totopo 0.9.0 → 1.0.0-rc-2

package/README.md

@@ -1,127 +1,138 @@
 # totopo
 
-Spin up a secure, isolated AI coding environment in any git project — in one command.
+<img src=".github/assets/logo.png" alt="totopo" width="100%" />
 
-## Status
+A simple CLI to spin up a sandboxed Docker environment for AI coding agents.
 
-⚠️ **Early development (pre-1.0)** — experimental. API and behavior may change. Not yet recommended for production use.
+![npm version](https://img.shields.io/npm/v/totopo)
+![npm downloads](https://img.shields.io/npm/dm/totopo)
+![license](https://img.shields.io/npm/l/totopo)
 
-## How It Works
+## What is totopo?
 
-`npx totopo` sets up a hardened Docker container in your project with AI coding assistants (OpenCode, Claude Code, Codex) pre-installed. Your code stays on your host machine. The AI tools run isolated inside the container.
+`npx totopo` spins up a secure, isolated dev container for any git project — with AI coding tools pre-installed — in a single command.
 
-```
-Host machine
-├── your editor       → edits files normally (bind-mounted from container)
-├── terminal          → connected to container via docker exec
-│   ├── opencode      → AI tools run here, isolated
-│   ├── claude
-│   └── codex
-└── git push/pull     → only possible from host, blocked inside container
-```
+There are other solutions that offer more hardened security setups, and others with a richer feature set. totopo is neither of those. It is my own take on what makes a good balance between excellent developer experience and a sensible basic sandboxing setup.
 
 ---
 
-## Prerequisites
+## Features at a Glance
 
-- [Docker Desktop](https://www.docker.com/products/docker-desktop/)
+- **Sandboxed Docker container** — your code runs in an isolated environment with strict filesystem and privilege boundaries
+- **Agents can't reach remote** — push, pull, fetch, and clone are blocked inside the container, preventing agents from accidentally affecting your remote repositories
+- **Scoped mounts** — expose only the files and directories the agent needs, nothing more
+- **AI coding CLIs with persistent sessions** — Claude Code, OpenCode, and Codex pre-installed, with conversation history that survives restarts and rebuilds
+- **Host-mirror or generic runtime** — use a standard dev container, or let totopo match the container environment to your host so the agent works in the exact same setup as your codebase
 
 ---
 
-## Quick Start
+## Requirements
+
+- [Docker](https://www.docker.com/products/docker-desktop/)
+- [git](https://git-scm.com/)
 
-### 1. Run totopo in your project directory
+---
+
+## Quick Start
 
 ```bash
 cd your-project
 npx totopo
 ```
 
-If `.totopo/` doesn't exist yet, the onboarding flow runs automatically — it creates the container config, prompts for API keys, and updates `.gitignore`.
+Select **Open session** from the menu. If `.totopo/` doesn't exist yet, a one-time onboarding flow runs first. The first run builds the Docker image. Subsequent starts are fast.
 
-### 2. Start the container
+<!-- VIDEO: First-time setup — running `npx totopo` in a fresh repo, selecting a runtime mode, and waiting for the Docker image to build for the first time.
+![First-time setup](.github/assets/demo-onboarding.gif)
+-->
 
-Select **Start session** from the menu. The first run builds the Docker image (a few minutes). Subsequent starts are fast.
+<!-- VIDEO: Starting a session once the container is already built — opening a session, running an AI tool, exiting.
+![Quick start](.github/assets/demo-quickstart.gif)
+-->
 
-### 3. Verify
+---
 
-Security checks run automatically on every container start. Re-run anytime from inside the container:
+## Features
 
-```bash
-status
-```
+### Sandboxed dev container
 
-### 4. Stop
+Every session runs inside a Docker container. Your code is bind-mounted from the host — edits are immediately visible in your editor. The container enforces several isolation boundaries:
 
-Run `npx totopo` again and select **Stop**.
+| Control | Implementation |
+| --- | --- |
+| Non-root user | All processes run as `devuser` (uid 1001) — cannot modify system-level config |
+| Filesystem isolation | Only the repo is mounted — host filesystem is not visible |
+| Git remote block | `protocol.allow = never` in `/etc/gitconfig` — push, pull, fetch, and clone are all refused; requires root to override |
+| No host credentials forwarded | Host git credentials are never copied into the container |
+| Secrets never in image | API keys loaded at runtime from `~/.totopo/.env` — never baked into the image, never mounted into the container |
+| No privilege escalation | `no-new-privileges:true` prevents any process from gaining elevated permissions |
 
----
+Remote git operations are blocked inside the container. Push from your host terminal instead.
 
-## What gets created in your project
+### Scoped sandboxing
 
-```
-your-project/
-└── .totopo/
-    ├── .env              # API keys — gitignored, never committed
-    ├── Dockerfile        # Container image definition
-    └── post-start.mjs   # Security + readiness check on every start
-```
+Mount only the files and directories you need into the container rather than the full repository. Two scoped modes are available: `cwd` (current directory only) and `selective` (hand-pick individual files and folders).
 
----
+In both scoped modes, `.git` is intentionally not mounted. Mounting `.git` would expose the full commit history of every repository file — including files outside the mounted paths — which defeats the point of scoped access. As a result, git is unavailable inside a scoped session and the agent operates without repository history. The agent is instructed to surface these limitations at session start.
+
+Scoped sessions are well-suited for focused tasks where you want to give the agent a narrow, explicit view of your codebase.
+
+<!-- VIDEO: Using scoped mounts — selecting cwd and selective modes, showing what the agent can and can't see inside the container.
+![Scoped sandboxing](.github/assets/demo-scoped.gif)
+-->
 
-## AI Tools
+### AI tools pre-installed
 
-Run inside the container terminal:
+The container comes with the major AI coding CLIs ready to use out of the box:
 
 ```bash
 opencode    # OpenCode
 claude      # Claude Code (Anthropic)
 codex       # Codex (OpenAI)
-status      # Re-run security + readiness check
 ```
 
----
+### Dev container runtime
 
-## Security Model
+Choose between two modes:
 
-| Control                  | Implementation                                                                                    |
-| ------------------------ | ------------------------------------------------------------------------------------------------- |
-| Non-root user            | All processes run as `devuser` (uid 1001)                                                         |
-| Filesystem isolation     | Only the repo is mounted — host is not visible                                                    |
-| Git remote block         | `protocol.allow never` in `/etc/gitconfig` — enforced at the git layer, requires root to override |
-| No privilege escalation  | `no-new-privileges:true` security opt                                                             |
-| Secrets never in image   | API keys loaded at runtime from `~/.totopo/.env` — never baked into the image, never mounted into the container |
+- **Host-mirror** — the container runtime matches your host Node.js version and selected tools, keeping the environment consistent with your local setup.
+- **Generic** — a full dev container with the latest stable versions of all tools. Good default if you don't need version parity with your host.
 
-Remote git operations are blocked inside the container. Push from your host terminal instead.
+Either way, basic dev tools and all three AI CLIs are always included.
 
-See `docs/VISION.md` for full details on the security model.
+<!-- VIDEO: Switching runtime modes in the settings menu, selecting tools, and triggering a container rebuild.
+![Runtime switching](.github/assets/demo-runtime.gif)
+-->
 
 ---
 
-## Git Workflow
-
-```bash
-# Inside container — local operations ✅
-git add .
-git commit -m "message"
-git log / diff / branch
+## What gets created in your project
 
-# Remote operations — host terminal only 🚫 blocked inside container
-git push / pull / fetch
+```
+your-project/
+└── .totopo/
+    ├── Dockerfile        # container image definition
+    ├── post-start.mjs    # security checks + readiness summary on every start
+    ├── settings.json     # runtime mode + selected tools (committed with project)
+    ├── README.md         # .totopo reference
+    └── agents/           # agent session data — gitignored, created on first session start
+        ├── claude/            # mounted as ~/.claude/
+        ├── opencode/          # mounted as ~/.config/opencode/ + ~/.local/share/opencode/
+        └── codex/             # mounted as ~/.codex/
+
+~/.totopo/.env            # API keys — global, outside all repos, never mounted into container
 ```
 
+Agent session history and conversation data are persisted in `agents/` across container rebuilds and restarts. This directory is gitignored — session data stays local to your machine.
+
 ---
 
 ## Limitations
 
-**No audio / microphone support** — the container has no access to host audio devices. Features that require microphone input (e.g. Claude Code's `/voice` mode) will not work inside the container.
+**Audio / microphone** — the image includes `sox` (required by Claude Code for voice mode), but audio passthrough from the host depends on your OS. macOS, Linux, and Windows each require different device configuration. If you need voice mode, set up audio passthrough manually for your platform.
 
 ---
 
-## Troubleshooting
-
-**Container fails to start** — the startup check prints exactly which check failed and why.
-
-**API key warnings** — check `.totopo/.env` has the correct variable names, then use **Rebuild** from the totopo menu to rebuild the container.
+## Disclaimer
 
-**AI tool not found** — use **Rebuild** from the totopo menu to rebuild the container image. Do not install tools manually inside a running container as changes won't persist.
+totopo is MIT licensed and fully open source — fork it, adapt it, build on it. Issues are welcome but response times aren't guaranteed. Use at your own risk.

package/bin/totopo.js

@@ -40,9 +40,6 @@ try {
     process.exit(1);
 }
 
-process.env.TOTOPO_PACKAGE_DIR = packageDir;
-process.env.TOTOPO_REPO_ROOT = repoRoot;
-
 // ─── Guard: dist/ must exist ─────────────────────────────────────────────────
 if (!existsSync(new URL("../dist/commands/sync-dockerfile.js", import.meta.url))) {
     console.error("");

package/dist/commands/onboard.js

@@ -15,9 +15,12 @@ export async function run(packageDir, repoRoot) {
     const templatesDir = join(packageDir, "templates");
     const totopoDir = join(repoRoot, ".totopo");
     const projectName = basename(repoRoot);
+    const tildefy = (p) => (p.startsWith(homedir()) ? p.replace(homedir(), "~") : p);
     // ─── Intro ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+    process.stdout.write("\n");
     intro("totopo — First-time setup");
-    box(`project  : ${projectName}\nlocation : ${totopoDir}`, "No .totopo/ config found — totopo will create it now.", {
+    log.message("");
+    box(`project  : ${projectName}\nlocation : ${tildefy(totopoDir)}`, "", {
         contentAlign: "center",
         titleAlign: "center",
         width: "auto",
@@ -109,7 +112,7 @@ export async function run(packageDir, repoRoot) {
             writeFileSync(gitignorePath, content);
         }
     }
-    log.info(`Optionally add API keys to ${globalEnvPath} — all keys are injected into every container at runtime.`);
+    log.info(`Optionally add API keys to ${tildefy(globalEnvPath)} — they are injected into every totopo container at runtime.`);
     outro("Setup complete.");
     return true;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "totopo",
-  "version": "0.9.0",
+  "version": "1.0.0-rc-2",
   "description": "Secure AI Box — isolated dev environments for AI coding assistants",
   "type": "module",
   "bin": {