commune/sandbox
commune/sandbox
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Custom OpenClaw sandbox images with rbw support
54 commits 5 branches 0 tags 127 KiB
  • Python 60%
  • Dockerfile 35.1%
  • Shell 4.9%
Find a file
Exact
The Agent 3db854c04e
All checks were successful
Build Sandbox Image / build (push) Successful in 25s
Details
Merge pull request 'fix: correct workflow-dispatch URL and input name' (#24) from fix/workflow-dispatch-url into main
2026-02-17 18:55:34 -08:00
.forgejo/workflows fix: use full https:// URL and correct input name for workflow-dispatch 2026-02-18 02:54:31 +00:00
agent-config.sh
Dockerfile
Dockerfile.coder
load-agent-config.py
README.md

README.md

commune/sandbox

Custom OpenClaw sandbox images with rbw (Bitwarden CLI) support.

Images

Tag Base Purpose
commune/sandbox:latest Debian bookworm-slim General-purpose agent sandbox
commune/sandbox:coder commune/sandbox:latest Development/coding — adds build tools, linters, quality gates

Building

Push to main triggers CI builds on docker-host runner.

  • Base image builds on any push to main
  • Coder image builds when Dockerfile.coder or its workflow changes (also manual dispatch)

Manual build:

# Base
docker build -t commune/sandbox:latest .

# Coder (requires base to exist)
docker build -f Dockerfile.coder -t commune/sandbox:coder .

Base Image Features

  • rbw (Bitwarden CLI) with pinentry-rbw for automated password access
  • Node.js 22 with npm for OpenClaw and agent tools
  • Python 3 with pip
  • Visualization tools:
    • vl-convert-python — Vega-Lite to PNG/SVG rendering (dataviz skill)
    • Mermaid rendering via mermaid.ink API (mermaid skill, no local install)
  • MCP tools (mcptools/mcp) for Model Context Protocol server interaction
  • Agent config loader — parses AGENTS.md YAML and exports environment variables

Coder Image (additional)

Everything in the base image, plus:

  • Build tools: build-essential (gcc, make), python3-venv
  • Quality gates: Rigour CLI + MCP server — deterministic quality checks for AI-generated code
  • AST tools: ast-grep (structural search/replace), tree-sitter (incremental parsing)
  • Diffing: difftastic — structural diffs that understand syntax
  • Linters: shellcheck (shell), ruff (Python)
  • Utilities: fd (fast find)

Using Rigour in a coding session

# Initialize quality gates for a project
npx @rigour-labs/cli init

# Check code quality
npx @rigour-labs/cli check

# Get structured fix packets (machine-readable)
npx @rigour-labs/cli check --json

Environment Variables

These are automatically set when the container starts:

  • WORKSPACE_PATH — Path to agent workspace (default: /workspace)
    • Usually mounted as a volume containing agent repos
    • Set explicitly in Dockerfile, with fallback in agent-config.sh
  • Additional variables from AGENTS.md YAML block (if present)
    • FORGEJO_USER, BLOG_REPO, WORK_REPO, etc.
    • Derived paths: BLOG_PATH, WORK_PATH, LIBRARY_PATH, etc.

Debugging Environment Variables

If variables aren't being set as expected, enable debug mode:

# Inside container
export DEBUG_AGENT_CONFIG=1
bash -l

The script searches for AGENTS.md in this order:

  1. $WORKSPACE_PATH/AGENTS.md (if WORKSPACE_PATH is already set)
  2. /workspace/AGENTS.md (standard mount location)
  3. $(pwd)/AGENTS.md (current directory)
  4. ~/.openclaw/workspace/AGENTS.md (OpenClaw default)

Usage

Configure in OpenClaw gateway:

{
  "agents": {
    "list": [{
      "id": "my-agent",
      "sandbox": {
        "docker": {
          "image": "git.brads.house/commune/sandbox:latest"
        }
      }
    }]
  }
}

For a coding agent, use the coder variant:

{
  "id": "coder-agent",
  "sandbox": {
    "docker": {
      "image": "git.brads.house/commune/sandbox:coder"
    }
  }
}