Remove custom image option

[rossmanko]

Summary

• Remove the --image CLI option from @hackerai/local package
• Simplify sandbox to only support two modes: docker (default) and dangerous
• Remove custom mode from schema, backend, and frontend components
• npm run format

Why?

• Very few users used custom images
• Simplifies the codebase and user experience
• Users who need custom environments can manage their own Docker setup and use --dangerous mode
• The pre-built hackerai/sandbox image already includes 30+ pentesting tools

Breaking Changes

• @hackerai/local v0.3.0: The --image flag has been removed
• Users who were using custom images can either:
  • Use the default pre-built image (recommended)
  • Run their own Docker container and use --dangerous mode

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
hackerai	Ready	Preview, Comment	Jan 28, 2026 11:50pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR removes support for "custom" sandbox mode and the imageName field across the entire codebase stack, narrowing mode types from "docker" | "dangerous" | "custom" to "docker" | "dangerous". Changes span database schema, backend APIs, frontend components, sandbox utilities, and CLI configuration.

Changes

Cohort / File(s)	Summary
Database & Backend Schema convex/schema.ts, convex/localSandbox.ts	Removed image_name field and "custom" mode from local_sandbox_connections table; narrowed mode union to "docker" | "dangerous"; updated connect mutation, listConnections, and listConnectionsForBackend handlers to remove imageName from args and return shapes.
Frontend Sandbox Components app/components/LocalSandboxTab.tsx, app/components/SandboxSelector.tsx	Narrowed LocalConnection.mode and ConnectionOption.mode types; removed imageName optional property; removed UI blocks for Kali custom image Quick Start command.
Shared Message Components app/share/[shareId]/SharedMessages.tsx, app/share/[shareId]/components/SharedMessagePartHandler.tsx, app/share/[shareId]/components/SharedTodoBlock.tsx	Formatting adjustments including trailing commas in filter predicates and multi-line JSX parameter lists; minor accessibility attribute additions (aria-hidden on WandSparkles).
Sandbox Utilities lib/ai/tools/utils/convex-sandbox.ts, lib/ai/tools/utils/hybrid-sandbox-manager.ts, packages/local/src/utils.ts	Updated ConnectionInfo interface to remove imageName and narrow mode to "docker" | "dangerous"; removed code paths handling "custom" mode and imageName destructuring; simplified getSandboxMode return type.
Local Package Core packages/local/src/index.ts, packages/local/src/__tests__/utils.test.ts, packages/local/package.json	Removed image config option; centralized DEFAULT_IMAGE usage; removed "custom" mode from getMode() return type; simplified Sandbox Mode Detection tests by removing defaultImage-dependent test cases; bumped version to 0.3.0.
Chat & API Handlers app/api/chat/[id]/stream/route.ts, lib/api/chat-handler.ts, lib/api/chat-stream-helpers.ts, lib/chat/chat-processor.ts	Formatting and multi-line restructuring of function calls and time calculations; quote style normalization; no functional logic changes.
Utilities & Documentation lib/utils/message-processor.ts, lib/ai/tools/utils/retry-with-backoff.ts, README.md	Generic type declaration formatting; setTimeout cleanup call reformatting; README bullet point correction.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Daily branch 2025 09 30 #41: Both PRs modify sandbox/local-execution surfaces and remove support for custom local images, updating ConnectionInfo/mode types and sandbox utilities.
• feat: persistent E2B sandbox #4: Both PRs refactor sandbox-related code paths and types across hybrid-sandbox-manager, convex-sandbox utilities, and connection handling.
• feat: Add local sandbox execution support with Docker and CLI tools #114: This PR reverses the custom-mode/imageName additions from that PR by removing "custom" mode and imageName field from the entire stack.

Poem

🐰 Hop, skip, and refactor away!
Custom modes are gone today,
Docker and dangerous remain,
Simpler paths through the terrain. 🎉
One less image in the fray!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Remove custom image option' accurately and concisely summarizes the primary change across the entire pull request, which systematically removes support for custom Docker images throughout the codebase.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}