rabano 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Asaf Ratzon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,181 @@
+# Secure AI Dev Environment — Template
+
+A reusable, hardened development container template for Next.js projects with AI coding assistants (Claude, Kilo, OpenCode).
+
+## How It Works
+
+Your code and VSCodium stay on your host machine as normal. The AI tools and all development activity run inside an isolated Docker container, connected to your terminal via SSH.
+
+**DevPod** is the glue — it reads the `.rabano/` configuration, builds the Docker image, manages the container lifecycle, and sets up the SSH tunnel so your terminal session lands inside the container automatically.
+
+```
+Host machine
+├── VSCodium          → edits files normally (bind-mounted from container)
+├── terminal          → SSH'd into container via DevPod
+│   ├── claude        → AI tools run here, isolated
+│   ├── kilo
+│   └── opencode
+└── git push/pull     → only possible from host, blocked inside container
+```
+
+`./ai.sh` is the single entry point — it lets you start or stop the container.
+
+---
+
+## Repository Structure
+
+```
+.
+├── .rabano/
+│   ├── .env                # API keys — fill in before first start
+│   ├── Dockerfile          # Image: Node 22, AI tools, git protocol block
+│   ├── devcontainer.json   # Dev container config: mounts, startup hook
+│   ├── post-start.mjs      # Security checks + readiness output on every start
+│   └── README.md           # Security model details
+├── scripts/                # rabano logic — not copied to user projects
+│   ├── dev.ts
+│   ├── stop.ts
+│   ├── reset.ts
+│   ├── doctor.ts
+│   └── onboard.ts
+├── templates/              # Copied into user's .rabano/ during onboarding
+│   ├── Dockerfile
+│   ├── devcontainer.json
+│   ├── post-start.mjs
+│   └── env
+├── .gitignore
+├── ai.sh                   # Entry point — run from your project directory
+└── README.md               # This file
+```
+
+---
+
+## Prerequisites
+
+- [Docker Desktop](https://www.docker.com/products/docker-desktop/)
+- [VSCodium](https://vscodium.com/)
+- [DevPod CLI](https://devpod.sh/docs/getting-started/install)
+
+### One-time DevPod setup
+
+After installing the DevPod CLI, register Docker as the backend provider:
+
+```bash
+devpod provider add docker
+```
+
+This only needs to be done once per machine.
+
+---
+
+## Quick Start
+
+### 1. Fill in your API keys
+
+Edit `.rabano/.env`:
+
+```bash
+ANTHROPIC_API_KEY=sk-ant-...
+KILO_API_KEY=your-kilo-key-here
+```
+
+### 2. Start the container
+
+```bash
+./ai.sh
+```
+
+Select **Start session**. First run builds the image (a few minutes). Subsequent starts are fast.
+
+### 3. Verify startup
+
+Security checks run automatically on every start. Re-run anytime from inside the container:
+
+```bash
+status
+```
+
+### 4. Stop the container
+
+```bash
+./ai.sh
+```
+
+Select **Stop all**.
+
+---
+
+## Container Management
+
+| Command           | Description                                  |
+| ----------------- | -------------------------------------------- |
+| `./ai.sh`         | Start, stop, or reset the container          |
+| `./ai.sh` → Reset | Wipe all workspaces + images and start fresh |
+| `devpod list`     | List active workspaces                       |
+
+---
+
+## AI Tools
+
+Run inside the container terminal:
+
+```bash
+claude      # Claude Code (Anthropic)
+kilo        # Kilo AI
+opencode    # OpenCode
+status      # Re-run security + readiness check
+```
+
+---
+
+## Security Model
+
+| Control                  | Implementation                                                                                    |
+| ------------------------ | ------------------------------------------------------------------------------------------------- |
+| Non-root user            | All processes run as `devuser` (uid 1001)                                                         |
+| Filesystem isolation     | Only the repo is mounted — host is not visible                                                    |
+| Git remote block         | `protocol.allow never` in `/etc/gitconfig` — enforced at the git layer, requires root to override |
+| No credentials forwarded | `gitCredentialHelperConfigLocation: none` in devcontainer.json                                    |
+| No privilege escalation  | `no-new-privileges:true` security opt                                                             |
+| Secrets never in image   | API keys injected at runtime via `.env` only                                                      |
+
+Remote git operations are blocked inside the container. Push from your host terminal instead.
+
+See `.rabano/README.md` for full details.
+
+---
+
+## Git Workflow
+
+```bash
+# Inside container — local operations ✅
+git add .
+git commit -m "message"
+git log / diff / branch
+
+# Remote operations — host terminal only 🚫 blocked inside container
+git push / pull / fetch
+```
+
+---
+
+## Using This Template
+
+When using rabano in a real project, run `ai.sh` from your project directory — the onboarding flow will create `.rabano/` automatically. You do not need to copy `scripts/` — those stay with the rabano package.
+
+---
+
+## Troubleshooting
+
+**Container fails to start** — the startup check prints exactly which check failed and why.
+
+**API key warnings** — check `.rabano/.env` has the correct variable names, then run `devpod up . --recreate`.
+
+**AI tool not found** — rebuild with `devpod up . --recreate`. Do not install tools manually inside a running container as changes won't persist.
+
+## Personal notes to review with claude:
+
+- update readme: IDE should not be pre-requiste.
+- ensure container prefix is more unique? boxa
+- add to backlog: fix onboarding - it currently fails (temp-test dir on host machine)
+- update all docs/package.json description to be more related to boxa (Cage for agent.. rather then previous 'box' terminology).

package/ai.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+# =============================================================================
+# ai.sh — rabano entry point
+# Run this from your project directory (or via npx rabano).
+# =============================================================================
+
+set -euo pipefail
+
+# ─── Guard: inside container ─────────────────────────────────────────────────
+if [ "$(whoami)" = "devuser" ]; then
+  echo ""
+  echo "  You are running rabano from inside the dev container."
+  echo "  Open a terminal on your host machine and run:"
+  echo ""
+  echo "    rabano  (or ./path/to/ai.sh from your project directory)"
+  echo ""
+  exit 1
+fi
+
+# ─── Paths ───────────────────────────────────────────────────────────────────
+PACKAGE_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || true)"
+
+if [ -z "$REPO_ROOT" ]; then
+  echo ""
+  echo "  No git repository found."
+  echo ""
+  echo "  rabano requires a git repository. Run 'git init' first, then re-run rabano."
+  echo ""
+  exit 1
+fi
+
+export RABANO_PACKAGE_DIR="$PACKAGE_DIR"
+export RABANO_REPO_ROOT="$REPO_ROOT"
+
+# ─── Node.js check ──────────────────────────────────────────────────────────
+if ! command -v node &>/dev/null; then
+  echo ""
+  echo "  Node.js is required to run rabano."
+  echo "  Install it from https://nodejs.org/ (v18+)"
+  echo ""
+  exit 1
+fi
+
+# ─── Auto-install dependencies (dev flow — npx handles this automatically) ──
+if [ ! -d "$PACKAGE_DIR/node_modules" ]; then
+  echo "  Installing rabano dependencies..."
+  (cd "$PACKAGE_DIR" && pnpm install --silent 2>/dev/null)
+fi
+
+# ─── Onboarding ──────────────────────────────────────────────────────────────
+if [ ! -f "$REPO_ROOT/.rabano/devcontainer.json" ]; then
+  node --import tsx/esm "$PACKAGE_DIR/scripts/onboard.ts"
+  if [ ! -f "$REPO_ROOT/.rabano/devcontainer.json" ]; then
+    exit 0
+  fi
+fi
+
+# ─── Doctor (silent pre-check) ───────────────────────────────────────────────
+if ! node --import tsx/esm "$PACKAGE_DIR/scripts/doctor.ts"; then
+  echo "  Fix the issues above and re-run rabano."
+  echo ""
+  exit 1
+fi
+
+# ─── Gather state for menu ──────────────────────────────────────────────────
+PROJECT_NAME="$(basename "$REPO_ROOT")"
+WORKSPACE_NAME="rabano-$PROJECT_NAME"
+
+ACTIVE_COUNT=$(docker ps --filter "name=rabano-" --format "{{.Names}}" 2>/dev/null | wc -l | tr -d '[:space:]')
+
+HAS_KEY=false
+if [ -f "$REPO_ROOT/.rabano/.env" ]; then
+  while IFS='=' read -r key value; do
+    [[ "$key" =~ ^[[:space:]]*# ]] && continue
+    [[ -z "$key" ]] && continue
+    value="$(echo "$value" | tr -d '[:space:]')"
+    if [ -n "$value" ]; then HAS_KEY=true; break; fi
+  done < "$REPO_ROOT/.rabano/.env"
+fi
+
+# ─── Interactive menu (clack) ────────────────────────────────────────────────
+# stdout → /dev/tty (clack UI displayed on terminal)
+# stderr → captured (selected action string)
+set +e
+action=$(node --import tsx/esm "$PACKAGE_DIR/scripts/menu.ts" "$PROJECT_NAME" "$ACTIVE_COUNT" "$HAS_KEY" 2>&1 >/dev/tty)
+set -e
+
+# ─── Execute selection ───────────────────────────────────────────────────────
+case "$action" in
+  dev)     node --import tsx/esm "$PACKAGE_DIR/scripts/dev.ts" ;;
+  stop)    node --import tsx/esm "$PACKAGE_DIR/scripts/stop.ts" ;;
+  reset)   node --import tsx/esm "$PACKAGE_DIR/scripts/reset.ts" ;;
+  doctor)  node --import tsx/esm "$PACKAGE_DIR/scripts/doctor.ts" --verbose ;;
+  quit|*)  exit 0 ;;
+esac

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "rabano",
+  "version": "0.1.0",
+  "description": "Secure AI Box — isolated dev environments for AI coding assistants",
+  "type": "module",
+  "bin": {
+    "rabano": "./ai.sh"
+  },
+  "dependencies": {
+    "@clack/prompts": "^1.1.0"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^2.4.6",
+    "@types/node": "^25.4.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT",
+  "author": "Asaf Ratzon",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/asafratzon/rabano"
+  },
+  "homepage": "https://github.com/asafratzon/rabano#readme",
+  "keywords": [
+    "ai",
+    "claude",
+    "docker",
+    "devpod",
+    "isolation",
+    "security",
+    "devcontainer"
+  ],
+  "files": [
+    "ai.sh",
+    "scripts/",
+    "templates/",
+    "tsconfig.json",
+    "LICENSE"
+  ],
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "lint": "biome check .",
+    "format": "biome format --write .",
+    "fix:all": "biome check --write ."
+  }
+}

package/scripts/dev.ts

@@ -0,0 +1,58 @@
+#!/usr/bin/env node
+// =============================================================================
+// scripts/dev.ts — Start the dev container and SSH in
+// Called by ai.sh — do not run directly.
+// =============================================================================
+
+import { spawnSync } from "node:child_process";
+import { basename } from "node:path";
+import { log, outro } from "@clack/prompts";
+
+const workspaceDir = process.env.RABANO_REPO_ROOT;
+if (!workspaceDir) {
+  log.error("RABANO_REPO_ROOT not set — run via ai.sh");
+  process.exit(1);
+}
+
+const workspaceName = `rabano-${basename(workspaceDir)}`;
+
+// Check if workspace already exists
+const listResult = spawnSync("devpod", ["list", "--output", "json"], {
+  encoding: "utf8",
+});
+const workspaceExists = listResult.stdout?.includes(`"id":"${workspaceName}"`);
+
+if (workspaceExists) {
+  log.step(`Connecting to workspace '${workspaceName}'...`);
+} else {
+  log.step("Starting dev container...");
+  const up = spawnSync(
+    "devpod",
+    [
+      "up",
+      workspaceDir,
+      "--devcontainer-path",
+      ".rabano/devcontainer.json",
+      "--ide",
+      "none",
+      "--id",
+      workspaceName,
+    ],
+    { stdio: "inherit" },
+  );
+  if (up.status !== 0) {
+    outro("Failed to start dev container.");
+    process.exit(up.status ?? 1);
+  }
+  log.step("Connecting via SSH...");
+}
+
+const ssh = spawnSync(
+  "devpod",
+  ["ssh", workspaceName, "--workdir", "/workspace"],
+  {
+    stdio: "inherit",
+  },
+);
+
+process.exit(ssh.status ?? 0);

package/scripts/doctor.ts

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+// =============================================================================
+// scripts/doctor.ts — Host readiness check for rabano
+// Runs silently on success; exits non-zero on failure.
+// Pass --verbose for a full report.
+// =============================================================================
+
+import { spawnSync } from "node:child_process";
+import { existsSync } from "node:fs";
+import { log, outro } from "@clack/prompts";
+
+const verbose = process.argv.includes("--verbose");
+const repoRoot = process.env.RABANO_REPO_ROOT;
+if (!repoRoot) {
+  log.error("RABANO_REPO_ROOT not set — run via ai.sh");
+  process.exit(1);
+}
+
+const errors: string[] = [];
+
+function check(label: string, ok: boolean, detail?: string): void {
+  if (ok) {
+    if (verbose)
+      log.success(`${label}${detail ? `  \x1b[2m${detail}\x1b[0m` : ""}`);
+  } else {
+    errors.push(`${label}${detail ? `: ${detail}` : ""}`);
+    if (verbose) log.error(`${label}${detail ? `  ${detail}` : ""}`);
+  }
+}
+
+function commandExists(cmd: string): boolean {
+  const r = spawnSync("command", ["-v", cmd], {
+    shell: true,
+    encoding: "utf8",
+  });
+  return r.status === 0;
+}
+
+if (verbose) console.log("");
+
+// --- Docker installed ---
+check(
+  "Docker installed",
+  commandExists("docker"),
+  commandExists("docker") ? undefined : "'docker' not found in PATH",
+);
+
+// --- Docker running ---
+const dockerInfo = spawnSync("docker", ["info"], {
+  encoding: "utf8",
+  stdio: "pipe",
+});
+check(
+  "Docker running",
+  dockerInfo.status === 0,
+  dockerInfo.status === 0 ? undefined : "Docker daemon not responding",
+);
+
+// --- DevPod installed ---
+const devpodInstalled = commandExists("devpod");
+check(
+  "DevPod installed",
+  devpodInstalled,
+  devpodInstalled ? undefined : "'devpod' not found in PATH",
+);
+
+// --- DevPod provider configured ---
+if (devpodInstalled) {
+  let providerOk = false;
+  for (let attempt = 1; attempt <= 5; attempt++) {
+    const r = spawnSync("devpod", ["provider", "list"], {
+      encoding: "utf8",
+      stdio: "pipe",
+    });
+    if (r.stdout?.toLowerCase().includes("docker")) {
+      providerOk = true;
+      break;
+    }
+    if (attempt < 5) {
+      spawnSync("sleep", ["1"]);
+    }
+  }
+  check(
+    "DevPod provider configured",
+    providerOk,
+    providerOk
+      ? undefined
+      : "no provider found — run: devpod provider add docker",
+  );
+}
+
+// --- .rabano/ config present ---
+const configOk =
+  existsSync(`${repoRoot}/.rabano/devcontainer.json`) &&
+  existsSync(`${repoRoot}/.rabano/Dockerfile`);
+check(
+  ".rabano/ config present",
+  configOk,
+  configOk
+    ? undefined
+    : "missing .rabano/devcontainer.json or .rabano/Dockerfile",
+);
+
+// --- Report ---
+if (errors.length > 0) {
+  if (verbose) {
+    console.log("");
+    log.error("rabano doctor found problems:");
+    for (const err of errors) {
+      console.log(`       \x1b[2m•\x1b[0m  ${err}`);
+    }
+    console.log("");
+  }
+  process.exit(1);
+}
+
+if (verbose) {
+  console.log("");
+  outro("All checks passed.");
+}

package/scripts/menu.ts

@@ -0,0 +1,47 @@
+#!/usr/bin/env node
+// =============================================================================
+// scripts/menu.ts — rabano interactive menu (powered by @clack/prompts)
+// Called by ai.sh — outputs selected action to stderr.
+// =============================================================================
+
+import { box, cancel, isCancel, select } from "@clack/prompts";
+
+const [projectName = "unknown", activeCountStr, hasKeyStr] =
+  process.argv.slice(2);
+const activeCount = Number.parseInt(activeCountStr ?? "0", 10);
+const hasKey = hasKeyStr === "true";
+
+// ─── Status box ──────────────────────────────────────────────────────────────
+const sessionLabel =
+  activeCount === 1
+    ? "1 active dev container"
+    : `${activeCount} active dev containers`;
+const lines = [];
+lines.push(`status: ${sessionLabel}`);
+lines.push(`api keys: ${hasKey ? "configured" : "none"} (.rabano/.env)`);
+box(lines.join("\n"), ` rabano · ${projectName} `, {
+  contentAlign: "center",
+  titleAlign: "center",
+  width: "auto",
+  rounded: true,
+});
+
+// ─── Menu ───────────────────────────────────────────────────────────────────
+const action = await select({
+  message: "Menu:",
+  options: [
+    { value: "dev", label: "Start session" },
+    { value: "stop", label: "Stop all" },
+    { value: "reset", label: "Reset (wipe workspaces + images)" },
+    { value: "doctor", label: "Doctor" },
+    { value: "quit", label: "Quit" },
+  ],
+});
+
+if (isCancel(action)) {
+  cancel();
+  process.exit(0);
+}
+
+// Output action to stderr — ai.sh captures it via redirection
+process.stderr.write(action as string);

package/scripts/onboard.ts

@@ -0,0 +1,102 @@
+#!/usr/bin/env node
+// =============================================================================
+// scripts/onboard.ts — First-time setup for a project using rabano
+// Called by ai.sh when no .rabano/ config is found in the project.
+// =============================================================================
+
+import {
+  cpSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync,
+} from "node:fs";
+import { basename, join } from "node:path";
+import {
+  box,
+  cancel,
+  confirm,
+  intro,
+  isCancel,
+  log,
+  outro,
+} from "@clack/prompts";
+
+const packageDir = process.env.RABANO_PACKAGE_DIR;
+const repoRoot = process.env.RABANO_REPO_ROOT;
+
+if (!packageDir || !repoRoot) {
+  log.error("RABANO_PACKAGE_DIR / RABANO_REPO_ROOT not set — run via ai.sh");
+  process.exit(1);
+}
+
+const templatesDir = join(packageDir, "templates");
+const rabanoDir = join(repoRoot, ".rabano");
+const projectName = basename(repoRoot);
+
+// ─── Intro ────────────────────────────────────────────────────────────────────
+intro("rabano — First-time setup");
+
+box(
+  `project  : ${projectName}\nlocation : ${rabanoDir}`,
+  "No .rabano/ config found — rabano will create it now.",
+);
+
+const ok = await confirm({ message: "Continue?" });
+
+if (isCancel(ok) || !ok) {
+  cancel("Setup cancelled.");
+  process.exit(0);
+}
+
+// ─── Copy templates ───────────────────────────────────────────────────────────
+mkdirSync(rabanoDir, { recursive: true });
+
+cpSync(join(templatesDir, "Dockerfile"), join(rabanoDir, "Dockerfile"));
+cpSync(join(templatesDir, "post-start.mjs"), join(rabanoDir, "post-start.mjs"));
+
+// Substitute project name in devcontainer.json using JSON parse/stringify
+const dcTemplate = readFileSync(
+  join(templatesDir, "devcontainer.json"),
+  "utf8",
+);
+const dcJson: unknown = JSON.parse(
+  dcTemplate.replace(/RABANO_PROJECT_NAME/g, projectName),
+);
+writeFileSync(
+  join(rabanoDir, "devcontainer.json"),
+  `${JSON.stringify(dcJson, null, 2)}\n`,
+);
+
+log.success("Copied config templates to .rabano/");
+
+// ─── Create .env ──────────────────────────────────────────────────────────────
+const envPath = join(rabanoDir, ".env");
+if (existsSync(envPath)) {
+  log.info(".rabano/.env already exists — leaving it untouched");
+} else {
+  cpSync(join(templatesDir, "env"), envPath);
+  log.success("Created .rabano/.env");
+}
+
+// ─── Ensure .rabano/.env is gitignored ─────────────────────────────────────────
+const gitignorePath = join(repoRoot, ".gitignore");
+const gitignoreEntry = ".rabano/.env";
+
+if (
+  existsSync(gitignorePath) &&
+  readFileSync(gitignorePath, "utf8").includes(gitignoreEntry)
+) {
+  log.info(".rabano/.env already in .gitignore");
+} else {
+  const addition =
+    "\n# rabano — API keys must never be committed\n.rabano/.env\n";
+  const existing = existsSync(gitignorePath)
+    ? readFileSync(gitignorePath, "utf8")
+    : "";
+  writeFileSync(gitignorePath, existing + addition);
+  log.success("Added .rabano/.env to .gitignore");
+}
+
+log.warn("Add your API keys to .rabano/.env before starting the container.");
+outro("Setup complete. Run rabano again to start your session.");

package/scripts/reset.ts

@@ -0,0 +1,70 @@
+#!/usr/bin/env node
+// =============================================================================
+// scripts/reset.ts — Full reset: delete all rabano workspaces and Docker images
+// Called by ai.sh — do not run directly.
+// Run 'ai.sh' → Start session after this to get a fresh build.
+// =============================================================================
+
+import { spawnSync } from "node:child_process";
+import { log, outro } from "@clack/prompts";
+
+// ─── Step 1: Find all rabano-* DevPod workspaces ───────────────────────────────
+const listResult = spawnSync("devpod", ["list", "--output", "json"], {
+  encoding: "utf8",
+});
+
+const workspaces: string[] = [];
+if (listResult.stdout) {
+  const matches = listResult.stdout.matchAll(/"id":"(rabano-[^"]+)"/g);
+  for (const match of matches) {
+    if (match[1]) workspaces.push(match[1]);
+  }
+}
+
+// ─── Step 2: Stop and delete all rabano workspaces ─────────────────────────────
+if (workspaces.length === 0) {
+  log.info("No rabano workspaces found.");
+} else {
+  log.step(`Stopping and deleting ${workspaces.length} workspace(s)...`);
+  for (const ws of workspaces) {
+    log.step(`  Removing ${ws}...`);
+    spawnSync("devpod", ["stop", ws], { stdio: "inherit" });
+    spawnSync("devpod", ["delete", ws, "--force"], { stdio: "inherit" });
+  }
+}
+
+// ─── Step 3: Remove cached Docker images ─────────────────────────────────────
+// DevPod images are named vsc-<project>-<hash> (based on the folder name, not
+// the workspace --id). For each rabano-<project> workspace, strip the "rabano-"
+// prefix to get the image reference filter.
+log.step("Removing cached Docker images...");
+
+const allImageIds = new Set<string>();
+for (const ws of workspaces) {
+  const projectName = ws.replace(/^rabano-/, "");
+  const findImages = spawnSync(
+    "docker",
+    [
+      "images",
+      "--filter",
+      `reference=vsc-${projectName}-*`,
+      "--format",
+      "{{.ID}}",
+    ],
+    { encoding: "utf8" },
+  );
+  const ids = (findImages.stdout ?? "").trim().split("\n").filter(Boolean);
+  for (const id of ids) allImageIds.add(id);
+}
+
+if (allImageIds.size > 0) {
+  log.info(`  Found ${allImageIds.size} image(s) — removing...`);
+  spawnSync("docker", ["rmi", "--force", ...allImageIds], { stdio: "inherit" });
+} else {
+  log.info("  No cached images found.");
+}
+
+spawnSync("docker", ["image", "prune", "--force"], { stdio: "inherit" });
+
+// ─── Done ─────────────────────────────────────────────────────────────────────
+outro("Reset complete. Run 'ai.sh' and select 'Start session' to start fresh.");

package/scripts/stop.ts

@@ -0,0 +1,35 @@
+#!/usr/bin/env node
+// =============================================================================
+// scripts/stop.ts — Stop and remove all rabano dev container workspaces
+// Called by ai.sh — do not run directly.
+// =============================================================================
+
+import { spawnSync } from "node:child_process";
+import { log, outro } from "@clack/prompts";
+
+const listResult = spawnSync("devpod", ["list", "--output", "json"], {
+  encoding: "utf8",
+});
+
+const workspaces: string[] = [];
+if (listResult.stdout) {
+  const matches = listResult.stdout.matchAll(/"id":"(rabano-[^"]+)"/g);
+  for (const match of matches) {
+    if (match[1]) workspaces.push(match[1]);
+  }
+}
+
+if (workspaces.length === 0) {
+  log.info("No rabano workspaces found.");
+  process.exit(0);
+}
+
+log.step("Stopping all rabano workspaces...");
+
+for (const ws of workspaces) {
+  log.step(`Stopping ${ws}...`);
+  spawnSync("devpod", ["stop", ws], { stdio: "inherit" });
+  spawnSync("devpod", ["delete", ws, "--force"], { stdio: "inherit" });
+}
+
+outro("All rabano workspaces stopped and removed.");

package/templates/Dockerfile

@@ -0,0 +1,65 @@
+# =============================================================================
+# Secure AI Dev Container — Next.js / Node.js
+# =============================================================================
+# Non-root user, no git remote access, AI tools: claude, kilo, opencode
+# =============================================================================
+
+FROM node:22-bookworm-slim
+
+# ---------------------------------------------------------------------------
+# System packages
+# ---------------------------------------------------------------------------
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    wget \
+    bash \
+    jq \
+    unzip \
+    ca-certificates \
+    procps \
+    && rm -rf /var/lib/apt/lists/*
+
+# ---------------------------------------------------------------------------
+# Create non-root user
+# ---------------------------------------------------------------------------
+RUN groupadd --gid 1001 devuser \
+    && useradd --uid 1001 --gid devuser --shell /bin/bash --create-home devuser
+
+# ---------------------------------------------------------------------------
+# Git remote block — enforced via git's own system-level config.
+# protocol.allow never  -> blocks https, ssh, git:// and ALL other transports
+# protocol.file.allow   -> keeps local operations (commit, branch, log) working
+#
+# This is set in /etc/gitconfig (system scope) so it applies to every user
+# and every process — including direct calls to /usr/bin/git. It cannot be
+# bypassed without overwriting /etc/gitconfig, which requires root.
+# ---------------------------------------------------------------------------
+RUN git config --system protocol.allow never && \
+    git config --system protocol.file.allow always
+
+# ---------------------------------------------------------------------------
+# Global npm tools — installed as root so they land in /usr/local/bin
+# ---------------------------------------------------------------------------
+RUN npm install -g \
+    @anthropic-ai/claude-code \
+    @kilocode/cli \
+    opencode-ai \
+    && npm cache clean --force
+
+# ---------------------------------------------------------------------------
+# Switch to non-root user for remainder
+# ---------------------------------------------------------------------------
+USER devuser
+WORKDIR /workspace
+
+# ---------------------------------------------------------------------------
+# Shell experience
+# ---------------------------------------------------------------------------
+RUN echo 'export PS1="\[\033[01;32m\][devcontainer]\[\033[00m\] \[\033[01;34m\]\w\[\033[00m\] \$ "' \
+    >> /home/devuser/.bashrc && \
+    echo 'echo ""' >> /home/devuser/.bashrc && \
+    echo "echo \"  Type 'status' to re-run the readiness check.\"" >> /home/devuser/.bashrc && \
+    echo 'alias status="node /workspace/.rabano/post-start.mjs"' >> /home/devuser/.bashrc
+
+CMD ["/bin/bash"]

package/templates/devcontainer.json

@@ -0,0 +1,40 @@
+{
+  "name": "RABANO_PROJECT_NAME",
+
+  // Build from local Dockerfile
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": ".."
+  },
+
+  // Mount the repo as the workspace — nothing else is visible
+  "workspaceFolder": "/workspace",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
+
+  // Pass API keys from a local .env file — never baked into the image
+  // Create .rabano/.env on your host (see README.md)
+  "runArgs": [
+    "--name",
+    "rabano-${localWorkspaceFolderBasename}",
+    "--env-file",
+    "${localWorkspaceFolder}/.rabano/.env"
+  ],
+
+  // Run security + readiness checks every time container starts
+  "postStartCommand": "node /workspace/.rabano/post-start.mjs",
+
+  // Terminal-only — no extensions installed
+  "customizations": {
+    "vscode": {
+      "extensions": [],
+      "settings": {
+        // Do not forward host git credentials into the container
+        "remote.containers.gitCredentialHelperConfigLocation": "none"
+      }
+    }
+  },
+
+  // Drop capabilities — container cannot gain new privileges
+  "capAdd": [],
+  "securityOpt": ["no-new-privileges:true"]
+}

package/templates/env

@@ -0,0 +1,19 @@
+# =============================================================================
+# rabano — API Keys
+# =============================================================================
+# Fill in your keys before starting the container.
+# Add .rabano/.env to your project's .gitignore — keys must never be committed.
+# =============================================================================
+
+# Anthropic (Claude Code — optional if using Pro subscription via browser auth)
+ANTHROPIC_API_KEY=
+
+# Kilo AI
+KILO_API_KEY=
+
+# OpenCode supports multiple providers — add whichever you use
+OPENAI_API_KEY=
+GEMINI_API_KEY=
+
+# Optional: OpenRouter (gives access to many models via one key)
+OPENROUTER_API_KEY=

package/templates/post-start.mjs

@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+// =============================================================================
+// post-start.mjs — Security validation & readiness check
+// Runs automatically on every container start via postStartCommand.
+// =============================================================================
+
+import { execSync } from "node:child_process";
+import { intro, log, outro } from "@clack/prompts";
+
+const run = (cmd) => {
+  try {
+    return execSync(cmd, {
+      encoding: "utf8",
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+  } catch {
+    return null;
+  }
+};
+
+const dim = (s) => `\x1b[2m${s}\x1b[0m`;
+
+let errors = 0;
+
+const ok = (label, detail) =>
+  log.success(`${label.padEnd(24)}${detail ? dim(detail) : ""}`);
+const warn = (label, detail) =>
+  log.warn(`${label.padEnd(24)}${detail ? dim(detail) : ""}`);
+const fail = (label, detail) => {
+  log.error(`${label.padEnd(24)}${detail || ""}`);
+  errors++;
+};
+
+// ─── Header ──────────────────────────────────────────────────────────────────
+intro("rabano — Secure AI Box");
+
+// ─── Security ────────────────────────────────────────────────────────────────
+log.step("Security");
+
+const whoami = run("whoami");
+if (whoami !== "root") {
+  ok("non-root user", whoami ?? "unknown");
+} else {
+  fail("non-root user", "running as root — container is misconfigured");
+}
+
+const gitProtocol = run("git config --system protocol.allow");
+if (gitProtocol === "never") {
+  ok("git remote block", "protocol.allow = never");
+} else {
+  fail("git remote block", "not set — rebuild the container");
+}
+
+try {
+  execSync("/usr/bin/git -C /workspace push", { stdio: "pipe" });
+  fail("push blocked", "git push succeeded — remote access is NOT blocked");
+} catch {
+  ok("push blocked", "remote push not possible");
+}
+
+// ─── AI tools ────────────────────────────────────────────────────────────────
+log.step("AI tools");
+
+const checkTool = (cmd) => {
+  const out = run(`${cmd} --version`);
+  if (out !== null) {
+    ok(cmd, out.split("\n")[0]);
+  } else {
+    fail(cmd, "not found — rebuild container");
+  }
+};
+
+checkTool("claude");
+checkTool("kilo");
+checkTool("opencode");
+
+// ─── Runtimes ────────────────────────────────────────────────────────────────
+log.step("Runtimes");
+
+ok("node", run("node --version") ?? "not found");
+ok("npm", `v${run("npm --version") ?? "not found"}`);
+
+// ─── API keys ────────────────────────────────────────────────────────────────
+log.step("API keys");
+
+const checkKey = (varName) => {
+  const val = process.env[varName];
+  if (val) {
+    ok(varName, `${val.substring(0, 12)}...`);
+  } else {
+    warn(varName, "not set — add to .rabano/.env");
+  }
+};
+
+checkKey("ANTHROPIC_API_KEY");
+checkKey("KILO_API_KEY");
+
+// ─── Summary ─────────────────────────────────────────────────────────────────
+if (errors === 0) {
+  outro("Ready.");
+} else {
+  outro(`${errors} error(s) — see above. Rebuild the container to fix.`);
+  process.exit(1);
+}

package/tsconfig.json

@@ -0,0 +1,27 @@
+{
+	// Visit https://aka.ms/tsconfig to read more about this file
+	"compilerOptions": {
+		// Environment Settings
+		// See also https://aka.ms/tsconfig/module
+		"module": "nodenext",
+		"target": "esnext",
+		"lib": ["esnext"],
+		"types": ["node"],
+
+		// Other Outputs
+		"noEmit": true,
+
+		// Stricter Typechecking Options
+		"noUncheckedIndexedAccess": true,
+		"exactOptionalPropertyTypes": true,
+
+		// Recommended Options
+		"strict": true,
+		"verbatimModuleSyntax": true,
+		"isolatedModules": true,
+		"noUncheckedSideEffectImports": true,
+		"moduleDetection": "force",
+		"skipLibCheck": true
+	},
+	"include": ["scripts/**/*.ts"]
+}