
-    logs)    od_logs "$@" ;;
-    --help|-h|"") od_print_help ;;
-    *)
-      echo "❌ ERROR: unknown subcommand '$SUBCMD'" >&2
-      echo ""
-      od_print_help
-      exit 1
-      ;;
-  esac
-  exit 0
-fi
-# ────────────────────────────────────────────────────────────────
-# END OPEN-DESIGN DISPATCHER
-# ────────────────────────────────────────────────────────────────
-
 # Handle no tool specified
 if [[ -z "$TOOL" ]]; then
   if [[ ! -t 0 ]] || [[ ! -t 1 ]]; then
@@ -1097,20 +810,6 @@ unset -f _pmcp_resolve_script_dir
 
 if [[ "$TOOL" == "opencode" ]] && command -v jq &>/dev/null && [[ -f "$AI_SANDBOX_CONFIG" ]] && declare -f pmcp::sanitize_name >/dev/null; then
   PLAYWRIGHT_HOST_CHROME=$(jq -r '.mcp.chromePath // empty' "$AI_SANDBOX_CONFIG" 2>/dev/null)
-  if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
-    # Ask user whether to open host Chrome browser
-    if [[ -t 0 ]]; then
-      echo ""
-      echo "🌐 Host Chrome browser is configured: $PLAYWRIGHT_HOST_CHROME"
-      printf "   Open browser for AI agent? [y/N] "
-      read -r -t 10 OPEN_CHROME_ANSWER || OPEN_CHROME_ANSWER=""
-      echo ""
-      if [[ ! "$OPEN_CHROME_ANSWER" =~ ^[Yy]$ ]]; then
-        echo "   ⏭️  Skipping host Chrome (using container Chromium if available)"
-        PLAYWRIGHT_HOST_CHROME=""
-      fi
-    fi
-  fi
   if [[ -n "$PLAYWRIGHT_HOST_CHROME" ]] && [[ -f "$PLAYWRIGHT_HOST_CHROME" ]]; then
     HOST_CHROME_CDP=true
     echo "🌐 Host Chrome CDP mode: $PLAYWRIGHT_HOST_CHROME"
@@ -1301,19 +1000,6 @@ get_network_containers() {
   docker network inspect "$network" --format '{{range .Containers}}{{.Name}} {{end}}' 2>/dev/null | xargs | tr ' ' ', '
 }
 
-# Ensure shared Docker network exists for cross-container service discovery
-# (e.g., agent containers reaching the open-design daemon by name)
-ensure_network() {
-  local net="${1:-ai-sandbox}"
-  if ! docker network inspect "$net" >/dev/null 2>&1; then
-    docker network create "$net" >/dev/null 2>&1 || {
-      echo "⚠️  WARNING: failed to create Docker network '$net'" >&2
-      return 1
-    }
-  fi
-  return 0
-}
-
 # Interactive network selection menu (multi-select)
 show_network_menu() {
   local compose_nets=()
@@ -2911,15 +2597,7 @@ fi
 
 # Nano-brain targeted preflight + auto-repair wrapper
 if [[ "$SHELL_MODE" == "true" ]] && [[ "$NANO_BRAIN_AUTO_REPAIR" == "true" ]] && [[ "${DOCKER_COMMAND[0]:-}" == "-c" ]]; then
-  # Separate hook from following command with newline so bash parses them
-  # as distinct statements. Without this, the hook's trailing `export -f`
-  # line gets joined with the next `echo` call, producing:
-  #   export -f nano_brain_shell_wrapper npx echo ''; echo '...'
-  # which makes bash try to `export -f echo` (a builtin, not a function)
-  # and `export -f ''` (empty name), emitting two harmless but ugly errors:
-  #   bash: line 68: export: echo: not a function
-  #   bash: line 68: export: : not a function
-  DOCKER_COMMAND[1]="$NANO_BRAIN_SHELL_HOOK"$'\n'"${DOCKER_COMMAND[1]}"
+  DOCKER_COMMAND[1]="$NANO_BRAIN_SHELL_HOOK ${DOCKER_COMMAND[1]}"
 fi
 
 if [[ "$SHELL_MODE" != "true" ]] && is_nano_brain_command; then
@@ -3061,23 +2739,12 @@ DOCKER_ARGS+=($TOOL_CONFIG_MOUNTS)
 DOCKER_ARGS+=($RG_COMPAT_MOUNT)
 DOCKER_ARGS+=($GIT_MOUNTS)
 DOCKER_ARGS+=($SSH_AGENT_ENV)
-# Default to ai-sandbox network for service discovery if user didn't specify.
-# Only add --network if creation succeeded; otherwise Docker uses its default bridge.
-if [[ -z "$NETWORK_OPTIONS" ]]; then
-  if ensure_network "ai-sandbox" >/dev/null 2>&1; then
-    DOCKER_ARGS+=(--network ai-sandbox)
-  fi
-fi
 DOCKER_ARGS+=($NETWORK_OPTIONS)
 DOCKER_ARGS+=($DISPLAY_FLAGS)
 DOCKER_ARGS+=($HOST_ACCESS_ARGS)
 DOCKER_ARGS+=($PORT_MAPPINGS)
 DOCKER_ARGS+=($OPENCODE_PASSWORD_ENV)
 DOCKER_ARGS+=(-v "$HOME_DIR":/home/agent)
-# Auto-mount open-design data volume read-only so agents can read generated artifacts
-if docker volume inspect ai-open-design-data >/dev/null 2>&1; then
-  DOCKER_ARGS+=(-v "ai-open-design-data:/workspace/.od:ro")
-fi
 DOCKER_ARGS+=($SHARED_CACHE_MOUNTS)
 DOCKER_ARGS+=($NANO_BRAIN_MOUNT)
 DOCKER_ARGS+=(-w "$CURRENT_DIR")
@@ -3096,41 +2763,5 @@ DOCKER_ARGS+=($TERMINAL_SIZE)
 DOCKER_ARGS+=("$IMAGE")
 DOCKER_ARGS+=("${DOCKER_COMMAND[@]}")
 
-# Auto-start open-design daemon if image exists but container not running
-if docker image inspect ai-open-design:latest >/dev/null 2>&1; then
-  if ! docker ps --format '{{.Names}}' | grep -q "^ai-open-design$"; then
-    if [[ -t 0 && -t 1 ]]; then
-      printf "🎨 Open Design daemon is not running. Start it? [Y/n] "
-      read -r OD_ANSWER
-      if [[ ! "$OD_ANSWER" =~ ^[Nn]$ ]]; then
-        OD_ENV_FILE="$HOME/.ai-sandbox/env"
-        OD_NETWORK="ai-sandbox"
-        OD_VOLUME="ai-open-design-data"
-        # Auto-init if token missing
-        if ! grep -q "^OD_API_TOKEN=" "$OD_ENV_FILE" 2>/dev/null; then
-          mkdir -p "$(dirname "$OD_ENV_FILE")"
-          touch "$OD_ENV_FILE"
-          chmod 600 "$OD_ENV_FILE"
-          OD_TOKEN="$(openssl rand -hex 32)"
-          echo "OD_API_TOKEN=$OD_TOKEN" >> "$OD_ENV_FILE"
-          echo "OD_DAEMON_URL=http://ai-open-design:7456" >> "$OD_ENV_FILE"
-          echo "✅ Generated OD_API_TOKEN"
-        fi
-        # Ensure network and volume
-        docker network inspect "$OD_NETWORK" >/dev/null 2>&1 || docker network create "$OD_NETWORK" >/dev/null
-        docker volume inspect "$OD_VOLUME" >/dev/null 2>&1 || docker volume create "$OD_VOLUME" >/dev/null
-        # Remove stopped container if exists
-        if docker ps -a --format '{{.Names}}' | grep -q "^ai-open-design$"; then
-          docker rm ai-open-design >/dev/null 2>&1 || true
-        fi
-        docker run -d --name ai-open-design --network "$OD_NETWORK" \
-          --restart unless-stopped -v "$OD_VOLUME:/app/.od" \
-          --env-file "$OD_ENV_FILE" ai-open-design:latest >/dev/null
-        echo "✅ Open Design daemon started (http://ai-open-design:7456)"
-      fi
-    fi
-  fi
-fi
-
 # Execute docker run with proper argument handling
 docker run "${DOCKER_ARGS[@]}"

package/bin/cli.js

@@ -140,8 +140,6 @@ function runRebuild() {
     INSTALL_CHROME_DEVTOOLS_MCP: hasMcp('chrome-devtools') ? '1' : '0',
     INSTALL_PLAYWRIGHT_HOST: useHostChrome ? '1' : '0',
     INSTALL_RTK: '0',
-    INSTALL_PUP: '0',
-    INSTALL_OD_HELPERS: '1',
     INSTALL_SPEC_KIT: '0',
     INSTALL_UX_UI_PROMAX: '0',
     INSTALL_OPENSPEC: '0',

package/dockerfiles/base/Dockerfile

@@ -0,0 +1,74 @@
+
+FROM node:22-bookworm-slim
+
+ARG AGENT_UID=1001
+
+RUN apt-get update && apt-get install -y --no-install-recommends     git     curl     ssh     ca-certificates     jq     python3     python3-pip     python3-venv     python3-dev     python3-setuptools     build-essential     libopenblas-dev     pipx     unzip     xclip     wl-clipboard     ripgrep     tmux     vim-nox     fd-find     sqlite3     poppler-utils     qpdf     tesseract-ocr     && curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh     && rm -rf /var/lib/apt/lists/*     && pipx ensurepath
+
+# Install Python PDF processing tools for PDF skill
+RUN pip3 install --no-cache-dir --break-system-packages pypdf pdfplumber reportlab pytesseract pdf2image
+
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg     && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null     && apt-get update     && apt-get install -y gh     && rm -rf /var/lib/apt/lists/*
+
+# Install bun (used by most AI tool install scripts)
+RUN npm install -g bun
+
+# Install pnpm globally using npm (not bun, for stability)
+RUN npm install -g pnpm
+
+# Install TypeScript and LSP tools using npm
+RUN npm install -g typescript typescript-language-server pyright vscode-langservers-extracted
+
+# Verify installations
+RUN node --version && npm --version && pnpm --version && tsc --version
+
+# Install additional tools (if selected)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libglib2.0-0 \
+    libnspr4 \
+    libnss3 \
+    libdbus-1-3 \
+    libatk1.0-0 \
+    libatk-bridge2.0-0 \
+    libcups2 \
+    libxcb1 \
+    libxkbcommon0 \
+    libatspi2.0-0 \
+    libx11-6 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxext6 \
+    libxfixes3 \
+    libxrandr2 \
+    libgbm1 \
+    libdrm2 \
+    libcairo2 \
+    libpango-1.0-0 \
+    libasound2 \
+    fonts-liberation \
+    libappindicator3-1 \
+    libu2f-udev \
+    libvulkan1 \
+    libxshmfence1 \
+    xdg-utils \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+ENV PLAYWRIGHT_BROWSERS_PATH=/opt/playwright-browsers
+RUN mkdir -p /opt/playwright-browsers && \
+    npm install -g @playwright/mcp@latest && \
+    touch /opt/.mcp-playwright-installed
+ENV CHROME_DEVTOOLS_MCP_NO_USAGE_STATISTICS=1
+RUN npm install -g chrome-devtools-mcp@latest && \
+    touch /opt/.mcp-chrome-devtools-installed
+RUN touch /opt/.mcp-playwright-installed
+
+# Create workspace
+WORKDIR /workspace
+
+# Non-root user for security (match host UID)
+RUN useradd -m -u ${AGENT_UID} -d /home/agent agent && \
+    mkdir -p /home/agent/.cache /home/agent/.npm /home/agent/.opencode /home/agent/.config && \
+    chown -R agent:agent /home/agent/.cache /home/agent/.npm /home/agent/.opencode /home/agent/.config /workspace && \
+    ([ -d /opt/playwright-browsers ] && chown -R agent:agent /opt/playwright-browsers || true)
+USER agent
+ENV HOME=/home/agent

package/dockerfiles/base/skills/rtk/SKILL.md

@@ -0,0 +1,103 @@
+---
+name: rtk
+description: "Token optimizer for AI coding agents. Wraps common CLI commands with rtk to reduce LLM token consumption by 60-90%."
+compatibility: "OpenCode with RTK binary installed"
+metadata:
+  author: Sisyphus
+  version: "1.0.0"
+---
+
+# RTK — Rust Token Killer
+
+**Purpose**: Reduce token consumption by 60-90% on shell commands. RTK filters and compresses command output before it reaches your context.
+
+## When This Skill Activates
+
+This skill is loaded automatically. Once active, **always** prefix supported commands with `rtk`.
+
+## Command Mappings (MANDATORY)
+
+When running shell commands via Bash tool, use `rtk` prefix for these commands:
+
+| Instead of | Use | Savings |
+|-----------|-----|---------|
+| `git status` | `rtk git status` | ~80% |
+| `git diff` | `rtk git diff` | ~75% |
+| `git log` | `rtk git log` | ~80% |
+| `git add/commit/push/pull` | `rtk git add/commit/push/pull` | ~90% |
+| `ls` / `ls -la` | `rtk ls` | ~80% |
+| `cat file` | `rtk read file` | ~70% |
+| `grep pattern .` | `rtk grep pattern .` | ~80% |
+| `rg pattern` | `rtk grep pattern .` | ~80% |
+| `npm test` / `cargo test` / `pytest` | `rtk test <cmd>` | ~90% |
+| `npm run build` / `cargo build` | `rtk err <cmd>` | ~80% |
+| `gh pr list/view` | `rtk gh pr list/view` | ~70% |
+| `docker ps` | `rtk docker ps` | ~80% |
+| `eslint` / `tsc` | `rtk lint` / `rtk tsc` | ~80% |
+
+## Searching Inside `node_modules` / Ignored Directories
+
+By default, `rtk grep` respects `.gitignore` rules — meaning `node_modules`, `.nuxt`, `dist`, etc. are **excluded**. This is the right behavior 99% of the time.
+
+When you **need** to search inside ignored directories (debugging a library, checking an API signature, tracing a dependency bug):
+
+```bash
+# Search all files including node_modules (--no-ignore bypasses .gitignore)
+rtk grep "defineStore" . --no-ignore
+
+# Search a specific package only (combine --no-ignore with --glob)
+rtk grep "defineStore" . --no-ignore --glob 'node_modules/pinia/**'
+```
+
+**What does NOT work:**
+- `rtk grep "pattern" node_modules/pinia/` — still excluded even with direct path
+- `rtk grep "pattern" . --glob 'node_modules/**'` — glob alone doesn't override .gitignore
+
+**Key flag: `--no-ignore`** — this is the ONLY way to search ignored directories with rtk grep.
+
+### Other useful `rtk grep` flags
+
+```bash
+rtk grep "pattern" . -t ts          # Filter by file type (ts, py, rust, etc.)
+rtk grep "pattern" . -m 100         # Increase max results (default: 50)
+rtk grep "pattern" . -u             # Ultra-compact mode (even fewer tokens)
+rtk grep "pattern" . -l 120         # Max line length before truncation (default: 80)
+```
+
+## Commands to NOT Wrap
+
+Do NOT prefix these with `rtk` (unsupported or counterproductive):
+
+- `npx`, `npm install`, `pip install` (package managers)
+- `node`, `python3`, `ruby` (interpreters)
+- `nano-brain`, `openspec`, `opencode` (custom tools)
+- Heredocs (`<<EOF`)
+- Piped commands (`cmd1 | cmd2`) — wrap only the first command if applicable
+- Commands already prefixed with `rtk`
+
+## How RTK Works
+
+```
+Without RTK:  git status → 50 lines raw output → 2,000 tokens
+With RTK:     rtk git status → "3 modified, 1 untracked ✓" → 200 tokens
+```
+
+RTK runs the real command, then filters/compresses the output. The agent sees a compact summary instead of verbose raw output.
+
+## Detection
+
+Before using RTK commands, verify it's installed:
+```bash
+rtk --version
+```
+
+If `rtk` is not found, skip this skill — run commands normally without the `rtk` prefix.
+
+## Token Savings Reference
+
+Typical 30-min coding session:
+- Without RTK: ~150,000 tokens
+- With RTK: ~45,000 tokens
+- **Savings: ~70%**
+
+Biggest wins: test output (`rtk test` — 90%), git operations (`rtk git` — 80%), file reading (`rtk read` — 70%).