diff --git a/docs/case-studies/issue-86/CASE-STUDY.md b/docs/case-studies/issue-86/CASE-STUDY.md new file mode 100644 index 0000000..c600fd2 --- /dev/null +++ b/docs/case-studies/issue-86/CASE-STUDY.md @@ -0,0 +1,173 @@ +# Case Study: Issue #86 - Docker Sandboxes Feature Comparison + +## Summary + +Issue #86 asks for a complete non-AI comparison of Docker Sandboxes against +`box`, with data preserved in `docs/case-studies/issue-86`, a requirements +breakdown, missing best practices, and solution plans. + +The comparison is implemented in +[docs/docker-sandboxes-comparison.md](../../docker-sandboxes-comparison.md). +The strongest Docker Sandboxes practices to consider are not agent integrations; +they are environment-control practices: microVM isolation, deny-by-default +network policies, host-side credential proxying, workspace/worktree lifecycle +management, port forwarding, templates, kits, and resource governance. The +strongest `box` advantages are its universal toolchain breadth, public image +source, per-language modular images, matching `-dind` variants, GHCR plus Docker +Hub publishing, and no product-login requirement. + +## Data Preserved + +| File | Purpose | +|---|---| +| [`issue.md`](./issue.md) | Issue snapshot. | +| [`DATA-COLLECTION.md`](./DATA-COLLECTION.md) | Research commands, source links, source-code search notes, and metadata summary. | +| [`data/issue-86.json`](./data/issue-86.json) | Machine-readable issue metadata. | +| [`data/docker-sandbox-templates-tags.json`](./data/docker-sandbox-templates-tags.json) | Docker Hub metadata for Docker Sandboxes template images. | +| [`data/konard-box-latest-tag.json`](./data/konard-box-latest-tag.json) | Docker Hub metadata for `konard/box:latest`. | +| [`data/konard-box-dind-latest-tag.json`](./data/konard-box-dind-latest-tag.json) | Docker Hub metadata for `konard/box-dind:latest`. | +| [`data/docker-sbx-releases.json`](./data/docker-sbx-releases.json) | `docker/sbx-releases` repository metadata. | +| [`data/docker-sbx-releases-list.txt`](./data/docker-sbx-releases-list.txt) | Recent `sbx` release list. | +| [`data/docker-sbx-kits-contrib.json`](./data/docker-sbx-kits-contrib.json) | `docker/sbx-kits-contrib` repository metadata. | +| [`data/docker-sbx-kits-contrib-root.txt`](./data/docker-sbx-kits-contrib-root.txt) | Public kit repository root listing. | +| [`data/docker-code-search-sandbox-templates.txt`](./data/docker-code-search-sandbox-templates.txt) | Docker-owned GitHub code search results for `sandbox-templates`. | +| [`data/docker-docs-sandboxes-paths.txt`](./data/docker-docs-sandboxes-paths.txt) | Docker docs source path listing for Sandboxes docs. | + +## Requirements Extracted From Issue #86 + +| ID | Requirement | Status in this PR | +|---|---|---| +| REQ-86.1 | Create a full comparison matrix in `./docs`. | Done in [`docs/docker-sandboxes-comparison.md`](../../docker-sandboxes-comparison.md). | +| REQ-86.2 | Exclude AI-related items because `box` is universal. | Done. AI-agent integrations are marked `Excluded` and not treated as gaps. | +| REQ-86.3 | Find image source if possible, otherwise use documentation. | Done. Public Dockerfile/source for `docker/sandbox-templates` images was not found in Docker-owned GitHub search results, so docs and Docker Hub metadata are used. | +| REQ-86.4 | List all missing best practices. | Done in the comparison matrix and the gap plan below. | +| REQ-86.5 | Clearly show where `box` is better. | Done in the matrix and the `Where box is better` section. | +| REQ-86.6 | Collect issue-related data under `docs/case-studies/issue-86`. | Done. Metadata and command outputs are preserved in `data/`. | +| REQ-86.7 | Search online for additional facts and data. | Done through Docker docs, Docker product page, Docker Hub API, GitHub repos, and GitHub code search. | +| REQ-86.8 | List each requirement from the issue. | Done in this table. | +| REQ-86.9 | Propose possible solutions and plans for each requirement. | Done in this case study and the root comparison document. | +| REQ-86.10 | Check known existing components/libraries that solve similar problems. | Done in the component table below. | +| REQ-86.11 | Execute everything in one PR. | Done in PR #87. | + +## Source Findings + +### Docker Sandboxes + +Docker Sandboxes is an early-access `sbx` product documented as isolated +microVM sandboxes with per-sandbox filesystem, network, and Docker daemon +state. The docs describe: + +- standalone `sbx` CLI install for macOS, Windows, and Ubuntu; +- KVM requirement on Ubuntu; +- Docker Desktop not required for current `sbx` usage; +- microVM isolation with a separate Linux kernel per sandbox; +- direct workspace mounts and same absolute workspace paths; +- branch mode based on Git worktrees under `.sbx/`; +- multiple workspaces with read-only options; +- private Docker Engine in `-docker` template variants; +- post-start port publishing with `sbx ports`; +- deny-by-default network policies with allow/deny rules and logs; +- host-side credential injection through an HTTP/HTTPS proxy; +- templates and saved template import/export; +- experimental kits for tools, files, env, credentials, network rules, and commands. + +Public source found: + +- `docker/sbx-releases`: public release metadata for the `sbx` binary. +- `docker/sbx-kits-contrib`: public kit examples, specs, tests, and helper code. +- `docker/docs`: public documentation source for Sandboxes docs. + +Public source not found in this pass: + +- Dockerfiles or build source for the published `docker/sandbox-templates` + image variants. The comparison therefore uses public documentation and Docker + Hub metadata for image-template behavior. + +### `box` + +The local repository provides: + +- public Dockerfiles and installation scripts for Ubuntu 24.04 images; +- non-root `box` user; +- broad language/runtime coverage; +- theorem prover images; +- Playwright/Puppeteer browser dependency layer in the JS base; +- per-language modular images; +- full image assembled with multi-stage `COPY --from`; +- `dind-box` variants with Docker Engine, Buildx, Compose, and containerd; +- `DIND_DATA_ROOT`, storage-driver, log, wait, and daemon-skip runtime knobs; +- Docker Hub and GHCR publication; +- native amd64/arm64 build requirements and docs-only CI skip behavior. + +## Missing Best Practices And Solution Plans + +| Priority | Best practice from Docker Sandboxes | `box` gap | Solution plan | +|---|---|---|---| +| P0 | MicroVM isolation for untrusted work. | `box` is a container image and does not itself provide a hypervisor boundary. | Add a hardened runtime guide and evaluate Sysbox, Kata Containers, Firecracker, Cloud Hypervisor, Lima/Colima, QEMU, and gVisor tradeoffs. | +| P0 | Deny-by-default outbound network policy. | `box` has no egress policy store, allowlist, or network log. | Start with docs for `--network none`, internal Docker networks, and allowlisted proxies. Then design an optional launcher with policy files and logs. | +| P0 | Host-side credential proxying. | Secrets are passed manually through env, files, CLI state, or mounts. | Document safe credential flows first: SSH agent, Git credential helpers, Docker secrets, OS keychains, 1Password/pass/SOPS. Add a proxy only after a non-AI use case is clear. | +| P1 | Branch/worktree mode. | Users manage branches, worktrees, mounts, and cleanup manually. | Add a documented script or CLI wrapper that creates a Git worktree, runs `box`, and removes the disposable workspace. | +| P1 | Workspace trust checklist. | No dedicated docs for reviewing sandbox-modified hooks, CI files, build files, `.env`, IDE configs, or executables. | Add a security section to docs with review commands and risk examples. | +| P1 | Templates and declarative kits. | `box` supports Dockerfile extension but has no reusable feature/catalog layer. | Evaluate Dev Container Features, OCI artifacts, and a simple non-AI feature spec before inventing a new format. | +| P1 | DIND storage and resource governance. | `dind-box` has runtime knobs but lacks user-facing size/resource recipes. | Document `DIND_DATA_ROOT`, named Docker volumes, `--cpus`, `--memory`, `--pids-limit`, cleanup, and BuildKit cache options. | +| P1 | Port forwarding workflow. | Docker `-p` exists, but no `box`-specific post-start helper or convention. | Add Docker CLI and Compose examples; consider a launcher if lifecycle helpers are added. | +| P2 | Template snapshot import/export. | Docker supports `commit`/`save`/`load`, but no `box` workflow explains when this is appropriate. | Recommend Dockerfiles for reproducibility; document snapshots only for experiments. | +| P2 | Supply-chain metadata. | Public build source exists, but SBOM/provenance/scanning artifacts are not documented as a release output. | Evaluate Syft, Trivy, Grype, Docker Scout, cosign, SLSA, and in-toto for CI artifacts. | + +## Known Components And Libraries To Evaluate + +| Problem area | Existing components | +|---|---| +| MicroVM or stronger container isolation | Kata Containers, Firecracker, Cloud Hypervisor, QEMU, Lima, Colima, Sysbox, gVisor. | +| Docker-in-Docker safety | Sysbox, rootless Docker, Docker official `docker:dind`, fuse-overlayfs, BuildKit rootless mode. | +| Network policy and logging | Docker internal networks, Docker `--network none`, nftables, iptables, Cilium, Envoy, mitmproxy, Squid, tinyproxy, Open Policy Agent. | +| Secret and credential handling | Docker secrets, SSH agent forwarding, Git credential helpers, 1Password CLI, pass/gopass, SOPS, OS keychains. | +| Workspace lifecycle | Git worktree, Docker Compose, Dev Containers CLI/spec, Dagger, Make scripts. | +| Reusable environment features | Dev Container Features, OCI artifacts, Dockerfiles, Docker Compose profiles, Nix flakes, mise. | +| Supply-chain evidence | Syft, Grype, Trivy, Docker Scout, cosign, SLSA, in-toto. | +| Policy/spec validation | JSON Schema, CUE, Open Policy Agent/Rego, YAML schema validation. | + +## Why `box` Should Not Copy AI-Specific Features + +Docker Sandboxes includes built-in agent integrations for tools such as Claude +Code, Codex, Copilot, Gemini, OpenCode, Kiro, Droid, and Docker Agent. Those are +useful for Docker Sandboxes' product goal, but they are not requirements for +`box`. Adding those tools to the base image would make `box` heavier, less +universal, and more coupled to fast-changing AI products. + +The reusable non-AI pattern is different: keep `box` as a public universal base +and let downstream images or future feature catalogs add agent-specific tools +when needed. + +## Recommended Roadmap + +1. Add documentation for secure `box` run profiles: minimal mounts, no host + Docker socket, optional Sysbox runtime, DIND storage volumes, resource + limits, and cleanup. +2. Add workspace trust guidance for disposable development boxes. +3. Prototype a small branch/worktree launcher in `experiments/` before adding + it as supported tooling. +4. Evaluate Dev Container Features or OCI artifacts as a non-AI feature system. +5. Add supply-chain metadata planning for SBOM, scanning, and provenance. +6. Revisit microVM-backed execution after the container-only workflow is fully + documented, because image source and runtime isolation are separate concerns. + +## Validation + +The requested docs were absent before this PR: + +```bash +test -s docs/docker-sandboxes-comparison.md && test -s docs/case-studies/issue-86/CASE-STUDY.md +``` + +That command exited with status 1 before the docs were added. After this PR it +passes. + +Validation run for this PR: + +```bash +test -s docs/docker-sandboxes-comparison.md && test -s docs/case-studies/issue-86/CASE-STUDY.md && test -s docs/case-studies/issue-86/DATA-COLLECTION.md && test -s docs/case-studies/issue-86/issue.md +node -e "for (const f of ['docs/case-studies/issue-86/data/docker-sandbox-templates-tags.json','docs/case-studies/issue-86/data/konard-box-latest-tag.json','docs/case-studies/issue-86/data/konard-box-dind-latest-tag.json','docs/case-studies/issue-86/data/docker-sbx-releases.json','docs/case-studies/issue-86/data/docker-sbx-kits-contrib.json','docs/case-studies/issue-86/data/issue-86.json']) JSON.parse(require('fs').readFileSync(f,'utf8'));" +node -e "const fs=require('fs'), path=require('path'); const files=['docs/docker-sandboxes-comparison.md','docs/case-studies/issue-86/CASE-STUDY.md','docs/case-studies/issue-86/DATA-COLLECTION.md','docs/case-studies/issue-86/issue.md']; let bad=[]; for (const f of files) { const text=fs.readFileSync(f,'utf8'); for (const m of text.matchAll(/\[[^\]]+\]\(([^)]+)\)/g)) { const href=m[1].split('#')[0]; if (!href || /^[a-z]+:/i.test(href) || href.startsWith('mailto:')) continue; const p=path.resolve(path.dirname(f), href); if (!fs.existsSync(p)) bad.push(`${f}: ${m[1]}`); } } if (bad.length) { console.error(bad.join('\n')); process.exit(1); }" +git diff --check +``` diff --git a/docs/case-studies/issue-86/DATA-COLLECTION.md b/docs/case-studies/issue-86/DATA-COLLECTION.md new file mode 100644 index 0000000..f5f2b4a --- /dev/null +++ b/docs/case-studies/issue-86/DATA-COLLECTION.md @@ -0,0 +1,105 @@ +# Data Collection: Issue #86 + +Evidence date: 2026-05-10 UTC. + +This folder preserves the local evidence and external metadata used to compare +Docker Sandboxes with `box`. Full upstream documentation pages were not copied +into this repository; the case study links to the public pages and stores the +commands plus compact metadata snapshots needed to reproduce the analysis. + +## Preserved Files + +| File | Purpose | +|---|---| +| [`issue.md`](./issue.md) | Human-readable issue snapshot. | +| [`data/issue-86.json`](./data/issue-86.json) | GitHub issue JSON with title, body, URL, timestamps, and comments. | +| [`data/docker-sandbox-templates-tags.json`](./data/docker-sandbox-templates-tags.json) | Docker Hub tag metadata for `docker/sandbox-templates`. | +| [`data/konard-box-latest-tag.json`](./data/konard-box-latest-tag.json) | Docker Hub tag metadata for `konard/box:latest`. | +| [`data/konard-box-dind-latest-tag.json`](./data/konard-box-dind-latest-tag.json) | Docker Hub tag metadata for `konard/box-dind:latest`. | +| [`data/docker-sbx-releases.json`](./data/docker-sbx-releases.json) | GitHub repository metadata for `docker/sbx-releases`. | +| [`data/docker-sbx-releases-list.txt`](./data/docker-sbx-releases-list.txt) | Recent `docker/sbx-releases` release list. | +| [`data/docker-sbx-kits-contrib.json`](./data/docker-sbx-kits-contrib.json) | GitHub repository metadata for `docker/sbx-kits-contrib`. | +| [`data/docker-sbx-kits-contrib-root.txt`](./data/docker-sbx-kits-contrib-root.txt) | Root directory listing for `docker/sbx-kits-contrib`. | +| [`data/docker-code-search-sandbox-templates.txt`](./data/docker-code-search-sandbox-templates.txt) | GitHub code search output for `sandbox-templates` in Docker-owned repositories. | +| [`data/docker-docs-sandboxes-paths.txt`](./data/docker-docs-sandboxes-paths.txt) | Top-level Docker docs paths under `content/manuals/ai/sandboxes`. | + +## Commands Used + +```bash +gh issue view https://github.com/link-foundation/box/issues/86 --json title,body,comments,url,createdAt,updatedAt +gh api repos/link-foundation/box/issues/86/comments --paginate +gh pr view 87 --repo link-foundation/box --json title,body,isDraft,url,headRefName,baseRefName,commits,statusCheckRollup +gh api repos/link-foundation/box/pulls/87/comments --paginate +gh api repos/link-foundation/box/issues/87/comments --paginate +gh api repos/link-foundation/box/pulls/87/reviews --paginate +gh search code --owner docker 'sandbox-templates' --limit 50 +gh search code --owner docker 'DOCKER_SANDBOXES_DOCKER_SIZE' --limit 20 +gh repo view docker/sbx-releases --json nameWithOwner,url,description,homepageUrl,updatedAt,licenseInfo,isPrivate +gh release list --repo docker/sbx-releases --limit 20 +gh repo view docker/sbx-kits-contrib --json nameWithOwner,url,description,homepageUrl,updatedAt,licenseInfo,isPrivate +gh api repos/docker/sbx-kits-contrib/contents --jq '.[].name' +gh api repos/docker/docs/contents/content/manuals/ai/sandboxes?ref=main --jq '.[].path' +curl -fsSL 'https://hub.docker.com/v2/repositories/docker/sandbox-templates/tags?page_size=100' +curl -fsSL 'https://hub.docker.com/v2/repositories/konard/box/tags/latest' +curl -fsSL 'https://hub.docker.com/v2/repositories/konard/box-dind/tags/latest' +``` + +## Docker Sandboxes Source Findings + +The public evidence found for Docker Sandboxes is split across documentation, +release metadata, template image metadata, and kit source: + +| Artifact | Finding | +|---|---| +| `docker/sbx-releases` | Public release repository for `sbx`, with releases such as `v0.28.3` on 2026-04-29 and nightly releases. It did not expose template image Dockerfiles in the files inspected. | +| `docker/sbx-kits-contrib` | Public Apache-2.0 repository containing kit specs, examples, tests, and directories such as `code-server`, `trivy`, `mise`, `task`, and model-runner related kits. | +| `docker/docs` | Public docs contain the product behavior, template names, kit format, security model, policy commands, and Docker storage sizing variable. | +| `docker/sandbox-templates` Docker Hub metadata | Public image tags and manifests exist. Source Dockerfiles for these template images were not found in Docker-owned GitHub code search results during this pass. | + +Because public template image source was not found, the comparison treats +Docker's docs and Docker Hub metadata as the authoritative public evidence for +template features. + +## Docker Hub Metadata Summary + +| Image/tag | Docker Hub reported size | Last updated | Relevant notes | +|---|---:|---|---| +| `docker/sandbox-templates:shell` | 485.8 MiB | 2026-05-09 | Generic no-agent template. | +| `docker/sandbox-templates:shell-docker` | 550.0 MiB | 2026-05-06 | Generic template with Docker Engine inside. | +| `docker/sandbox-templates:codex` | 664.6 MiB | 2026-05-06 | AI-specific, excluded from gaps. | +| `docker/sandbox-templates:codex-docker` | 728.8 MiB | 2026-05-06 | AI-specific, excluded from gaps. | +| `docker/sandbox-templates:opencode-docker` | 964.7 MiB | 2026-05-06 | AI-specific, excluded from gaps. | +| `konard/box:latest` | 5.47 GiB on amd64 | 2026-05-01 | Full universal `box` image. | +| `konard/box-dind:latest` | 5.59 GiB on amd64 | 2026-05-01 | Full universal `box` image plus Docker-in-Docker. | + +Docker Hub tag `full_size` is registry-reported compressed image metadata and +should be used only as an approximate comparison point. The `box` full image is +larger because it intentionally includes many language runtimes and tools. + +## Local `box` Evidence Read + +| Local file | Evidence used | +|---|---| +| [`README.md`](../../../README.md) | Runtime/tool list, modular image matrix, registry links, dind-box description, DIND security notes. | +| [`REQUIREMENTS.md`](../../../REQUIREMENTS.md) | Functional requirements, security requirements, multi-arch requirements, local-first install policy. | +| [`ARCHITECTURE.md`](../../../ARCHITECTURE.md) | Build architecture, multi-stage assembly, native ARM64 policy, modular design. | +| [`Dockerfile`](../../../Dockerfile) and [`ubuntu/24.04/full-box/Dockerfile`](../../../ubuntu/24.04/full-box/Dockerfile) | Full image assembly and system packages. | +| [`ubuntu/24.04/js/Dockerfile`](../../../ubuntu/24.04/js/Dockerfile) | Non-root `box` user and browser automation dependencies. | +| [`ubuntu/24.04/dind/Dockerfile`](../../../ubuntu/24.04/dind/Dockerfile) | DIND layer design and private daemon comments. | +| [`ubuntu/24.04/dind/install.sh`](../../../ubuntu/24.04/dind/install.sh) | Docker Engine, CLI, Buildx, Compose, containerd, and fuse-overlayfs installation. | +| [`ubuntu/24.04/dind/dind-entrypoint.sh`](../../../ubuntu/24.04/dind/dind-entrypoint.sh) | Runtime knobs for `DIND_DATA_ROOT`, storage driver, daemon wait, and user handoff. | + +## Official Docker Documentation Links + +- Docker Sandboxes product page: https://www.docker.com/products/docker-sandboxes/ +- Docker Sandboxes docs: https://docs.docker.com/ai/sandboxes/ +- Get started: https://docs.docker.com/ai/sandboxes/get-started/ +- Architecture: https://docs.docker.com/ai/sandboxes/architecture/ +- Usage: https://docs.docker.com/ai/sandboxes/usage/ +- Isolation: https://docs.docker.com/ai/sandboxes/security/isolation/ +- Default security posture: https://docs.docker.com/ai/sandboxes/security/defaults/ +- Policies: https://docs.docker.com/ai/sandboxes/security/policy/ +- Credentials: https://docs.docker.com/ai/sandboxes/security/credentials/ +- Workspace trust: https://docs.docker.com/ai/sandboxes/security/workspace/ +- Templates: https://docs.docker.com/ai/sandboxes/customize/templates/ +- Kits: https://docs.docker.com/ai/sandboxes/customize/kits/ diff --git a/docs/case-studies/issue-86/data/docker-code-search-sandbox-templates.txt b/docs/case-studies/issue-86/data/docker-code-search-sandbox-templates.txt new file mode 100644 index 0000000..f9595fe --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-code-search-sandbox-templates.txt @@ -0,0 +1,38 @@ +docker/docs:content/manuals/ai/sandboxes/agents/copilot.md: Template: `docker/sandbox-templates:copilot` +docker/docker-agent:docs/configuration/sandbox/index.md: | `--template` | `docker/sandbox-templates:docker-agent` | OCI image used as the sandbox template. Passed to `docker sandbox create -t` / `sbx create -t`. | +docker/docs:content/manuals/ai/sandboxes/customize/kits.md: image: "docker/sandbox-templates:claude-code-docker" +docker/docs:content/manuals/ai/sandboxes/customize/kits.md: Build on top of `docker/sandbox-templates:shell-docker` to get these for +docker/sbx-kits-contrib:openclaw/spec.yaml: image: "docker/sandbox-templates:shell-docker" +docker/docker-agent:cmd/root/run.go: cmd.PersistentFlags().StringVar(&flags.sandboxTemplate, "template", "docker/sandbox-templates:docker-agent", "Template image for the sandbox (passed to docker sandbox create -t)") +docker/docs:content/manuals/ai/sandboxes/agents/docker-agent.md: The sandbox uses `docker/sandbox-templates:docker-agent` and launches Docker +docker/sbx-kits-contrib:tck/suite.go: DefaultShellImage = "docker/sandbox-templates:shell-docker" +docker/sbx-kits-contrib:tck/suite.go: "shell": "docker/sandbox-templates:shell-docker", +docker/sbx-kits-contrib:tck/suite.go: "claude": "docker/sandbox-templates:claude-code-docker", +docker/docker-agent:docs/features/cli/index.md: | `--template ` | Template image for the sandbox (default: `docker/sandbox-templates:docker-agent`) | +docker/docs:content/manuals/ai/sandboxes/customize/templates.md: `docker/sandbox-templates:`. They are based on Ubuntu and run as a +docker/docs:content/manuals/ai/sandboxes/customize/templates.md: $ sbx run claude --template docker.io/docker/sandbox-templates:claude-code +docker/sbx-kits-contrib:trivy/spec.yaml: image: "docker/sandbox-templates:shell-docker" +docker/docs:data/cli/sandbox/docker_sandbox_inspect.yaml: "template": "docker/sandbox-templates:claude-code", +docker/docs:content/manuals/ai/sandboxes/docker-desktop.md: FROM docker/sandbox-templates:claude-code +docker/sbx-kits-contrib:opencode-model-runner/spec.yaml: image: "docker/sandbox-templates:opencode-docker" +docker/docs:content/manuals/ai/sandboxes/agents/codex.md: Template: `docker/sandbox-templates:codex` +docker/sbx-kits-contrib:nanoclaw/spec.yaml: image: "docker/sandbox-templates:claude-code-docker" +docker/docs:content/manuals/ai/sandboxes/customize/build-an-agent.md: - `docker/sandbox-templates:shell`. Generic base with no pre-installed +docker/docs:content/manuals/ai/sandboxes/customize/build-an-agent.md: - `docker/sandbox-templates:shell-docker`. Same, with Docker Engine inside +docker/docs:content/manuals/ai/sandboxes/agents/droid.md: Template: `docker/sandbox-templates:droid-docker` +docker/sbx-kits-contrib:amp/spec.yaml: image: "docker/sandbox-templates:shell-docker" +docker/go-sdk:image/pull_unit_test.go: imageName := "docker/sandbox-templates:shell-docker" +docker/docs:content/manuals/ai/sandboxes/agents/gemini.md: Template: `docker/sandbox-templates:gemini` +docker/sbx-kits-contrib:claude-ollama/spec.yaml: image: "docker/sandbox-templates:claude-code-docker" +docker/docs:content/manuals/ai/sandboxes/agents/cursor.md: Template: `docker/sandbox-templates:cursor-agent-docker` +docker/docs:content/manuals/ai/sandboxes/customize/kit-examples.md: image: "docker/sandbox-templates:claude-code-docker" +docker/docs:content/manuals/ai/sandboxes/agents/opencode.md: Template: `docker/sandbox-templates:opencode` +docker/docs:content/manuals/ai/sandboxes/agents/kiro.md: Template: `docker/sandbox-templates:kiro` +docker/sbx-kits-contrib:pi/spec.yaml: image: "docker/sandbox-templates:shell-docker" +docker/docs:content/manuals/ai/sandboxes/agents/claude-code.md: The sandbox uses `docker/sandbox-templates:claude-code` and launches Claude Code +docker/sbx-kits-contrib:nanobot/spec.yaml: image: "docker/sandbox-templates:shell-docker" +docker/docs:content/manuals/ai/sandboxes/faq.md: image: "docker/sandbox-templates:claude-code-docker" +docker/sbx-kits-contrib:tck/tck_test.go: require.Equal(t, "docker/sandbox-templates:claude-code-docker", img) +docker/sbx-kits-contrib:tck/tck_test.go: require.Equal(t, "docker/sandbox-templates:shell-docker", suite.Image) +docker/sbx-kits-contrib:spec/validate_test.go: Template: "docker/sandbox-templates:shell-docker", +docker/sbx-kits-contrib:spec/testdata/sample-agent/spec.yaml: image: "docker/sandbox-templates:shell-docker" diff --git a/docs/case-studies/issue-86/data/docker-docs-sandboxes-paths.txt b/docs/case-studies/issue-86/data/docker-docs-sandboxes-paths.txt new file mode 100644 index 0000000..0019ac3 --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-docs-sandboxes-paths.txt @@ -0,0 +1,11 @@ +content/manuals/ai/sandboxes/_index.md +content/manuals/ai/sandboxes/agents +content/manuals/ai/sandboxes/architecture.md +content/manuals/ai/sandboxes/customize +content/manuals/ai/sandboxes/docker-desktop.md +content/manuals/ai/sandboxes/faq.md +content/manuals/ai/sandboxes/get-started.md +content/manuals/ai/sandboxes/images +content/manuals/ai/sandboxes/security +content/manuals/ai/sandboxes/troubleshooting.md +content/manuals/ai/sandboxes/usage.md diff --git a/docs/case-studies/issue-86/data/docker-sandbox-templates-tags.json b/docs/case-studies/issue-86/data/docker-sandbox-templates-tags.json new file mode 100644 index 0000000..581e084 --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-sandbox-templates-tags.json @@ -0,0 +1 @@ +{"count":30,"next":null,"previous":null,"results":[{"creator":35564209,"id":979137583,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:4c688f8e768df24eac1714c0e2ad50919cb2c61397d436df293187acac647376","os":"linux","os_features":"","os_version":null,"size":345191360,"status":"active","last_pulled":"2026-05-08T17:23:48.369828241Z","last_pushed":"2025-09-25T01:17:24.43642876Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:50f7c5062bd7c6c77bd7906525da9b539c78f29d1736d354830e14103355443d","os":"linux","os_features":"","os_version":null,"size":334225872,"status":"active","last_pulled":"2026-05-08T01:20:08.969412847Z","last_pushed":"2025-09-25T01:17:25.038629371Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:6ca35d28e36c05d66a236acac6ddcb93b9c4bc0587d196375c98a3474fee3a46","os":"unknown","os_features":"","os_version":null,"size":14221423,"status":"active","last_pulled":"2026-05-09T01:08:29.129782132Z","last_pushed":"2025-09-25T01:17:23.972570126Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:61f25fdd95d29ac8129a6111030b57fcdae5b97f944ef6ad684936b48e62ae27","os":"unknown","os_features":"","os_version":null,"size":14228842,"status":"active","last_pulled":"2026-05-08T01:20:08.970663404Z","last_pushed":"2025-09-25T01:17:25.633307221Z"}],"last_updated":"2025-09-25T01:17:33.633502Z","last_updater":35564209,"last_updater_username":"austinvazquez403","name":"latest","repository":28663642,"full_size":345191360,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T04:06:49.339827376Z","tag_last_pushed":"2025-09-25T01:17:33.633502Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:8b74b8d1c28e8b6625b561f6a092d279bf224560287d8a6704d9dba42245c88b"},{"creator":440445,"id":1031809227,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:33e9ecb2066b06e5dca94ca26c2f5316cfff5aaedea3726d2a828faaafdc84d4","os":"linux","os_features":"","os_version":null,"size":576594045,"status":"active","last_pulled":"2026-05-10T12:15:10.431424053Z","last_pushed":"2026-05-09T01:25:06.977478849Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:cc5d4fd33ed47981acd8bb31e1ee8258f3bf710e55512fc80218c455ac3a1d5d","os":"linux","os_features":"","os_version":null,"size":567381734,"status":"active","last_pulled":"2026-05-10T04:31:11.806338464Z","last_pushed":"2026-05-09T01:25:08.182755952Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:12943bd72fcbfe14bd9137431aabc0ee17d59edaadf0031eed27b7637868bdd3","os":"unknown","os_features":"","os_version":null,"size":38449023,"status":"active","last_pulled":"2026-05-09T09:42:45.449797643Z","last_pushed":"2026-05-09T01:25:06.495109879Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:4fc7a614789cc9c24411013d80364ebdbbf9f0b05ba141d1a96983366e80b8b2","os":"unknown","os_features":"","os_version":null,"size":38470955,"status":"active","last_pulled":"2026-05-09T08:57:30.01336313Z","last_pushed":"2026-05-09T01:25:07.635024579Z"}],"last_updated":"2026-05-09T01:25:09.310646Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"cursor-agent","repository":28663642,"full_size":576594045,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T12:15:10.431424053Z","tag_last_pushed":"2026-05-09T01:25:09.310646Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:fea4a40e77f632683c8b073f988b07db196c2100279c4bd7b65ab00038956838"},{"creator":788441,"id":1096835227,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:a23779177e27cb84172c1e0f77ad8d17790b686e0bff849a46612e0bd90aa52b","os":"linux","os_features":"","os_version":null,"size":542814395,"status":"active","last_pulled":"2026-05-10T15:35:04.733095311Z","last_pushed":"2026-05-09T01:22:40.971992712Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:c7510d401c54206960c95a7e3076309c18a501ebe7c7c4c75a0f74be592dbfa9","os":"linux","os_features":"","os_version":null,"size":531328232,"status":"active","last_pulled":"2026-05-10T15:33:05.65511964Z","last_pushed":"2026-05-09T01:22:42.108545787Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:c7ef4af1024a970323ccc60df191471e1b5c648689ec98e4740c3a1c100b7bd0","os":"unknown","os_features":"","os_version":null,"size":38755753,"status":"active","last_pulled":"2026-05-10T06:28:50.500773936Z","last_pushed":"2026-05-09T01:22:41.656513403Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:dca33e6966930ce004774cad2a652dee2a7ecd97553e80d7670eda6058d3c688","os":"unknown","os_features":"","os_version":null,"size":38777685,"status":"active","last_pulled":"2026-05-10T06:28:50.502615455Z","last_pushed":"2026-05-09T01:22:42.814157606Z"}],"last_updated":"2026-05-09T01:22:43.790128Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"docker-agent","repository":28663642,"full_size":542814395,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T15:35:04.733095311Z","tag_last_pushed":"2026-05-09T01:22:43.790128Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:e20f30039a251459c3a4f1f4020f983052ca46a9168ceea8b240aedfa3c8c74e"},{"creator":440445,"id":1070821555,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:af75926ac96e524206ae7d5524b72ab8863913e5ed0db1591a3e22cf70fb991b","os":"linux","os_features":"","os_version":null,"size":509402965,"status":"active","last_pulled":"2026-05-10T18:17:43.62426347Z","last_pushed":"2026-05-09T01:22:42.134907295Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:dd5c1f01e1fb79da14976b902d7410de6859e4c44ce87e790e7c19401f9c624d","os":"linux","os_features":"","os_version":null,"size":500597579,"status":"active","last_pulled":"2026-05-10T18:03:30.340327331Z","last_pushed":"2026-05-09T01:22:41.46231872Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:db2f32cd8b4cd51c8f9817d04553770f9cf2f46c9f0e5944891deea7fd3b1e53","os":"unknown","os_features":"","os_version":null,"size":38444324,"status":"active","last_pulled":"2026-05-10T10:46:40.85200325Z","last_pushed":"2026-05-09T01:22:40.928212547Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:a740c649d1f48986f2b04a728c826f474fbc4b2ba371f7ff60b6ef8ca6489f33","os":"unknown","os_features":"","os_version":null,"size":38466256,"status":"active","last_pulled":"2026-05-10T09:53:31.024894317Z","last_pushed":"2026-05-09T01:22:42.965225456Z"}],"last_updated":"2026-05-09T01:22:43.788237Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"shell","repository":28663642,"full_size":509402965,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:17:43.62426347Z","tag_last_pushed":"2026-05-09T01:22:43.788237Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:7be8c613701f6901908aed0db4397f4565112becab3a2a5158ddca0acd2aa3c2"},{"creator":440445,"id":1049880722,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:a1d53804a25db858eba0bf3a9bf7d3f056aa36d6090d96b05d4b3c010fd8d920","os":"linux","os_features":"","os_version":null,"size":264707752,"status":"active","last_pulled":"2026-05-10T18:23:29.658103528Z","last_pushed":"2026-05-09T01:08:19.230936095Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:9adcead1f557ad49eb3f852867c3461e099c350a62fa73653cf8186ffaa97f34","os":"linux","os_features":"","os_version":null,"size":257764443,"status":"active","last_pulled":"2026-05-10T16:19:22.324679877Z","last_pushed":"2026-05-09T01:08:19.854653322Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:be629a2d3b2c635d9225d61e6046db3496f00c0de8b257636eaa4adec50fe529","os":"unknown","os_features":"","os_version":null,"size":4747972,"status":"active","last_pulled":"2026-05-10T07:23:23.205251301Z","last_pushed":"2026-05-09T01:08:18.643441206Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:4be4e60e6996848d51e8f983aabe38c480f4e85ccf55572887c560d41af34566","os":"unknown","os_features":"","os_version":null,"size":4752071,"status":"active","last_pulled":"2026-05-10T07:23:23.204451615Z","last_pushed":"2026-05-09T01:08:20.582473732Z"}],"last_updated":"2026-05-09T01:08:21.344057Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"claude-code-minimal","repository":28663642,"full_size":264707752,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:23:29.658103528Z","tag_last_pushed":"2026-05-09T01:08:21.344057Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:5ca6f23bc4b197afe4e1235452ef725a5b38c22460f95d7d605ca78584295063"},{"creator":35564209,"id":984305226,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:10bc14d4c936fbbc09ddeec56d1aa265343878641dc578621cd8b02b61ce2a65","os":"linux","os_features":"","os_version":null,"size":581062165,"status":"active","last_pulled":"2026-05-10T18:13:39.756153441Z","last_pushed":"2026-05-08T01:32:23.568121205Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:e18c74949fc7bf88e6f477f0bc8f06b2b102c0b355205ebac5edec9d9d9bed8c","os":"linux","os_features":"","os_version":null,"size":572697937,"status":"active","last_pulled":"2026-05-10T18:05:56.693270906Z","last_pushed":"2026-05-08T01:32:24.447092465Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:e848c55a47dc4abc1f19ebbd6ba3cfc6c8d516438624d001faa6ca77490d4492","os":"unknown","os_features":"","os_version":null,"size":38444111,"status":"active","last_pulled":"2026-05-10T17:52:48.48187159Z","last_pushed":"2026-05-08T01:32:24.116996478Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:750789e519c149c673acf2cc26bdbefc1d816f1f3bdb99bf641f72aca23cfa88","os":"unknown","os_features":"","os_version":null,"size":38466043,"status":"active","last_pulled":"2026-05-10T18:07:39.489193771Z","last_pushed":"2026-05-08T01:32:25.084297467Z"}],"last_updated":"2026-05-08T01:32:25.91203Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"claude-code","repository":28663642,"full_size":581062165,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:16:08.956429777Z","tag_last_pushed":"2026-05-08T01:32:25.91203Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:f7b825d9df813b4776e86497c6d6447cd6545c15f3191f6521442510b5770a25"},{"creator":440445,"id":1016427100,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:617d643b5888d16898cbf18a087b2e7f4e88b34ce17a228f9fc936447886db0d","os":"linux","os_features":"","os_version":null,"size":859349151,"status":"active","last_pulled":"2026-05-10T13:31:50.639755329Z","last_pushed":"2026-05-08T01:29:13.864262552Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:f26dbc294860aaa3e16058dc82696e0fcbc2ddb4f66258eed6df2a313aa7ef0b","os":"linux","os_features":"","os_version":null,"size":809138104,"status":"active","last_pulled":"2026-05-10T09:22:49.352256394Z","last_pushed":"2026-05-08T01:29:14.815728164Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:3e6dd17a02c626efd7592785a7a159660da5ceb352a338417d7f477755202466","os":"unknown","os_features":"","os_version":null,"size":38447768,"status":"active","last_pulled":"2026-05-10T13:31:51.227554126Z","last_pushed":"2026-05-08T01:29:14.438573317Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:eacc6dc6b54d2ba8ad68f1bf8127749967f3999a265bf7b386ca0660ec57273d","os":"unknown","os_features":"","os_version":null,"size":38469700,"status":"active","last_pulled":"2026-05-10T09:22:49.658932945Z","last_pushed":"2026-05-08T01:29:15.629539487Z"}],"last_updated":"2026-05-08T01:29:16.42159Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"kiro","repository":28663642,"full_size":859349151,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T13:31:51.227554126Z","tag_last_pushed":"2026-05-08T01:29:16.42159Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:e84cf29864a5fb2a78a49212af64413904d476d5bd90bd9484bce9f88963976a"},{"creator":440445,"id":1060608099,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:2039b1eb273bacf0bfac57e49d2fbb49b94df6020417ca39d1e6952fffe6ef51","os":"linux","os_features":"","os_version":null,"size":588248058,"status":"active","last_pulled":"2026-05-10T04:31:07.846249818Z","last_pushed":"2026-05-08T01:23:38.742568913Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:42c17209a38f4f13c7a9fba824aeb9366e4b56b56dc4d0133fa6470c2154f6aa","os":"linux","os_features":"","os_version":null,"size":581109214,"status":"active","last_pulled":"2026-05-10T06:11:24.160704467Z","last_pushed":"2026-05-08T01:23:38.114366433Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:43ae17e5a6dd81946b6f5044d7241269da6a8a8888b1926c602004989f4157fc","os":"unknown","os_features":"","os_version":null,"size":38444030,"status":"active","last_pulled":"2026-05-10T06:28:40.216980647Z","last_pushed":"2026-05-08T01:23:37.560417044Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:842faadd93378e658669668b73970632b9376ed5092a21c7c839000a3bedf37c","os":"unknown","os_features":"","os_version":null,"size":38465962,"status":"active","last_pulled":"2026-05-10T06:11:24.407742846Z","last_pushed":"2026-05-08T01:23:39.355790214Z"}],"last_updated":"2026-05-08T01:23:40.241862Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"copilot","repository":28663642,"full_size":588248058,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T06:28:40.216980647Z","tag_last_pushed":"2026-05-08T01:23:40.241862Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:d366ec105da538769327a94e1ef7469af5f97416838c2fbb8a944478efd16050"},{"creator":440445,"id":1136757993,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:cbb09f0fde6841a22066bad425aef6921965156f9bf4a082c708c102406989e5","os":"linux","os_features":"","os_version":null,"size":576375951,"status":"active","last_pulled":"2026-05-09T09:07:44.904928077Z","last_pushed":"2026-05-08T01:23:31.078617369Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:a081fe586282a030f58492e66358e1b5ca880e47d1d1c49966df72f18ad76971","os":"linux","os_features":"","os_version":null,"size":567152238,"status":"active","last_pulled":"2026-05-09T09:18:30.060808653Z","last_pushed":"2026-05-08T01:23:30.533160034Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:bf8d37423c359bf0c7e864d921324cd04b7cb44c98584a05977771237d04a901","os":"unknown","os_features":"","os_version":null,"size":38444018,"status":"active","last_pulled":"2026-05-09T09:40:36.593336335Z","last_pushed":"2026-05-08T01:23:30.129739959Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:dc6eaa241f79213ab0953d29bb6494b6b7fefab7c97632df1f576a6afb4e3ca8","os":"unknown","os_features":"","os_version":null,"size":38465950,"status":"active","last_pulled":"2026-05-09T09:15:11.571326944Z","last_pushed":"2026-05-08T01:23:31.642530079Z"}],"last_updated":"2026-05-08T01:23:32.641192Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"droid","repository":28663642,"full_size":576375951,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-09T09:40:36.593336335Z","tag_last_pushed":"2026-05-08T01:23:32.641192Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:301854d1e979aa74fe613f5ecc8e5b062c0d9c398093838e5ac8fe6ab10f9d98"},{"creator":440445,"id":1100590837,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:64c2b3ad1a0a2f0fd01a2de2f9ad7c5f0fda9badec2dd0c8d5268ae9c37c60cd","os":"linux","os_features":"","os_version":null,"size":1011562535,"status":"active","last_pulled":"2026-05-10T16:21:05.004112594Z","last_pushed":"2026-05-06T01:45:15.428247098Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:5967d77769b3ea247a42c3ec291bee749c948c197017bbddba90d7511da8e550","os":"linux","os_features":"","os_version":null,"size":793009050,"status":"active","last_pulled":"2026-05-10T13:53:36.997978229Z","last_pushed":"2026-05-06T01:45:14.822833565Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:a23277c94d249d31d0b07354e76b0036d9b8fc1d725d4f264683776fd508d1ed","os":"unknown","os_features":"","os_version":null,"size":40010147,"status":"active","last_pulled":"2026-05-09T08:02:51.173075312Z","last_pushed":"2026-05-06T01:45:14.397224253Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:6d8c0abca7d8a6e636c274c6add979197e3b98032edfde3bc7f78e3b09eb2e78","os":"unknown","os_features":"","os_version":null,"size":40018558,"status":"active","last_pulled":"2026-05-09T08:02:51.170664245Z","last_pushed":"2026-05-06T01:45:16.056360211Z"}],"last_updated":"2026-05-06T01:45:17.058127Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"opencode-docker","repository":28663642,"full_size":1011562535,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:15:13.122051617Z","tag_last_pushed":"2026-05-06T01:45:17.058127Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:d3eb2f624f40efa7722c2bc3452cac6c5933120a06a5cf92cebf45907eb29a2a"},{"creator":440445,"id":1101939211,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:7829d78de4878d7b677e2a0da9694e13461c75d370f0179e7800a06996819eaa","os":"linux","os_features":"","os_version":null,"size":652801800,"status":"active","last_pulled":"2026-05-10T18:05:38.820908444Z","last_pushed":"2026-05-06T01:45:11.93622491Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:ffed0f1b883fb5e08a41833002c2b441c32a9ec3ff401d5956c9bd2aea501a11","os":"linux","os_features":"","os_version":null,"size":638155088,"status":"active","last_pulled":"2026-05-10T17:51:38.007914898Z","last_pushed":"2026-05-06T01:45:11.33496874Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:99f992d986c8ec32e8144718fc4328589f947cdaf3d2edfa7a54da030e920864","os":"unknown","os_features":"","os_version":null,"size":40014015,"status":"active","last_pulled":"2026-05-09T05:52:23.145579705Z","last_pushed":"2026-05-06T01:45:10.905705742Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:ed84c95e4a200630a185f92e89b10f7c8239cf931f19f1a94c4552dfea360075","os":"unknown","os_features":"","os_version":null,"size":40030939,"status":"active","last_pulled":"2026-05-09T05:52:23.145392048Z","last_pushed":"2026-05-06T01:45:12.726441965Z"}],"last_updated":"2026-05-06T01:45:13.516032Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"gemini-docker","repository":28663642,"full_size":652801800,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:14:05.598485501Z","tag_last_pushed":"2026-05-06T01:45:13.516032Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:26b10a4c65b63a47c76fe3b5c174feb753a442101e4702af357d1da60ff852c0"},{"creator":440445,"id":1100590209,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:c45ec4b0074ae24eaff5677479aefa61f19939dcbfe32bd904acd09b543f48a9","os":"linux","os_features":"","os_version":null,"size":764201682,"status":"active","last_pulled":"2026-05-10T16:18:59.112263727Z","last_pushed":"2026-05-06T01:43:57.259525876Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:5292fe66c18a645c720f776cb6d4324a9b91eb14565fe00251b0a04ae621a7b5","os":"linux","os_features":"","os_version":null,"size":738029267,"status":"active","last_pulled":"2026-05-10T16:57:29.63021279Z","last_pushed":"2026-05-06T01:43:58.192610184Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:ad80ff2aa1ca40d0ea743fb023fc3b86d16aba3a69d11979b17eb2317d967c42","os":"unknown","os_features":"","os_version":null,"size":39999056,"status":"active","last_pulled":"2026-05-10T03:06:08.406654144Z","last_pushed":"2026-05-06T01:43:56.867464607Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:047bd708902f3923261803cae7a2ef5d205a520aa4ef3ef875c9a53feedfba6d","os":"unknown","os_features":"","os_version":null,"size":40015934,"status":"active","last_pulled":"2026-05-10T03:06:08.4082795Z","last_pushed":"2026-05-06T01:43:57.794818298Z"}],"last_updated":"2026-05-06T01:43:59.121127Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"codex-docker","repository":28663642,"full_size":764201682,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:05:28.169615336Z","tag_last_pushed":"2026-05-06T01:43:59.121127Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:143758b7c0855facb8f6f52d7b659af861c0cad2a44d84206e9c5c4ce0090e47"},{"creator":23613491,"id":1098375160,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:c710381616e75dac746c5c8608634fb1bb46750b38c65efe0d7f87757f0e8831","os":"linux","os_features":"","os_version":null,"size":655184095,"status":"active","last_pulled":"2026-05-10T18:23:46.895221456Z","last_pushed":"2026-05-06T01:43:55.364401253Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:683930012300d96cc21f012988abf59fca1efbef611dbcbcc1c68ee896632e38","os":"linux","os_features":"","os_version":null,"size":640957447,"status":"active","last_pulled":"2026-05-10T18:07:58.400073842Z","last_pushed":"2026-05-06T01:43:54.817585504Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:95d5dfd3e74cf4f46fbca45fc64cc70a5a0088e0f02bfe1b658359ca5f8d2e7f","os":"unknown","os_features":"","os_version":null,"size":39639104,"status":"active","last_pulled":"2026-05-10T11:42:29.135161429Z","last_pushed":"2026-05-06T01:43:54.358774674Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:4fe6622003f50784eca690e56ee465f0bec0c28b087a4523cb34edc7c9c8eb23","os":"unknown","os_features":"","os_version":null,"size":39655968,"status":"active","last_pulled":"2026-05-10T14:12:34.084491611Z","last_pushed":"2026-05-06T01:43:55.964745634Z"}],"last_updated":"2026-05-06T01:43:56.710465Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"claude-code-docker","repository":28663642,"full_size":655184095,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:23:46.895221456Z","tag_last_pushed":"2026-05-06T01:43:56.710465Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:f10019f63497a548d142b64b1f4dd5dc8cf7f61c3ef21f085a7a9683393d8342"},{"creator":440445,"id":1100588362,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:75a7746d53fcfe977530a416f23ea94abdcacc7752129ec691a0542a79381018","os":"linux","os_features":"","os_version":null,"size":926649742,"status":"active","last_pulled":"2026-05-10T04:29:10.576718037Z","last_pushed":"2026-05-06T01:41:59.126912134Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:0fdc88808df1bf6eb740b69f364ed1e25247fa79acb5f7f125238385f67afed7","os":"linux","os_features":"","os_version":null,"size":870661033,"status":"active","last_pulled":"2026-05-10T11:25:10.543297072Z","last_pushed":"2026-05-06T01:42:00.106106817Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:041c1e3ce264fb2d9f80dbea3392dd23661e456d1e3cef5c608fb654ead192ca","os":"unknown","os_features":"","os_version":null,"size":39642871,"status":"active","last_pulled":"2026-05-10T11:25:10.546653004Z","last_pushed":"2026-05-06T01:41:59.718683746Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:a68d0657f3cb3368fb2494ca89dc13547c9f736bf048770a8bdabb14f15ba6d3","os":"unknown","os_features":"","os_version":null,"size":39659735,"status":"active","last_pulled":"2026-05-10T11:25:10.546905264Z","last_pushed":"2026-05-06T01:42:00.935142184Z"}],"last_updated":"2026-05-06T01:42:01.627335Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"kiro-docker","repository":28663642,"full_size":926649742,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T11:25:10.546905264Z","tag_last_pushed":"2026-05-06T01:42:01.627335Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:4557a6e0d51d4d34f1c823feac612ad19b2e08309ad142eb46f4580960c01ff5"},{"creator":35564209,"id":987230823,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:4cd16fbeeadb4fc53f5344d95477da4a162bbdf21852e5d8aa432e7f09dc42ad","os":"linux","os_features":"","os_version":null,"size":585479762,"status":"active","last_pulled":"2026-05-10T15:17:23.403484189Z","last_pushed":"2026-05-06T01:41:52.241907206Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:f95aba4c76c06c7692f4ef5626fb0896dc0ee332361c713ae9a11756d1e54626","os":"linux","os_features":"","os_version":null,"size":576668055,"status":"active","last_pulled":"2026-05-10T15:16:33.660927697Z","last_pushed":"2026-05-06T01:41:51.671337366Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:14d8b992f26a18866bceab044c238f64436455b66c6b7db046570f8a11d436a5","os":"unknown","os_features":"","os_version":null,"size":38819067,"status":"active","last_pulled":"2026-05-09T21:47:12.72208799Z","last_pushed":"2026-05-06T01:41:51.276144545Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:0e1f5efead35cc31fa2220d32ee21c3dafe93547655750f1d61292bd15efc2dd","os":"unknown","os_features":"","os_version":null,"size":38841059,"status":"active","last_pulled":"2026-05-09T21:23:33.83309962Z","last_pushed":"2026-05-06T01:41:53.390736698Z"}],"last_updated":"2026-05-06T01:41:54.259067Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"gemini","repository":28663642,"full_size":585479762,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T15:17:23.403484189Z","tag_last_pushed":"2026-05-06T01:41:54.259067Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:a9e2a71c05580b45fa142dcd09f6ca984a591c4ca3ec04f347ca82323cca3d0a"},{"creator":440445,"id":1066835417,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:d5395c988dcc2010738d44df2818b12577811112e869dfbfee2533c532f064ff","os":"linux","os_features":"","os_version":null,"size":944240455,"status":"active","last_pulled":"2026-05-10T16:26:28.173933935Z","last_pushed":"2026-05-06T01:40:46.788644697Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:7529766f5af827a671adfbeebee1aa480efcea80370ead012d323cc64e621b15","os":"linux","os_features":"","os_version":null,"size":731522043,"status":"active","last_pulled":"2026-05-10T08:03:41.969792224Z","last_pushed":"2026-05-06T01:40:47.697725584Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:91ebfa4f4aed0d3259846f8106a19a8946371d983b81c3f8bd73fba7e888f960","os":"unknown","os_features":"","os_version":null,"size":38815198,"status":"active","last_pulled":"2026-05-10T16:26:28.599512935Z","last_pushed":"2026-05-06T01:40:47.341382811Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:465102a8f7532fbade7a7f17824d57bf79b10948d17fb1053f866efd8d7d9483","os":"unknown","os_features":"","os_version":null,"size":38828677,"status":"active","last_pulled":"2026-05-10T08:03:42.397014843Z","last_pushed":"2026-05-06T01:40:48.226332822Z"}],"last_updated":"2026-05-06T01:40:49.024634Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"opencode","repository":28663642,"full_size":944240455,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T16:26:28.599512935Z","tag_last_pushed":"2026-05-06T01:40:49.024634Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:10e67395678f798391efa388b87ff64e6a64c64e1fab633970eee6c42d797b4c"},{"creator":440445,"id":1136774042,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:8ba97ecd6b61ba2370d66daba8b6eacceed7ce48fb4420c2c5c303517bfef4c6","os":"linux","os_features":"","os_version":null,"size":642447323,"status":"active","last_pulled":"2026-05-09T07:18:01.853133185Z","last_pushed":"2026-05-06T01:38:23.643466068Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:622a4a71000da4675fb8c15047169f414dcee1a52333efd8afab4dcbba2ab9e2","os":"linux","os_features":"","os_version":null,"size":627383114,"status":"active","last_pulled":"2026-05-09T21:31:54.665236567Z","last_pushed":"2026-05-06T01:38:25.045078884Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:06cc1642cf7cc5144c0e6293c03f0b89d3876ef2b91cbf032d3f6fec0053db9c","os":"unknown","os_features":"","os_version":null,"size":39638966,"status":"active","last_pulled":"2026-05-07T05:19:36.316146793Z","last_pushed":"2026-05-06T01:38:24.294047103Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:75c2edd8f02bd6136b087264acf7eea31a2ed9b08910fc0716538a2afb75a307","os":"unknown","os_features":"","os_version":null,"size":39655830,"status":"active","last_pulled":"2026-05-07T05:19:36.310426864Z","last_pushed":"2026-05-06T01:38:24.656231507Z"}],"last_updated":"2026-05-06T01:38:26.243028Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"droid-docker","repository":28663642,"full_size":642447323,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-09T21:31:54.665236567Z","tag_last_pushed":"2026-05-06T01:38:26.243028Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:4fb6a21ead8446255e0cb2fccb1bebe3bf18d5a7a83bdf95bc90cce56fdb1078"},{"creator":440445,"id":1100586850,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:64c8379278aa121ce02248683c5651d25684805f43262fad8c5aa2395eb678b9","os":"linux","os_features":"","os_version":null,"size":638707313,"status":"active","last_pulled":"2026-05-10T17:25:11.050694632Z","last_pushed":"2026-05-06T01:38:18.616930765Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:bf9472b582a5ee07203ba4a573b56786a9a67252f1bd906f11ef18cbc66cfa51","os":"linux","os_features":"","os_version":null,"size":625745873,"status":"active","last_pulled":"2026-05-10T10:10:38.134604859Z","last_pushed":"2026-05-06T01:38:17.930113273Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:d0ce3961f7b9fc6cd1ba4aa973a2569026251287f1b55da805a509b766a53148","os":"unknown","os_features":"","os_version":null,"size":39638979,"status":"active","last_pulled":"2026-05-08T21:52:12.28040393Z","last_pushed":"2026-05-06T01:38:17.563881384Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:272244a4000b75280886e4d3abc81cd443611185816456c27a8dd4813f5e0b99","os":"unknown","os_features":"","os_version":null,"size":39655843,"status":"active","last_pulled":"2026-05-08T21:52:12.282124768Z","last_pushed":"2026-05-06T01:38:21.211563362Z"}],"last_updated":"2026-05-06T01:38:22.039777Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"copilot-docker","repository":28663642,"full_size":638707313,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T17:25:11.050694632Z","tag_last_pushed":"2026-05-06T01:38:22.039777Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:d07b1c9aff658cdcb5b4c2b5f664fc0e4cccf80054d1fdff2d0b92f4df957f93"},{"creator":440445,"id":1100586777,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:1038028e6e532623efc8608a5d53563d3773ee8ef39f83173428da6a340e123f","os":"linux","os_features":"","os_version":null,"size":643821361,"status":"active","last_pulled":"2026-05-10T11:20:01.009701382Z","last_pushed":"2026-05-06T01:38:17.031310236Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:be8f5e6c2c7c4b076f33ef2e33167e8a14256fab70215954f1d019f7fd3d264e","os":"linux","os_features":"","os_version":null,"size":628772649,"status":"active","last_pulled":"2026-05-10T04:27:07.130046262Z","last_pushed":"2026-05-06T01:38:16.449537626Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:56307be5e6589b698b3d2221997335ace15d2d1cbcb944112df4a0bf171c3a59","os":"unknown","os_features":"","os_version":null,"size":39643971,"status":"active","last_pulled":"2026-05-09T15:40:09.019843778Z","last_pushed":"2026-05-06T01:38:16.005616056Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:80ceb8d72df253dc6f60a8187b07803355fb13cfcae381cc8b3bc0e48a7380f1","os":"unknown","os_features":"","os_version":null,"size":39660835,"status":"active","last_pulled":"2026-05-09T15:40:09.019843798Z","last_pushed":"2026-05-06T01:38:17.65357724Z"}],"last_updated":"2026-05-06T01:38:18.424037Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"cursor-agent-docker","repository":28663642,"full_size":643821361,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T11:20:01.009701382Z","tag_last_pushed":"2026-05-06T01:38:18.424037Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:46e24d9bc725de5cb10bbd259dcfe6fff1d7956c305b4ca67173d7ce11226f97"},{"creator":440445,"id":1100585127,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:0727ec4f25aecf1cb87462db2d0968a5954f7547885a989456135343de9c23a4","os":"linux","os_features":"","os_version":null,"size":608505840,"status":"active","last_pulled":"2026-05-10T15:33:03.659401991Z","last_pushed":"2026-05-06T01:35:40.688435636Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:533ca2f7bf3fbf648010d41db89771380e8b77e7251071f81745538f558c589b","os":"linux","os_features":"","os_version":null,"size":591321008,"status":"active","last_pulled":"2026-05-10T15:29:06.682714178Z","last_pushed":"2026-05-06T01:35:39.986548924Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:f101304f664259ac617298068fedcd8b4d49cdc47fe8c3dc03662e57e7717cd2","os":"unknown","os_features":"","os_version":null,"size":39938831,"status":"active","last_pulled":"2026-05-09T02:24:49.029320409Z","last_pushed":"2026-05-06T01:35:39.615964166Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:31fedd4547d33791daa7afd5c79c4eb0bc197b867ad7837f9b77bb6ef06f8fae","os":"unknown","os_features":"","os_version":null,"size":39955695,"status":"active","last_pulled":"2026-05-09T02:24:49.030359212Z","last_pushed":"2026-05-06T01:35:41.331672739Z"}],"last_updated":"2026-05-06T01:35:42.098984Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"docker-agent-docker","repository":28663642,"full_size":608505840,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T15:33:03.659401991Z","tag_last_pushed":"2026-05-06T01:35:42.098984Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:e8fd6a6c4e996920d0da2c70a47f541a48fc8410003608ca1a17ab075a3971f2"},{"creator":23613491,"id":1100160235,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:7ccdcea2e89c97f1109ac8bc0be9c0bfbe0b23940cc236139bead96ccde138ad","os":"linux","os_features":"","os_version":null,"size":576699898,"status":"active","last_pulled":"2026-05-10T16:12:49.507943762Z","last_pushed":"2026-05-06T01:34:46.507843974Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:aa568747554966fdaff44e126711fde8368fb431c913ceb594a40f5f6a640b04","os":"linux","os_features":"","os_version":null,"size":562058019,"status":"active","last_pulled":"2026-05-10T16:04:59.539759915Z","last_pushed":"2026-05-06T01:34:47.093445644Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:8d51225dcff3bd9411ac2882cfb808e6b1db42eaa62c7ffd730d759ed2413a5f","os":"unknown","os_features":"","os_version":null,"size":39639267,"status":"active","last_pulled":"2026-05-08T09:52:15.815454171Z","last_pushed":"2026-05-06T01:34:46.053121579Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:d7dacbf6a9b51794c27e5546855a79b8671b9f0b4225f97137bde9b1f95156f0","os":"unknown","os_features":"","os_version":null,"size":39656131,"status":"active","last_pulled":"2026-05-08T16:35:22.479500451Z","last_pushed":"2026-05-06T01:34:47.646745234Z"}],"last_updated":"2026-05-06T01:34:48.49021Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"shell-docker","repository":28663642,"full_size":576699898,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:17:24.713776396Z","tag_last_pushed":"2026-05-06T01:34:48.49021Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:455eeee3b6aad15e9f2cd736cc4fe14220345d23a031c5484b3a188cf118479b"},{"creator":440445,"id":1049886474,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:bef231e45efc3bc36fd179dfaec1ce119682d5775ca36f8bd8643acf8655956a","os":"linux","os_features":"","os_version":null,"size":696879621,"status":"active","last_pulled":"2026-05-10T16:58:46.275804915Z","last_pushed":"2026-05-06T01:32:59.570389792Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:7f5b0b398964b32217b934e747cce21d873bcd7c84fd36779ae88a329aa64713","os":"linux","os_features":"","os_version":null,"size":676542248,"status":"active","last_pulled":"2026-05-10T18:14:40.110252033Z","last_pushed":"2026-05-06T01:33:00.722682296Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:18abc80655523b3317b5749dd3ce53c0e9eb4643460e77a49fff6a46f97e7707","os":"unknown","os_features":"","os_version":null,"size":38803953,"status":"active","last_pulled":"2026-05-10T16:58:46.605162343Z","last_pushed":"2026-05-06T01:32:59.195589034Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:3940cf99726369eeeef354b1b28324f4d938f2793923853f298b9734f48d7a99","os":"unknown","os_features":"","os_version":null,"size":38825899,"status":"active","last_pulled":"2026-05-10T15:51:55.613644684Z","last_pushed":"2026-05-06T01:33:00.264364385Z"}],"last_updated":"2026-05-06T01:33:01.673307Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"codex","repository":28663642,"full_size":696879621,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T18:14:40.110252033Z","tag_last_pushed":"2026-05-06T01:33:01.673307Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:f5eee638e3c9ff0109a477b33e3d91013a28715f51e4b99727518cc4617d3b2b"},{"creator":440445,"id":1134114336,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:cff37910ac1e7a07ae49c3dc328a30c37fe49f09bccb9348ef9d47c8176c7b76","os":"linux","os_features":"","os_version":null,"size":571940593,"status":"active","last_pulled":"2026-05-10T03:52:10.387562592Z","last_pushed":"2026-04-20T01:20:07.988800682Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:7988dd5039fd45418d5c9b68b3f30b415b58d6a6913de76a860af9dc91053310","os":"linux","os_features":"","os_version":null,"size":562555079,"status":"active","last_pulled":"2026-05-10T03:52:10.387743892Z","last_pushed":"2026-04-20T01:20:09.377421586Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:07fc00b7774f8a87156acfafc60e1b0ecc3d2b1f886ef2a8a06e5a42a587b65a","os":"unknown","os_features":"","os_version":null,"size":38403305,"status":"active","last_pulled":"2026-05-10T03:52:10.388306592Z","last_pushed":"2026-04-20T01:20:08.532399469Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:a8474ce255ca9166e904271371dd6c2946c835b2f551579fe40240e7fd3418ae","os":"unknown","os_features":"","os_version":null,"size":38425239,"status":"active","last_pulled":"2026-05-10T03:52:10.386593124Z","last_pushed":"2026-04-20T01:20:08.968853538Z"}],"last_updated":"2026-04-20T01:20:10.276948Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"factory-ai","repository":28663642,"full_size":571940593,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T03:52:10.388306592Z","tag_last_pushed":"2026-04-20T01:20:10.276948Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:b4fd7665b9a096a93a8889a2cd6f249fc87b59338ec92a232d36f5bf3a29e0fa"},{"creator":440445,"id":1134129918,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:72d706bf90bf72359b0f8ac423743f49ff25df9909228ec1d3e335ad50c268a8","os":"linux","os_features":"","os_version":null,"size":639193313,"status":"active","last_pulled":"2026-05-10T08:13:14.394091571Z","last_pushed":"2026-04-19T01:33:06.381520162Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:d1a0385a717b85d688a9429bee122266e28342ff30980f718abbba94d4536d94","os":"linux","os_features":"","os_version":null,"size":623976707,"status":"active","last_pulled":"2026-05-04T12:03:25.60119558Z","last_pushed":"2026-04-19T01:33:05.851618503Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:f28f557a01015b54e6e39b61768b31631aadb4a4f249d0411f564e13fa61f583","os":"unknown","os_features":"","os_version":null,"size":39598235,"status":"active","last_pulled":"2026-04-27T01:04:51.385252419Z","last_pushed":"2026-04-19T01:33:05.35144278Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:70e77e72f79f04594d68278308738168b18d4f297ce607c19f03d3fad1f5218f","os":"unknown","os_features":"","os_version":null,"size":39615101,"status":"active","last_pulled":"2026-04-27T01:04:51.558421883Z","last_pushed":"2026-04-19T01:33:06.96780125Z"}],"last_updated":"2026-04-19T01:33:07.75658Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"factory-ai-docker","repository":28663642,"full_size":639193313,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T08:13:14.394091571Z","tag_last_pushed":"2026-04-19T01:33:07.75658Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:14d0742dc603de1dc0f31b37f2aa687baaf159336e1f4687b67bb9e63e976f81"},{"creator":440445,"id":1020214463,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:3503af6b25c7b4cf8349d26d58188006e530e0192aa026c3130877e22349b2be","os":"linux","os_features":"","os_version":null,"size":538909334,"status":"active","last_pulled":"2026-05-08T12:03:43.596374474Z","last_pushed":"2026-03-11T00:51:51.922363892Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:9da6a8971f221ef67722ff21567147fb34ce849713c9bf4957ed11c06efe236f","os":"linux","os_features":"","os_version":null,"size":527140198,"status":"active","last_pulled":"2026-05-08T12:03:43.595955965Z","last_pushed":"2026-03-11T00:51:52.727890317Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:def49b699db8c8d233a34de7cd21a533df8d76bf16d163f6dc076775ab8ce6d0","os":"unknown","os_features":"","os_version":null,"size":38679531,"status":"active","last_pulled":"2026-05-08T12:03:43.595990248Z","last_pushed":"2026-03-11T00:51:51.293202616Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:24c7af745ed4f570c37116b23f4235715de825f5d3929570b60a2602fa1f6f80","os":"unknown","os_features":"","os_version":null,"size":38701462,"status":"active","last_pulled":"2026-05-08T12:03:43.601884763Z","last_pushed":"2026-03-11T00:51:53.454132257Z"}],"last_updated":"2026-03-11T00:51:54.109932Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"cagent","repository":28663642,"full_size":538909334,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-08T12:03:43.601884763Z","tag_last_pushed":"2026-03-11T00:51:54.109932Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:ea64e5cc294c69448bbe87c0169e2cb80d0bdfe7d42d980aaf44da998e3e89a6"},{"creator":35564209,"id":979855521,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:1778f9de9ec798353bb2e69dbbd2ba291c29b1c8c41dd640911708fbe0b07173","os":"linux","os_features":"","os_version":null,"size":338638979,"status":"active","last_pulled":"2026-05-09T09:38:05.51551241Z","last_pushed":"2025-11-11T00:48:39.209434827Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:2f0ebfac99045a2144eda6bea3ca6a37fe1dfa5d4e0edf7f538568671a9accf1","os":"linux","os_features":"","os_version":null,"size":327934297,"status":"active","last_pulled":"2026-05-09T09:38:05.518786707Z","last_pushed":"2025-11-11T00:48:39.631142989Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:8e5d576e20d3000264e444458c5674edac0a86c8bd5f0adb59d69f7f63f4e532","os":"unknown","os_features":"","os_version":null,"size":14220902,"status":"active","last_pulled":"2026-05-09T09:38:05.517305313Z","last_pushed":"2025-11-11T00:48:38.868090276Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:7a9c283c8f8d3a336081b72836cd40d44c3040320c1688a481963252b75b6e58","os":"unknown","os_features":"","os_version":null,"size":14228321,"status":"active","last_pulled":"2026-05-09T09:38:05.51981429Z","last_pushed":"2025-11-11T00:48:40.037443975Z"}],"last_updated":"2025-11-11T00:48:42.717034Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"nightly","repository":28663642,"full_size":338638979,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-09T09:38:05.51981429Z","tag_last_pushed":"2025-11-11T00:48:42.717034Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:a745e18842bf5d4bf965a8bc9beda7b6fc34c36be8d3481aeabe4a1d6750e8e2"},{"creator":35564209,"id":979137544,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:1778f9de9ec798353bb2e69dbbd2ba291c29b1c8c41dd640911708fbe0b07173","os":"linux","os_features":"","os_version":null,"size":338638979,"status":"active","last_pulled":"2026-05-09T09:38:05.51551241Z","last_pushed":"2025-11-11T00:48:39.209434827Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:2f0ebfac99045a2144eda6bea3ca6a37fe1dfa5d4e0edf7f538568671a9accf1","os":"linux","os_features":"","os_version":null,"size":327934297,"status":"active","last_pulled":"2026-05-09T09:38:05.518786707Z","last_pushed":"2025-11-11T00:48:39.631142989Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:8e5d576e20d3000264e444458c5674edac0a86c8bd5f0adb59d69f7f63f4e532","os":"unknown","os_features":"","os_version":null,"size":14220902,"status":"active","last_pulled":"2026-05-09T09:38:05.517305313Z","last_pushed":"2025-11-11T00:48:38.868090276Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:7a9c283c8f8d3a336081b72836cd40d44c3040320c1688a481963252b75b6e58","os":"unknown","os_features":"","os_version":null,"size":14228321,"status":"active","last_pulled":"2026-05-09T09:38:05.51981429Z","last_pushed":"2025-11-11T00:48:40.037443975Z"}],"last_updated":"2025-11-11T00:48:40.680696Z","last_updater":440445,"last_updater_username":"dockerbuildbot","name":"ubuntu-python","repository":28663642,"full_size":338638979,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-09T09:38:05.51981429Z","tag_last_pushed":"2025-11-11T00:48:40.680696Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:a745e18842bf5d4bf965a8bc9beda7b6fc34c36be8d3481aeabe4a1d6750e8e2"},{"creator":35564209,"id":980446892,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:bd9131bda0fde4cdd7ef372748dc2121ecc3263e53ed24759725c42000cb9e35","os":"linux","os_features":"","os_version":null,"size":345191659,"status":"active","last_pulled":"2026-05-04T02:01:19.156258975Z","last_pushed":"2025-09-26T20:47:08.114388297Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:7c1f9af4495b8a04903772f413767f28a4c7942089a47366f95cfc5573687b91","os":"linux","os_features":"","os_version":null,"size":334225604,"status":"active","last_pulled":"2026-05-04T02:01:19.165976481Z","last_pushed":"2025-09-26T20:47:08.568176684Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:eaacf48a79bb389b60e84dffe8bd9611afa953cfecdfaa0c93b5fc90d8824f4c","os":"unknown","os_features":"","os_version":null,"size":14221077,"status":"active","last_pulled":"2026-05-04T02:01:19.155287536Z","last_pushed":"2025-09-26T20:47:07.748798832Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:1db75b35c37d0fb36fbb1a741083b8a0e1568b329c4019177ab5787abe4feea0","os":"unknown","os_features":"","os_version":null,"size":14228496,"status":"active","last_pulled":"2026-05-04T02:01:19.158283789Z","last_pushed":"2025-09-26T20:47:08.948456226Z"}],"last_updated":"2025-09-26T20:47:11.602406Z","last_updater":35564209,"last_updater_username":"austinvazquez403","name":"0.1.0","repository":28663642,"full_size":345191659,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-07T03:27:07.83638676Z","tag_last_pushed":"2025-09-26T20:47:11.602406Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:a56713d9806c10f3714a55b2fdd7ccecb2a851641d48fdba4b7080d4ea5d3095"},{"creator":35564209,"id":979823368,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:e51dcf37968e16726185dfe1189d4101a649f693dddc24bf5a0fdc93e4bf7a6d","os":"linux","os_features":"","os_version":null,"size":345191367,"status":"active","last_pulled":"2026-04-27T21:10:20.771998244Z","last_pushed":"2025-09-25T23:06:44.36680711Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:a2c11b3d6a9adec032b6b83ef6b6248061f9a832a0b6e85f51498f11fc684bd6","os":"linux","os_features":"","os_version":null,"size":334226060,"status":"active","last_pulled":"2026-04-20T14:24:31.573436885Z","last_pushed":"2025-09-25T23:06:44.978121451Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:893a4f6b6c92bb4caed30dc89b5ffdd8be0f2e72e52c41543dda86be2a485ea8","os":"unknown","os_features":"","os_version":null,"size":14221092,"status":"active","last_pulled":"2026-04-20T14:24:31.573864002Z","last_pushed":"2025-09-25T23:06:43.918146064Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:e3ebf6ff8c53b1fea5d45f46fe41a3c4d02b0c692542cf9e54f35e3cfed01f61","os":"unknown","os_features":"","os_version":null,"size":14228511,"status":"active","last_pulled":"2026-04-20T14:24:31.572816323Z","last_pushed":"2025-09-25T23:06:45.479567753Z"}],"last_updated":"2025-09-25T23:06:49.582017Z","last_updater":35564209,"last_updater_username":"austinvazquez403","name":"0.1.0-alpha.1","repository":28663642,"full_size":345191367,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-08T01:33:42.565845111Z","tag_last_pushed":"2025-09-25T23:06:49.582017Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:94e543c13ef0fd71cba4fee4516ca2b4d1520430171176418e2cf428de194406"},{"creator":35564209,"id":979137568,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:4c688f8e768df24eac1714c0e2ad50919cb2c61397d436df293187acac647376","os":"linux","os_features":"","os_version":null,"size":345191360,"status":"active","last_pulled":"2026-05-08T17:23:48.369828241Z","last_pushed":"2025-09-25T01:17:24.43642876Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:50f7c5062bd7c6c77bd7906525da9b539c78f29d1736d354830e14103355443d","os":"linux","os_features":"","os_version":null,"size":334225872,"status":"active","last_pulled":"2026-05-08T01:20:08.969412847Z","last_pushed":"2025-09-25T01:17:25.038629371Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:6ca35d28e36c05d66a236acac6ddcb93b9c4bc0587d196375c98a3474fee3a46","os":"unknown","os_features":"","os_version":null,"size":14221423,"status":"active","last_pulled":"2026-05-09T01:08:29.129782132Z","last_pushed":"2025-09-25T01:17:23.972570126Z"},{"architecture":"unknown","features":"","variant":null,"digest":"sha256:61f25fdd95d29ac8129a6111030b57fcdae5b97f944ef6ad684936b48e62ae27","os":"unknown","os_features":"","os_version":null,"size":14228842,"status":"active","last_pulled":"2026-05-08T01:20:08.970663404Z","last_pushed":"2025-09-25T01:17:25.633307221Z"}],"last_updated":"2025-09-25T01:17:30.187661Z","last_updater":35564209,"last_updater_username":"austinvazquez403","name":"v0.1.0-alpha.0","repository":28663642,"full_size":345191360,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T04:06:49.339827376Z","tag_last_pushed":"2025-09-25T01:17:30.187661Z","media_type":"application/vnd.oci.image.index.v1+json","content_type":"image","digest":"sha256:8b74b8d1c28e8b6625b561f6a092d279bf224560287d8a6704d9dba42245c88b"}]} \ No newline at end of file diff --git a/docs/case-studies/issue-86/data/docker-sbx-kits-contrib-root.txt b/docs/case-studies/issue-86/data/docker-sbx-kits-contrib-root.txt new file mode 100644 index 0000000..dd58b02 --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-sbx-kits-contrib-root.txt @@ -0,0 +1,22 @@ +.github +CONTRIBUTING.md +LICENSE +README.md +SECURITY.md +amp +claude-model-runner +claude-ollama +code-server +git-ssh-sign +go.mod +go.sum +mise +nanobot +nanoclaw +openclaw +opencode-model-runner +pi +spec +task +tck +trivy diff --git a/docs/case-studies/issue-86/data/docker-sbx-kits-contrib.json b/docs/case-studies/issue-86/data/docker-sbx-kits-contrib.json new file mode 100644 index 0000000..71d0766 --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-sbx-kits-contrib.json @@ -0,0 +1 @@ +{"description":"Community repository for sbx kits","homepageUrl":"","isPrivate":false,"licenseInfo":{"key":"apache-2.0","name":"Apache License 2.0","nickname":""},"nameWithOwner":"docker/sbx-kits-contrib","updatedAt":"2026-05-08T09:19:17Z","url":"https://github.com/docker/sbx-kits-contrib"} diff --git a/docs/case-studies/issue-86/data/docker-sbx-releases-list.txt b/docs/case-studies/issue-86/data/docker-sbx-releases-list.txt new file mode 100644 index 0000000..ab573fd --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-sbx-releases-list.txt @@ -0,0 +1,20 @@ +Nightly build @7fca84a Pre-release nightly 2026-05-10T04:39:17Z +dev-bad9503 Pre-release dev-bad9503 2026-05-06T17:11:22Z +dev-921c1c7 Pre-release dev-921c1c7 2026-05-06T14:21:55Z +dev-2631810 Pre-release dev-2631810 2026-05-06T11:27:00Z +dev-438ebd7 Pre-release dev-438ebd7 2026-05-06T11:20:28Z +dev-ad0ca5e Pre-release dev-ad0ca5e 2026-05-05T19:34:54Z +v0.28.3 Latest v0.28.3 2026-04-29T21:08:34Z +v0.28.2 v0.28.2 2026-04-29T15:32:48Z +dev-ebc3fbe Pre-release dev-ebc3fbe 2026-04-29T09:08:48Z +v0.28.1 v0.28.1 2026-04-28T16:34:21Z +v0.28.0 Pre-release v0.28.0 2026-04-27T17:01:15Z +dev-e54ee33 Pre-release dev-e54ee33 2026-04-27T16:23:21Z +dev-a5207e0 Pre-release dev-a5207e0 2026-04-22T12:57:05Z +dev-8fc2763 Pre-release dev-8fc2763 2026-04-21T16:22:43Z +dev-c13a59d Pre-release dev-c13a59d 2026-04-21T15:06:48Z +dev-c7702ef Pre-release dev-c7702ef 2026-04-21T13:49:59Z +v0.27.0 v0.27.0 2026-04-20T18:25:53Z +v0.26.1 v0.26.1 2026-04-17T11:19:29Z +v0.25.0 v0.25.0 2026-04-13T20:36:40Z +v0.24.2 v0.24.2 2026-04-08T17:55:23Z diff --git a/docs/case-studies/issue-86/data/docker-sbx-releases.json b/docs/case-studies/issue-86/data/docker-sbx-releases.json new file mode 100644 index 0000000..8d570e8 --- /dev/null +++ b/docs/case-studies/issue-86/data/docker-sbx-releases.json @@ -0,0 +1 @@ +{"description":"","homepageUrl":"https://docs.docker.com/ai/sandboxes","isPrivate":false,"licenseInfo":{"key":"other","name":"Other","nickname":""},"nameWithOwner":"docker/sbx-releases","updatedAt":"2026-05-10T13:42:46Z","url":"https://github.com/docker/sbx-releases"} diff --git a/docs/case-studies/issue-86/data/issue-86.json b/docs/case-studies/issue-86/data/issue-86.json new file mode 100644 index 0000000..050d8f7 --- /dev/null +++ b/docs/case-studies/issue-86/data/issue-86.json @@ -0,0 +1 @@ +{"body":"We need to have full comparison matrix in ./docs, so we know what best practices are missing from our box images, but without AI related, as our box is universal software development disposable box.\n\nIf possible find source code of images, or documentation about features if no source code for images, and make sure we list all missing best practices.\n\nAlso comparison should clearly show if we are better in any dimension.\n\nWe need to collect data related about the issue to this repository, make sure we compile that data to `./docs/case-studies/issue-{id}` folder, and use it to do deep case study analysis (also make sure to search online for additional facts and data), list of each and all requirements from the issue, and propose possible solutions and solution plans for each requirement (we should also check known existing components/libraries, that solve similar problem or can help in solutions).\n\nPlease plan and execute everything in a single pull request, you have unlimited time and context, as context auto-compacts and you can continue indefinitely, until it is each and every requirement fully addressed, and everything is totally done.","comments":[],"createdAt":"2026-05-10T18:16:30Z","title":"Compare all the features with https://www.docker.com/products/docker-sandboxes","updatedAt":"2026-05-10T18:17:39Z","url":"https://github.com/link-foundation/box/issues/86"} diff --git a/docs/case-studies/issue-86/data/konard-box-dind-latest-tag.json b/docs/case-studies/issue-86/data/konard-box-dind-latest-tag.json new file mode 100644 index 0000000..5643023 --- /dev/null +++ b/docs/case-studies/issue-86/data/konard-box-dind-latest-tag.json @@ -0,0 +1 @@ +{"creator":10513695,"id":1149245900,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:d96e226578386b0b646afef5760d52991cb8dcab2b07a818a853f6305521d666","os":"linux","os_features":"","os_version":null,"size":6003589691,"status":"active","last_pulled":"2026-05-10T17:58:45.781301767Z","last_pushed":"2026-05-01T06:16:51.958391328Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:11e6f04e23a47582d03b7e7e531da77488e00fc7675937093507f9ee35fa7295","os":"linux","os_features":"","os_version":null,"size":5467371050,"status":"active","last_pulled":"2026-05-10T17:57:52.051246672Z","last_pushed":"2026-05-01T06:12:58.982295607Z"}],"last_updated":"2026-05-01T06:20:47.846302Z","last_updater":10513695,"last_updater_username":"konard","name":"latest","repository":30978774,"full_size":6003589691,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T17:58:45.781301767Z","tag_last_pushed":"2026-05-01T06:20:47.846302Z","media_type":"application/vnd.docker.distribution.manifest.list.v2+json","content_type":"image","digest":"sha256:3c80be9741702a0810b2fdccd0fa92abb97555b00e18ba28ba3db2c72d38cf2f"} \ No newline at end of file diff --git a/docs/case-studies/issue-86/data/konard-box-latest-tag.json b/docs/case-studies/issue-86/data/konard-box-latest-tag.json new file mode 100644 index 0000000..ac4fc64 --- /dev/null +++ b/docs/case-studies/issue-86/data/konard-box-latest-tag.json @@ -0,0 +1 @@ +{"creator":10513695,"id":1124558794,"images":[{"architecture":"amd64","features":"","variant":null,"digest":"sha256:4c836464954d9f8abbd2ac4e409def7645b8205aeeccbdf5291291c5148ad0f5","os":"linux","os_features":"","os_version":null,"size":5871902916,"status":"active","last_pulled":"2026-05-10T17:59:01.268344257Z","last_pushed":"2026-05-01T05:41:53.150695294Z"},{"architecture":"arm64","features":"","variant":null,"digest":"sha256:45dade30afd4191eb3558d09933d73f3bf6ba8890032883ae629819b11be1cda","os":"linux","os_features":"","os_version":null,"size":5346893082,"status":"active","last_pulled":"2026-05-10T17:57:49.931071217Z","last_pushed":"2026-05-01T05:58:38.710773899Z"}],"last_updated":"2026-05-01T06:04:55.088845Z","last_updater":10513695,"last_updater_username":"konard","name":"latest","repository":30708087,"full_size":5871902916,"v2":true,"tag_status":"active","tag_last_pulled":"2026-05-10T17:59:01.268344257Z","tag_last_pushed":"2026-05-01T06:04:55.088845Z","media_type":"application/vnd.docker.distribution.manifest.list.v2+json","content_type":"image","digest":"sha256:9e5120361eb5fa60ad2818221c8d9f9ca7230ba003e9a3309176844424fb192b"} \ No newline at end of file diff --git a/docs/case-studies/issue-86/issue.md b/docs/case-studies/issue-86/issue.md new file mode 100644 index 0000000..1fd5214 --- /dev/null +++ b/docs/case-studies/issue-86/issue.md @@ -0,0 +1,21 @@ +# Issue #86 - Compare all the features with Docker Sandboxes + +Source: https://github.com/link-foundation/box/issues/86 + +Opened: 2026-05-10 18:16:30 UTC + +Updated: 2026-05-10 18:17:39 UTC + +Comments: none when collected on 2026-05-10. + +## Body + +We need to have full comparison matrix in ./docs, so we know what best practices are missing from our box images, but without AI related, as our box is universal software development disposable box. + +If possible find source code of images, or documentation about features if no source code for images, and make sure we list all missing best practices. + +Also comparison should clearly show if we are better in any dimension. + +We need to collect data related about the issue to this repository, make sure we compile that data to `./docs/case-studies/issue-{id}` folder, and use it to do deep case study analysis (also make sure to search online for additional facts and data), list of each and all requirements from the issue, and propose possible solutions and solution plans for each requirement (we should also check known existing components/libraries, that solve similar problem or can help in solutions). + +Please plan and execute everything in a single pull request, you have unlimited time and context, as context auto-compacts and you can continue indefinitely, until it is each and every requirement fully addressed, and everything is totally done. diff --git a/docs/docker-sandboxes-comparison.md b/docs/docker-sandboxes-comparison.md new file mode 100644 index 0000000..44db412 --- /dev/null +++ b/docs/docker-sandboxes-comparison.md @@ -0,0 +1,123 @@ +# Docker Sandboxes Comparison + +Evidence date: 2026-05-10 UTC. + +This document compares Docker Sandboxes with `box` and `dind-box` for universal +software development disposable environments. AI-agent-specific features are +not treated as missing `box` requirements because `box` is intentionally +AI-agnostic. Agent launchers, model-provider-specific setup, AI memory files, +and permission-prompt behavior are listed only where they explain a Docker +Sandboxes mechanism that also has a non-AI security or workflow equivalent. + +Supporting research and preserved data are in +[docs/case-studies/issue-86](case-studies/issue-86/CASE-STUDY.md). + +## Sources + +| Source | What it contributed | +|---|---| +| [Docker Sandboxes product page](https://www.docker.com/products/docker-sandboxes/) | Product positioning, early-access status, microVM and safety claims. | +| [Docker Sandboxes docs](https://docs.docker.com/ai/sandboxes/) | Current `sbx` behavior, install flow, security model, templates, kits, lifecycle, and usage. | +| [Isolation layers](https://docs.docker.com/ai/sandboxes/security/isolation/) | Hypervisor, network, Docker Engine, and credential-isolation model. | +| [Default security posture](https://docs.docker.com/ai/sandboxes/security/defaults/) | Deny-by-default network posture and blocked host/private access. | +| [Policies](https://docs.docker.com/ai/sandboxes/security/policy/) | Network policy commands, allow/deny rules, logs, and precedence. | +| [Credentials](https://docs.docker.com/ai/sandboxes/security/credentials/) | Host-side secret storage and proxy injection model. | +| [Usage](https://docs.docker.com/ai/sandboxes/usage/) | Branch mode, multiple workspaces, ports, lifecycle, and persistence behavior. | +| [Templates](https://docs.docker.com/ai/sandboxes/customize/templates/) | Template image variants, `-docker` variants, Docker volume sizing, and template import/export. | +| [Kits](https://docs.docker.com/ai/sandboxes/customize/kits/) | Declarative extension format for tools, files, env, credentials, network, and startup commands. | +| [docker/sbx-releases](https://github.com/docker/sbx-releases) | Public release repository for `sbx`; no template image Dockerfiles found there. | +| [docker/sbx-kits-contrib](https://github.com/docker/sbx-kits-contrib) | Public contributed kit specs and kit test/spec code. | +| [Docker Hub `docker/sandbox-templates`](https://hub.docker.com/r/docker/sandbox-templates/tags) | Published template tag names, update times, sizes, and amd64/arm64 manifests. | +| Local `box` docs and source | `README.md`, `REQUIREMENTS.md`, `ARCHITECTURE.md`, `Dockerfile`, `ubuntu/24.04/*`, and `ubuntu/24.04/dind/*`. | + +## Status Legend + +| Value | Meaning | +|---|---| +| Box wins | `box` is better for this non-AI development dimension today. | +| Docker wins | Docker Sandboxes has a best practice `box` does not yet provide. | +| Tie | Both cover the dimension well enough for the comparison scope. | +| Partial | `box` has the underlying primitive but lacks a comparable integrated workflow. | +| Excluded | AI-specific feature, not a missing `box` requirement. | + +## Full Comparison Matrix + +| Dimension | Docker Sandboxes | `box` / `dind-box` | Current advantage | Missing best practice or solution plan | +|---|---|---|---|---| +| Product scope | Disposable, isolated environments for coding agents, delivered through the standalone `sbx` CLI. | Universal Docker images for repeatable software development tasks and disposable boxes. | Box wins for non-AI universality. | Keep AI-specific agents out of `box`; document how downstream images can add them. | +| Isolation boundary | Dedicated microVM per sandbox with its own Linux kernel. | Standard Docker container namespace boundary; `dind-box` adds an inner daemon but still runs in a host container. | Docker wins. | Evaluate optional microVM-backed runners such as Kata Containers, Firecracker, Cloud Hypervisor, or QEMU/Lima wrappers. | +| Host kernel exposure | MicroVM does not share the host kernel directly. | Shares the host kernel like any Linux container. `dind-box` normally needs `--privileged` unless run with Sysbox. | Docker wins. | Add a hardened runtime guide covering Sysbox, Kata, gVisor constraints, rootless Docker feasibility, seccomp, AppArmor, and capability drops. | +| User inside environment | Non-root `agent` user with sudo in Docker Sandboxes templates. | Non-root `box` user; most tools install into user-local paths. | Tie. | No immediate gap; keep enforcing non-root defaults in image tests. | +| Sudo/admin model | Agent can use sudo inside the VM; the hypervisor is the security boundary. | `box` user has sudo in JS base image; `dind-entrypoint` starts dockerd as root then drops to `box`. | Tie for convenience; Docker wins for stronger boundary. | Document when sudo is acceptable and when a more isolated runtime is required. | +| Host filesystem access | Only configured workspaces are mounted; symlinks outside workspace scope are not followed according to docs. | Users decide mounts with `docker run -v`; no wrapper prevents mounting broader host paths. | Docker wins. | Provide recommended `docker run` and Compose profiles that mount only the project path and avoid `~`, `/`, and host socket mounts. | +| Workspace path behavior | Workspace appears at the same absolute path as the host. | Docker users choose container paths manually; examples default to `/home/box`. | Docker wins. | Optional launcher can mount the project at the same absolute path when host path is valid inside Linux containers. | +| Direct workspace edits | Default direct mount reflects changes on host immediately. | Same behavior is possible with bind mounts. | Tie. | No image change needed; add usage docs for project bind mounts. | +| Branch/worktree mode | `--branch` creates `.sbx/` Git worktrees and separate branches. | No built-in branch/worktree orchestration. Users can run `git worktree` manually. | Docker wins. | Add a small CLI or documented script that creates a disposable worktree, starts `box`, and cleans it up. | +| Multiple workspaces | Supports primary workspace plus extra read-only or read-write workspaces. | Docker supports multiple volume mounts, but `box` has no convention for role or read-only defaults. | Partial. | Add examples for `--mount type=bind,readonly` and Compose equivalents. | +| File copy outside workspaces | `sbx cp` copies files between host and sandbox. | Docker has `docker cp`; no `box`-specific wrapper. | Tie. | Mention `docker cp` in disposable workflow docs. | +| Lifecycle commands | `sbx run`, `create`, `ls`, `exec`, `stop`, `rm`, dashboard mode. | Standard Docker CLI lifecycle; no dedicated `box` lifecycle naming or dashboard. | Docker wins. | Consider `scripts/box-run.sh` or a documented Compose profile for create/list/exec/rm workflows. | +| Persistence model | VM state, packages, Docker images, and history persist until `sbx rm`. | Container state persists until removal; named volumes can persist Docker data for `dind-box`. | Tie at primitive level; Docker wins for UX. | Add documented disposable/persistent modes and cleanup commands. | +| Docker access | `-docker` templates include an isolated Docker Engine inside the microVM. | Every `*-dind` sibling includes Docker Engine, CLI, Buildx, Compose, and private dockerd. | Tie for feature; Box wins for every-language coverage. | Keep DIND variants for each language image; add runtime hardening docs. | +| Docker daemon isolation | Agent Docker commands target the sandbox daemon, not the host daemon. | `dind-box` has a private inner dockerd; README warns not to bind-mount `/var/run/docker.sock`. | Tie. | Add tests/docs that assert the host socket is not required and that inner daemon state is private. | +| Docker storage sizing | `-docker` templates use a dedicated block volume defaulting to 50 GB; `DOCKER_SANDBOXES_DOCKER_SIZE` overrides size. | `dind-box` has `DIND_DATA_ROOT` and can use a mounted volume, but no documented size preset. | Docker wins. | Document `DIND_DATA_ROOT`, named volumes, host disk expectations, and Docker `--storage-opt` where supported. | +| Port forwarding | `sbx ports` publishes sandbox services to host ports after creation. | Docker supports `-p`/`--publish` at run time; no post-start `box` helper. | Partial. | Document `docker run -p`, Compose ports, and `docker container update` limitations; consider a wrapper for port assignment. | +| Host service access | Uses `host.docker.internal` with network policy allow rules. | Docker supports `host.docker.internal` on Docker Desktop and can use `--add-host=host.docker.internal:host-gateway` on Linux. | Partial. | Add cross-platform host-service examples with explicit security notes. | +| Outbound network default | Deny-by-default for HTTP/HTTPS unless policy allows; raw TCP, UDP, ICMP, private ranges, loopback, and link-local are blocked by default. | No `box` egress policy; Docker defaults to allowing outbound network access unless user changes runtime/network settings. | Docker wins. | Add an egress-policy design using Docker internal networks, proxy allowlists, nftables/iptables, or eBPF policy tools. | +| Network policy management | `sbx policy allow`, `deny`, `ls`, `log`, `reset`, `set-default`; deny rules win. | No built-in policy store, policy log, or domain-level governance. | Docker wins. | Create a non-AI `box` launcher design for allowlisted HTTP/HTTPS proxying and auditable logs. | +| Sandbox-to-host and sandbox-to-sandbox network isolation | Docs say sandboxes cannot reach host localhost or each other by default. | Docker can isolate with custom networks, `--network none`, or internal networks, but defaults vary by invocation. | Docker wins. | Provide secure Compose examples with private networks and no host socket. | +| Credential handling | Host keychain or host environment plus host-side proxy injects credentials into outbound requests; raw secret is not inside sandbox by default. | `box` includes GitHub CLI and identity tooling, but secrets are manually mounted, configured, or passed by env. | Docker wins. | Design host-side credential broker patterns using OS keychains, Docker secrets, SSH agent forwarding, Git credential helpers, or 1Password/pass/SOPS integrations. | +| SSH agent forwarding | Supports host SSH agent forwarding and commit signing while keeping private keys on host. | Possible with Docker socket mounts for `SSH_AUTH_SOCK`, but not documented as a `box` workflow. | Docker wins. | Add SSH agent and signing examples that mount the agent socket read-only and explain risks. | +| Workspace trust guidance | Dedicated docs warn that workspace files, hooks, build files, CI, and IDE config need review. | `box` has no comparable workspace-trust checklist. | Docker wins. | Add disposable workflow security docs covering Git hooks, CI files, build scripts, `.env`, IDE tasks, and generated executables. | +| Template images | Built-in templates published as `docker/sandbox-templates:`; Dockerfile-based custom templates can extend them. | `box` images are normal OCI base images and can be extended with Dockerfiles. | Tie for OCI extensibility; Docker wins for template catalog. | Add a lightweight template catalog or examples directory for common non-AI development setups. | +| Runtime snapshot templates | `sbx template save`, `load`, `ls`, `rm`, import/export tar. | Docker can `commit`, `save`, and `load`; `box` has no curated workflow and Docker commit is usually less reproducible than Dockerfiles. | Docker wins. | Prefer reproducible Dockerfiles, but document when `docker commit`/`save` is acceptable for experiments. | +| Declarative extensions | Experimental kits declare tools, env, files, credentials, network domains, install/startup commands, and agent definitions. | No kit/feature system. Users extend images or scripts directly. | Docker wins. | Evaluate Dev Container Features, OCI artifacts, or a simple `box-feature.yaml` model for non-AI mixins. | +| Kit validation and distribution | `sbx kit validate`, `inspect`, `pack`, `push`, and `pull`; supports local, Git, ZIP, and OCI references. | No equivalent. | Docker wins. | If a feature system is added, include validation, versioning, and registry/distribution rules from the start. | +| Base OS | Ubuntu-based templates; Docker Desktop-integrated legacy page mentioned a shared base environment. | Ubuntu 24.04 source tree and images. | Box wins for explicit source-level OS version. | Keep Ubuntu version explicit in image tags/docs. | +| Universal runtime breadth | Template docs say most variants include common dev tools such as Node.js, Python, Go, Java, Git, Docker CLI. | Full image includes Node.js, Python, Go, Rust, Java, Kotlin, PHP, Perl, Ruby, Swift, R, .NET, C/C++, Assembly, Lean, Rocq/Coq, browser deps, and build tools. | Box wins. | Preserve universal scope; do not narrow `box` into an AI-agent image. | +| Theorem provers | No public Sandboxes docs evidence of Lean or Rocq/Coq in base templates. | Lean and Rocq/Coq are first-class images and part of the full box. | Box wins. | Keep theorem prover support as a differentiator. | +| Browser automation dependencies | No public Sandboxes docs evidence of a universal Playwright/Puppeteer dependency layer. | JS base installs Playwright/Puppeteer browser system dependencies and fonts. | Box wins. | Consider documenting this explicitly as a web/UI testing feature. | +| Modular image variants | Template variants are agent-focused plus `-docker` variants. | Per-language images plus a `dind` sibling for every language and full image. | Box wins. | Keep language-focused modular matrix; add a docs table mapping use cases to smallest image. | +| Multi-architecture images | Docker Hub metadata shows `docker/sandbox-templates` tags with linux/amd64 and linux/arm64 images. | README and Docker Hub metadata show linux/amd64 and linux/arm64 images. | Tie. | Continue native ARM64 CI and avoid emulation. | +| Registry availability | Docker templates are on Docker Hub; docs say private templates are only supported on Docker Hub. | `box` publishes to Docker Hub and GHCR. | Box wins. | Keep both registries; consider documenting private-registry expectations for downstream images. | +| Public image source | Public docs and kit specs are available, but Dockerfile/source for `docker/sandbox-templates` images was not found in public Docker-owned repos during this research. | Image Dockerfiles and install scripts are in this repo. | Box wins. | Keep image build source public and link source files from docs. | +| Public release process | `docker/sbx-releases` publishes binaries/releases; template build pipeline is not visible in found sources. | CI workflow, release scripts, and image assembly are visible in this repo. | Box wins. | Add provenance/SBOM/scanning follow-up to strengthen visible supply-chain posture. | +| Image size | Docker Hub reported `shell-docker` at about 550 MiB and `codex-docker` at about 729 MiB. | Docker Hub reported `konard/box:latest` at about 5.47 GiB and `konard/box-dind:latest` at about 5.59 GiB for amd64. | Docker wins for smaller base; Box wins for breadth. | Improve smallest-image guidance and consider optional slim image families rather than shrinking the full universal image. | +| Authentication to product | `sbx login` with Docker account is required. | Pulling and running public `box` images requires no product login beyond registry access rules. | Box wins. | Keep no-login local workflows. | +| Telemetry | Docker docs say the `sbx` CLI collects basic invocation telemetry unless `SBX_NO_TELEMETRY=1`. | No `box` CLI telemetry exists. | Box wins. | If a `box` CLI is added, default to no telemetry or make it explicit and opt-in. | +| Docker Desktop dependency | Current `sbx` docs say Docker Desktop is not required; custom template builds need Docker Desktop according to the templates page. | `box` needs any compatible Docker/OCI runtime to pull/run images; building images uses Docker/Buildx in CI. | Tie for runtime; Box wins for simpler local mental model. | Document Podman/containerd compatibility only after testing. | +| Admin/team governance | Product page offers admin controls for teams, network restrictions, filesystem policies, and centralized setup via sales path. | No centralized governance product. | Docker wins for teams that need admin controls. | Out of scope for image-only `box`; possible future launcher can emit policy files. | +| AI agent integrations | Built-in agent names and templates include Claude Code, Codex, Copilot, Gemini, OpenCode, Kiro, Droid, Docker Agent, and shell. | `box` deliberately excludes AI-specific agent packages. | Excluded. | Do not add AI-specific dependencies to base `box`; downstream images can inherit from `box`. | + +## Where `box` Is Better + +| Area | Why it is better for this repository's scope | +|---|---| +| Universal toolchain breadth | The full image covers many runtimes and build stacks, including theorem provers and browser automation dependencies, instead of optimizing around AI agent templates. | +| Public build source | Dockerfiles, install scripts, DIND entrypoint, requirements, architecture notes, and CI are all in this repository. | +| Modular language images | Users can select `konard/box-` or a matching `-dind` sibling instead of only choosing an agent-oriented template. | +| Registry coverage | Images are published to Docker Hub and GHCR. | +| No product login | Public image pull/run workflows do not require `sbx login` or Docker Sandboxes account setup. | +| AI-agnostic base | The base image stays reusable for human development, CI experiments, automation, and any downstream AI or non-AI workflow. | + +## Missing Best Practices To Consider + +| Priority | Gap | Proposed plan | Existing components to evaluate | +|---|---|---|---| +| P0 | Stronger isolation option for untrusted autonomous work. | Add a design doc and tested examples for running `box` under hardened runtimes. Keep plain Docker as the default image consumption path. | Sysbox, Kata Containers, Firecracker, Cloud Hypervisor, gVisor, Lima/Colima, QEMU. | +| P0 | Egress policy and network logs. | Create secure run profiles for `--network none`, allowlisted proxies, and internal Docker networks. Consider a wrapper that writes and enforces domain rules. | Docker networks, nftables/iptables, Cilium, Envoy, mitmproxy, Squid/tinyproxy, Open Policy Agent. | +| P0 | Host-side credential brokering. | Document safe patterns first: SSH agent forwarding, Git credential helpers, Docker secrets, and keychain-backed CLIs. Design a proxy only if there is a clear non-AI use case. | Docker secrets, SSH agent, Git credential helpers, 1Password CLI, pass/gopass, SOPS, OS keychains. | +| P1 | Workspace branch/lifecycle orchestration. | Add a small `box run` helper or examples that create Git worktrees, mount them, run containers, and clean up. | Git worktree, Docker Compose, Dev Containers CLI, Dagger. | +| P1 | Template/feature catalog. | Publish a non-AI catalog of reusable Dockerfile patterns or declarative feature specs. Avoid coupling to specific agents. | Dev Container Features, OCI artifacts, Docker Compose, Nix flakes, mise. | +| P1 | DIND storage and resource controls. | Document `DIND_DATA_ROOT`, named volumes, `--cpus`, `--memory`, `--pids-limit`, and cleanup commands. Add smoke tests for DIND data-root overrides. | Docker cgroups flags, Compose resource options, BuildKit cache mounts. | +| P1 | Port and host-service workflow. | Add examples for `-p`, Compose ports, `host.docker.internal`, and Linux `host-gateway`. | Docker CLI, Docker Compose. | +| P2 | Supply-chain metadata. | Add SBOM/scanning/provenance docs and eventually CI artifacts. | Syft, Grype, Trivy, Docker Scout, cosign, SLSA, in-toto. | +| P2 | Workspace trust checklist. | Document post-session review guidance for Git hooks, CI files, build scripts, IDE tasks, `.env`, and generated executables. | Git, pre-commit, shellcheck, static analyzers. | + +## Decision + +`box` should not clone Docker Sandboxes as an AI-agent product. The best +borrowed practices are the non-AI environment controls: stronger isolation +options, network governance, secret handling, workspace lifecycle helpers, +template/feature reuse, DIND storage controls, and supply-chain metadata. +The strongest `box` differentiators are still its open, universal, modular, +multi-language images and public build source.