Manage sandbox for coding agents.
codebox is a small, focused command-line tool for creating, inspecting, and
tearing down sandboxes that host autonomous coding agents. It is written in
Go and intentionally has no runtime dependencies beyond the standard library.
- Orchestrate, don't reinvent. Sandboxes are containers managed by an
existing orchestrator (Podman or
Docker).
codeboxdrives it; it doesn't replace it. - Local or remote host, same UX. The container may run on your machine or on a remote host. The host is configuration, not a separate code path.
- SSH as the transport. Every sandbox is an SSH endpoint, so
git,rsync,scp,sshfs, and IDE remote plugins work out of the box. - Reachable through
ProxyJump. Sandboxes behind a bastion or gateway are first-class — same UX as a directly reachable one. - Opinionated defaults. Sensible base images, tooling, and shell/editor configuration ship by default. Override when you need to.
- Go 1.26.x or newer.
- GNU
make(any reasonably recent version).
Development tools (golines, golangci-lint, govulncheck) are invoked via
go run at pinned versions inside the Makefile, so there is no separate
install step.
Build from source:
make deps
make # equivalent to `make build`The resulting binary is written to ./bin/codebox. Move it onto your PATH
to install system-wide, for example:
install -m 0755 bin/codebox /usr/local/bin/codeboxA typical end-to-end flow:
cd my-repo
codebox create demo --python=3.14 --claude # start sandbox with Python 3.14 & Claude Code
codebox git push demo origin/main:issue-1234 # origin/main → ~/source as issue-1234
codebox shell demo # ssh in
# inside the sandbox: let Claude (or you) write the commits
codebox git pull demo issue-1234 # issue-1234 → demo/issue-1234
codebox delete demo # stop and remove the sandboxFor the full picture:
doc/command.md— CLI reference: invocation, subcommands, flags, defaults, exit codes.doc/git.md— the clone-push-shell-commit-pull workflow with worked examples.