dirigence/sandcage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 1 Branch 0 Tags
1a31d05e7c08df4bcfe4b48a69b85d79a2f1c867
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
sandcage-export 1a31d05e7c 🥇 export from upstream (3866546)
2026-05-22 23:07:47 +02:00
compose
🥇 export from upstream (3866546)
2026-05-22 23:07:47 +02:00
crates/sandcage
🥇 export from upstream (3866546)
2026-05-22 23:07:47 +02:00
scripts
🥇 export from upstream (1865b00)
2026-05-22 02:05:16 +02:00
templates/claude
🥇 export from upstream (be15b0d)
2026-05-21 23:15:51 +02:00
.gitattributes
🥇 export from upstream (be15b0d)
2026-05-21 23:15:51 +02:00
.gitignore
🥇 export from upstream (be15b0d)
2026-05-21 23:15:51 +02:00
.python-version
🥇 export from upstream (be15b0d)
2026-05-21 23:15:51 +02:00
Cargo.lock
🥇 export from upstream (cdd2f6d)
2026-05-22 15:30:15 +02:00
Cargo.toml
🥇 export from upstream (cdd2f6d)
2026-05-22 15:30:15 +02:00
justfile
🥇 export from upstream (2df0c14)
2026-05-22 20:06:01 +02:00
pyproject.toml
🥇 export from upstream (be15b0d)
2026-05-21 23:15:51 +02:00
README.md
🥇 export from upstream (2df0c14)
2026-05-22 20:06:01 +02:00
uv.lock
🥇 export from upstream (be15b0d)
2026-05-21 23:15:51 +02:00

README.md

Sandcage

Sandcage runs AI coding agents (Claude Code, Codex) in isolated Docker containers. Each agent gets a full development environment with your project mounted as a workspace, while your host session and credentials stay private.

Why

Running AI agents directly on your machine means they share your shell, your credentials, and your session history. Sandcage gives each agent its own container with the tools it needs, while keeping your host environment untouched.

Agents in different containers can still see each other's work through shared sandbox state (~/.sandcage/), enabling session handoffs between agents working on different branches or worktrees.

Quick Start

Prerequisites

  • Docker (daemon must be running)
  • Rust toolchain (cargo) — or download a prebuilt binary from Releases

Install

cargo install --git https://github.com/dirigence/sandcage

Or from a local checkout:

cargo install --path crates/sandcage

Build the images

sandcage build

This builds three images: sandcage-base, sandcage-claude, and sandcage-codex. Images whose Dockerfile hasn't changed are skipped automatically. Use --force to rebuild unconditionally.

Run an agent

sandcage claude                      # Claude Code in current directory
sandcage claude -p ~/project         # Claude Code in a specific project
sandcage claude -- --resume          # forward --resume to Claude Code
sandcage codex -p ~/project          # Codex in a specific project
sandcage shell                       # interactive shell, same environment
sandcage claude --shell              # shell in the Claude image (for debugging)

The workspace is resolved to the git repo root automatically. Inside a git worktree, the worktree root is used instead. Arguments after -- are forwarded to the agent inside the container.

Initialize a project

sandcage init

Detects the language ecosystem (Rust, Node, Python, Go) and generates a .sandcage.yml with suggested configuration.

Configuration

Configuration is layered: compiled defaults → ~/.sandcage/config.toml.sandcage.yml → CLI flags

Project configuration (.sandcage.yml)

env:
  DATABASE_URL: "postgres://localhost:5432/dev"
packages:
  - ripgrep
  - fd-find
toolchains:
  rust: "stable"
  node: "20"
mounts:
  - /data/models:/models:ro
shell: zsh

Architecture

Images (3-tier)

Image Base Adds
sandcage-base Debian bookworm-slim git, ripgrep, fd, jq, curl, zsh, bash, sudo, just, uv
sandcage-claude sandcage-base Claude Code CLI
sandcage-codex sandcage-base Codex binary (multi-arch)

License

MIT

Reference in New Issue View Git Blame Copy Permalink
S
Description
Agent Sandboxing
Readme 958 KiB
Languages
Rust 99.9%
Just 0.1%