Sandbox CLI
Sandbox CLI
Section titled “Sandbox CLI”Manage Docker-based sandbox containers for isolated agent execution.
Overview
Section titled “Overview”CoderClaw can run agents in isolated Docker containers for security. The sandbox commands help you manage these containers, especially after updates or configuration changes.
Commands
Section titled “Commands”coderclaw sandbox explain
Section titled “coderclaw sandbox explain”Inspect the effective sandbox mode/scope/workspace access, sandbox tool policy, and elevated gates (with fix-it config key paths).
coderclaw sandbox explaincoderclaw sandbox explain --session agent:main:maincoderclaw sandbox explain --agent workcoderclaw sandbox explain --jsoncoderclaw sandbox list
Section titled “coderclaw sandbox list”List all sandbox containers with their status and configuration.
coderclaw sandbox listcoderclaw sandbox list --browser # List only browser containerscoderclaw sandbox list --json # JSON outputOutput includes:
- Container name and status (running/stopped)
- Docker image and whether it matches config
- Age (time since creation)
- Idle time (time since last use)
- Associated session/agent
coderclaw sandbox recreate
Section titled “coderclaw sandbox recreate”Remove sandbox containers to force recreation with updated images/config.
coderclaw sandbox recreate --all # Recreate all containerscoderclaw sandbox recreate --session main # Specific sessioncoderclaw sandbox recreate --agent mybot # Specific agentcoderclaw sandbox recreate --browser # Only browser containerscoderclaw sandbox recreate --all --force # Skip confirmationOptions:
--all: Recreate all sandbox containers--session <key>: Recreate container for specific session--agent <id>: Recreate containers for specific agent--browser: Only recreate browser containers--force: Skip confirmation prompt
Important: Containers are automatically recreated when the agent is next used.
Use Cases
Section titled “Use Cases”After updating Docker images
Section titled “After updating Docker images”# Pull new imagedocker pull coderclaw-sandbox:latestdocker tag coderclaw-sandbox:latest coderclaw-sandbox:bookworm-slim
# Update config to use new image# Edit config: agents.defaults.sandbox.docker.image (or agents.list[].sandbox.docker.image)
# Recreate containerscoderclaw sandbox recreate --allAfter changing sandbox configuration
Section titled “After changing sandbox configuration”# Edit config: agents.defaults.sandbox.* (or agents.list[].sandbox.*)
# Recreate to apply new configcoderclaw sandbox recreate --allAfter changing setupCommand
Section titled “After changing setupCommand”coderclaw sandbox recreate --all# or just one agent:coderclaw sandbox recreate --agent familyFor a specific agent only
Section titled “For a specific agent only”# Update only one agent's containerscoderclaw sandbox recreate --agent alfredWhy is this needed?
Section titled “Why is this needed?”Problem: When you update sandbox Docker images or configuration:
- Existing containers continue running with old settings
- Containers are only pruned after 24h of inactivity
- Regularly-used agents keep old containers running indefinitely
Solution: Use coderclaw sandbox recreate to force removal of old containers. They’ll be recreated automatically with current settings when next needed.
Tip: prefer coderclaw sandbox recreate over manual docker rm. It uses the
Gateway’s container naming and avoids mismatches when scope/session keys change.
Configuration
Section titled “Configuration”Sandbox settings live in ~/.coderclaw/coderclaw.json under agents.defaults.sandbox (per-agent overrides go in agents.list[].sandbox):
{ "agents": { "defaults": { "sandbox": { "mode": "all", // off, non-main, all "scope": "agent", // session, agent, shared "docker": { "image": "coderclaw-sandbox:bookworm-slim", "containerPrefix": "coderclaw-sbx-", // ... more Docker options }, "prune": { "idleHours": 24, // Auto-prune after 24h idle "maxAgeDays": 7, // Auto-prune after 7 days }, }, }, },}See Also
Section titled “See Also”- Sandbox Documentation
- Agent Configuration
- Doctor Command - Check sandbox setup