totopo 1.0.6 → 1.0.7

package/README.md

@@ -2,7 +2,7 @@
 
 <img src=".github/assets/logo.png" alt="totopo" width="100%" />
 
-A simple CLI to spin up a sandboxed environment for AI coding agents.
+A simple CLI to use AI coding agents safely in your local codebase.
 
 ![npm version](https://img.shields.io/npm/v/totopo)
 ![npm downloads](https://img.shields.io/npm/dm/totopo)
@@ -12,14 +12,26 @@ A simple CLI to spin up a sandboxed environment for AI coding agents.
 
 Here's the thing about AI agents: they're probabilistic. They occasionally misinterpret instructions, take unexpected shortcuts, or simply get it wrong. Most of the time they're fine. But "most of the time" isn't a great argument for giving them unrestricted access to your machine, your credentials, and your remote repositories.
 
-totopo draws a simple boundary: agents get a full, capable environment to work in — they just can't touch anything outside the project, and they can't reach your remote. That's it. No domain whitelisting, no paranoia, no compromise on what the agent can actually do.
-Reasonable containment for non-deterministic tools. Nothing more, nothing less.
+totopo draws a simple boundary: agents get a full, capable environment to work in — they just can't touch anything outside the project, and they can't reach your remote. That's it. No domain whitelisting, no paranoia, no compromise on what the agent can actually do. Just a reasonable containment for non-deterministic tools.
 
 Note: no sandbox substitutes for good judgment. Consider keeping any sensitive secrets or privileged scripts away from your agents.
 
+## How totopo Works
+
+- Unified, simple DX: run `npx totopo` from anywhere inside a local git repo.
+- Installed once per git repository in a `.totopo/` directory at the repo root.
+- Manages one Docker container per repository.
+
+To start a development session, run `npx totopo`, choose `Open session` and confirm the desired scope: the full repo, the current directory, or selected files and folders.
+
+### Concurrent Sessions
+totopo uses one container per repository (not per session). This keeps resource usage bounded and makes reconnections fast - you can open as many sessions as you need — they all share the same running container.
+
+The tradeoff is that only one scope can be active at a time: if you reopen a session with a different scope, totopo recreates the container to match the new mounts, which would terminate any active sessions connected to the previous container.
+
 ## Requirements
 
-- [Docker](https://www.docker.com/products/docker-desktop/) - used to build and run the sandboxed environment
+- [Docker](https://www.docker.com/products/docker-desktop/) - used to build and run the dev container
 - [git](https://git-scm.com/) - safeguard to ensure agents only run in projects with version control in place
 
 ## Quick Start
@@ -32,47 +44,57 @@ npx totopo
 First-time setup — running `npx totopo` in a fresh repo, selecting a runtime mode, and waiting for the Docker image to build for the first time:
 ![First-time setup](.github/assets/demo-onboarding.gif)
 
-Opening a session when totopo is already initialized is quick. The agent is aware of the sandbox environment:
+Opening a session when totopo is already initialized is quick. The agent is aware of its scope and sandbox constraints:
 ![Quick start](.github/assets/demo-quickstart.gif)
 
 ## Core features at a glance
 
-- **Sandboxed Docker container** — your code runs in an isolated environment with strict filesystem and privilege boundaries
+- **Docker isolation** — AI agents run in a container with strict filesystem and privilege boundaries
 - **Agents can't reach remote** — push, pull, fetch, and clone are blocked inside the container, preventing agents from accidentally affecting your remote repositories
-- **AI CLIs with persistent sessions** — OpenCode, Claude Code and Codex pre-installed, with conversation history that survives restarts and rebuilds
-- **Host-mirror or generic runtime** — use a standard dev container, or let totopo match the container environment to your host so the agent works in the exact same setup as your codebase
-- **Agents are sandbox aware** — agents are informed of their sandbox constraints at session start, so they can factor that into how they work.
-- **Scoped mounts** — expose only the files and directories the agent needs
-
----
+- **AI CLIs with persistent sessions** — OpenCode, Claude Code, and Codex are pre-installed, with conversation history that survives restarts and rebuilds
+- **Host-mirror or full runtime** — either match the container environment to your host, or use a standard dev container with the latest stable tools
+- **Agents are scope-aware** — agents are informed of the mounted files and constraints at session start, so they can factor that into how they work
+- **Scoped access** — expose only the files and directories the agent needs
 
 ## Features in Detail
 
-### Sandboxed dev container
+### Container isolation
 
-Every session runs inside a Docker container. Your code is bind-mounted from the host — edits are immediately visible in your editor. The container enforces several isolation boundaries:
+Every session runs inside a Docker container. Your code is bind-mounted from the host, so edits are immediately visible in your editor. The container enforces several isolation boundaries:
 
 | Control | Implementation |
 | --- | --- |
-| Non-root user | All processes run as `devuser` (uid 1001) — cannot modify system-level config |
-| Filesystem isolation | Only the repo is mounted — host filesystem is not visible |
-| Git remote block | `protocol.allow = never` in `/etc/gitconfig` — push, pull, fetch, and clone are all refused; requires root to override |
+| Non-root user | All processes run as `devuser` (uid 1001) and cannot modify system-level config |
+| Filesystem isolation | Only the selected project paths are mounted; the rest of the host filesystem is not visible |
+| Git remote block | `protocol.allow = never` in `/etc/gitconfig` — push, pull, fetch, and clone are all refused and require root to override |
 | No host credentials forwarded | Host git credentials are never copied into the container |
-| Secrets never in image | API keys loaded at runtime from `~/.totopo/.env` — never baked into the image, never mounted into the container |
+| Secrets never in image | API keys are loaded at runtime from `~/.totopo/.env` — never baked into the image, never mounted into the container |
 | No privilege escalation | `no-new-privileges:true` prevents any process from gaining elevated permissions |
 
 Remote git operations are blocked inside the container. Push from your host terminal instead.
 
-### Scoped sandboxing
+### Session scope
 
-Mount only the files and directories you need into the container rather than the full repository. Two scoped modes are available: `cwd` (current directory only) and `selective` (hand-pick individual files and folders).
+When you open a session, totopo asks what part of the repository to mount into the container:
 
-In both scoped modes, `.git` is intentionally not mounted. Mounting `.git` would expose the full commit history of every repository file — including files outside the mounted paths — which defeats the point of scoped access. As a result, git is unavailable inside a scoped session and the agent operates without repository history. The agent is instructed to surface these limitations at session start.
+- `Repo root` — the full repository
+- `Current directory` — only the current directory
+- `Selective` — specific files and folders chosen interactively
+
+The selected scope is stored on the container and checked on every later `Open session`.
+
+- If the requested scope matches the existing container, totopo connects directly to it if running, or resumes it if stopped.
+- If the requested scope is different, totopo recreates the container so the mounted paths match the new scope.
+- Parallel terminals on the same scope are fine. totopo connects with `docker exec`, so any concurrency limits are just the normal limits of sharing one running container.
+
+This is an intentional tradeoff: you get predictable resource usage and quick reconnects, but only one active mounted view per repository at a time.
+
+In `Current directory` and `Selective` scopes, `.git` is intentionally not mounted. Mounting `.git` would expose the full commit history of every repository file, including files outside the mounted paths, which defeats the point of scoped access. As a result, git is unavailable inside those scoped sessions and the agent operates without repository history. The agent is instructed to surface these limitations at session start.
 
 Scoped sessions are well-suited for focused tasks where you want to give the agent a narrow, explicit view of your codebase.
 
-Example showcasing agent awareness of scope limitations:
-![Scoped sandboxing](.github/assets/demo-scoped.gif)
+Example showcasing agent awareness of selective scope limitations:
+![Scoped access](.github/assets/demo-scoped.gif)
 
 ### AI CLIs with persistent sessions
 
@@ -84,20 +106,20 @@ claude      # Claude Code (Anthropic)
 codex       # Codex (OpenAI)
 ```
 
-Agent session data is scoped per project — each repository gets its own isolated history, so agents don't bleed context between projects. To clear memory, run `npx totopo` and navigate to Advanced > Clear agent memory. This stops the container if running and removes the .totopo/agents/ directory.
+Agent session data is isolated per repository, so agents do not bleed context between projects. To clear memory, run `npx totopo` and navigate to `Advanced > Clear agent memory`. This stops the container if running and removes the `.totopo/agents/` directory.
 
 ### Dev container runtime
 
 Choose between two modes:
 
 - **Host-mirror** — the container runtime matches your host Node.js version and selected tools, keeping the environment consistent with your local setup.
-- **Generic** — a full dev container with the latest stable versions of all tools. Good default if you don't need version parity with your host.
+- **Full** — a full dev container with the latest stable versions of all tools. Good default if you do not need version parity with your host.
 
 Either way, basic dev tools and all three AI CLIs are always included.
 
 ## What gets created in your project
 
-```
+```text
 your-project/
 └── .totopo/
     ├── Dockerfile        # container image definition
@@ -105,14 +127,14 @@ your-project/
     ├── settings.json     # runtime mode + selected tools (committed with project)
     ├── README.md         # .totopo reference
     └── agents/           # agent session data — gitignored, created on first session start
-        ├── claude/            # mounted as ~/.claude/
-        ├── opencode/          # mounted as ~/.config/opencode/ + ~/.local/share/opencode/
-        └── codex/             # mounted as ~/.codex/
+        ├── claude/       # mounted as ~/.claude/
+        ├── opencode/     # mounted as ~/.config/opencode/ + ~/.local/share/opencode/
+        └── codex/        # mounted as ~/.codex/
 
 ~/.totopo/.env            # API keys — global, outside all repos, never mounted into container
 ```
 
-Agent session history and conversation data are persisted in the `agents` directory across container rebuilds and restarts. This directory is gitignored so session data stays local to your machine.
+totopo is initialized at the repository root, and `.totopo/` lives there regardless of which directory you later open a session from. Agent session history and conversation data are persisted in `.totopo/agents/` across container rebuilds and restarts. This directory is gitignored so session data stays local to your machine.
 
 ## Limitations
 
@@ -120,4 +142,4 @@ Agent session history and conversation data are persisted in the `agents` direct
 
 ## Disclaimer
 
-MIT licensed and fully open source. Fork it, adapt it, make it yours. Issues are welcome — no promises on response time. Use at your own risk.
+MIT licensed and fully open source. Fork it, adapt it, make it yours. Issues are welcome — no promises on response time. Use at your own risk.

package/bin/totopo.js

@@ -8,6 +8,13 @@ import { execSync, spawnSync } from "node:child_process";
 import { existsSync } from "node:fs";
 import { basename, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
+import { run as advanced } from "../dist/commands/advanced.js";
+import { run as dev } from "../dist/commands/dev.js";
+import { run as doctor } from "../dist/commands/doctor.js";
+import { run as menu } from "../dist/commands/menu.js";
+import { run as onboard } from "../dist/commands/onboard.js";
+import { run as stop } from "../dist/commands/stop.js";
+import { run as syncDockerfile } from "../dist/commands/sync-dockerfile.js";
 
 // ─── Guard: inside container ──────────────────────────────────────────────────
 try {
@@ -50,15 +57,6 @@ if (!existsSync(new URL("../dist/commands/sync-dockerfile.js", import.meta.url))
     process.exit(1);
 }
 
-// ─── Import compiled commands ─────────────────────────────────────────────────
-const { run: syncDockerfile } = await import("../dist/commands/sync-dockerfile.js");
-const { run: doctor } = await import("../dist/commands/doctor.js");
-const { run: onboard } = await import("../dist/commands/onboard.js");
-const { run: menu } = await import("../dist/commands/menu.js");
-const { run: dev } = await import("../dist/commands/dev.js");
-const { run: stop } = await import("../dist/commands/stop.js");
-const { run: advanced } = await import("../dist/commands/advanced.js");
-
 // ─── Onboarding ───────────────────────────────────────────────────────────────
 if (!existsSync(`${repoRoot}/.totopo/Dockerfile`)) {
     const completed = await onboard(packageDir, repoRoot);
@@ -110,6 +108,7 @@ while (showMenu) {
         case "advanced": {
             const result = await advanced(packageDir, projectName, repoRoot);
             if (result === "back") showMenu = true;
+            if (result === "rebuild") await dev(packageDir, repoRoot);
             break;
         }
         default:

package/dist/commands/advanced.js

@@ -7,6 +7,9 @@ import { cpSync, existsSync, mkdirSync, rmSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
 import { cancel, confirm, isCancel, log, multiselect, outro, select } from "@clack/prompts";
+import { run as runDoctor } from "./doctor.js";
+import { run as runRebuild } from "./rebuild.js";
+import { run as runSettings } from "./settings.js";
 // ─── Helpers ──────────────────────────────────────────────────────────────────
 function stopAndRemoveContainer(name) {
     spawnSync("docker", ["stop", name], { stdio: "inherit" });
@@ -154,10 +157,6 @@ async function resetApiKeys(packageDir) {
 }
 // ─── Advanced submenu ─────────────────────────────────────────────────────────
 export async function run(packageDir, projectName, repoRoot) {
-    // Dynamic imports to avoid circular deps — same pattern as bin/totopo.js
-    const { run: runSettings } = await import("./settings.js");
-    const { run: runRebuild } = await import("./rebuild.js");
-    const { run: runDoctor } = await import("./doctor.js");
     const totopoDir = join(repoRoot, ".totopo");
     while (true) {
         const action = await select({
@@ -183,7 +182,7 @@ export async function run(packageDir, projectName, repoRoot) {
                 break;
             case "rebuild":
                 await runRebuild(projectName);
-                break;
+                return "rebuild";
             case "clear-memory":
                 await clearAgentMemory(projectName, totopoDir);
                 break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "totopo",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "Secure AI Box — isolated dev environments for AI coding assistants",
   "type": "module",
   "bin": {