# AgentBox
AgentBox is Rui Carmo's Docker-based sandbox for running coding agents in isolation. The README is refreshingly honest about the state of the art: "There's no perfect way to sandbox agents (yet), but containers are a practical start." MIT licensed, ~141 stars, mostly Dockerfile and Makefile.
## What it provides
- A Debian Trixie development container with common tooling: gh, Nushell, lazygit, Homebrew, APT, uv, Bun, Node, Go
- Preinstalled coding agents (Copilot CLI, Codex, Pi), with optional installs for [[OpenCode]], [[Gemini CLI]], and others
- Services off by default, enabled via environment variables: `ENABLE_DOCKER` (see [[Docker in docker (dind)]]), `ENABLE_SSH`, `ENABLE_RDP`
- A workspace skeleton at `/home/agent/workspace-skel` and `webterm` integration for multi-session management
- Roadmap: CPU/memory limits, network isolation, and stronger isolation via gVisor or Kata Containers
## Why it matters
Running agents with `--dangerously-skip-permissions` on a bare machine is a bad idea; a disposable container makes the YOLO workflow defensible. AgentBox packages that pattern so you don't have to build your own Dockerfile for every agent. Worth comparing with [[Docker Sandboxes]], which attacks the same problem from the official Docker side.
The candid framing is the useful part: container isolation is a practical baseline, not a security boundary you should bet the house on. Anything truly sensitive stays out of the sandbox.
## References
- Repository: https://github.com/rcarmo/agentbox
## Related
- [[Docker]]
- [[Docker Sandboxes]]
- [[Docker in docker (dind)]]
- [[AI Agents]]
- [[Claude Code]]
- [[OpenCode]]
- [[Gemini CLI]]
- [[GitHub Copilot CLI]]