Add Docker sandbox for isolated agent execution#12
Conversation
Adds container lifecycle management (create/destroy/set sandbox), sandbox-aware command routing, and CLI --sandbox flag. Includes review fixes: bind-mount working_dir, check docker start return code, fail closed on missing sandbox, use sh -lc for compatibility, expose get_current_sandbox() public getter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR introduces an optional Docker-based sandbox to run agent shell-tool execution in an isolated, disposable container, and updates agent environment context to reflect sandboxed execution.
Changes:
- Add sandbox container lifecycle helpers (
create_sandbox,destroy_sandbox) and route tool command execution throughdocker execwhen sandbox is active. - Add CLI/config toggles to enable sandbox mode (
--sandbox,MOBIUS_SANDBOX=true) and configure the image. - Update agent environment context prefix to report
/workspaceand Linux container platform when sandboxed.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
src/mobius/providers/tools.py |
Adds sandbox lifecycle + routes run_command through Docker exec when sandbox is set. |
src/mobius/orchestrator.py |
Creates/sets sandbox for a competition and tears it down afterward. |
src/mobius/config.py |
Introduces sandbox config fields and env var parsing for enabling/image override. |
src/mobius/cli.py |
Adds --sandbox flag to enable sandbox mode from the CLI. |
src/mobius/runner.py |
Adjusts environment context shown to agents when sandbox is active. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…code - orchestrator.py: Raise RuntimeError when sandbox creation fails and sandbox_enabled=True instead of silently falling back to host execution - providers/tools.py: Check docker rm returncode before removing from _active_containers dict; only clean up tracking on success Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
mobius/src/mobius/orchestrator.py
Line 155 in d519e58
Start UI inside cleanup guard
Sandbox teardown only happens in the finally block that starts after live_ctx = ui.start(). If SwarmUI() or ui.start() raises (for example in a non-interactive terminal), control exits before the finally, leaving _current_sandbox set and the Docker container undeleted. In long-lived processes (e.g., repeated competitions in one process), this leaks containers and can route later tool calls to a stale sandbox.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Summary
mobius run --sandboxorMOBIUS_SANDBOX=true/workspacein containerget_current_sandbox()API for sandbox stateReview fixes addressed
sh -lcinstead ofbash -cfor slim image compat_current_sandboxSplit from PR #10
Test plan
pytest tests/ -vmobius run --sandbox "hello world"creates and destroys container🤖 Generated with Claude Code