### Container Example Output Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/README.md This is an example of the expected output when the containerization example runs successfully. It indicates the container has started and is ready. ```text Starting container example... Fetching container initial filesystem... Creating container from docker.io/library/alpine:3.16... Starting container... / # ``` -------------------------------- ### Build and Run Container Example Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/README.md Builds and runs the containerization example after the kernel has been fetched. Ensure you are in the 'examples/ctr-example' directory. ```bash make all ``` -------------------------------- ### Start the Container Service Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/lab.md Use this command to start the container service. This is typically the first step after installation. ```bash container system start ``` -------------------------------- ### Build and Run ctr-example Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/lab.md Navigate to the ctr-example directory and run 'make' to build and execute the example. ```bash $ cd examples/ctr-example $ make ``` -------------------------------- ### Prepare Cross-Compilation Environment Source: https://github.com/apple/containerization/blob/main/README.md Installs necessary tools like Swiftly, Swift, and the Static Linux SDK. This command prepares the environment for cross-compilation. ```bash make cross-prep ``` -------------------------------- ### Verify Swift Installation Path Source: https://github.com/apple/containerization/blob/main/README.md Ensures that the `swift` command points to the Swiftly-managed binary. Replace `` with your actual username. ```bash which swift ``` -------------------------------- ### Fetch Default Kernel using Makefile Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/README.md Use this command to fetch the default kernel when building the containerization example. This is the recommended method. ```bash make fetch-default-kernel ``` -------------------------------- ### Generate Protobuf Interfaces Source: https://github.com/apple/containerization/blob/main/README.md Installs required `grpc-swift` and `swift-protobuf` versions and regenerates RPC interfaces. ```bash make protos ``` -------------------------------- ### Build and Run Claude Code Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Build the project and then run the Claude Code agent in the current directory. The first run includes setup steps like downloading a kernel and base image. ```bash # Build BUILD_CONFIGURATION=release make build # Run Claude Code on the current directory .build/release/sandboxy run claude ``` -------------------------------- ### Install Pre-commit Hook Source: https://github.com/apple/containerization/blob/main/README.md Installs a pre-commit hook to ensure code formatting and license headers are correct before committing changes. ```bash make pre-commit ``` -------------------------------- ### Run a Container with Alpine Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/lab.md This command runs an Alpine container and executes the 'uname' command. It may install guest init process artifacts on the first launch. ```bash container run alpine uname ``` -------------------------------- ### Define a New Agent Configuration Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Create a JSON file to define a new agent's properties, including display name, base image, installation commands, launch command, environment variables, mounts, and allowed hosts. ```json { "displayName": "Foo", "baseImage": "docker.io/library/python:3.12-slim", "installCommands": [ "pip install foo" ], "launchCommand": ["foo"], "environmentVariables": [], "mounts": [], "allowedHosts": ["api.example.com", "*.cdn.example.com"] } ``` -------------------------------- ### Set Xcode Developer Directory Source: https://github.com/apple/containerization/blob/main/README.md Use this command to set the active developer directory to your installed Xcode. Replace `` with the actual path. ```bash sudo xcode-select -s ``` -------------------------------- ### Edit Agent Environment Interactively Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Opens an interactive shell within an agent's cached environment to install packages or configure tools. Changes are saved to the cache upon exiting. ```bash sandboxy edit claude # Inside the container: apt-get install -y python3-pip pip3 install some-mcp-tool exit # changes are saved ``` -------------------------------- ### Clear All Sandboxy Cache Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Completely reset the sandboxy environment by removing all cached data, including kernels, init images, and agent root filesystems. This forces a full re-download and setup on the next run. ```bash sandboxy cache clean --all ``` -------------------------------- ### Generate and Serve Documentation Source: https://github.com/apple/containerization/blob/main/README.md Generates API documentation for local viewing and serves it. Run `make serve-docs` in one terminal and `open http://localhost:8000/containerization/documentation/` in another. ```bash make docs make serve-docs ``` -------------------------------- ### List Configuration and Agent Definitions Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Prints current configuration, agent definitions, or configuration file paths. Use --agent to specify an agent, or --agents to list all available agents. ```bash # Print global defaults sandboxy config list # Print a specific agent's definition sandboxy config list --agent claude # List all available agents (built-in and custom) sandboxy config list --agents # Print configuration file paths sandboxy config list --paths ``` -------------------------------- ### Configure Swiftly Environment Source: https://github.com/apple/containerization/blob/main/README.md This line, added by Swiftly, should be sourced in your shell configuration. It sets up the environment variables for Swiftly. Replace `` with your actual username. ```bash # Added by swiftly . "/Users//.swiftly/env.sh" ``` -------------------------------- ### Build the Sandboxy Binary Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Compile the sandboxy project using the provided make command. The resulting binary will be located in the `.build/release/sandboxy` directory. ```bash make build ``` -------------------------------- ### Fetch Default Kernel and Build/Test Source: https://github.com/apple/containerization/blob/main/README.md Fetches a default kernel if one is not present locally, then builds and tests the package. This is typically run after an initial build or `make clean`. ```bash make fetch-default-kernel make all test integration ``` -------------------------------- ### List Sandbox Instances Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Displays all sandbox instances and their current status. ```bash sandboxy ls ``` -------------------------------- ### Create Configuration or Agent Definition File Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Generates a default configuration or agent definition file. For built-in agents, the file is pre-filled. Use --force to overwrite existing files without prompting. ```bash # Create a global config.json with defaults sandboxy config create # Create an override for the built-in claude agent sandboxy config create --agent claude # Scaffold a new agent definition sandboxy config create --agent myagent # Overwrite an existing definition without prompting sandboxy config create --agent claude --force ``` -------------------------------- ### Configure Global Gitignore Source: https://github.com/apple/containerization/blob/main/CONTRIBUTING.md Set up a global .gitignore file to manage editor-specific rulesets. This avoids cluttering the root .gitignore with project-specific configurations. ```bash git config --global core.excludesfile ~/.gitignore ``` -------------------------------- ### Format Code with Makefile Source: https://github.com/apple/containerization/blob/main/CONTRIBUTING.md Run the 'make fmt' command to ensure code contributions adhere to the project's formatting standards. This is a crucial step before submitting code. ```bash make fmt ``` -------------------------------- ### Apply License Header with Makefile Source: https://github.com/apple/containerization/blob/main/CONTRIBUTING.md Use the 'make update-licenses' command to automatically apply the project's license header to new files. This ensures compliance with licensing requirements. ```bash make update-licenses ``` -------------------------------- ### Run Package Tests Source: https://github.com/apple/containerization/blob/main/README.md Executes both basic and integration tests for the Containerization package. Integration tests require a kernel. ```bash make test integration ``` -------------------------------- ### List Cached Environments Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Shows all cached environments and their associated disk usage. ```bash sandboxy cache list ``` -------------------------------- ### Fetch the Latest Kernel Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/lab.md Copies the most recently modified kernel file from the application support directory to the current directory. ```bash cp "$(ls -t ~/Library/Application\ Support/com.apple.container/kernels/vmlinux-* | head -1)" ./vmlinux ``` -------------------------------- ### Run Sandboxy with a Specific Kernel Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Execute a sandboxy agent using a custom kernel by providing the kernel path via the `-k` flag. ```bash sandboxy run -k /path/to/vmlinux claude ``` -------------------------------- ### Manage Swift SDK Versions Source: https://github.com/apple/containerization/blob/main/README.md Lists available Swift SDKs and removes a specified SDK version. Replace `` with the ID of the SDK to remove. ```bash swift sdk list swift sdk remove ``` -------------------------------- ### Run and Persist Sandbox Instance Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Runs an agent, automatically saving its rootfs upon exit for later resumption. Use --name to assign a custom name or --rm for ephemeral runs. ```bash # First run -- auto-named instance sandboxy run claude # => Instance claude-20260328-091522 saved. Resume with: sandboxy run claude --name claude-20260328-091522 # Resume it sandboxy run --name claude-20260328-091522 claude # Or give it a memorable name upfront sandboxy run --name my-feature claude # List all instances sandboxy ls # Clean up sandboxy rm my-feature # Ephemeral run (nothing saved) sandboxy run --rm claude ``` -------------------------------- ### Clean All Cached Environments Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Removes all cached environments and named instance state. Use --all to also remove kernel and init images, forcing a full re-download on the next run. The --yes flag skips confirmation prompts. ```bash sandboxy cache clean [--all] [--yes] ``` -------------------------------- ### Configure Global Sandboxy Defaults Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Override global default settings for sandboxy by creating or modifying the global configuration file. This includes specifying the data directory, kernel path, initfs reference, and default CPU/memory allocation. ```json { "dataDir": "/Volumes/fast/sandboxy", "kernel": "/path/to/vmlinux", "initfsReference": "ghcr.io/apple/containerization/vminit:0.26.5", "defaultCPUs": 8, "defaultMemory": "8g" } ``` -------------------------------- ### Clone Containerization Sources Source: https://github.com/apple/containerization/blob/main/examples/ctr-example/lab.md Clone the containerization project from GitHub. Ensure you clone it to a directory outside of your Documents or Desktop folders to avoid vmnet framework issues on macOS. ```bash $ git clone https://github.com/apple/containerization.git ``` -------------------------------- ### Allocate More Resources to Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Run an agent with increased CPU and memory allocations. Adjust these values based on the computational demands of your workload. ```bash # Allocate more resources sandboxy run --cpus 8 --memory 8g claude ``` -------------------------------- ### Set Custom Kernel Path in Configuration Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Specify a custom kernel path within the global configuration JSON file to use a specific kernel binary for sandboxy sessions. ```json { "kernel": "/path/to/vmlinux" } ``` -------------------------------- ### Run Ephemeral Agent Instance Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Launch an agent instance that will be automatically removed after the session ends. This is useful for temporary or one-off tasks. ```bash # Ephemeral run (remove instance after session ends) sandboxy run --rm claude ``` -------------------------------- ### Skip Agent Default Mounts Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Run an agent while explicitly skipping any default mounts defined in its configuration. This ensures only explicitly provided mounts are active. ```bash # Skip mounts defined in the agent configuration sandboxy run --no-agent-mounts claude ``` -------------------------------- ### Run an AI Agent with Sandboxy Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Execute an AI coding agent, such as 'claude', within a sandboxed environment. This command mounts your current working directory and applies specific network and host access controls. ```bash $ sandboxy run claude ┌──────────────┐ │ ░░░░░░░░░░░░ │ Sandboxy │ ░░░░░░░░░░░░ │ Agent: Claude Code │ ░░░░░░░░░░░░ │ Instance: claude-20260328-150531 │ ░░░░░░░░░░░░ │ Environment: 15 hours ago │ ░░░░░░░░░░░░ │ Workspace: /Volumes/code/vessel/containerization │ ░░░░░░░░░░░░ │ CPUs: 4 Memory: 4 GB └──────────────┘ Command: claude --dangerously-skip-permissions Allowed hosts: *.anthropic.com, npm.org, *.npmjs.org, *.github.com, *.githubusercontent.com, *.pypi.org Mounts: /your/code -> /your/code /Users/you/.claude -> /root/.claude Welcome to Claude Code v2.1.76 ………………………………………………………………………………………………………………………………………………………… * █████▓▓░ * ███▓░ ░░ ░░░░░░ ███▓░ ░░░ ░░░░░░░░░░ ███▓░ ░░░░░░░░░░░░░░░░░░░ * ██▓░░ ▓ ░▓▓███▓▓░ * ░░░░ ░░░░░░░░ ░░░░░░░░░░░░░░░░ █████████ * ██▄█████▄██ * █████████ * …………………█ █ █ █……………………………………………………………………………………………………………… Let's get started. ``` -------------------------------- ### Mount Additional Host Directories Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Mount extra host directories into the agent's container, specifying read-only or read-write access. This is useful for providing data or configuration to the agent. ```bash # Mount additional directories (read-only or read-write) sandboxy run --mount /tmp:/tmp:ro --mount ~/data:/data claude ``` -------------------------------- ### Run Claude Code Agent with Custom Workspace Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Execute the Claude Code agent, specifying a custom host directory for the workspace. This allows you to work on projects located elsewhere. ```bash # Run on the current directory sandboxy run claude # Specify a workspace sandboxy run --workspace ~/projects/myapp claude ``` -------------------------------- ### Clear Sandboxy Cache for an Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Rebuild the root filesystem for a specific agent by removing its cached data. Use this to ensure a clean state for an agent. ```bash sandboxy cache rm ``` -------------------------------- ### Remove Sandbox Instances Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Removes one or more specified instances and their preserved state. Supports removing all instances with the --all flag. ```bash # Remove a single instance sandboxy rm my-feature # Remove multiple instances sandboxy rm instance-1 instance-2 # Remove all instances sandboxy rm --all sandboxy rm -a ``` -------------------------------- ### Forward Host SSH Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Enable forwarding of the host's SSH agent into the container. This is necessary for operations like git-over-SSH that require SSH authentication. ```bash # Forward the host SSH agent for git-over-SSH sandboxy run --ssh-agent claude ``` -------------------------------- ### Pass Flags Through to Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Pass additional command-line flags directly to the agent's execution. This allows for agent-specific configurations or commands. ```bash # Pass flags through to the agent sandboxy run claude -- --model foobar ``` -------------------------------- ### Assign a Name to Agent Session Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Assign a friendly name to a persistent agent session. This allows you to easily refer to and resume specific agent instances later. ```bash # Give the instance a friendly name sandboxy run --name my-feature claude # Resume a named session sandboxy run --name my-feature claude ``` -------------------------------- ### Forward Environment Variables to Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Pass environment variables into the agent's container. This can be used for secrets, configuration flags, or debugging information. ```bash # Forward environment variables into the container sandboxy run -e MY_TOKEN -e DEBUG=1 claude ``` -------------------------------- ### Restrict Network Access for Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Configure network access for the agent by specifying allowed hosts. This enhances security by limiting outbound connections to only approved domains. ```bash # Restrict network to specific hosts (in addition to agent defaults) sandboxy run --allow-hosts api.example.com --allow-hosts internal.corp.com claude ``` -------------------------------- ### Disable Network Filtering for Agent Source: https://github.com/apple/containerization/blob/main/examples/sandboxy/README.md Run an agent with network filtering completely disabled, allowing unrestricted internet access. Use this option with caution, as it bypasses security checks. ```bash # Disable network filtering entirely sandboxy run --no-network-filter claude ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.