A containerized sandbox for Agentic AI β full desktop, headless CLI, or SSH-only, in seconds.
English | ηΉι«δΈζ | ζ₯ζ¬θͺ
- Docker & Docker Compose (v2.0+)
- Python 3.7+
- Tested on: Ubuntu (amd64/arm64), macOS (Apple Silicon)
# 1. Clone
git clone https://github.com/shiritai/sanity-gravity.git
cd sanity-gravity
# 2. Build the images (one-time)
./sanity-cli build
# 3. Launch the recommended sandbox
./sanity-cli up -v ag-xfce-kasm --password mysecretOpen https://localhost:8444 β your sandboxed desktop is ready!
- Username: your host OS username
- Password:
mysecret(default:antigravity)
The self-signed certificate warning on localhost is expected. Click through it.
AI agents run arbitrary code. One rogue rm -rf / and your host is toast. Sanity-Gravity confines every agent action inside a disposable Docker container while streaming a full desktop experience to your browser β or providing just a minimal SSH shell when that's all you need.
| Feature | Description |
|---|---|
| Host Isolation | Even if an agent runs rm -rf / or downloads malware, only the sandbox is destroyed. Your host stays untouched. |
| Full GUI Desktop | Ubuntu 24.04 + XFCE4 + KasmVNC. Agents operate browsers and GUI apps just like a human would. |
| Headless CLI Agents | Minimal images for Gemini CLI and Claude Code β no desktop overhead, just SSH. |
| Out-of-the-Box | Pre-installed with Antigravity IDE, Google Chrome, and Git. Zero setup time. |
| Seamless Disk I/O | Smart UID/GID mapping. No root-owned file disasters after host volume mounts. |
| Multi-Instance | Parallel isolated sandboxes. Host ports are auto-allocated when unspecified (zero conflicts), or can be set manually. |
| Container Snapshots | Freeze your configured environment (installed software, active logins) into a new image branch. |
| IDE Safe Upgrade | Built-in dpkg-divert protection prevents apt upgrade from breaking Antigravity or Chrome. |
| SSH Agent Proxy | Use host SSH keys inside containers β no private key copying required. |
| Multi-Arch | All images support both amd64 and arm64. |
Every image is described by a tag: {agent}-{desktop}-{connector}. Pick one that matches your use case:
| I want to... | Tag | Connect via |
|---|---|---|
| Run Antigravity IDE in browser | ag-xfce-kasm |
https://localhost:8444 |
| Run Antigravity IDE via VNC | ag-xfce-vnc |
localhost:5901 |
| Use Gemini CLI in a terminal | gc-none-ssh |
ssh -p 2222 ... |
| Use Gemini CLI with a desktop | gc-xfce-kasm |
https://localhost:8444 |
| Use Claude Code in a terminal | cc-none-ssh |
ssh -p 2222 ... |
| Use Claude Code with a desktop | cc-xfce-kasm |
https://localhost:8444 |
First time? Start with
ag-xfce-kasmβ it gives you the full desktop experience via your browser.
There are 11 valid combinations in total. See Modular Tag System for the full matrix, dimension model, and constraint rules.
For a detailed explanation of persistence, isolation, and state management, see the Sandbox Lifecycle Guide.
./sanity-cli up -v <tag> # Start a sandbox
--password <pwd> # SSH/VNC password (default: antigravity)
--workspace <path> # Host directory to mount (default: ./workspace)
--name <name> # Project name for multi-instance (default: sanity-gravity)
--cpus <n> --memory <n> # Resource limits (e.g. --cpus 2 --memory 4G)
--image <img> # Use a snapshot image instead of the default
./sanity-cli down # Stop and remove containers
./sanity-cli stop / start # Pause / resume
./sanity-cli restart # Force restart
./sanity-cli clean # Deep cleanup: containers, volumes, and local images./sanity-cli status # Show running instances
./sanity-cli shell # Drop into container shell (zsh, fallback to bash)
--use {zsh,bash} # Pick shell explicitly (disables fallback)
./sanity-cli open # Open web desktop in browser./sanity-cli build [tag...] # Build images (default: all)
--no-cache # Disable Docker layer cache
./sanity-cli list # Show all valid tags
./sanity-cli list --json # JSON output (for CI matrix)
./sanity-cli check # Verify Docker prerequisitesFull reference with all flags and environment variables: CLI Reference
Sanity-Gravity provides a robust defense mechanism against accidental IDE or browser uninstallation caused by apt upgrade.
- Host side:
sanity-climanages container lifecycles. Maintenance commands auto-inject the latest protection script into the target container, ensuring backward compatibility with legacy snapshots. - Container side:
gravity-cli(built-in) safely manages Antigravity IDE and Google Chrome viadpkg-divert, guaranteeing their--no-sandboxprivilege protections survive system updates.
# Safely update IDE to the latest package version
./sanity-cli ide update --name sanity-gravity
# Nuclear option: full wipe + clean reinstall to fix persistent crashes
./sanity-cli ide reinstall --name sanity-gravitysudo gravity-cli update-ide # Equivalent to 'ide update'
sudo gravity-cli reinstall-ide # Equivalent to 'ide reinstall'A built-in proxy bridges your host's SSH Agent Socket into the container. This enables git push / git pull inside the sandbox using your host's private keys β without ever copying them.
./sanity-cli up handles this automatically. For manual control:
./sanity-cli proxy status # Check proxy and active connections
./sanity-cli proxy setup # Restart / fix proxy
./sanity-cli proxy remove # Terminate proxyRun unlimited parallel sandboxes using --name:
# Launch a second instance
./sanity-cli up -v ag-xfce-kasm --name dev-02 --workspace /tmp/dev02Zero-Conflict Guarantee: sanity-cli auto-allocates free host ports when using a custom name. Check your assigned ports via ./sanity-cli status. Target a specific instance with --name (e.g. ./sanity-cli down --name dev-02).
Freeze your configured environment β installed software, login sessions, custom settings β into a reusable image.
-
Create a snapshot:
./sanity-cli snapshot --name my-base-env --tag my-verified-state:v1
-
Launch from the snapshot:
./sanity-cli up -v ag-xfce-kasm --name new-experiment --image my-verified-state:v1
All images β including GUI variants β expose SSH on port 2222 by default. This enables:
- Headless automation β script tasks from the host without opening a desktop
- Port forwarding β
ssh -L 3000:localhost:3000 -p 2222 $USER@localhost - Remote development β VS Code Remote SSH, JetBrains Gateway
ssh -p 2222 $USER@localhostsanity-gravity/
βββ sanity-cli # CLI entry point (Python 3, no external deps)
βββ sandbox/
β βββ Dockerfile.base # Base layer: Ubuntu 24.04 + SSH + supervisord
β βββ layers/
β β βββ desktops/ # xfce, none
β β βββ agents/ # ag (Antigravity), gc (Gemini CLI), cc (Claude Code)
β β βββ connectors/ # kasm (KasmVNC), vnc (TigerVNC), ssh
β βββ rootfs/ # Shared overlay (entrypoint, gravity-cli, supervisor configs)
βββ lib/ # Proxy manager module
βββ config/ # Runtime-generated docker-compose files (git-ignored)
βββ tests/ # Pytest integration suite
βββ workspace/ # Default bind-mounted workspace
βββ .github/workflows/ # CI/CD pipelines
For details on the 4-layer FROM-chained build system and CI architecture, see Architecture and CI/CD.
"Sanity-Gravity" β providing a strong Gravity (constraints) in the unpredictable world of Antigravity (AI agents), to preserve the developer's Sanity.
By confining unvetted AI execution to disposable containers, we eliminate irreversible damage: accidental file deletion, credential hijacking, configuration pollution.