feat: add --beta sandbox for Docker-based local agent sandboxing (#3127)

* feat: add --beta sandbox for Docker-based local agent sandboxing When running agents locally, users can now opt into sandboxed execution via `--beta sandbox` or the interactive picker. This runs the agent inside a Docker container (using pre-built ghcr.io/openrouterteam images) with memory and CPU limits, providing filesystem/network isolation. - Docker auto-installed if missing (OrbStack on macOS, docker.io on Linux) - Reuses existing makeDockerRunner() pattern from Hetzner/GCP - Container auto-cleaned up on process exit - OpenClaw security warning skipped in sandbox mode (already isolated) - Interactive picker shows Direct vs Sandboxed when Docker available Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: rename local machine to local Signed-off-by: Ahmed Abushagur <ahmed@abushagur.com> * fix: remove memory limits and move sandbox to cloud picker - Remove --memory=4g --cpus=2 from docker run (breaks small VMs and recursive spawns) - Replace sandbox sub-prompt with a "Local Machine (Sandboxed)" option in the cloud picker itself, shown when --beta sandbox is active - Docker availability check happens later in local/main.ts (ensureDocker), not in the picker — so the option always appears with --beta sandbox Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: add --beta sandbox to README Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Signed-off-by: Ahmed Abushagur <ahmed@abushagur.com> Co-authored-by: spawn-bot <spawn-bot@openrouter.ai> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Ahmed Abushagur <ahmed@abushagur.com>
2026-04-28 03:49:31 +00:00 · 2026-03-31 17:00:49 -07:00 · 2026-03-31 17:00:49 -07:00 · 14ea507313
commit 14ea507313
parent e98a3a5c4b
7 changed files with 455 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -156,8 +156,9 @@ spawn claude gcp --beta tarball --beta parallel
 | `images` | Use pre-built cloud images/snapshots (faster boot) |
 | `parallel` | Parallelize server boot with setup prompts |
 | `recursive` | Install spawn CLI on VM so it can spawn child VMs |
+| `sandbox` | Run local agents in a Docker container (sandboxed) |

-`--fast` enables `tarball`, `images`, and `parallel` (not `recursive`).
+`--fast` enables `tarball`, `images`, and `parallel` (not `recursive` or `sandbox`).

 #### Recursive Spawn

@ -187,6 +188,27 @@ Tear down an entire tree:
 spawn delete --cascade <id>    # Delete a VM and all its children
 ```

+#### Sandboxed Local
+
+Use `--beta sandbox` to run local agents inside a Docker container instead of directly on your machine:
+
+```bash
+spawn claude local --beta sandbox
+```
+
+What this does:
+- **Pulls the agent's Docker image** from `ghcr.io/openrouterteam/spawn-<agent>`
+- **Runs the agent in a container** with filesystem, network, and process isolation
+- **Auto-installs Docker** if not present (OrbStack on macOS, docker.io on Linux)
+- **Cleans up the container** automatically when the session ends
+
+In the interactive picker, `--beta sandbox` adds a "Local Machine (Sandboxed)" option alongside the regular "Local Machine":
+
+```bash
+spawn --beta sandbox           # Interactive picker shows both local options
+spawn openclaw local --beta sandbox   # Direct launch, sandboxed
+```
+
 ### Without the CLI

 Every combination works as a one-liner — no install required: