🥇 export from upstream (6de9a7a)

README.md

@@ -22,7 +22,7 @@
 
 ### Planned Features
 
-- **Support for custom harnesses** — bring your own agent runtime, not just Claude Code and Codex
+- **Support for custom harnesses** — bring your own agent runtime beyond the built-in Claude Code, Codex, and Gemini CLI
 - **Full encapsulation hardening** — for worker and CI environments, ensuring complete sandboxing of file system, network, and credentials
 - **ACP integration** via [`dirigate`](https://github.com/dirigence/dirigate) — Agent Communication Protocol support for structured agent orchestration
 
@@ -42,7 +42,7 @@ Multiple agents can run side by side. A persistent home directory means config a
   <img src="topology.svg" alt="Sandcage topology — host, Docker, container, volume mounts" width="720">
 </p>
 
-1. You run `sandcage claude` (or `codex`, or `shell`) from your project directory
+1. You run `sandcage claude` (or `codex`, `gemini`, or `shell`) from your project directory
 2. Sandcage resolves your workspace to the git root and builds Docker compose arguments
 3. Your project, persistent home, and (optionally) SSH keys are mounted into the container
 4. The agent runs as the container entrypoint, working in the mounted workspace
@@ -64,7 +64,7 @@ cargo install --git https://github.com/dirigence/sandcage
 ### Build images and run
 
 ```bash
-sandcage build           # build base and codex images
+sandcage build              # build container image
 sandcage claude              # start Claude Code in the current project
 ```
 
@@ -76,6 +76,7 @@ That is it. Sandcage resolves your project to its git root, mounts it into the c
 sandcage claude -p ~/project         # run in a specific project
 sandcage claude -- --resume          # forward args to the agent
 sandcage codex -p ~/project          # run Codex instead
+sandcage gemini -p ~/project         # run Gemini CLI instead
 sandcage shell                        # interactive shell, same environment
 sandcage claude --shell              # shell in the Claude image (debugging)
 sandcage init                         # detect ecosystem, generate .sandcage.yml
@@ -113,6 +114,16 @@ agent_args:
   claude:
     - --dangerously-skip-permissions
 shell: zsh
+
+# Enable/disable built-in services
+services:
+  gemini:
+    enabled: false
+
+# Control which services `sandcage build` prepares by default
+# default_services:
+#   - claude
+#   - shell
 ```
 
 SSH key access is configured separately via `sandcage setup ssh`, which selects only the keys needed for git and copies them into a dedicated Docker volume.
@@ -123,9 +134,9 @@ Run `sandcage init` to generate a starter config — it detects your project eco
 
 Sandcage uses a single image (`sandcage`) based on Debian bookworm-slim, packed with dev tools: git, openssh-client, ripgrep, fd, jq, curl, zsh, bash, sudo, just, and uv.
 
-AI agents (Claude Code, Codex) are installed on first run into the persistent home directory and auto-update themselves — no agent binaries baked into the image.
+AI agents (Claude Code, Codex, Gemini CLI) are installed on first run into the persistent home directory and auto-update themselves — no agent binaries baked into the image.
 
-Build with `sandcage build`. Use `--force` to rebuild unconditionally.
+Build with `sandcage build`. Use `--force` to rebuild unconditionally. You can also specify which services to build: `sandcage build claude codex`.
 
 ## Cross-Platform