Run coding agents in a locked-down local sandbox with repo-only filesystem access and controlled egress using agent-sandbox
Put Claude Code, Codex, Gemini, or other supported agent CLIs inside a persistent local sandbox instead of letting them operate directly on the host.
What it does
Run coding agents in a locked-down local sandbox with repo-only filesystem access and controlled egress using agent-sandbox
Put Claude Code, Codex, Gemini, or other supported agent CLIs inside a persistent local sandbox instead of letting them operate directly on the host.
Prerequisites
Docker-compatible runtime, VM layer such as Colima, terminal or supported devcontainer IDE
Installation
Use the upstream install or setup path that matches your environment:
- brew install colima docker docker-compose docker-buildx
Requirements and caveats from upstream:
- Target platform: Colima + Docker Engine on Apple Silicon. Should work with any Docker-compatible runtime.
-
1. Install prerequisites
- You need a VM and Docker installed. This can be done in a variety of ways.
Basic usage or getting-started notes:
-
Run AI coding agents in a locked-down local sandbox with:
-
CLI (preferred) - run the agent in a terminal session using agentbox exec.
-
Extracted from upstream docs: https://raw.githubusercontent.com/mattolson/agent-sandbox/HEAD/README.md
Documentation
Source
Capabilities
Install
Quality
deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,505 chars)