Visual UI testing for macOS apps using Peekaboo CLI - an alternative to Playwright for native macOS testing
npx claudepluginhub shravansunder/ai-tools --plugin skill-peekabooClaude Code plugins and sandboxed Docker environments for AI coding assistants.
Install via the Claude Code marketplace:
/plugin marketplace add ShravanSunder/ai-tools
Then install individual plugins with /plugin install <name>@ai-tools.
| Plugin | Description |
|---|---|
ai-scaffold | Project scaffolding with standard dev configs (biome, ruff, vitest, pytest, cursor rules, claude hooks) |
skill-peekaboo | Visual UI testing for macOS apps using Peekaboo CLI |
quorum-counsel | Multi-model review orchestration -- counsel-reviewer and codex-solver background agents |
See plugins/ for full details.
Run AI coding agents (Claude Code, Codex, Gemini CLI) inside Docker containers with network-level isolation. The agent gets full workspace access but can only reach domains you explicitly allow.
# From any git repository
run-agent-sidecar.sh --run-claude
AI agents with tool use can execute arbitrary shell commands, install packages, and make network requests. Running them in a container with an egress firewall provides a practical security boundary without giving up functionality:
flowchart LR
subgraph host ["Host Machine"]
ctl["sidecar-ctl.sh\n(firewall control)"]
run["run-agent-sidecar.sh"]
end
subgraph container ["Docker Container"]
fw["iptables + dnsmasq\n(egress firewall)"]
agent["AI Agent\n(claude / codex / gemini)"]
ws["/workspace\n(bind mount)"]
end
run -->|"build + start"| container
ctl -->|"allow / block domains"| fw
agent -->|"read/write files"| ws
agent -->|"network requests"| fw
fw -->|"allowed domains only"| internet["npm, pypi, AI APIs\n(allowlisted)"]
fw -.->|"blocked"| blocked["everything else"]
| Concern | How it's handled |
|---|---|
| Arbitrary network access | Egress firewall blocks all traffic except allowlisted domains (npm, pypi, AI APIs). Toggle presets for GitHub push, Notion, Linear. |
| Persistent state leaking | Named volumes isolate shell history, venvs, node_modules per workspace. Container recreation is cheap (--reload ~5s). |
| Package supply chain | APT repos blocked at firewall level after build. Runtime installs impossible. |
| Git corruption | .git/ mounted read-only. Agent can read history but cannot rewrite refs or force-push. |
| Config tampering | .agent_sidecar/ shadowed with empty tmpfs. Agent cannot read or modify sidecar configuration. |
| Scope creep across repos | Each repo gets its own container, volumes, and firewall rules. No cross-repo contamination. |
Three-tier config hierarchy lets you customize per-team and per-developer without forking:
Base (agent_sidecar/setup/) -- defaults shipped with this repo
+ Repo (.agent_sidecar/*.repo.*) -- team overrides, committed
+ Local (.agent_sidecar/*.local.*) -- personal overrides, gitignored
Additive files (firewall allowlists, zshrc, init scripts) merge all tiers. Override files (config, dockerfile) pick the highest-priority tier.
run-agent-sidecar.sh --run-claude # Start Claude Code in sidecar
run-agent-sidecar.sh --run-codex # Start Codex
run-agent-sidecar.sh --run-gemini # Start Gemini CLI
run-agent-sidecar.sh --reload # Recreate container (~5s)
run-agent-sidecar.sh --full-reset # Rebuild image + recreate (~2-5min)
sidecar-ctl firewall allow notion # Allow Notion API
sidecar-ctl firewall toggle 15m # Enable all presets for 15 minutes
sidecar-ctl firewall clear # Revoke all toggle access
sidecar-ctl status # Show container + firewall state
See agent_sidecar/ for full setup, architecture, and configuration docs.
ai-tools/
├── plugins/ # Claude Code plugins
│ ├── ai-scaffold/ # Project scaffolding
│ ├── skill-peekaboo/ # macOS visual UI testing
│ └── quorum-counsel/ # Multi-model review orchestration
├── skills/ # Pure skills (future)
├── agent_sidecar/ # Docker sidecar system
└── CLAUDE.md # Agent instructions
Battle-tested Claude Code plugin for engineering teams — 48 agents, 184 skills, 79 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Tools to maintain and improve CLAUDE.md files - audit quality, capture session learnings, and keep project memory current.
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use
Browser automation and end-to-end testing MCP server by Microsoft. Enables Claude to interact with web pages, take screenshots, fill forms, click elements, and perform automated browser testing workflows.
Core skills library for Claude Code: TDD, debugging, collaboration patterns, and proven techniques
Automates browser interactions for web testing, form filling, screenshots, and data extraction