# AgentBox AgentBox is Rui Carmo's Docker-based sandbox for running coding agents in isolation. The README is refreshingly honest about the state of the art: "There's no perfect way to sandbox agents (yet), but containers are a practical start." MIT licensed, ~141 stars, mostly Dockerfile and Makefile. ## What it provides - A Debian Trixie development container with common tooling: gh, Nushell, lazygit, Homebrew, APT, uv, Bun, Node, Go - Preinstalled coding agents (Copilot CLI, Codex, Pi), with optional installs for [[OpenCode]], [[Gemini CLI]], and others - Services off by default, enabled via environment variables: `ENABLE_DOCKER` (see [[Docker in docker (dind)]]), `ENABLE_SSH`, `ENABLE_RDP` - A workspace skeleton at `/home/agent/workspace-skel` and `webterm` integration for multi-session management - Roadmap: CPU/memory limits, network isolation, and stronger isolation via gVisor or Kata Containers ## Why it matters Running agents with `--dangerously-skip-permissions` on a bare machine is a bad idea; a disposable container makes the YOLO workflow defensible. AgentBox packages that pattern so you don't have to build your own Dockerfile for every agent. Worth comparing with [[Docker Sandboxes]], which attacks the same problem from the official Docker side. The candid framing is the useful part: container isolation is a practical baseline, not a security boundary you should bet the house on. Anything truly sensitive stays out of the sandbox. ## References - Repository: https://github.com/rcarmo/agentbox ## Related - [[Docker]] - [[Docker Sandboxes]] - [[Docker in docker (dind)]] - [[AI Agents]] - [[Claude Code]] - [[OpenCode]] - [[Gemini CLI]] - [[GitHub Copilot CLI]]