centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 06:18:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

vendor: docker sandboxes v0.7.1 cli docs

Browse Source 
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson
2026-01-16 15:40:00 +01:00
parent 0019b7c9b1
commit 993a94bab5
28 changed files with 957 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
content/reference/cli/docker/sandbox/create.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_create
title: docker sandbox create
layout: cli
---

6
content/reference/cli/docker/sandbox/create/cagent.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_create_cagent
title: docker sandbox create cagent
layout: cli
---

6
content/reference/cli/docker/sandbox/create/codex.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_create_codex
title: docker sandbox create codex
layout: cli
---

6
content/reference/cli/docker/sandbox/create/gemini.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_create_gemini
title: docker sandbox create gemini
layout: cli
---

6
content/reference/cli/docker/sandbox/create/kiro.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_create_kiro
title: docker sandbox create kiro
layout: cli
---

6
content/reference/cli/docker/sandbox/exec.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_exec
title: docker sandbox exec
layout: cli
---

6
content/reference/cli/docker/sandbox/network/_index.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_network
title: docker sandbox network
layout: cli
---

6
content/reference/cli/docker/sandbox/network/log.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_network_log
title: docker sandbox network log
layout: cli
---

6
content/reference/cli/docker/sandbox/network/proxy.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_network_proxy
title: docker sandbox network proxy
layout: cli
---

6
content/reference/cli/docker/sandbox/reset.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_reset
title: docker sandbox reset
layout: cli
---

6
content/reference/cli/docker/sandbox/stop.md Normal file
View File

@@ -0,0 +1,6 @@
---
datafolder: sandbox-cli
datafile: docker_sandbox_stop
title: docker sandbox stop
layout: cli
---

22
data/sandbox-cli/docker_sandbox.yaml
View File

@@ -5,16 +5,24 @@ usage: docker sandbox
pname: docker
plink: docker.yaml
cname:
- docker sandbox inspect
- docker sandbox create
- docker sandbox exec
- docker sandbox ls
- docker sandbox network
- docker sandbox reset
- docker sandbox rm
- docker sandbox run
- docker sandbox stop
- docker sandbox version
clink:
- docker_sandbox_inspect.yaml
- docker_sandbox_create.yaml
- docker_sandbox_exec.yaml
- docker_sandbox_ls.yaml
- docker_sandbox_network.yaml
- docker_sandbox_reset.yaml
- docker_sandbox_rm.yaml
- docker_sandbox_run.yaml
- docker_sandbox_stop.yaml
- docker_sandbox_version.yaml
options:
- option: debug
@@ -28,6 +36,16 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false

94
data/sandbox-cli/docker_sandbox_create.yaml Normal file
View File

@@ -0,0 +1,94 @@
command: docker sandbox create
short: Create a sandbox for an agent
long: |-
Create a sandbox with access to a host workspace for an agent.
Available agents are provided as subcommands. Use "create AGENT --help" for agent-specific options.
usage: docker sandbox create [OPTIONS] AGENT WORKSPACE
pname: docker sandbox
plink: docker_sandbox.yaml
cname:
- docker sandbox create cagent
- docker sandbox create claude
- docker sandbox create codex
- docker sandbox create gemini
- docker sandbox create kiro
clink:
- docker_sandbox_create_cagent.yaml
- docker_sandbox_create_claude.yaml
- docker_sandbox_create_codex.yaml
- docker_sandbox_create_gemini.yaml
- docker_sandbox_create_kiro.yaml
options:
- option: load-local-template
value_type: bool
default_value: "false"
description: |
Load a locally built template image into the sandbox (useful for testing local changes)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: name
value_type: string
description: |
Name for the sandbox (default: <agent>-<workdir>, letters, numbers, hyphens, and underscores)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool
default_value: "false"
description: Suppress verbose output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: template
shorthand: t
value_type: string
description: |
Container image to use for the sandbox (default: agent-specific image)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
data/sandbox-cli/docker_sandbox_create_cagent.yaml Normal file
View File

@@ -0,0 +1,40 @@
command: docker sandbox create cagent
short: Create a sandbox for cagent
long: |-
Create a sandbox with access to a host workspace for cagent.
The workspace path is required and will be exposed inside the sandbox at the same path as on the host.
Use 'docker sandbox run SANDBOX' to start cagent after creation.
usage: docker sandbox create cagent WORKSPACE
pname: docker sandbox create
plink: docker_sandbox_create.yaml
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

51
data/sandbox-cli/docker_sandbox_create_claude.yaml Normal file
View File

@@ -0,0 +1,51 @@
command: docker sandbox create claude
short: Create a sandbox for claude
long: |-
Create a sandbox with access to a host workspace for claude.
The workspace path is required and will be exposed inside the sandbox at the same path as on the host.
Use 'docker sandbox run SANDBOX' to start claude after creation.
usage: docker sandbox create claude WORKSPACE
pname: docker sandbox create
plink: docker_sandbox_create.yaml
options:
- option: patch-settings
value_type: bool
default_value: "false"
description: Intercept claude settings API call and patch payload
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
data/sandbox-cli/docker_sandbox_create_codex.yaml Normal file
View File

@@ -0,0 +1,40 @@
command: docker sandbox create codex
short: Create a sandbox for codex
long: |-
Create a sandbox with access to a host workspace for codex.
The workspace path is required and will be exposed inside the sandbox at the same path as on the host.
Use 'docker sandbox run SANDBOX' to start codex after creation.
usage: docker sandbox create codex WORKSPACE
pname: docker sandbox create
plink: docker_sandbox_create.yaml
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
data/sandbox-cli/docker_sandbox_create_gemini.yaml Normal file
View File

@@ -0,0 +1,40 @@
command: docker sandbox create gemini
short: Create a sandbox for gemini
long: |-
Create a sandbox with access to a host workspace for gemini.
The workspace path is required and will be exposed inside the sandbox at the same path as on the host.
Use 'docker sandbox run SANDBOX' to start gemini after creation.
usage: docker sandbox create gemini WORKSPACE
pname: docker sandbox create
plink: docker_sandbox_create.yaml
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

40
data/sandbox-cli/docker_sandbox_create_kiro.yaml Normal file
View File

@@ -0,0 +1,40 @@
command: docker sandbox create kiro
short: Create a sandbox for kiro
long: |-
Create a sandbox with access to a host workspace for kiro.
The workspace path is required and will be exposed inside the sandbox at the same path as on the host.
Use 'docker sandbox run SANDBOX' to start kiro after creation.
usage: docker sandbox create kiro WORKSPACE
pname: docker sandbox create
plink: docker_sandbox_create.yaml
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

132
data/sandbox-cli/docker_sandbox_exec.yaml Normal file
View File

@@ -0,0 +1,132 @@
command: docker sandbox exec
short: Execute a command inside a sandbox
long: |-
Execute a command in a sandbox that was previously created with 'docker sandbox create'.
The command and any additional arguments are executed inside the sandbox container.
usage: docker sandbox exec [OPTIONS] SANDBOX COMMAND [ARG...]
pname: docker sandbox
plink: docker_sandbox.yaml
options:
- option: detach
shorthand: d
value_type: bool
default_value: "false"
description: 'Detached mode: run command in the background'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: detach-keys
value_type: string
description: Override the key sequence for detaching a container
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: env
shorthand: e
value_type: stringArray
default_value: '[]'
description: Set environment variables
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: env-file
value_type: stringArray
default_value: '[]'
description: Read in a file of environment variables
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: interactive
shorthand: i
value_type: bool
default_value: "false"
description: Keep STDIN open even if not attached
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: privileged
value_type: bool
default_value: "false"
description: Give extended privileges to the command
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: tty
shorthand: t
value_type: bool
default_value: "false"
description: Allocate a pseudo-TTY
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: user
shorthand: u
value_type: string
description: 'Username or UID (format: <name|uid>[:<group|gid>])'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: workdir
shorthand: w
value_type: string
description: Working directory inside the container
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

90
data/sandbox-cli/docker_sandbox_ls.yaml
View File

@@ -1,14 +1,21 @@
command: docker sandbox ls
aliases: docker sandbox ls, docker sandbox list
short: List sandboxes
long: |-
List all sandboxes.
This command lists all sandboxes using the Docker API.
usage: docker sandbox ls
short: List VMs
long: List all VMs managed by sandboxd with their sandboxes
usage: docker sandbox ls [OPTIONS]
pname: docker sandbox
plink: docker_sandbox.yaml
options:
- option: json
value_type: bool
default_value: "false"
description: Output in JSON format
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: no-trunc
value_type: bool
default_value: "false"
@@ -24,7 +31,7 @@ options:
shorthand: q
value_type: bool
default_value: "false"
description: Only display sandbox IDs
description: Only display VM names
details_url: '#quiet'
deprecated: false
hidden: false
@@ -44,28 +51,38 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### List all sandboxes
### List all VMs
```console
$ docker sandbox ls
SANDBOX ID NAME WORKSPACE CREATED
abc123def my-project /home/user/my-project 2 hours ago
def456ghi ml-work /home/user/ml-projects 1 day ago
VM ID NAME STATUS WORKSPACE SOCKET PATH SANDBOXES AGENTS
abc123def claude-vm running /home/user/my-project /Users/.../docker-1764682554072.sock 2 claude
def456ghi gemini-vm stopped /home/user/ml-projects
```
### Show only sandbox IDs (--quiet) {#quiet}
### Show only VM names (--quiet) {#quiet}
```text
--quiet
```
Output only sandbox IDs:
Output only VM names:
```console
$ docker sandbox ls --quiet
abc123def
def456ghi
claude-vm
gemini-vm
```
### Don't truncate output (--no-trunc) {#no-trunc}
@@ -74,16 +91,49 @@ examples: |-
--no-trunc
```
By default, long sandbox IDs and workspace paths are truncated for readability. Use `--no-trunc` to display the full values:
By default, long VM IDs, workspace paths, and socket paths are truncated for readability. Use `--no-trunc` to display the full values:
```console
$ docker sandbox ls
SANDBOX ID TEMPLATE NAME WORKSPACE STATUS CREATED
abc123def456 ubuntu my-project /home/user/.../my-project running 2 hours ago
VM ID NAME STATUS WORKSPACE SOCKET PATH SANDBOXES AGENTS
abc123def claude-vm running /home/user/.../my-project ...sandboxes/vm/claude-vm/docker.sock 2 claude
$ docker sandbox ls --no-trunc
SANDBOX ID TEMPLATE NAME WORKSPACE STATUS CREATED
abc123def456ghi789jkl ubuntu my-project /home/user/very/long/path/to/my-project running 2 hours ago
VM ID NAME STATUS WORKSPACE SOCKET PATH SANDBOXES AGENTS
abc123def456ghi789jkl claude-vm running /home/user/very/long/path/to/my-project /Users/user/.docker/sandboxes/vm/claude-vm/docker-1764682554072.sock 2 claude
```
### JSON output (--json)
```text
--json
```
Output detailed VM information in JSON format:
```console
$ docker sandbox ls --json
{
"vms": [
{
"name": "claude-vm",
"agent": "claude",
"status": "running",
"socket_path": "/Users/user/.docker/sandboxes/vm/claude-vm/docker-1234567890.sock",
"sandbox_count": 2,
"workspaces": [
"/home/user/my-project",
"/home/user/another-project"
]
},
{
"name": "gemini-vm",
"agent": "gemini",
"status": "stopped",
"sandbox_count": 0
}
]
}
```
deprecated: false
hidden: false

41
data/sandbox-cli/docker_sandbox_network.yaml Normal file
View File

@@ -0,0 +1,41 @@
command: docker sandbox network
short: Manage sandbox networking
long: Manage sandbox networking
usage: docker sandbox network
pname: docker sandbox
plink: docker_sandbox.yaml
cname:
- docker sandbox network log
- docker sandbox network proxy
clink:
- docker_sandbox_network_log.yaml
- docker_sandbox_network_proxy.yaml
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

67
data/sandbox-cli/docker_sandbox_network_log.yaml Normal file
View File

@@ -0,0 +1,67 @@
command: docker sandbox network log
short: Show network logs
long: Show network logs
usage: docker sandbox network log
pname: docker sandbox network
plink: docker_sandbox_network.yaml
options:
- option: json
value_type: bool
default_value: "false"
description: Output in JSON format
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: limit
value_type: int
default_value: "0"
description: Maximum number of log entries to show
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool
default_value: "false"
description: Only display log entries
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

102
data/sandbox-cli/docker_sandbox_network_proxy.yaml Normal file
View File

@@ -0,0 +1,102 @@
command: docker sandbox network proxy
short: Manage proxy configuration for a sandbox
long: Manage proxy configuration for a sandbox
usage: docker sandbox network proxy <sandbox> [OPTIONS]
pname: docker sandbox network
plink: docker_sandbox_network.yaml
options:
- option: allow-cidr
value_type: string
description: |
Remove an IP range in CIDR notation from the block or bypass lists (can be specified multiple times)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: allow-host
value_type: string
description: Permit access to a domain or IP (can be specified multiple times)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: block-cidr
value_type: string
description: |
Block access to an IP range in CIDR notation (can be specified multiple times)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: block-host
value_type: string
description: Block access to a domain or IP (can be specified multiple times)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: bypass-cidr
value_type: string
description: |
Bypass proxy for an IP range in CIDR notation (can be specified multiple times)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: bypass-host
value_type: string
description: Bypass proxy for a domain or IP (can be specified multiple times)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: policy
value_type: allow|deny
description: Set the default policy
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

61
data/sandbox-cli/docker_sandbox_reset.yaml Normal file
View File

@@ -0,0 +1,61 @@
command: docker sandbox reset
short: Reset all VM sandboxes and clean up state
long: |-
Reset all VM sandboxes and permanently delete all VM data.
This command will:
- Stop all running VMs gracefully (30s timeout)
- Delete all VM state directories in ~/.docker/sandboxes/vm/
- Clear all internal registries
The daemon will continue running with fresh state after reset.
⚠️ WARNING: This is a destructive operation that cannot be undone!
All running agents will be forcefully terminated and their work will be lost.
By default, you will be prompted to confirm (y/N).
Use --force to skip the confirmation prompt.
usage: docker sandbox reset [OPTIONS]
pname: docker sandbox
plink: docker_sandbox.yaml
options:
- option: force
shorthand: f
value_type: bool
default_value: "false"
description: Skip confirmation prompt
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

19
data/sandbox-cli/docker_sandbox_rm.yaml
View File

@@ -1,10 +1,13 @@
command: docker sandbox rm
aliases: docker sandbox rm, docker sandbox remove
short: Remove one or more sandboxes
long: |-
Remove one or more sandboxes by their IDs or names.
Remove one or more sandboxes and all their associated resources.
This command removes the specified sandboxes. Each sandbox is identified by its unique ID or name.
usage: docker sandbox rm [OPTIONS] SANDBOX [SANDBOX...]
This command will:
- Check if the sandbox exists
- Remove the sandbox and clean up its associated resources
usage: docker sandbox rm SANDBOX [SANDBOX...]
pname: docker sandbox
plink: docker_sandbox.yaml
inherited_options:
@@ -19,6 +22,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Remove a sandbox

117
data/sandbox-cli/docker_sandbox_run.yaml
View File

@@ -1,55 +1,38 @@
command: docker sandbox run
short: Run an AI agent inside a sandbox
short: Run an agent in a sandbox
long: |-
Run an AI agent inside a sandbox with access to a host workspace.
Run an agent in a sandbox. Create the sandbox if it does not exist.
The agent argument must be one of: claude, gemini.
Agent-specific options can be passed after the agent name.
If no workspace is specified via the "--workspace" option, the current working directory is used.
The workspace is exposed inside the sandbox at the same path as on the host.
usage: docker sandbox run [options] <agent> [agent-options]
Pass agent arguments after the "--" separator.
Examples:
# Create and run a sandbox with claude in current directory
docker sandbox run claude .
# Run an existing sandbox
docker sandbox run existing-sandbox
# Run a sandbox with agent arguments
docker sandbox run claude . -- -p "What version are you running?"
usage: docker sandbox run SANDBOX [-- AGENT_ARGS...] | AGENT WORKSPACE [-- AGENT_ARGS...]
pname: docker sandbox
plink: docker_sandbox.yaml
options:
- option: credentials
value_type: string
default_value: sandbox
description: Credentials source (host, sandbox, or none)
details_url: '#credentials'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: detached
shorthand: d
value_type: bool
default_value: "false"
description: Create sandbox without running agent interactively
description: Return sandbox ID without running agent (hidden, for testing)
deprecated: false
hidden: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: env
shorthand: e
value_type: stringSlice
default_value: '[]'
description: 'Set environment variables (format: KEY=VALUE)'
details_url: '#env'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: mount-docker-socket
- option: load-local-template
value_type: bool
default_value: "false"
description: Mount the host's Docker socket into the sandbox
details_url: '#mount-docker-socket'
description: Load a locally built template image into the sandbox
deprecated: false
hidden: false
experimental: false
@@ -58,7 +41,7 @@ options:
swarm: false
- option: name
value_type: string
description: Name for the sandbox
description: 'Name for the sandbox (default: <agent>-<workdir>)'
details_url: '#name'
deprecated: false
hidden: false
@@ -66,17 +49,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool
default_value: "false"
description: Suppress verbose output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: template
shorthand: t
value_type: string
@@ -89,31 +61,6 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: volume
shorthand: v
value_type: stringSlice
default_value: '[]'
description: |
Bind mount a volume or host file or directory into the sandbox (format: hostpath:sandboxpath[:readonly|:ro])
details_url: '#volume'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: workspace
shorthand: w
value_type: string
default_value: .
description: Workspace path
details_url: '#workspace'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: debug
shorthand: D
@@ -126,6 +73,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Run Claude in the current directory
@@ -197,22 +154,6 @@ examples: |-
Use `:ro` or `:readonly` to make mounts read-only.
### Configure credential access (--credentials) {#credentials}
```text
--credentials MODE
```
Control how the agent accesses credentials. Valid modes are:
- `sandbox` (default): Authenticate once and share credentials across sandboxes
- `host`: Share host credentials (~/.gitconfig, ~/.ssh, etc.)
- `none`: Handle authentication manually
```console
$ docker sandbox run --credentials host claude
```
### Use a custom base image (-t, --template) {#template}
```text

36
data/sandbox-cli/docker_sandbox_stop.yaml Normal file
View File

@@ -0,0 +1,36 @@
command: docker sandbox stop
short: Stop one or more sandboxes without removing them
long: |
Stop one or more sandboxes without removing them. The sandboxes can be restarted later.
usage: docker sandbox stop SANDBOX [SANDBOX...]
pname: docker sandbox
plink: docker_sandbox.yaml
inherited_options:
- option: debug
shorthand: D
value_type: bool
default_value: "false"
description: Enable debug logging
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false

14
data/sandbox-cli/docker_sandbox_version.yaml
View File

@@ -1,6 +1,6 @@
command: docker sandbox version
short: Show sandboxd version information
long: Show sandboxd version information
short: Show sandbox version information
long: Show sandbox version information
usage: docker sandbox version
pname: docker sandbox
plink: docker_sandbox.yaml
@@ -16,6 +16,16 @@ inherited_options:
experimentalcli: false
kubernetes: false
swarm: false
- option: socket
value_type: string
description: |
Connect to daemon at specific socket path (for development/debugging)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
deprecated: false
hidden: false
experimental: false