From 993a94bab54df59e4613f629ac9280e0cbd1aa8c Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Fri, 16 Jan 2026 15:40:00 +0100 Subject: [PATCH] vendor: docker sandboxes v0.7.1 cli docs Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- .../reference/cli/docker/sandbox/create.md | 6 + .../cli/docker/sandbox/create/cagent.md | 6 + .../cli/docker/sandbox/create/codex.md | 6 + .../cli/docker/sandbox/create/gemini.md | 6 + .../cli/docker/sandbox/create/kiro.md | 6 + content/reference/cli/docker/sandbox/exec.md | 6 + .../cli/docker/sandbox/network/_index.md | 6 + .../cli/docker/sandbox/network/log.md | 6 + .../cli/docker/sandbox/network/proxy.md | 6 + content/reference/cli/docker/sandbox/reset.md | 6 + content/reference/cli/docker/sandbox/stop.md | 6 + data/sandbox-cli/docker_sandbox.yaml | 22 ++- data/sandbox-cli/docker_sandbox_create.yaml | 94 +++++++++++++ .../docker_sandbox_create_cagent.yaml | 40 ++++++ .../docker_sandbox_create_claude.yaml | 51 +++++++ .../docker_sandbox_create_codex.yaml | 40 ++++++ .../docker_sandbox_create_gemini.yaml | 40 ++++++ .../docker_sandbox_create_kiro.yaml | 40 ++++++ data/sandbox-cli/docker_sandbox_exec.yaml | 132 ++++++++++++++++++ data/sandbox-cli/docker_sandbox_ls.yaml | 90 +++++++++--- data/sandbox-cli/docker_sandbox_network.yaml | 41 ++++++ .../docker_sandbox_network_log.yaml | 67 +++++++++ .../docker_sandbox_network_proxy.yaml | 102 ++++++++++++++ data/sandbox-cli/docker_sandbox_reset.yaml | 61 ++++++++ data/sandbox-cli/docker_sandbox_rm.yaml | 19 ++- data/sandbox-cli/docker_sandbox_run.yaml | 117 ++++------------ data/sandbox-cli/docker_sandbox_stop.yaml | 36 +++++ data/sandbox-cli/docker_sandbox_version.yaml | 14 +- 28 files changed, 957 insertions(+), 115 deletions(-) create mode 100644 content/reference/cli/docker/sandbox/create.md create mode 100644 content/reference/cli/docker/sandbox/create/cagent.md create mode 100644 content/reference/cli/docker/sandbox/create/codex.md create mode 100644 content/reference/cli/docker/sandbox/create/gemini.md create mode 100644 content/reference/cli/docker/sandbox/create/kiro.md create mode 100644 content/reference/cli/docker/sandbox/exec.md create mode 100644 content/reference/cli/docker/sandbox/network/_index.md create mode 100644 content/reference/cli/docker/sandbox/network/log.md create mode 100644 content/reference/cli/docker/sandbox/network/proxy.md create mode 100644 content/reference/cli/docker/sandbox/reset.md create mode 100644 content/reference/cli/docker/sandbox/stop.md create mode 100644 data/sandbox-cli/docker_sandbox_create.yaml create mode 100644 data/sandbox-cli/docker_sandbox_create_cagent.yaml create mode 100644 data/sandbox-cli/docker_sandbox_create_claude.yaml create mode 100644 data/sandbox-cli/docker_sandbox_create_codex.yaml create mode 100644 data/sandbox-cli/docker_sandbox_create_gemini.yaml create mode 100644 data/sandbox-cli/docker_sandbox_create_kiro.yaml create mode 100644 data/sandbox-cli/docker_sandbox_exec.yaml create mode 100644 data/sandbox-cli/docker_sandbox_network.yaml create mode 100644 data/sandbox-cli/docker_sandbox_network_log.yaml create mode 100644 data/sandbox-cli/docker_sandbox_network_proxy.yaml create mode 100644 data/sandbox-cli/docker_sandbox_reset.yaml create mode 100644 data/sandbox-cli/docker_sandbox_stop.yaml diff --git a/content/reference/cli/docker/sandbox/create.md b/content/reference/cli/docker/sandbox/create.md new file mode 100644 index 0000000000..84fa5bff7e --- /dev/null +++ b/content/reference/cli/docker/sandbox/create.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_create +title: docker sandbox create +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/create/cagent.md b/content/reference/cli/docker/sandbox/create/cagent.md new file mode 100644 index 0000000000..6e591150fc --- /dev/null +++ b/content/reference/cli/docker/sandbox/create/cagent.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_create_cagent +title: docker sandbox create cagent +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/create/codex.md b/content/reference/cli/docker/sandbox/create/codex.md new file mode 100644 index 0000000000..ffd660d6dd --- /dev/null +++ b/content/reference/cli/docker/sandbox/create/codex.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_create_codex +title: docker sandbox create codex +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/create/gemini.md b/content/reference/cli/docker/sandbox/create/gemini.md new file mode 100644 index 0000000000..e047236c5e --- /dev/null +++ b/content/reference/cli/docker/sandbox/create/gemini.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_create_gemini +title: docker sandbox create gemini +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/create/kiro.md b/content/reference/cli/docker/sandbox/create/kiro.md new file mode 100644 index 0000000000..2acff89955 --- /dev/null +++ b/content/reference/cli/docker/sandbox/create/kiro.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_create_kiro +title: docker sandbox create kiro +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/exec.md b/content/reference/cli/docker/sandbox/exec.md new file mode 100644 index 0000000000..48ef9655da --- /dev/null +++ b/content/reference/cli/docker/sandbox/exec.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_exec +title: docker sandbox exec +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/network/_index.md b/content/reference/cli/docker/sandbox/network/_index.md new file mode 100644 index 0000000000..e9b8f8ad05 --- /dev/null +++ b/content/reference/cli/docker/sandbox/network/_index.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_network +title: docker sandbox network +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/network/log.md b/content/reference/cli/docker/sandbox/network/log.md new file mode 100644 index 0000000000..038b8ebbad --- /dev/null +++ b/content/reference/cli/docker/sandbox/network/log.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_network_log +title: docker sandbox network log +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/network/proxy.md b/content/reference/cli/docker/sandbox/network/proxy.md new file mode 100644 index 0000000000..56fd1f5648 --- /dev/null +++ b/content/reference/cli/docker/sandbox/network/proxy.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_network_proxy +title: docker sandbox network proxy +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/reset.md b/content/reference/cli/docker/sandbox/reset.md new file mode 100644 index 0000000000..a2c80836e8 --- /dev/null +++ b/content/reference/cli/docker/sandbox/reset.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_reset +title: docker sandbox reset +layout: cli +--- diff --git a/content/reference/cli/docker/sandbox/stop.md b/content/reference/cli/docker/sandbox/stop.md new file mode 100644 index 0000000000..0048464da3 --- /dev/null +++ b/content/reference/cli/docker/sandbox/stop.md @@ -0,0 +1,6 @@ +--- +datafolder: sandbox-cli +datafile: docker_sandbox_stop +title: docker sandbox stop +layout: cli +--- diff --git a/data/sandbox-cli/docker_sandbox.yaml b/data/sandbox-cli/docker_sandbox.yaml index 151e981725..851e10ad87 100644 --- a/data/sandbox-cli/docker_sandbox.yaml +++ b/data/sandbox-cli/docker_sandbox.yaml @@ -5,16 +5,24 @@ usage: docker sandbox pname: docker plink: docker.yaml cname: - - docker sandbox inspect + - docker sandbox create + - docker sandbox exec - docker sandbox ls + - docker sandbox network + - docker sandbox reset - docker sandbox rm - docker sandbox run + - docker sandbox stop - docker sandbox version clink: - - docker_sandbox_inspect.yaml + - docker_sandbox_create.yaml + - docker_sandbox_exec.yaml - docker_sandbox_ls.yaml + - docker_sandbox_network.yaml + - docker_sandbox_reset.yaml - docker_sandbox_rm.yaml - docker_sandbox_run.yaml + - docker_sandbox_stop.yaml - docker_sandbox_version.yaml options: - option: debug @@ -28,6 +36,16 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false deprecated: false hidden: false experimental: false diff --git a/data/sandbox-cli/docker_sandbox_create.yaml b/data/sandbox-cli/docker_sandbox_create.yaml new file mode 100644 index 0000000000..ea3dbc0ed9 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_create.yaml @@ -0,0 +1,94 @@ +command: docker sandbox create +short: Create a sandbox for an agent +long: |- + Create a sandbox with access to a host workspace for an agent. + + Available agents are provided as subcommands. Use "create AGENT --help" for agent-specific options. +usage: docker sandbox create [OPTIONS] AGENT WORKSPACE +pname: docker sandbox +plink: docker_sandbox.yaml +cname: + - docker sandbox create cagent + - docker sandbox create claude + - docker sandbox create codex + - docker sandbox create gemini + - docker sandbox create kiro +clink: + - docker_sandbox_create_cagent.yaml + - docker_sandbox_create_claude.yaml + - docker_sandbox_create_codex.yaml + - docker_sandbox_create_gemini.yaml + - docker_sandbox_create_kiro.yaml +options: + - option: load-local-template + value_type: bool + default_value: "false" + description: | + Load a locally built template image into the sandbox (useful for testing local changes) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: name + value_type: string + description: | + Name for the sandbox (default: -, letters, numbers, hyphens, and underscores) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: quiet + shorthand: q + value_type: bool + default_value: "false" + description: Suppress verbose output + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: template + shorthand: t + value_type: string + description: | + Container image to use for the sandbox (default: agent-specific image) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_create_cagent.yaml b/data/sandbox-cli/docker_sandbox_create_cagent.yaml new file mode 100644 index 0000000000..6b9035b0fe --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_create_cagent.yaml @@ -0,0 +1,40 @@ +command: docker sandbox create cagent +short: Create a sandbox for cagent +long: |- + Create a sandbox with access to a host workspace for cagent. + + The workspace path is required and will be exposed inside the sandbox at the same path as on the host. + + Use 'docker sandbox run SANDBOX' to start cagent after creation. +usage: docker sandbox create cagent WORKSPACE +pname: docker sandbox create +plink: docker_sandbox_create.yaml +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_create_claude.yaml b/data/sandbox-cli/docker_sandbox_create_claude.yaml new file mode 100644 index 0000000000..e1ecab4613 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_create_claude.yaml @@ -0,0 +1,51 @@ +command: docker sandbox create claude +short: Create a sandbox for claude +long: |- + Create a sandbox with access to a host workspace for claude. + + The workspace path is required and will be exposed inside the sandbox at the same path as on the host. + + Use 'docker sandbox run SANDBOX' to start claude after creation. +usage: docker sandbox create claude WORKSPACE +pname: docker sandbox create +plink: docker_sandbox_create.yaml +options: + - option: patch-settings + value_type: bool + default_value: "false" + description: Intercept claude settings API call and patch payload + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_create_codex.yaml b/data/sandbox-cli/docker_sandbox_create_codex.yaml new file mode 100644 index 0000000000..b5ed8c460e --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_create_codex.yaml @@ -0,0 +1,40 @@ +command: docker sandbox create codex +short: Create a sandbox for codex +long: |- + Create a sandbox with access to a host workspace for codex. + + The workspace path is required and will be exposed inside the sandbox at the same path as on the host. + + Use 'docker sandbox run SANDBOX' to start codex after creation. +usage: docker sandbox create codex WORKSPACE +pname: docker sandbox create +plink: docker_sandbox_create.yaml +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_create_gemini.yaml b/data/sandbox-cli/docker_sandbox_create_gemini.yaml new file mode 100644 index 0000000000..6b7a0ec119 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_create_gemini.yaml @@ -0,0 +1,40 @@ +command: docker sandbox create gemini +short: Create a sandbox for gemini +long: |- + Create a sandbox with access to a host workspace for gemini. + + The workspace path is required and will be exposed inside the sandbox at the same path as on the host. + + Use 'docker sandbox run SANDBOX' to start gemini after creation. +usage: docker sandbox create gemini WORKSPACE +pname: docker sandbox create +plink: docker_sandbox_create.yaml +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_create_kiro.yaml b/data/sandbox-cli/docker_sandbox_create_kiro.yaml new file mode 100644 index 0000000000..0f3fbd29f4 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_create_kiro.yaml @@ -0,0 +1,40 @@ +command: docker sandbox create kiro +short: Create a sandbox for kiro +long: |- + Create a sandbox with access to a host workspace for kiro. + + The workspace path is required and will be exposed inside the sandbox at the same path as on the host. + + Use 'docker sandbox run SANDBOX' to start kiro after creation. +usage: docker sandbox create kiro WORKSPACE +pname: docker sandbox create +plink: docker_sandbox_create.yaml +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_exec.yaml b/data/sandbox-cli/docker_sandbox_exec.yaml new file mode 100644 index 0000000000..096918d4eb --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_exec.yaml @@ -0,0 +1,132 @@ +command: docker sandbox exec +short: Execute a command inside a sandbox +long: |- + Execute a command in a sandbox that was previously created with 'docker sandbox create'. + + The command and any additional arguments are executed inside the sandbox container. +usage: docker sandbox exec [OPTIONS] SANDBOX COMMAND [ARG...] +pname: docker sandbox +plink: docker_sandbox.yaml +options: + - option: detach + shorthand: d + value_type: bool + default_value: "false" + description: 'Detached mode: run command in the background' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: detach-keys + value_type: string + description: Override the key sequence for detaching a container + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: env + shorthand: e + value_type: stringArray + default_value: '[]' + description: Set environment variables + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: env-file + value_type: stringArray + default_value: '[]' + description: Read in a file of environment variables + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: interactive + shorthand: i + value_type: bool + default_value: "false" + description: Keep STDIN open even if not attached + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: privileged + value_type: bool + default_value: "false" + description: Give extended privileges to the command + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: tty + shorthand: t + value_type: bool + default_value: "false" + description: Allocate a pseudo-TTY + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: user + shorthand: u + value_type: string + description: 'Username or UID (format: [:])' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: workdir + shorthand: w + value_type: string + description: Working directory inside the container + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_ls.yaml b/data/sandbox-cli/docker_sandbox_ls.yaml index 60b1c17340..e633f9ac24 100644 --- a/data/sandbox-cli/docker_sandbox_ls.yaml +++ b/data/sandbox-cli/docker_sandbox_ls.yaml @@ -1,14 +1,21 @@ command: docker sandbox ls aliases: docker sandbox ls, docker sandbox list -short: List sandboxes -long: |- - List all sandboxes. - - This command lists all sandboxes using the Docker API. -usage: docker sandbox ls +short: List VMs +long: List all VMs managed by sandboxd with their sandboxes +usage: docker sandbox ls [OPTIONS] pname: docker sandbox plink: docker_sandbox.yaml options: + - option: json + value_type: bool + default_value: "false" + description: Output in JSON format + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: no-trunc value_type: bool default_value: "false" @@ -24,7 +31,7 @@ options: shorthand: q value_type: bool default_value: "false" - description: Only display sandbox IDs + description: Only display VM names details_url: '#quiet' deprecated: false hidden: false @@ -44,28 +51,38 @@ inherited_options: experimentalcli: false kubernetes: false swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false examples: |- - ### List all sandboxes + ### List all VMs ```console $ docker sandbox ls - SANDBOX ID NAME WORKSPACE CREATED - abc123def my-project /home/user/my-project 2 hours ago - def456ghi ml-work /home/user/ml-projects 1 day ago + VM ID NAME STATUS WORKSPACE SOCKET PATH SANDBOXES AGENTS + abc123def claude-vm running /home/user/my-project /Users/.../docker-1764682554072.sock 2 claude + def456ghi gemini-vm stopped /home/user/ml-projects ``` - ### Show only sandbox IDs (--quiet) {#quiet} + ### Show only VM names (--quiet) {#quiet} ```text --quiet ``` - Output only sandbox IDs: + Output only VM names: ```console $ docker sandbox ls --quiet - abc123def - def456ghi + claude-vm + gemini-vm ``` ### Don't truncate output (--no-trunc) {#no-trunc} @@ -74,16 +91,49 @@ examples: |- --no-trunc ``` - By default, long sandbox IDs and workspace paths are truncated for readability. Use `--no-trunc` to display the full values: + By default, long VM IDs, workspace paths, and socket paths are truncated for readability. Use `--no-trunc` to display the full values: ```console $ docker sandbox ls - SANDBOX ID TEMPLATE NAME WORKSPACE STATUS CREATED - abc123def456 ubuntu my-project /home/user/.../my-project running 2 hours ago + VM ID NAME STATUS WORKSPACE SOCKET PATH SANDBOXES AGENTS + abc123def claude-vm running /home/user/.../my-project ...sandboxes/vm/claude-vm/docker.sock 2 claude $ docker sandbox ls --no-trunc - SANDBOX ID TEMPLATE NAME WORKSPACE STATUS CREATED - abc123def456ghi789jkl ubuntu my-project /home/user/very/long/path/to/my-project running 2 hours ago + VM ID NAME STATUS WORKSPACE SOCKET PATH SANDBOXES AGENTS + abc123def456ghi789jkl claude-vm running /home/user/very/long/path/to/my-project /Users/user/.docker/sandboxes/vm/claude-vm/docker-1764682554072.sock 2 claude + ``` + + ### JSON output (--json) + + ```text + --json + ``` + + Output detailed VM information in JSON format: + + ```console + $ docker sandbox ls --json + { + "vms": [ + { + "name": "claude-vm", + "agent": "claude", + "status": "running", + "socket_path": "/Users/user/.docker/sandboxes/vm/claude-vm/docker-1234567890.sock", + "sandbox_count": 2, + "workspaces": [ + "/home/user/my-project", + "/home/user/another-project" + ] + }, + { + "name": "gemini-vm", + "agent": "gemini", + "status": "stopped", + "sandbox_count": 0 + } + ] + } ``` deprecated: false hidden: false diff --git a/data/sandbox-cli/docker_sandbox_network.yaml b/data/sandbox-cli/docker_sandbox_network.yaml new file mode 100644 index 0000000000..9d40fd65c9 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_network.yaml @@ -0,0 +1,41 @@ +command: docker sandbox network +short: Manage sandbox networking +long: Manage sandbox networking +usage: docker sandbox network +pname: docker sandbox +plink: docker_sandbox.yaml +cname: + - docker sandbox network log + - docker sandbox network proxy +clink: + - docker_sandbox_network_log.yaml + - docker_sandbox_network_proxy.yaml +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_network_log.yaml b/data/sandbox-cli/docker_sandbox_network_log.yaml new file mode 100644 index 0000000000..36ad716f47 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_network_log.yaml @@ -0,0 +1,67 @@ +command: docker sandbox network log +short: Show network logs +long: Show network logs +usage: docker sandbox network log +pname: docker sandbox network +plink: docker_sandbox_network.yaml +options: + - option: json + value_type: bool + default_value: "false" + description: Output in JSON format + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: limit + value_type: int + default_value: "0" + description: Maximum number of log entries to show + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: quiet + shorthand: q + value_type: bool + default_value: "false" + description: Only display log entries + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_network_proxy.yaml b/data/sandbox-cli/docker_sandbox_network_proxy.yaml new file mode 100644 index 0000000000..2e068aa8aa --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_network_proxy.yaml @@ -0,0 +1,102 @@ +command: docker sandbox network proxy +short: Manage proxy configuration for a sandbox +long: Manage proxy configuration for a sandbox +usage: docker sandbox network proxy [OPTIONS] +pname: docker sandbox network +plink: docker_sandbox_network.yaml +options: + - option: allow-cidr + value_type: string + description: | + Remove an IP range in CIDR notation from the block or bypass lists (can be specified multiple times) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: allow-host + value_type: string + description: Permit access to a domain or IP (can be specified multiple times) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: block-cidr + value_type: string + description: | + Block access to an IP range in CIDR notation (can be specified multiple times) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: block-host + value_type: string + description: Block access to a domain or IP (can be specified multiple times) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: bypass-cidr + value_type: string + description: | + Bypass proxy for an IP range in CIDR notation (can be specified multiple times) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: bypass-host + value_type: string + description: Bypass proxy for a domain or IP (can be specified multiple times) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: policy + value_type: allow|deny + description: Set the default policy + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_reset.yaml b/data/sandbox-cli/docker_sandbox_reset.yaml new file mode 100644 index 0000000000..41f438c6e9 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_reset.yaml @@ -0,0 +1,61 @@ +command: docker sandbox reset +short: Reset all VM sandboxes and clean up state +long: |- + Reset all VM sandboxes and permanently delete all VM data. + + This command will: + - Stop all running VMs gracefully (30s timeout) + - Delete all VM state directories in ~/.docker/sandboxes/vm/ + - Clear all internal registries + + The daemon will continue running with fresh state after reset. + + ⚠️ WARNING: This is a destructive operation that cannot be undone! + All running agents will be forcefully terminated and their work will be lost. + + By default, you will be prompted to confirm (y/N). + Use --force to skip the confirmation prompt. +usage: docker sandbox reset [OPTIONS] +pname: docker sandbox +plink: docker_sandbox.yaml +options: + - option: force + shorthand: f + value_type: bool + default_value: "false" + description: Skip confirmation prompt + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_rm.yaml b/data/sandbox-cli/docker_sandbox_rm.yaml index 5a7a408823..a26ba4c51f 100644 --- a/data/sandbox-cli/docker_sandbox_rm.yaml +++ b/data/sandbox-cli/docker_sandbox_rm.yaml @@ -1,10 +1,13 @@ command: docker sandbox rm +aliases: docker sandbox rm, docker sandbox remove short: Remove one or more sandboxes long: |- - Remove one or more sandboxes by their IDs or names. + Remove one or more sandboxes and all their associated resources. - This command removes the specified sandboxes. Each sandbox is identified by its unique ID or name. -usage: docker sandbox rm [OPTIONS] SANDBOX [SANDBOX...] + This command will: + - Check if the sandbox exists + - Remove the sandbox and clean up its associated resources +usage: docker sandbox rm SANDBOX [SANDBOX...] pname: docker sandbox plink: docker_sandbox.yaml inherited_options: @@ -19,6 +22,16 @@ inherited_options: experimentalcli: false kubernetes: false swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false examples: |- ### Remove a sandbox diff --git a/data/sandbox-cli/docker_sandbox_run.yaml b/data/sandbox-cli/docker_sandbox_run.yaml index 58f67cac7d..3e7eaefdbe 100644 --- a/data/sandbox-cli/docker_sandbox_run.yaml +++ b/data/sandbox-cli/docker_sandbox_run.yaml @@ -1,55 +1,38 @@ command: docker sandbox run -short: Run an AI agent inside a sandbox +short: Run an agent in a sandbox long: |- - Run an AI agent inside a sandbox with access to a host workspace. + Run an agent in a sandbox. Create the sandbox if it does not exist. - The agent argument must be one of: claude, gemini. - Agent-specific options can be passed after the agent name. - If no workspace is specified via the "--workspace" option, the current working directory is used. - The workspace is exposed inside the sandbox at the same path as on the host. -usage: docker sandbox run [options] [agent-options] + Pass agent arguments after the "--" separator. + + Examples: + # Create and run a sandbox with claude in current directory + docker sandbox run claude . + + # Run an existing sandbox + docker sandbox run existing-sandbox + + # Run a sandbox with agent arguments + docker sandbox run claude . -- -p "What version are you running?" +usage: docker sandbox run SANDBOX [-- AGENT_ARGS...] | AGENT WORKSPACE [-- AGENT_ARGS...] pname: docker sandbox plink: docker_sandbox.yaml options: - - option: credentials - value_type: string - default_value: sandbox - description: Credentials source (host, sandbox, or none) - details_url: '#credentials' - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false - option: detached shorthand: d value_type: bool default_value: "false" - description: Create sandbox without running agent interactively + description: Return sandbox ID without running agent (hidden, for testing) deprecated: false - hidden: false + hidden: true experimental: false experimentalcli: false kubernetes: false swarm: false - - option: env - shorthand: e - value_type: stringSlice - default_value: '[]' - description: 'Set environment variables (format: KEY=VALUE)' - details_url: '#env' - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false - - option: mount-docker-socket + - option: load-local-template value_type: bool default_value: "false" - description: Mount the host's Docker socket into the sandbox - details_url: '#mount-docker-socket' + description: Load a locally built template image into the sandbox deprecated: false hidden: false experimental: false @@ -58,7 +41,7 @@ options: swarm: false - option: name value_type: string - description: Name for the sandbox + description: 'Name for the sandbox (default: -)' details_url: '#name' deprecated: false hidden: false @@ -66,17 +49,6 @@ options: experimentalcli: false kubernetes: false swarm: false - - option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress verbose output - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false - option: template shorthand: t value_type: string @@ -89,31 +61,6 @@ options: experimentalcli: false kubernetes: false swarm: false - - option: volume - shorthand: v - value_type: stringSlice - default_value: '[]' - description: | - Bind mount a volume or host file or directory into the sandbox (format: hostpath:sandboxpath[:readonly|:ro]) - details_url: '#volume' - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false - - option: workspace - shorthand: w - value_type: string - default_value: . - description: Workspace path - details_url: '#workspace' - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false inherited_options: - option: debug shorthand: D @@ -126,6 +73,16 @@ inherited_options: experimentalcli: false kubernetes: false swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false examples: |- ### Run Claude in the current directory @@ -197,22 +154,6 @@ examples: |- Use `:ro` or `:readonly` to make mounts read-only. - ### Configure credential access (--credentials) {#credentials} - - ```text - --credentials MODE - ``` - - Control how the agent accesses credentials. Valid modes are: - - - `sandbox` (default): Authenticate once and share credentials across sandboxes - - `host`: Share host credentials (~/.gitconfig, ~/.ssh, etc.) - - `none`: Handle authentication manually - - ```console - $ docker sandbox run --credentials host claude - ``` - ### Use a custom base image (-t, --template) {#template} ```text diff --git a/data/sandbox-cli/docker_sandbox_stop.yaml b/data/sandbox-cli/docker_sandbox_stop.yaml new file mode 100644 index 0000000000..97551892c3 --- /dev/null +++ b/data/sandbox-cli/docker_sandbox_stop.yaml @@ -0,0 +1,36 @@ +command: docker sandbox stop +short: Stop one or more sandboxes without removing them +long: | + Stop one or more sandboxes without removing them. The sandboxes can be restarted later. +usage: docker sandbox stop SANDBOX [SANDBOX...] +pname: docker sandbox +plink: docker_sandbox.yaml +inherited_options: + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/data/sandbox-cli/docker_sandbox_version.yaml b/data/sandbox-cli/docker_sandbox_version.yaml index 286d5860a6..bd5a940139 100644 --- a/data/sandbox-cli/docker_sandbox_version.yaml +++ b/data/sandbox-cli/docker_sandbox_version.yaml @@ -1,6 +1,6 @@ command: docker sandbox version -short: Show sandboxd version information -long: Show sandboxd version information +short: Show sandbox version information +long: Show sandbox version information usage: docker sandbox version pname: docker sandbox plink: docker_sandbox.yaml @@ -16,6 +16,16 @@ inherited_options: experimentalcli: false kubernetes: false swarm: false + - option: socket + value_type: string + description: | + Connect to daemon at specific socket path (for development/debugging) + deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false deprecated: false hidden: false experimental: false