totopo 3.3.0 → 3.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -8
- package/dist/lib/totopo-yaml.js +4 -1
- package/package.json +2 -3
package/README.md
CHANGED
|
@@ -19,7 +19,7 @@ Two fundamental risks when running AI agents locally:
|
|
|
19
19
|
|
|
20
20
|
Totopo mitigates both risks by letting you run agents in a dev container — when you run totopo in a given directory, that directory is mounted as a workspace where agents can work freely, without access to the rest of your filesystem or your git remote.
|
|
21
21
|
|
|
22
|
-
In practice, this means any mistake can be reverted from your git remote, and even a compromised agent can't access sensitive files on your machine — SSH keys, credentials, browser data — things a locally-running agent could otherwise
|
|
22
|
+
In practice, this means any mistake can be reverted from your git remote, and even a compromised agent can't access sensitive files on your machine — SSH keys, credentials, browser data — things a locally-running agent could otherwise do without you ever noticing.
|
|
23
23
|
|
|
24
24
|
> totopo's security approach is basic — it is about the minimal precautions I believe anyone running AI agents should have. If you need more robust protections, look somewhere else.
|
|
25
25
|
|
|
@@ -64,6 +64,15 @@ A few key concepts:
|
|
|
64
64
|
- **Workspace Boundary** — `npx totopo` always resolves to the nearest `totopo.yaml` going up the directory tree. Each directory tree has exactly one workspace root.
|
|
65
65
|
- **Single Workspace Container** — totopo uses one Docker container per workspace, not one per session. Open as many terminals as you need — they all connect to the same running container, keeping resource use bounded and reconnections fast.
|
|
66
66
|
|
|
67
|
+
### `totopo.yaml`
|
|
68
|
+
|
|
69
|
+
The config is minimal — four fields:
|
|
70
|
+
|
|
71
|
+
- **`workspace_id`** — unique slug for container naming and cache directory
|
|
72
|
+
- **`profiles`** — Dockerfile image variants (see [Profiles](#profiles))
|
|
73
|
+
- **`shadow_paths`** — gitignore-style patterns hidden from agents (see [Shadow Paths](#shadow-paths))
|
|
74
|
+
- **`env_file`** *(optional)* — path to env file injected at runtime (see [Environment Variables](#environment-variables))
|
|
75
|
+
|
|
67
76
|
On every run, totopo shows the workspace menu:
|
|
68
77
|
|
|
69
78
|
- **Open session** — start or resume the dev container and connect
|
|
@@ -95,7 +104,7 @@ Remote git operations are blocked inside the container. Run them from your host
|
|
|
95
104
|
|
|
96
105
|
### Profiles
|
|
97
106
|
|
|
98
|
-
Profiles let you define multiple container image variants for a workspace. Each profile defines a `dockerfile_hook` — raw Dockerfile instructions appended after the base image layers:
|
|
107
|
+
Profiles let you define multiple container image variants for a workspace. Useful for teams — each person can have a lean profile tailored to their stack instead of one large shared image. Each profile defines a `dockerfile_hook` — raw Dockerfile instructions appended after the base image layers:
|
|
99
108
|
|
|
100
109
|
```yaml
|
|
101
110
|
# totopo.yaml
|
|
@@ -130,7 +139,7 @@ The base image is defined in [`templates/Dockerfile`](templates/Dockerfile) —
|
|
|
130
139
|
|
|
131
140
|
### Shadow Paths
|
|
132
141
|
|
|
133
|
-
Shadow paths overlay specific files or directories with empty container-local equivalents. Changes stay in the container-local copy; your workspace files are hidden and untouched:
|
|
142
|
+
Shadow paths overlay specific files or directories with empty container-local equivalents — they apply across all profiles. Changes stay in the container-local copy; your workspace files are hidden and untouched:
|
|
134
143
|
|
|
135
144
|
```yaml
|
|
136
145
|
# totopo.yaml
|
|
@@ -161,9 +170,9 @@ The file is loaded into the container's environment at session start. If the fil
|
|
|
161
170
|
The container comes with the major AI coding CLIs pre-installed and ready to use:
|
|
162
171
|
|
|
163
172
|
```bash
|
|
164
|
-
opencode # OpenCode
|
|
165
173
|
claude # Claude Code (Anthropic)
|
|
166
174
|
codex # Codex (OpenAI)
|
|
175
|
+
opencode # OpenCode
|
|
167
176
|
```
|
|
168
177
|
|
|
169
178
|
Agents are self-aware — sandbox constraints, git remote block, and any active shadow path overlays are injected into agent context at every session start.
|
|
@@ -188,7 +197,7 @@ To clear memory: `npx totopo` → **Manage totopo > Clear agent memory**.
|
|
|
188
197
|
|
|
189
198
|
## What Gets Installed
|
|
190
199
|
|
|
191
|
-
`totopo.yaml` lives in your workspace directory — commit it alongside your code. Everything else lives in `~/.totopo/` on your machine
|
|
200
|
+
`totopo.yaml` lives in your workspace directory — you may commit it alongside your code. Everything else lives in `~/.totopo/` on your machine:
|
|
192
201
|
|
|
193
202
|
```
|
|
194
203
|
~/.totopo/
|
|
@@ -197,10 +206,7 @@ To clear memory: `npx totopo` → **Manage totopo > Clear agent memory**.
|
|
|
197
206
|
├── .lock # workspace root path + active profile
|
|
198
207
|
├── agents/ # agent session data (persists across rebuilds)
|
|
199
208
|
│ ├── claude/
|
|
200
|
-
│ │ └── .claude.json
|
|
201
209
|
│ ├── opencode/
|
|
202
|
-
│ │ ├── config/
|
|
203
|
-
│ │ └── data/
|
|
204
210
|
│ └── codex/
|
|
205
211
|
└── shadows/ # container-local shadow path storage
|
|
206
212
|
```
|
package/dist/lib/totopo-yaml.js
CHANGED
|
@@ -84,9 +84,11 @@ const YAML_COMMENTS = {
|
|
|
84
84
|
workspace_id: "# totopo workspace config - run 'npx totopo' from anywhere under this directory tree to start your dev container.\n" +
|
|
85
85
|
"# Ask the AI agent inside the container to help you edit this file if needed.\n" +
|
|
86
86
|
"# This file may be rewritten by totopo (repair, reset, settings changes). Custom comments will not be preserved.",
|
|
87
|
+
env_file: "# Path to env file relative to this directory (e.g. '.env') - injected into the container at runtime.",
|
|
87
88
|
shadow_paths: "# .gitignore-style patterns - agents see an empty, isolated copy instead of the real host data.",
|
|
88
89
|
profiles: "# Dockerfile profiles - each adds on top of the totopo base image (Debian + Node.js + git + AI CLIs).\n" +
|
|
89
|
-
"#
|
|
90
|
+
"# Useful for teams: each person can have a lean profile for their stack instead of one large shared image.\n" +
|
|
91
|
+
"# When multiple profiles exist, totopo prompts you to pick one on session start.",
|
|
90
92
|
};
|
|
91
93
|
/** Write totopo.yaml to a directory with schema header and inline comments. */
|
|
92
94
|
export function writeTotopoYaml(dir, config) {
|
|
@@ -137,6 +139,7 @@ const PROFILES_FOOTER_COMMENT = " # Add more profiles here — or ask the agent
|
|
|
137
139
|
export function buildDefaultTotopoYaml(workspaceId) {
|
|
138
140
|
return {
|
|
139
141
|
workspace_id: workspaceId,
|
|
142
|
+
env_file: "",
|
|
140
143
|
shadow_paths: [...DEFAULT_SHADOW_PATHS],
|
|
141
144
|
profiles: {
|
|
142
145
|
default: {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "totopo",
|
|
3
|
-
"version": "3.3.
|
|
3
|
+
"version": "3.3.1",
|
|
4
4
|
"description": "Run AI coding agents safely in your local codebase",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -61,8 +61,7 @@
|
|
|
61
61
|
"validate": "pnpm typecheck && pnpm lint && tsx scripts/check.ts && pnpm test",
|
|
62
62
|
"check": "pnpm validate && pnpm re:build",
|
|
63
63
|
"generate-changelog": "tsx scripts/generate-changelog.ts",
|
|
64
|
-
"
|
|
65
|
-
"rc:promote": "tsx scripts/release.ts",
|
|
64
|
+
"release": "tsx scripts/release.ts",
|
|
66
65
|
"sync-releases": "tsx scripts/sync-github-releases.ts"
|
|
67
66
|
}
|
|
68
67
|
}
|