aibox-cli 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 repalash
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,164 @@
+# aibox
+
+Run AI coding agents in isolated Docker containers. Mount your project, skip permission prompts safely, run multiple instances in parallel.
+
+## Install
+
+```bash
+# npm
+npm install -g aibox-cli
+
+# brew
+brew install blitzdotdev/tap/aibox
+```
+
+### Prerequisites
+
+On macOS, if Docker isn't installed, aibox will offer to install [Colima](https://github.com/abiosoft/colima) + Docker via Homebrew automatically. It also works with [Docker Desktop](https://www.docker.com/products/docker-desktop/) or [OrbStack](https://orbstack.dev) if you already have them.
+
+## Usage
+
+```bash
+# first time (once)
+aibox build
+
+# in any project directory
+aibox up                    # start container
+aibox claude --yolo         # no prompts, full sudo, no firewall
+aibox claude --safe         # keep prompts, restricted sudo, firewall on
+aibox claude                # asks you each time
+aibox shell                 # zsh inside the container
+aibox shell ls -la          # run a command inline
+aibox down                  # stop and remove
+```
+
+### Named Instances
+
+Run multiple containers for the same project:
+
+```bash
+aibox --name refactor claude --yolo
+aibox --name tests claude --safe
+aibox --name refactor down
+```
+
+### Isolated Instances
+
+By default, named instances share the project directory. For true isolation:
+
+```bash
+# Full isolation — copy repo into a Docker volume
+aibox --name refactor --copy claude --yolo
+
+# Lightweight — git worktree on host
+aibox --name feat --worktree claude --yolo
+```
+
+`--copy` uses `git bundle` to clone tracked files into a volume (excludes .gitignored files, preserves history). Changes stay inside the container until pushed. Best for automation and parallel agents.
+
+`--worktree` creates a `git worktree` at `~/.config/aibox/worktrees/`. Near-instant, shares remotes with the main repo. Best for feature branches and quick experiments.
+
+Both create a new branch `aibox/<instance-name>` automatically.
+
+### Management
+
+```bash
+aibox status              # list all aibox containers
+aibox volumes             # list copy volumes and worktrees
+aibox down                # stop current container
+aibox down --clean        # also remove copy volumes / worktrees
+aibox down --all          # stop all containers for this project
+aibox nuke                # remove ALL aibox containers
+```
+
+### Custom Image
+
+```bash
+aibox --image myteam/devbox:v2 up
+aibox build --image custom:latest
+```
+
+## IDE Integration
+
+aibox generates a `compose.dev.yaml` and configures your IDE on `aibox init` (or automatically on first `aibox up`).
+
+### JetBrains (WebStorm, IntelliJ, etc.)
+
+1. Install the [Claude Code plugin](https://plugins.jetbrains.com/plugin/claude-code)
+2. Run `aibox init` in your project
+3. Set the plugin's startup command to:
+   ```
+   /usr/local/bin/aibox claude --yolo
+   ```
+
+The Node.js interpreter is also configured to use the container, so running/debugging from the IDE uses the same sandboxed environment.
+
+### VS Code
+
+1. Install the [Claude Code extension](https://marketplace.visualstudio.com/items?itemName=anthropic.claude-code)
+2. Set the Claude Code startup command to `aibox claude --yolo`
+3. Or use Dev Containers with the generated `compose.dev.yaml`
+
+### Cursor / Windsurf / Other Editors
+
+Set your agent's startup command to `aibox claude --yolo`. Works anywhere you can configure a shell command.
+
+## Other Agents
+
+The container ships with Node.js 20, git, ripgrep, zsh, python3, and build tools. Claude Code is pre-installed, but you can run anything:
+
+```bash
+aibox shell
+# inside container:
+aider
+codex
+# etc.
+```
+
+Customize the Dockerfile at `~/.config/aibox/Dockerfile`.
+
+## How It Works
+
+- **Build**: Creates a Docker image with Node.js, Claude Code, and dev tools
+- **Up**: Starts a container with your project bind-mounted
+- **Claude**: Opens Claude Code inside the container, optionally skipping permission prompts
+- **Modes**: `--yolo` gives full access; `--safe` enables firewall + restricted sudo
+- **Auth**: A shared Docker volume persists Claude authentication across containers
+- **Isolation**: Each project gets its own container and isolated `node_modules`
+- **Safety**: Refuses to run in `$HOME`, `/tmp`, or other dangerous directories
+
+## Network Firewall
+
+In safe mode, outbound traffic is restricted to Claude API, npm, GitHub, PyPI, DNS, and SSH. Add extra domains:
+
+```bash
+export AIBOX_EXTRA_DOMAINS="example.com,api.myservice.io"
+aibox claude --safe
+```
+
+## Config
+
+Per-project settings in `.aibox`:
+
+```
+IMAGE=aibox:latest
+SHARED_MODULES=false
+```
+
+## All Flags
+
+| Flag | Description |
+|------|-------------|
+| `--name NAME` | Named instance (multiple containers per project) |
+| `--image NAME` | Override base Docker image |
+| `--shared-modules` | Share node_modules between host and container |
+| `--copy` | Copy repo into Docker volume (full isolation) |
+| `--worktree` | Use git worktree (lightweight isolation) |
+| `--yolo` | Skip prompts, full sudo, no firewall |
+| `--safe` | Keep prompts, restricted sudo, firewall on |
+| `--all` | With `down`: stop all project containers |
+| `--clean` | With `down`: also remove copy volumes / worktrees |
+
+## License
+
+MIT

package/bin/aibox

@@ -0,0 +1,1156 @@
+#!/usr/bin/env bash
+# aibox - Run AI coding tools in isolated Docker containers.
+#
+# Usage:
+#   aibox up                      Start the container
+#   aibox claude [--yolo|--safe]  Open Claude Code
+#                                 --yolo: skip permissions, full sudo, no firewall
+#                                 --safe: keep permissions, restricted sudo, firewall on
+#                                 default: asks you each time
+#   aibox shell                   Open a zsh shell in the container
+#   aibox shell <command>         Run a command in the container
+#   aibox down                    Stop and remove the container
+#   aibox down --clean            Also remove copy volumes / worktrees
+#   aibox down --all              Stop all containers for this project
+#   aibox status                  List all aibox containers
+#   aibox volumes                 List copy volumes and worktrees
+#   aibox nuke                    Remove ALL aibox containers (all projects)
+#   aibox build [--image NAME]    Build the base image
+#   aibox init [flags]            Generate compose.dev.yaml + configure WebStorm
+#   aibox help                    Show this help (default)
+#
+# Flags:
+#   --name NAME           Run a named instance (e.g. --name refactor)
+#                         Allows multiple containers per project
+#   --image NAME          Override base Docker image (default: aibox:latest)
+#   --shared-modules      Share node_modules between host and container
+#   --copy                Copy project into container (full isolation, no host sync)
+#   --worktree            Use git worktree (lightweight isolation, stays on host)
+#   --yolo                Yolo mode: skip permissions, full sudo, no firewall
+#   --safe                Safe mode: keep permissions, restricted sudo, firewall on
+#
+# Network firewall:
+#   Default: only allows Claude API, npm, GitHub, PyPI, SSH, DNS.
+#   Add domains: export AIBOX_EXTRA_DOMAINS="example.com,api.myservice.io"
+#
+# Prerequisites:
+#   brew install colima docker docker-compose docker-buildx
+#   (or: brew install orbstack)
+#
+# First-time setup (once ever):
+#   aibox build
+#
+# Per-project:
+#   aibox up                           # start default container
+#   aibox claude                       # open Claude Code
+#   aibox claude --yolo                # skip permission prompts (sandboxed)
+#   aibox --name feat claude           # Claude Code in a second container
+#   aibox shell                        # zsh in the container
+#   aibox shell ls -la                 # run a command inline
+#   aibox down                         # stop default
+#   aibox down --all                   # stop all for this project
+
+set -euo pipefail
+
+# ── Script identity ──────────────────────────────────────────────
+SCRIPT_NAME="$(basename "$0")"
+AIBOX_VERSION="5"
+CONFIG_DIR="${HOME}/.config/aibox"
+DEFAULT_IMAGE="aibox:latest"
+CONTAINER_PREFIX="aibox"
+
+# ── Machine-aware Colima start ───────────────────────────────────
+_colima_start() {
+  local total_cpu total_mem_gb vm_cpu vm_mem vm_disk
+
+  # Detect machine resources
+  if [[ "$(uname)" == "Darwin" ]]; then
+    total_cpu=$(sysctl -n hw.ncpu 2>/dev/null || echo 4)
+    total_mem_gb=$(( $(sysctl -n hw.memsize 2>/dev/null || echo 8589934592) / 1073741824 ))
+  else
+    total_cpu=$(nproc 2>/dev/null || echo 4)
+    total_mem_gb=$(( $(grep MemTotal /proc/meminfo 2>/dev/null | awk '{print $2}' || echo 8388608) / 1048576 ))
+  fi
+
+  # Allocate half CPU (min 2, max 4), half RAM (min 4GB, max 8GB), 100GB disk
+  vm_cpu=$(( total_cpu / 2 ))
+  [[ $vm_cpu -lt 2 ]] && vm_cpu=2
+  [[ $vm_cpu -gt 4 ]] && vm_cpu=4
+  vm_mem=$(( total_mem_gb / 2 ))
+  [[ $vm_mem -lt 4 ]] && vm_mem=4
+  [[ $vm_mem -gt 8 ]] && vm_mem=8
+  vm_disk=100
+
+  echo "Detected: ${total_cpu} CPUs, ${total_mem_gb}GB RAM"
+  echo "Colima VM: ${vm_cpu} CPUs, ${vm_mem}GB RAM, ${vm_disk}GB disk"
+
+  # Try Apple Virtualization framework first (fast), fall back to QEMU
+  colima start \
+    --cpu "$vm_cpu" --memory "$vm_mem" --disk "$vm_disk" \
+    --vm-type vz --vz-rosetta 2>/dev/null \
+  || colima start \
+    --cpu "$vm_cpu" --memory "$vm_mem" --disk "$vm_disk"
+}
+
+# ── Dependency check ─────────────────────────────────────────────
+_check_deps() {
+  local missing=()
+
+  command -v docker &>/dev/null || missing+=("docker")
+  command -v docker-compose &>/dev/null || docker compose version &>/dev/null 2>&1 || missing+=("docker-compose")
+
+  if [[ ${#missing[@]} -eq 0 ]]; then
+    # Docker CLI exists — check if daemon is reachable
+    if ! docker info &>/dev/null 2>&1; then
+      if command -v colima &>/dev/null; then
+        echo "Docker daemon not running. Starting Colima..."
+        _colima_start
+      elif [[ -d "/Applications/OrbStack.app" ]]; then
+        echo "Docker daemon not running. Starting OrbStack..."
+        open -a OrbStack
+        local i=0
+        while ! docker info &>/dev/null 2>&1 && [[ $i -lt 30 ]]; do
+          sleep 1
+          i=$((i + 1))
+        done
+        if ! docker info &>/dev/null 2>&1; then
+          echo "OrbStack started but Docker daemon not ready. Try again in a moment." >&2
+          exit 1
+        fi
+      elif [[ -d "/Applications/Docker.app" ]]; then
+        echo "Docker daemon not running. Starting Docker Desktop..."
+        open -a Docker
+        local i=0
+        while ! docker info &>/dev/null 2>&1 && [[ $i -lt 60 ]]; do
+          sleep 1
+          i=$((i + 1))
+        done
+        if ! docker info &>/dev/null 2>&1; then
+          echo "Docker Desktop started but daemon not ready. Try again in a moment." >&2
+          exit 1
+        fi
+      else
+        echo "Docker daemon not running. Install Docker Desktop, Colima, or OrbStack." >&2
+        exit 1
+      fi
+    fi
+    return
+  fi
+
+  # Something is missing — offer to install
+  if ! command -v brew &>/dev/null; then
+    echo "Homebrew is required to install Docker dependencies."
+    echo "Will run: /bin/bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\""
+    echo ""
+    if _confirm_yes "Install Homebrew?"; then
+      /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+      if [[ -f /opt/homebrew/bin/brew ]]; then
+        eval "$(/opt/homebrew/bin/brew shellenv)"
+      elif [[ -f /usr/local/bin/brew ]]; then
+        eval "$(/usr/local/bin/brew shellenv)"
+      fi
+      if ! command -v brew &>/dev/null; then
+        echo "Homebrew installed but not in PATH. Open a new terminal and re-run ${SCRIPT_NAME}." >&2
+        exit 1
+      fi
+    else
+      echo "Aborted. Install Homebrew (https://brew.sh) then re-run ${SCRIPT_NAME}." >&2
+      exit 1
+    fi
+  fi
+
+  echo "Missing dependencies: ${missing[*]}"
+  echo "Will install via Homebrew: colima docker docker-compose docker-buildx"
+  echo ""
+  if _confirm_yes "Install now?"; then
+    brew install colima docker docker-compose docker-buildx
+
+    mkdir -p ~/.docker/cli-plugins
+    ln -sfn "$(brew --prefix)/opt/docker-compose/bin/docker-compose" ~/.docker/cli-plugins/docker-compose
+
+    echo ""
+    echo "Starting Colima..."
+    _colima_start
+    echo "Docker is ready."
+  else
+    echo "Aborted. Install manually:" >&2
+    echo "  brew install colima docker docker-compose docker-buildx" >&2
+    exit 1
+  fi
+}
+
+# ── Parse global flags ───────────────────────────────────────────
+IMAGE="$DEFAULT_IMAGE"
+SHARED_MODULES=false
+INSTANCE_NAME=""
+DOWN_ALL=false
+DOWN_CLEAN=false
+SKIP_PERMISSIONS=false
+SAFE_MODE=false
+ISOLATION=""
+POSITIONAL=()
+
+parse_flags() {
+  while [[ $# -gt 0 ]]; do
+    case "$1" in
+      --image)
+        IMAGE="${2:?'--image requires a value'}"
+        shift 2
+        ;;
+      --name)
+        INSTANCE_NAME="${2:?'--name requires a value'}"
+        shift 2
+        ;;
+      --shared-modules)
+        SHARED_MODULES=true
+        shift
+        ;;
+      --copy)
+        [[ -n "$ISOLATION" ]] && { echo "Error: --copy and --worktree are mutually exclusive" >&2; exit 1; }
+        ISOLATION="copy"
+        shift
+        ;;
+      --worktree)
+        [[ -n "$ISOLATION" ]] && { echo "Error: --copy and --worktree are mutually exclusive" >&2; exit 1; }
+        ISOLATION="worktree"
+        shift
+        ;;
+      --all)
+        DOWN_ALL=true
+        shift
+        ;;
+      --clean)
+        DOWN_CLEAN=true
+        shift
+        ;;
+      --yolo)
+        SKIP_PERMISSIONS=true
+        shift
+        ;;
+      --safe)
+        SAFE_MODE=true
+        shift
+        ;;
+      *)
+        POSITIONAL+=("$1")
+        shift
+        ;;
+    esac
+  done
+}
+
+parse_flags "$@"
+if [[ ${#POSITIONAL[@]} -gt 0 ]]; then
+  set -- "${POSITIONAL[@]}"
+else
+  set --
+fi
+
+# Set container mode from flags (cmd_claude may override via interactive prompt)
+if [[ "$SKIP_PERMISSIONS" == "true" ]]; then
+  export AIBOX_MODE="yolo"
+elif [[ "$SAFE_MODE" == "true" ]]; then
+  export AIBOX_MODE="safe"
+fi
+
+# ── Per-project config file (.aibox) ─────────────────────────────
+PROJECT_DIR="$(pwd)"
+PROJECT_CONF="${PROJECT_DIR}/.aibox"
+
+# ── Safety: refuse to run in dangerous directories ───────────────
+_is_safe_project_dir() {
+  local dir="$1"
+  case "$dir" in
+    "$HOME"|/|/tmp|/var|/etc|/usr|/opt|/private|/private/tmp)
+      return 1 ;;
+  esac
+  return 0
+}
+
+_require_safe_dir() {
+  if ! _is_safe_project_dir "$PROJECT_DIR"; then
+    echo "Error: refusing to run in ${PROJECT_DIR}" >&2
+    echo "Run ${SCRIPT_NAME} from inside a project directory." >&2
+    exit 1
+  fi
+}
+
+# ── Confirmation prompts ─────────────────────────────────────────
+_confirm_yes() {
+  local msg="$1" reply
+  printf "%s [Y/n] " "$msg" >&2
+  read -r reply
+  [[ ! "$reply" =~ ^[Nn]$ ]]
+}
+
+_confirm_no() {
+  local msg="$1" reply
+  printf "%s [y/N] " "$msg" >&2
+  read -r reply
+  [[ "$reply" =~ ^[Yy]$ ]]
+}
+
+# ── Project config persistence ───────────────────────────────────
+save_project_conf() {
+  cat > "$PROJECT_CONF" << EOF
+# Auto-generated by ${SCRIPT_NAME}. Safe to edit.
+IMAGE=${IMAGE}
+SHARED_MODULES=${SHARED_MODULES}
+EOF
+}
+
+load_project_conf() {
+  if [[ -f "$PROJECT_CONF" ]]; then
+    local conf_image conf_shared
+    conf_image=$(grep '^IMAGE=' "$PROJECT_CONF" | cut -d= -f2- || true)
+    conf_shared=$(grep '^SHARED_MODULES=' "$PROJECT_CONF" | cut -d= -f2- || true)
+    if [[ "$IMAGE" == "$DEFAULT_IMAGE" && -n "$conf_image" ]]; then
+      IMAGE="$conf_image"
+    fi
+    if [[ "$SHARED_MODULES" == "false" && "$conf_shared" == "true" ]]; then
+      SHARED_MODULES=true
+    fi
+  fi
+}
+
+load_project_conf
+
+# ── Validate image name ──────────────────────────────────────────
+if ! [[ "$IMAGE" =~ ^[a-zA-Z0-9._/-]+(:[a-zA-Z0-9._-]+)?$ ]]; then
+  echo "Error: invalid image name: $IMAGE" >&2
+  exit 1
+fi
+
+# ── Derived names ────────────────────────────────────────────────
+PROJECT_NAME="$(basename "$PROJECT_DIR" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9_-]/-/g')"
+PROJECT_HASH="$(printf '%s' "$PROJECT_DIR" | shasum | cut -c1-6)"
+BASE_CONTAINER_NAME="${CONTAINER_PREFIX}-${PROJECT_NAME}-${PROJECT_HASH}"
+
+if [[ -z "$INSTANCE_NAME" ]]; then
+  INSTANCE_NAME="main"
+fi
+if ! [[ "$INSTANCE_NAME" =~ ^[a-z0-9_-]+$ ]]; then
+  echo "Error: --name must be lowercase alphanumeric, dashes, underscores" >&2
+  exit 1
+fi
+CONTAINER_NAME="${BASE_CONTAINER_NAME}-${INSTANCE_NAME}"
+WORKSPACE_DIR="/${PROJECT_NAME}"
+
+# ── Isolation mode setup ─────────────────────────────────────────
+COPY_VOLUME=""
+WORKTREE_DIR=""
+
+if [[ "$ISOLATION" == "copy" ]]; then
+  COPY_VOLUME="${CONTAINER_NAME}-src"
+elif [[ "$ISOLATION" == "worktree" ]]; then
+  WORKTREE_DIR="${CONFIG_DIR}/worktrees/${CONTAINER_NAME}"
+fi
+
+# Detect isolation mode from existing container label (reconnect support)
+if [[ -z "$ISOLATION" ]]; then
+  _existing_isolation=$(docker inspect "$CONTAINER_NAME" --format '{{index .Config.Labels "aibox.isolation"}}' 2>/dev/null || echo "")
+  if [[ "$_existing_isolation" == "copy" ]]; then
+    ISOLATION="copy"
+    COPY_VOLUME="${CONTAINER_NAME}-src"
+  elif [[ "$_existing_isolation" == "worktree" ]]; then
+    ISOLATION="worktree"
+    WORKTREE_DIR="${CONFIG_DIR}/worktrees/${CONTAINER_NAME}"
+  fi
+fi
+
+# ── Dockerfile management ────────────────────────────────────────
+ensure_dockerfile() {
+  mkdir -p "$CONFIG_DIR"
+  local dockerfile="${CONFIG_DIR}/Dockerfile"
+  local version_file="${CONFIG_DIR}/version"
+  local current_version=""
+
+  # Check if Dockerfile needs regeneration
+  if [[ -f "$version_file" ]]; then
+    current_version=$(cat "$version_file")
+  fi
+
+  if [[ "$current_version" != "$AIBOX_VERSION" || ! -f "$dockerfile" ]]; then
+    if [[ -f "$dockerfile" && "$current_version" != "$AIBOX_VERSION" ]]; then
+      echo "Dockerfile outdated (v${current_version} → v${AIBOX_VERSION}). Regenerating..."
+    fi
+    cat > "$dockerfile" << DOCKERFILE
+FROM node:20-alpine
+
+LABEL aibox.version="${AIBOX_VERSION}"
+
+RUN apk add --no-cache \\
+    git \\
+    curl \\
+    ripgrep \\
+    bash \\
+    zsh \\
+    sudo \\
+    openssh-client \\
+    python3 \\
+    make \\
+    g++ \\
+    iptables \\
+    ip6tables \\
+    bind-tools \\
+    su-exec
+
+# Create non-root user (sudo configured at runtime by entrypoint based on mode)
+RUN adduser -D -s /bin/zsh aibox
+
+# Copy entrypoint (runs as root, sets up firewall + sudo, drops to aibox)
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+# Install Claude Code as aibox user via native installer
+USER aibox
+ENV PATH="/home/aibox/.local/bin:\$PATH"
+RUN curl -fsSL https://claude.ai/install.sh | bash
+
+WORKDIR /workspace
+
+# Entrypoint runs as root, then execs sleep as aibox
+USER root
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["sleep", "infinity"]
+DOCKERFILE
+
+    # Generate entrypoint script (runs as root at container start)
+    cat > "${CONFIG_DIR}/entrypoint.sh" << 'ENTRYPOINT'
+#!/bin/bash
+set -e
+
+# Fix auth volume ownership (Docker creates volumes as root)
+chown -R aibox:aibox /home/aibox/.claude 2>/dev/null || true
+
+# ── Mode-dependent setup ──────────────────────────────────────
+MODE="${AIBOX_MODE:-safe}"
+
+if [[ "$MODE" == "yolo" ]]; then
+  # YOLO: full sudo, no firewall
+  echo "aibox ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/aibox
+  echo "[aibox] Mode: yolo (full sudo, no firewall)"
+
+else
+  # SAFE: restricted sudo (chown only), firewall active
+  echo "aibox ALL=(root) NOPASSWD: /bin/chown *" > /etc/sudoers.d/aibox
+
+  # ── Firewall setup ──────────────────────────────────────────
+  ALLOWED_DOMAINS=(
+    # Claude Code / Anthropic
+    "api.anthropic.com"
+    "claude.ai"
+    "statsig.anthropic.com"
+    "statsig.com"
+    "sentry.io"
+    # npm
+    "registry.npmjs.org"
+    # GitHub
+    "github.com"
+    "api.github.com"
+    # PyPI
+    "pypi.org"
+    "files.pythonhosted.org"
+  )
+
+  # Extra domains from env var (comma-separated)
+  if [[ -n "${AIBOX_EXTRA_DOMAINS:-}" ]]; then
+    IFS=',' read -ra EXTRA <<< "$AIBOX_EXTRA_DOMAINS"
+    ALLOWED_DOMAINS+=("${EXTRA[@]}")
+  fi
+
+  echo "Configuring firewall..."
+
+  # Flush existing
+  iptables -F OUTPUT 2>/dev/null || true
+
+  # Allow loopback
+  iptables -A OUTPUT -o lo -j ACCEPT
+
+  # Allow established/related
+  iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+  # Allow DNS
+  iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+  iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+
+  # Allow SSH (git over SSH)
+  iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
+
+  # Resolve and allow each domain
+  for domain in "${ALLOWED_DOMAINS[@]}"; do
+    domain=$(echo "$domain" | xargs)
+    [[ -z "$domain" ]] && continue
+    ips=$(dig +short A "$domain" 2>/dev/null | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' || true)
+    for ip in $ips; do
+      iptables -A OUTPUT -d "$ip" -j ACCEPT
+    done
+  done
+
+  # Allow Docker host (IDE integration)
+  host_ip=$(getent hosts host.docker.internal 2>/dev/null | awk '{print $1}' || true)
+  if [[ -n "$host_ip" ]]; then
+    iptables -A OUTPUT -d "$host_ip" -j ACCEPT
+  fi
+
+  # Default deny
+  iptables -A OUTPUT -j DROP
+
+  echo "[aibox] Mode: safe (firewall active, ${#ALLOWED_DOMAINS[@]} domains allowed)"
+fi
+
+chmod 0440 /etc/sudoers.d/aibox
+
+# Drop to aibox user and exec CMD (su-exec preserves env and properly execs)
+exec su-exec aibox "$@"
+ENTRYPOINT
+    echo "$AIBOX_VERSION" > "$version_file"
+    echo "Created Dockerfile (v${AIBOX_VERSION})"
+  fi
+}
+
+# ── Isolation: copy mode ──────────────────────────────────────────
+_prepare_copy_volume() {
+  local branch_name="aibox/${INSTANCE_NAME}"
+
+  # Warn about uncommitted changes
+  if ! git -C "$PROJECT_DIR" diff --quiet 2>/dev/null || ! git -C "$PROJECT_DIR" diff --cached --quiet 2>/dev/null; then
+    echo "Warning: uncommitted changes will NOT be included in the copy."
+  fi
+
+  docker volume create "$COPY_VOLUME" >/dev/null 2>&1 || true
+
+  # Check if volume already has content (--entrypoint bypasses su-exec drop)
+  local has_content
+  has_content=$(docker run --rm --entrypoint sh -v "${COPY_VOLUME}:/${PROJECT_NAME}" "$IMAGE" -c "ls -A /${PROJECT_NAME} 2>/dev/null | head -1" 2>/dev/null || true)
+
+  if [[ -n "$has_content" ]]; then
+    echo "Copy volume already populated (${COPY_VOLUME}). Reusing."
+    return
+  fi
+
+  echo "Copying project into isolated volume (branch: ${branch_name})..."
+
+  # Create bundle to a temp file first so we can check for failure
+  local bundle_file
+  bundle_file=$(mktemp)
+  if ! git -C "$PROJECT_DIR" bundle create "$bundle_file" --all 2>/dev/null; then
+    rm -f "$bundle_file"
+    docker volume rm "$COPY_VOLUME" 2>/dev/null || true
+    echo "Error: git bundle failed. Is this a git repository with commits?" >&2
+    exit 1
+  fi
+
+  if ! cat "$bundle_file" | docker run --rm -i --entrypoint sh \
+      -v "${COPY_VOLUME}:/${PROJECT_NAME}" \
+      "$IMAGE" -c "
+        cat > /tmp/repo.bundle
+        cd /${PROJECT_NAME}
+        git clone /tmp/repo.bundle .
+        rm /tmp/repo.bundle
+        git checkout -b '${branch_name}' 2>/dev/null || git checkout '${branch_name}'
+        chown -R aibox:aibox /${PROJECT_NAME}
+      "; then
+    rm -f "$bundle_file"
+    docker volume rm "$COPY_VOLUME" 2>/dev/null || true
+    echo "Error: failed to clone into volume." >&2
+    exit 1
+  fi
+
+  rm -f "$bundle_file"
+  echo "Copied to volume ${COPY_VOLUME}"
+}
+
+# ── Isolation: worktree mode ─────────────────────────────────────
+_prepare_worktree() {
+  local branch_name="aibox/${INSTANCE_NAME}"
+
+  if [[ -d "$WORKTREE_DIR" ]]; then
+    echo "Worktree already exists (${WORKTREE_DIR}). Reusing."
+    return
+  fi
+
+  mkdir -p "${CONFIG_DIR}/worktrees"
+
+  echo "Creating worktree (branch: ${branch_name})..."
+
+  # Try creating with a new branch, fall back to existing branch
+  if git -C "$PROJECT_DIR" worktree add "$WORKTREE_DIR" -b "$branch_name" 2>/dev/null; then
+    true
+  elif git -C "$PROJECT_DIR" worktree add "$WORKTREE_DIR" "$branch_name" 2>/dev/null; then
+    true
+  else
+    echo "Error: failed to create worktree. Is this a git repository?" >&2
+    exit 1
+  fi
+
+  echo "Created worktree at ${WORKTREE_DIR}"
+}
+
+# ── Compose YAML generation ──────────────────────────────────────
+# Auth volume shared across all containers using the same base image.
+# name: field prevents docker compose from prefixing with project name.
+AUTH_VOLUME="aibox-auth-$(echo "$IMAGE" | sed 's/[^a-zA-Z0-9]/-/g')"
+
+_volumes_yaml() {
+  local indent="$1"
+  local prefix="$2"
+
+  if [[ "$ISOLATION" == "copy" ]]; then
+    echo "${indent}- ${COPY_VOLUME}:${WORKSPACE_DIR}"
+  elif [[ "$ISOLATION" == "worktree" ]]; then
+    echo "${indent}- \"${WORKTREE_DIR}:${WORKSPACE_DIR}\""
+  else
+    echo "${indent}- \"${prefix}:${WORKSPACE_DIR}\""
+  fi
+  echo "${indent}- ${AUTH_VOLUME}:/home/aibox/.claude"
+
+  # Mount host's IDE lock files so Claude Code can discover JetBrains/VS Code plugins
+  local host_ide_dir="${HOME}/.claude/ide"
+  if [[ -d "$host_ide_dir" ]]; then
+    echo "${indent}- \"${host_ide_dir}:/home/aibox/.claude/ide:ro\""
+  fi
+
+  if [[ "$SHARED_MODULES" == "false" && -z "$ISOLATION" ]]; then
+    echo "${indent}- node_modules:${WORKSPACE_DIR}/node_modules"
+  fi
+}
+
+_top_volumes_yaml() {
+  printf "volumes:\n"
+  printf "  ${AUTH_VOLUME}:\n"
+  printf "    external: true\n"
+  if [[ "$ISOLATION" == "copy" ]]; then
+    printf "  ${COPY_VOLUME}:\n"
+    printf "    external: true\n"
+  fi
+  if [[ "$SHARED_MODULES" == "false" && -z "$ISOLATION" ]]; then
+    printf "  node_modules:\n"
+  fi
+}
+
+_environment_yaml() {
+  local indent="$1"
+  echo "${indent}- ANTHROPIC_API_KEY=\${ANTHROPIC_API_KEY:-}"
+  echo "${indent}- CLAUDE_CONFIG_DIR=/home/aibox/.claude"
+  echo "${indent}- AIBOX_MODE=\${AIBOX_MODE:-safe}"
+  echo "${indent}- AIBOX_EXTRA_DOMAINS=\${AIBOX_EXTRA_DOMAINS:-}"
+}
+
+# Build -e flags for docker exec from current terminal environment
+_docker_exec() {
+  # Usage: _docker_exec container command [args...]
+  local container="$1"
+  shift
+
+  local env_args=(
+    -e "TERM=${TERM:-xterm-256color}"
+    -e "COLORTERM=${COLORTERM:-truecolor}"
+    -e "LANG=${LANG:-C.UTF-8}"
+  )
+
+  # Forward Claude Code env vars if set on host
+  local forward_vars=(
+    ANTHROPIC_MODEL
+    ANTHROPIC_BASE_URL
+    CLAUDE_CODE_USE_BEDROCK
+    CLAUDE_CODE_USE_VERTEX
+    CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC
+  )
+  for var in "${forward_vars[@]}"; do
+    [[ -n "${!var:-}" ]] && env_args+=(-e "$var=${!var}")
+  done
+
+  # Forward JetBrains / VS Code IDE integration env vars
+  if [[ "${ENABLE_IDE_INTEGRATION:-}" == "true" ]]; then
+    env_args+=(-e "ENABLE_IDE_INTEGRATION=true")
+    env_args+=(-e "TERMINAL_EMULATOR=${TERMINAL_EMULATOR:-}")
+    [[ -n "${CLAUDE_CODE_SSE_PORT:-}" ]] && env_args+=(-e "CLAUDE_CODE_SSE_PORT=${CLAUDE_CODE_SSE_PORT}")
+    [[ -n "${TERM_SESSION_ID:-}" ]] && env_args+=(-e "TERM_SESSION_ID=${TERM_SESSION_ID}")
+    env_args+=(-e "CLAUDE_CODE_IDE_HOST_OVERRIDE=host.docker.internal")
+  fi
+
+  docker exec -it -u aibox "${env_args[@]}" "$container" "$@"
+}
+
+_labels_yaml() {
+  local indent="$1"
+  echo "${indent}aibox.project: \"${PROJECT_NAME}\""
+  echo "${indent}aibox.path: \"${PROJECT_DIR}\""
+  echo "${indent}aibox.instance: \"${INSTANCE_NAME}\""
+  echo "${indent}aibox.isolation: \"${ISOLATION}\""
+}
+
+generate_compose() {
+  cat << YAML
+name: "${CONTAINER_NAME}"
+services:
+  dev:
+    image: ${IMAGE}
+    container_name: ${CONTAINER_NAME}
+    cap_add:
+      - NET_ADMIN
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    labels:
+$(_labels_yaml "      ")
+    volumes:
+$(_volumes_yaml "      " "$PROJECT_DIR")
+    working_dir: ${WORKSPACE_DIR}
+    environment:
+$(_environment_yaml "      ")
+    stdin_open: true
+    tty: true
+$(_top_volumes_yaml)
+YAML
+}
+
+write_project_compose() {
+  local target="${PROJECT_DIR}/compose.dev.yaml"
+
+  cat > "$target" << YAML
+# Generated by ${SCRIPT_NAME} — point WebStorm Node.js interpreter here.
+# Settings → Node.js → Docker Compose → this file → service: dev
+name: "${CONTAINER_NAME}"
+services:
+  dev:
+    image: ${IMAGE}
+    container_name: ${CONTAINER_NAME}
+    cap_add:
+      - NET_ADMIN
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    labels:
+$(_labels_yaml "      ")
+    volumes:
+$(_volumes_yaml "      " ".")
+    working_dir: ${WORKSPACE_DIR}
+    environment:
+$(_environment_yaml "      ")
+    stdin_open: true
+    tty: true
+$(_top_volumes_yaml)
+YAML
+  echo "Created ${target}"
+}
+
+# ── WebStorm .idea/workspace.xml ─────────────────────────────────
+_sed_inplace() {
+  if sed --version 2>/dev/null | grep -q 'GNU'; then
+    sed -i "$@"
+  else
+    sed -i '' "$@"
+  fi
+}
+
+configure_webstorm() {
+  local idea_dir="${PROJECT_DIR}/.idea"
+  local ws_file="${idea_dir}/workspace.xml"
+  local compose_path="${PROJECT_DIR}/compose.dev.yaml"
+  local interpreter_value="docker-compose://[${compose_path}]:dev//usr/local/bin/node"
+
+  mkdir -p "$idea_dir"
+
+  if [[ -f "$ws_file" ]]; then
+    if grep -q '"nodejs_interpreter_path"' "$ws_file"; then
+      _sed_inplace "s|\"nodejs_interpreter_path\": \"[^\"]*\"|\"nodejs_interpreter_path\": \"${interpreter_value}\"|" "$ws_file"
+      echo "Updated nodejs_interpreter_path in .idea/workspace.xml"
+    elif grep -q '"keyToString"' "$ws_file"; then
+      local tmpfile
+      tmpfile=$(mktemp)
+      awk -v interp="$interpreter_value" '
+        /"keyToString": \{/ {
+          print
+          print "    \"nodejs_interpreter_path\": \"" interp "\","
+          print "    \"nodejs_package_manager_path\": \"npm\","
+          print "    \"javascript.preferred.runtime.type.id\": \"node\","
+          print "    \"credentialsType com.jetbrains.nodejs.remote.NodeJSCreateRemoteSdkForm\": \"Docker Compose\","
+          next
+        }
+        { print }
+      ' "$ws_file" > "$tmpfile"
+      mv "$tmpfile" "$ws_file"
+      echo "Injected Node.js Docker Compose config into .idea/workspace.xml"
+    else
+      echo "Warning: workspace.xml has unexpected format. Configure manually:"
+      echo "  Settings → Node.js → Docker Compose → compose.dev.yaml → service: dev"
+    fi
+  else
+    cat > "$ws_file" << WSXML
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "nodejs_interpreter_path": "${interpreter_value}",
+    "nodejs_package_manager_path": "npm",
+    "javascript.preferred.runtime.type.id": "node",
+    "credentialsType com.jetbrains.nodejs.remote.NodeJSCreateRemoteSdkForm": "Docker Compose"
+  }
+}]]></component>
+</project>
+WSXML
+    echo "Created .idea/workspace.xml with Docker Compose Node.js runtime"
+  fi
+}
+
+# ── Docker Compose wrapper ───────────────────────────────────────
+dc() {
+  generate_compose | docker compose \
+    -f - \
+    --project-directory "$PROJECT_DIR" \
+    "$@"
+}
+
+# ── Commands ─────────────────────────────────────────────────────
+
+cmd_build() {
+  _check_deps
+  ensure_dockerfile
+  echo "Building ${IMAGE}..."
+  docker build -t "$IMAGE" "$CONFIG_DIR"
+  echo "Done. Image: ${IMAGE}"
+}
+
+ensure_init() {
+  if [[ ! -f "${PROJECT_DIR}/compose.dev.yaml" ]]; then
+    _require_safe_dir
+    echo "No ${SCRIPT_NAME} config found. Will create compose.dev.yaml, .aibox, and .idea/workspace.xml."
+    if _confirm_yes "Initialize?"; then
+      _init_files
+      echo ""
+    else
+      echo "Aborted. Run '${SCRIPT_NAME} init' manually when ready." >&2
+      exit 1
+    fi
+  fi
+}
+
+cmd_up() {
+  _check_deps
+  ensure_init
+
+  if ! docker image inspect "$IMAGE" &>/dev/null; then
+    echo "Image '${IMAGE}' not found. Building..."
+    cmd_build
+  else
+    # Check if image version matches script version
+    local img_version
+    img_version=$(docker inspect "$IMAGE" --format '{{index .Config.Labels "aibox.version"}}' 2>/dev/null || echo "")
+    if [[ "$img_version" != "$AIBOX_VERSION" ]]; then
+      echo "Image outdated (v${img_version:-0} → v${AIBOX_VERSION}). Rebuilding..."
+      cmd_build
+    fi
+  fi
+
+  # Prepare isolation volumes/worktrees if needed
+  if [[ "$ISOLATION" == "copy" ]]; then
+    _prepare_copy_volume
+  elif [[ "$ISOLATION" == "worktree" ]]; then
+    _prepare_worktree
+  fi
+
+  if ! docker ps --format '{{.Names}}' | grep -Fxq "$CONTAINER_NAME"; then
+    # Ensure shared auth volume exists (external: true requires it)
+    docker volume create "$AUTH_VOLUME" &>/dev/null || true
+    echo "Starting ${CONTAINER_NAME} (image: ${IMAGE})..."
+    dc up -d
+    echo "Container running. Workspace: ${WORKSPACE_DIR}"
+  else
+    echo "${CONTAINER_NAME} is already running."
+  fi
+}
+
+cmd_claude() {
+  local skip=false
+  local firewall=true
+
+  if [[ "$SKIP_PERMISSIONS" == "true" ]]; then
+    # --yolo: everything loose
+    skip=true
+    firewall=false
+    export AIBOX_MODE="yolo"
+  elif [[ "$SAFE_MODE" == "true" ]]; then
+    # --safe: everything locked
+    skip=false
+    firewall=true
+    export AIBOX_MODE="safe"
+  else
+    # No flag: ask about each setting
+    echo ""
+    echo "Container settings (per-session, not saved):"
+    echo ""
+
+    if _confirm_yes "Skip Claude Code permission prompts? (container is sandboxed)"; then
+      skip=true
+    fi
+
+    if _confirm_yes "Enable network firewall? (blocks all except Claude API, npm, GitHub, PyPI)"; then
+      firewall=true
+    else
+      firewall=false
+    fi
+
+    if [[ "$firewall" == "true" ]]; then
+      export AIBOX_MODE="safe"
+    else
+      export AIBOX_MODE="yolo"
+    fi
+
+    echo ""
+  fi
+
+  # If container is running in a different mode, restart it
+  if docker ps --format '{{.Names}}' | grep -Fxq "$CONTAINER_NAME"; then
+    local current_mode
+    current_mode=$(docker exec "$CONTAINER_NAME" sh -c 'echo ${AIBOX_MODE:-safe}' 2>/dev/null || echo "unknown")
+    if [[ "$current_mode" != "$AIBOX_MODE" ]]; then
+      echo "Restarting container in ${AIBOX_MODE} mode (was: ${current_mode})..."
+      dc down --remove-orphans >/dev/null
+    fi
+  fi
+
+  cmd_up
+
+  if [[ "$skip" == "true" ]]; then
+    _docker_exec "$CONTAINER_NAME" claude --dangerously-skip-permissions
+  else
+    _docker_exec "$CONTAINER_NAME" claude
+  fi
+}
+
+cmd_shell() {
+  if ! docker ps --format '{{.Names}}' 2>/dev/null | grep -Fxq "$CONTAINER_NAME"; then
+    cmd_up
+  fi
+
+  shift  # remove "shell" from args
+  if [[ $# -gt 0 ]]; then
+    # Inline command: aibox shell echo hello
+    _docker_exec "$CONTAINER_NAME" zsh -c "$*"
+  else
+    _docker_exec "$CONTAINER_NAME" zsh
+  fi
+}
+
+cmd_down() {
+  if [[ "$DOWN_ALL" == "true" ]]; then
+    local project_containers
+    project_containers=$(docker ps -a --format '{{.Names}}' | grep -F "$BASE_CONTAINER_NAME") || true
+    if [[ -n "$project_containers" ]]; then
+      echo "Will remove all containers for ${PROJECT_NAME}:"
+      echo "$project_containers" | sed 's/^/  /'
+      echo ""
+      if _confirm_no "Remove all?"; then
+        echo "$project_containers" | xargs docker rm -f
+        echo "Removed all containers for ${PROJECT_NAME}"
+        if [[ "$DOWN_CLEAN" == "true" ]]; then
+          # Clean up copy volumes and worktrees for removed containers
+          while IFS= read -r cname; do
+            docker volume rm "${cname}-src" 2>/dev/null && echo "Removed copy volume ${cname}-src" || true
+            local wt="${CONFIG_DIR}/worktrees/${cname}"
+            if [[ -d "$wt" ]]; then
+              git -C "$PROJECT_DIR" worktree remove "$wt" 2>/dev/null && echo "Removed worktree ${wt}" || true
+            fi
+          done <<< "$project_containers"
+        else
+          # Check if any had isolation resources
+          local has_isolation=false
+          while IFS= read -r cname; do
+            if docker volume inspect "${cname}-src" &>/dev/null || [[ -d "${CONFIG_DIR}/worktrees/${cname}" ]]; then
+              has_isolation=true
+              break
+            fi
+          done <<< "$project_containers"
+          if [[ "$has_isolation" == "true" ]]; then
+            echo "Note: copy volumes / worktrees kept. Use --clean to remove."
+          fi
+        fi
+      else
+        echo "Aborted."
+      fi
+    else
+      echo "No containers found for ${PROJECT_NAME}"
+    fi
+  else
+    if docker ps -a --format '{{.Names}}' | grep -Fxq "$CONTAINER_NAME"; then
+      dc down --remove-orphans
+      echo "Removed ${CONTAINER_NAME}"
+    else
+      echo "No container found: ${CONTAINER_NAME}"
+    fi
+    # Clean up isolation resources (works even if container is already gone)
+    if [[ "$DOWN_CLEAN" == "true" ]]; then
+      if [[ -n "$COPY_VOLUME" ]]; then
+        docker volume rm "$COPY_VOLUME" 2>/dev/null && echo "Removed copy volume ${COPY_VOLUME}" || true
+      fi
+      if [[ -n "$WORKTREE_DIR" && -d "$WORKTREE_DIR" ]]; then
+        git -C "$PROJECT_DIR" worktree remove "$WORKTREE_DIR" 2>/dev/null && echo "Removed worktree ${WORKTREE_DIR}" || true
+      fi
+    elif [[ "$ISOLATION" == "copy" && -n "$COPY_VOLUME" ]] && docker volume inspect "$COPY_VOLUME" &>/dev/null; then
+      echo "Copy volume kept: ${COPY_VOLUME} (use --clean to remove)"
+    elif [[ "$ISOLATION" == "worktree" && -n "$WORKTREE_DIR" && -d "$WORKTREE_DIR" ]]; then
+      echo "Worktree kept: ${WORKTREE_DIR} (use --clean to remove)"
+    fi
+  fi
+}
+
+cmd_status() {
+  local containers
+  containers=$(docker ps -a --filter "name=${CONTAINER_PREFIX}-" -q) || true
+
+  if [[ -z "$containers" ]]; then
+    echo "No ${SCRIPT_NAME} containers found."
+    return
+  fi
+
+  printf "%-30s %-10s %-10s %-6s %-8s %s\n" "CONTAINER" "INSTANCE" "ISOLATION" "MODE" "STATUS" "PROJECT PATH"
+  printf "%-30s %-10s %-10s %-6s %-8s %s\n" "---------" "--------" "---------" "----" "------" "------------"
+
+  docker ps -a \
+    --filter "name=${CONTAINER_PREFIX}-" \
+    --format '{{.Names}}' \
+  | while IFS= read -r name; do
+    local instance isolation mode state path
+    instance=$(docker inspect "$name" --format '{{index .Config.Labels "aibox.instance"}}' 2>/dev/null || echo "")
+    isolation=$(docker inspect "$name" --format '{{index .Config.Labels "aibox.isolation"}}' 2>/dev/null || echo "")
+    state=$(docker inspect "$name" --format '{{.State.Status}}' 2>/dev/null || echo "")
+    path=$(docker inspect "$name" --format '{{index .Config.Labels "aibox.path"}}' 2>/dev/null || echo "")
+    # Extract AIBOX_MODE from container env
+    mode=$(docker inspect "$name" --format '{{range .Config.Env}}{{println .}}{{end}}' 2>/dev/null | grep '^AIBOX_MODE=' | cut -d= -f2- || echo "")
+    [[ -z "$instance" ]] && instance="-"
+    [[ -z "$isolation" ]] && isolation="-"
+    [[ -z "$mode" ]] && mode="-"
+    [[ -z "$path" ]] && path="-"
+    printf "%-30s %-10s %-10s %-6s %-8s %s\n" "$name" "$instance" "$isolation" "$mode" "$state" "$path"
+  done
+}
+
+cmd_nuke() {
+  local containers
+  containers=$(docker ps -a --filter "name=${CONTAINER_PREFIX}-" -q) || true
+  if [[ -n "$containers" ]]; then
+    echo "This will remove ALL ${SCRIPT_NAME} containers across ALL projects:"
+    docker ps -a --filter "name=${CONTAINER_PREFIX}-" --format "  {{.Names}}  ({{.Status}})"
+    echo ""
+    if _confirm_no "Remove all?"; then
+      docker ps -a --filter "name=${CONTAINER_PREFIX}-" -q | xargs docker rm -f
+      echo "All containers removed."
+    else
+      echo "Aborted."
+    fi
+  else
+    echo "No ${SCRIPT_NAME} containers found."
+  fi
+}
+
+cmd_volumes() {
+  # List copy volumes
+  local volumes
+  volumes=$(docker volume ls --format '{{.Name}}' | grep -F "${CONTAINER_PREFIX}-" | grep -- '-src$') || true
+
+  # List worktree dirs
+  local worktree_dir="${CONFIG_DIR}/worktrees"
+  local worktrees=""
+  if [[ -d "$worktree_dir" ]]; then
+    worktrees=$(ls -1 "$worktree_dir" 2>/dev/null) || true
+  fi
+
+  if [[ -z "$volumes" && -z "$worktrees" ]]; then
+    echo "No isolation volumes or worktrees found."
+    return
+  fi
+
+  printf "%-50s %-10s %-8s %s\n" "NAME" "TYPE" "STATUS" "CREATED"
+  printf "%-50s %-10s %-8s %s\n" "----" "----" "------" "-------"
+
+  if [[ -n "$volumes" ]]; then
+    while IFS= read -r vol; do
+      local status="orphan"
+      local container_name="${vol%-src}"
+      if docker ps -a --format '{{.Names}}' | grep -Fxq "$container_name" 2>/dev/null; then
+        status="in use"
+      fi
+      local created
+      created=$(docker volume inspect "$vol" --format '{{.CreatedAt}}' 2>/dev/null | cut -d' ' -f1 || echo "-")
+      printf "%-50s %-10s %-8s %s\n" "$vol" "copy" "$status" "$created"
+    done <<< "$volumes"
+  fi
+
+  if [[ -n "$worktrees" ]]; then
+    while IFS= read -r wt; do
+      local status="orphan"
+      if docker ps -a --format '{{.Names}}' | grep -Fxq "$wt" 2>/dev/null; then
+        status="in use"
+      fi
+      local wt_path="${worktree_dir}/${wt}"
+      printf "%-50s %-10s %-8s %s\n" "$wt_path" "worktree" "$status" "-"
+    done <<< "$worktrees"
+  fi
+}
+
+_init_files() {
+  write_project_compose
+  save_project_conf
+  configure_webstorm
+
+  local gitignore="${PROJECT_DIR}/.gitignore"
+  local entries=("compose.dev.yaml" ".aibox" ".idea/workspace.xml")
+  for entry in "${entries[@]}"; do
+    if [[ -f "$gitignore" ]]; then
+      grep -qxF "$entry" "$gitignore" || echo "$entry" >> "$gitignore"
+    else
+      echo "$entry" >> "$gitignore"
+    fi
+  done
+  echo "Updated .gitignore"
+
+  echo ""
+  echo "Done! Open this project in WebStorm — Node.js runtime is configured."
+  echo "  ${SCRIPT_NAME} up       Start the container"
+  echo "  ${SCRIPT_NAME} claude   Open Claude Code"
+  echo "  ${SCRIPT_NAME} shell    Open a shell"
+}
+
+cmd_init() {
+  _require_safe_dir
+
+  echo "Will create/update in ${PROJECT_DIR}:"
+  echo "  compose.dev.yaml, .aibox, .idea/workspace.xml, .gitignore"
+  echo ""
+
+  if ! _confirm_yes "Proceed?"; then
+    echo "Aborted."
+    exit 0
+  fi
+
+  _init_files
+}
+
+cmd_help() {
+  awk '/^# aibox/,/^[^#]/{if(/^#/) print}' "$0" | sed 's/^# \{0,1\}//'
+  echo "Version: ${AIBOX_VERSION}"
+}
+
+cmd_version() {
+  echo "aibox v${AIBOX_VERSION}"
+}
+
+# ── Main ─────────────────────────────────────────────────────────
+case "${1:-help}" in
+  up)       cmd_up ;;
+  claude)   cmd_claude ;;
+  shell)    cmd_shell "$@" ;;
+  down)     cmd_down ;;
+  status)   cmd_status ;;
+  volumes)  cmd_volumes ;;
+  nuke)     cmd_nuke ;;
+  build)    cmd_build ;;
+  init)     cmd_init ;;
+  help|-h)         cmd_help ;;
+  version|-v|--version) cmd_version ;;
+  *)
+    echo "Unknown command: $1"
+    cmd_help
+    exit 1
+    ;;
+esac

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "aibox-cli",
+  "version": "0.1.0",
+  "description": "Run AI coding agents in isolated Docker containers",
+  "author": "repalash <palash@shaders.app>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/blitzdotdev/aibox.git"
+  },
+  "homepage": "https://github.com/blitzdotdev/aibox",
+  "bugs": {
+    "url": "https://github.com/blitzdotdev/aibox/issues"
+  },
+  "keywords": [
+    "ai",
+    "docker",
+    "sandbox",
+    "claude",
+    "coding-agent",
+    "devtools",
+    "cli"
+  ],
+  "bin": {
+    "aibox": "./bin/aibox"
+  },
+  "files": [
+    "bin/aibox",
+    "README.md",
+    "LICENSE"
+  ],
+  "os": [
+    "darwin",
+    "linux"
+  ],
+  "engines": {
+    "node": ">=18"
+  }
+}