Skip to content

Add Docker sandbox backend with runtime repo copy #99

Open
#100
Open
Add Docker sandbox backend with runtime repo copy#99
#100
Assignees
blntrszcopilot-swe-agent
@blntrsz

Description

@blntrsz
blntrsz
opened on Mar 30, 2026

Goal

Add a Docker sandbox backend with parity to the current worktree sandbox.

Scope

  • Add Docker as an additive backend behind --sandbox docker
  • Keep worktree as default backend
  • Preserve current main UX while resolving the actual GitHub default branch internally
  • Make Docker support clone, workspace create, workspace run, workspace attach, workspace prompt, and workspace remove

Product decisions

  • Source of truth for repo contents is the host checkout
  • Before copying, refresh against remote default branch without mutating the user's host checkout
  • Main gets its own container
  • Each branch workspace gets its own long-lived container
  • Branch creation copies the default-branch repo, then creates/checks out the target branch inside the container
  • Repo copy includes full git metadata, not just files
  • Docker workspace state is a snapshot at init time; no auto-resync after creation
  • workspace prompt runs inside the container
  • workspace attach uses docker exec -it <container> bash
  • Docker detach is a no-op
  • Docker labels/names are the source of truth for workspace lookup/listing
  • Build the image lazily on first Docker use from a Dockerfile under ~/.local/share/skipper
  • Base image starts from Ubuntu and installs Node, Bun, and OpenCode
  • Mount host auth/config read-only for OpenCode, git, GitHub CLI, and ssh
  • Keep current repo-name identity at the CLI surface for now

Architecture

Runtime selection

  • Add a global --sandbox flag
  • Default to worktree
  • Use DI/runtime wiring to provide the selected backend instead of hardcoding WorkTreeSandboxServiceLayer

Core interfaces

  • Keep SandboxService as the main lifecycle boundary if possible
  • Add backend-aware workspace registry / locator / handle services so run/prompt/list flows do not depend on raw host cwd strings
  • Keep the existing filesystem service for host checkout management, but stop treating it as the only workspace lookup source

Docker backend behavior

  • Ensure a clean default-branch source snapshot from the host-side repo data
  • Create a main container for repo-level clone flow
  • Create one container per branch workspace
  • Copy the repo into the container at runtime
  • For branch workspaces, create/check out the branch inside the container after copy
  • Execute commands in the container workspace
  • Run OpenCode inside the container for prompt flow
  • Remove container resources on workspace destroy

Workspace lookup

  • Worktree backend keeps current filesystem-based lookup
  • Docker backend lists/locates workspaces from Docker labels and container names
  • Shared workspace selection should route through a backend-aware registry layer

Implementation phases

  1. Add backend selection plumbing for --sandbox with worktree as default
  2. Add backend-aware workspace registry / locator / handle abstractions
  3. Add Docker image bootstrap and lazy image build flow
  4. Add Docker sandbox adapter for init, execute, attach, detach, and destroy
  5. Make prompt flow container-aware so OpenCode runs inside Docker
  6. Update listing/selection/docs/tests and verify both backends

Likely files

  • packages/core/src/runtime/local-work-tree.runtime.ts
  • packages/core/src/workspace/port/sandbox.service.ts
  • packages/core/src/workspace/use-case/init-workspace.use-case.ts
  • packages/core/src/workspace/use-case/run-command-in-workspace.use-case.ts
  • packages/core/src/workspace/use-case/prompt-workspace.use-case.ts
  • packages/core/src/workspace/use-case/list-main-project.use-case.ts
  • packages/core/src/workspace/use-case/list-branch-project.use-case.ts
  • packages/cli/src/common/global-flags.ts
  • packages/cli/src/index.ts
  • packages/cli/src/command/clone.command.ts
  • packages/cli/src/command/workspace/workspace.common.ts
  • new Docker runtime / adapter / registry helpers under packages/core/src/runtime/ and packages/core/src/workspace/adapter/

Verification

  • sk clone git@github.com:owner/repo.git --sandbox docker creates host checkout + main container
  • sk workspace create --repository repo --branch feat/x --sandbox docker creates a branch container from default-branch source
  • sk workspace run --repository repo --branch feat/x --command 'pwd' --sandbox docker runs inside the right container workspace
  • sk workspace attach --repository repo --branch feat/x --sandbox docker opens an interactive shell in the container
  • sk workspace prompt --repository repo --branch feat/x 'Explain this codebase' --sandbox docker runs OpenCode inside the container
  • sk workspace remove --repository repo --branch feat/x --sandbox docker cleans up container resources
  • worktree backend still works unchanged by default
  • run bun test and bun run check:fix

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions