docker-sandboxlisted

Create, manage, and execute agent tools (claude, codex) inside Docker sandboxes for isolated code execution. Use when running agent loops, spawning tool subprocesses, or any task requiring process isolation. Triggers on "sandbox", "isolated execution", "docker sandbox", "safe agent execution", or when working on agent loop infrastructure.
joelhooks/joelclaw · ★ 57 · DevOps & Infrastructure · score 77

Install: claude install-skill joelhooks/joelclaw

# Docker Sandbox for Agent Tools Isolated execution of `claude`, `codex`, and other agent tools using Docker Desktop's `docker sandbox` (v0.11.0+). Uses existing Claude Max and ChatGPT Pro subscriptions — no API key billing. **ADR**: [ADR-0023](https://joelclaw.com/adrs/0023-docker-sandbox-for-agent-loops) ## Prerequisites - Docker Desktop running (OrbStack works) - `docker sandbox version` returns ≥0.11.0 - Auth secrets stored in `agent-secrets`: - `claude_setup_token` — from `claude setup-token` (1-year token, Max subscription) - `codex_auth_json` — contents of `~/.codex/auth.json` (ChatGPT Pro subscription) ## Quick Reference ```bash # Create a sandbox docker sandbox create --name my-sandbox claude /path/to/project # Run a command in it docker sandbox exec -e "CLAUDE_CODE_OAUTH_TOKEN=..." -w /path/to/project my-sandbox \ claude -p "implement the feature" --output-format text --dangerously-skip-permissions # List sandboxes docker sandbox ls # Remove docker sandbox rm my-sandbox ``` ## Auth Setup (One-Time) ### Claude (Max subscription) Run interactively on the host (needs browser for OAuth): ```bash claude setup-token ``` This opens a browser, completes OAuth, and prints a token like `sk-ant-oat01-...`. Valid for **1 year**. Store it: ```bash secrets add claude_setup_token --value "sk-ant-oat01-..." ``` Use in sandbox: ```bash TOKEN=$(secrets lease claude_setup_token --ttl 1h --raw) docker sandbox exec -e "CLAUDE_CODE_OAUTH_TOKEN=$TOKEN" my-sandbox cla