{"id":50667083,"url":"https://github.com/servusdei2018/sandbox","last_synced_at":"2026-06-08T07:30:53.777Z","repository":{"id":346957182,"uuid":"1192330442","full_name":"servusdei2018/sandbox","owner":"servusdei2018","description":"ephemeral agentic development sandboxes","archived":false,"fork":false,"pushed_at":"2026-05-07T04:11:38.000Z","size":101,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-07T05:20:06.029Z","etag":null,"topics":["claude-code","codex-cli","gemini-cli","kilo-code","opencode"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/servusdei2018.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-26T05:30:32.000Z","updated_at":"2026-05-07T04:11:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/servusdei2018/sandbox","commit_stats":null,"previous_names":["servusdei2018/sandbox"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/servusdei2018/sandbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/servusdei2018%2Fsandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/servusdei2018%2Fsandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/servusdei2018%2Fsandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/servusdei2018%2Fsandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/servusdei2018","download_url":"https://codeload.github.com/servusdei2018/sandbox/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/servusdei2018%2Fsandbox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34053434,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","codex-cli","gemini-cli","kilo-code","opencode"],"created_at":"2026-06-08T07:30:46.295Z","updated_at":"2026-06-08T07:30:53.772Z","avatar_url":"https://github.com/servusdei2018.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\".github/assets/sandbox.svg\" alt=\"Sandbox Logo\" width=\"400\"\u003e\n\u003c/p\u003e\n\n# Sandbox \u0026nbsp; [![CI](https://github.com/servusdei2018/sandbox/actions/workflows/test.yml/badge.svg)](https://github.com/servusdei2018/sandbox/actions)\n\nSandbox lets you run coding agents like Claude Code, Gemini CLI, and Codex, as well as runtimes like Go, Python, and Node, all within the safety of isolated Docker containers.\n\nSandbox automatically maps your current directory into a fresh container, protects your secrets, and cleans up after itself.\n\n## Why Sandbox?\n\nAI coding agents are powerful, but giving them full access to your terminal is risky. A small mistake can compromise your code or leak sensitive secrets.\n\nSandbox keeps these agents inside a secure Docker container, allowing them to work in your workspace without exposing your entire system. It’s fast, automatic, and designed to be secure from the start.\n\n- **Invisible Docker**: You run your commands, and we manage the container lifecycle for you.\n- **Automatic Mounting**: Your current directory is mapped directly to /work inside the container.\n- **Secret Management**: We help protect your AWS keys and GitHub tokens so they aren't shared with AI models by default.\n- **Smart Detection**: We automatically pick the right environment for you. If you run \"sandbox run python,\" you get a Python environment.\n- **High Performance**: Once the image is downloaded, your environment starts in less than two seconds.\n- **Ephemeral Environments**: All containers are cleaned up automatically as soon as they're no longer needed.\n\n## Getting Started\n\n### Prerequisites\n- Go 1.21 or newer (to build)\n- Docker Desktop, OrbStack, Rancher Desktop, or Podman\n\n### Installation\n\n#### From Source\n\n```bash\ngit clone https://github.com/servusdei2018/sandbox\ncd sandbox\nmake build-prod\nsudo mv bin/sandbox /usr/local/bin/\n```\n\n#### Via Go\n\n```bash\ngo install github.com/servusdei2018/sandbox/cmd/sandbox@latest\n```\n\n## How to use it\n\nIt's as simple as prepending `sandbox run` to whatever command you want to execute safely.\n\n```bash\n# General commands\nsandbox run echo \"Hello from inside the box\"\nsandbox run sh -c \"ls /work\"\n\n# Agents (we'll automatically pull the right image)\nsandbox run claude\nsandbox run gemini --help\n\n# Languages and tools\nsandbox run python -c \"print('hello')\"\nsandbox run node -e \"console.log('hello')\"\nsandbox run bun run index.ts\n```\n\n### Advanced Usage\n\n```bash\n# Need a specific version? Override the image:\nsandbox run --image python:3.11-slim python app.py\n\n# Got a long-running task? Dial up the timeout:\nsandbox run --timeout 15m python train.py\n\n# Need to poke around after a crash? Keep the container:\nsandbox run --keep sh\n\n# Use a custom seccomp profile:\nsandbox run --seccomp ./my-profile.json python app.py\n\n# Clean up stopped containers created by sandbox:\nsandbox prune\n```\n\nYou can manage configuration with `sandbox config` or clean up stopped containers with `sandbox prune`. Use `sandbox --help` to see all available commands.\n\n### Developing\n\nWant to contribute? \n\n```bash\nmake help              # Show all available targets\nmake build             # Build debug binary to ./bin/sandbox\nmake build-prod        # Build production binary\nmake test              # Run unit tests\nmake test-integration  # Run Docker integration tests\nmake lint              # Run golangci-lint\nmake fmt               # Format the code\n```\n\n## Supported Agents \u0026 Runtimes\n\nOut of the box, `sandbox` automatically detects and routes the following tools to their appropriate base images:\n\n**Coding Agents:**\n- Claude Code (`claude`)\n- Gemini CLI (`gemini`)\n- Codex (`codex`)\n- Kilocode (`kilo`, `kilocode`)\n- OpenCode (`opencode`)\n\n**Runtimes \u0026 Package Managers:**\n- Python (`python`, `python3`, `pip`, `pip3`)\n- Node.js (`node`, `npm`, `npx`)\n- Bun (`bun`, `bunx`)\n- Go (`go`)\n- Rust (`cargo`, `rustc`)\n- Ruby (`ruby`, `gem`)\n- PHP (`php`, `composer`)\n- Java (`java`, `javac`, `mvn`)\n\n*(If a command doesn't match these, it falls back to a generic Alpine Linux image.)*\n\n## Security \u0026 Isolation\n\nSandbox is designed to be \"secure by default\" when running untrusted code. Every container is hardened with:\n\n- **Seccomp Security**: We block sensitive system calls like mount and ptrace to help prevent any accidental container escapes.\n- **Read-Only Root**: The container's root filesystem is locked down, so only your project workspace and /tmp are writable.\n- **Unprivileged Access**: All processes run as a standard user instead of root, adding another layer of safety.\n- **Resource Management**: We limit memory, CPU, and process usage to ensure your system stays stable and avoids exhaustion.\n- **Risk Mitigation**: High-risk system capabilities are disabled to keep the environment restricted.\n\n## Configuration\n\nSandbox is highly configurable via two levels of configuration:\n\n1. **Global Configuration** (`~/.sandbox/config.yaml`): Configures global container limits, default base images, and environment variable allowlists/blocklists.\n2. **Workspace Configuration** (`.sandbox.yml`): Provides project-level customization such as pre-run dependency setup scripts.\n\nFor detailed information on configuring Sandbox, please see the [Configuration Guide](docs/configuration.md).\n\n## License\n\nMIT License. See [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fservusdei2018%2Fsandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fservusdei2018%2Fsandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fservusdei2018%2Fsandbox/lists"}