No description

Shell 57.2%
Dockerfile 30.3%
Makefile 12.5%

Find a file

davidliyutong 4e03cbc916 init		2026-03-20 02:53:25 +08:00
docker-compose.gpu.yml	init	2026-03-20 02:53:25 +08:00
docker-compose.yml	init	2026-03-20 02:53:25 +08:00
Dockerfile	init	2026-03-20 02:53:25 +08:00
entrypoint.sh	init	2026-03-20 02:53:25 +08:00
Makefile	init	2026-03-20 02:53:25 +08:00
README.md	init	2026-03-20 02:53:25 +08:00
record-session.sh	init	2026-03-20 02:53:25 +08:00
sshd_config	init	2026-03-20 02:53:25 +08:00

README.md

Agent Sandbox

Docker image providing an SSH-accessible sandbox with session recording for AI agents.

Features

SSH access via OpenSSH server (key-based auth only)
Auto key import from base64-encoded environment variable
Session recording of all SSH sessions (interactive and non-interactive) with timing data
Configurable sudo via AGENT_SUDO environment variable
Essential tools: Python 3, Node.js, vim, git, curl, wget, jq, tmux, htop, build-essential, and more

Quick Start

# Build the image
docker build -t agent-sandbox .

# Encode your SSH public key
export SSH_PUBLIC_KEY=$(base64 < ~/.ssh/id_ed25519.pub)

# Run the container (with sudo enabled)
docker run -d \
    --name agent-sandbox \
    -p 2222:22 \
    -e SSH_PUBLIC_KEY="${SSH_PUBLIC_KEY}" \
    -e AGENT_SUDO=true \
    -v $(pwd)/recordings:/var/log/sessions \
    agent-sandbox

# Connect
ssh -p 2222 agent@localhost

Environment Variables

Variable	Required	Default	Description
`SSH_PUBLIC_KEY`	Yes	-	Base64-encoded SSH public key
`AGENT_SUDO`	No	disabled	Set to `true` or `1` to grant passwordless sudo
`SESSION_RECORD_DIR`	No	`/var/log/sessions`	Directory for session recordings

Docker Compose

Create a .env file with your SSH public key:

echo "SSH_PUBLIC_KEY=$(base64 < ~/.ssh/id_ed25519.pub)" > .env

Basic Usage

# docker-compose.yml
services:
  agent-sandbox:
    build: .
    ports:
      - "2222:22"
    environment:
      - SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY}
      - AGENT_SUDO=true
    volumes:
      - ./recordings:/var/log/sessions

docker compose up -d
ssh -p 2222 agent@localhost

With NVIDIA GPU

Requires the NVIDIA Container Toolkit installed on the host.

# docker-compose.gpu.yml
services:
  agent-sandbox:
    build: .
    ports:
      - "2222:22"
    environment:
      - SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY}
      - AGENT_SUDO=true
      - NVIDIA_VISIBLE_DEVICES=all
    volumes:
      - ./recordings:/var/log/sessions
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: all
              capabilities: [gpu]

docker compose -f docker-compose.gpu.yml up -d
ssh -p 2222 agent@localhost

# Verify GPU access inside the container
nvidia-smi

To expose only specific GPUs, change count: all to count: 1 or replace with device_ids: ['0', '1'].

Session Recording

Every SSH session is automatically recorded. Each session produces two files:

session_<timestamp>_<pid>.log - full terminal output
session_<timestamp>_<pid>.timing - timing data for replay

Replaying a Session

scriptreplay recordings/session_20260320_143022_42.timing \
             recordings/session_20260320_143022_42.log

Architecture

User: agent (sudo controlled by AGENT_SUDO env var)
Auth: Public key only, no password auth, no root login
Recording: script command via ForceCommand in authorized_keys
Process: entrypoint decodes key -> configures sudo -> writes authorized_keys with ForceCommand -> starts sshd