sandboxctl 1.0.2__tar.gz

sandboxctl-1.0.2/.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"

sandboxctl-1.0.2/.github/workflows/ci.yml

@@ -0,0 +1,18 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions: read-all
+
+jobs:
+  quality:
+    uses: butler54/sandboxctl-cicd/.github/workflows/python-quality.yml@main
+    with:
+      python-versions: '["3.12", "3.13"]'
+
+  block-ide:
+    uses: butler54/sandboxctl-cicd/.github/workflows/block-ide-dirs.yml@main

sandboxctl-1.0.2/.github/workflows/conventional-pr.yml

@@ -0,0 +1,16 @@
+name: Lint PR title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+    branches:
+      - main
+
+permissions: read-all
+
+jobs:
+  lint:
+    uses: butler54/sandboxctl-cicd/.github/workflows/commitlint.yml@main

sandboxctl-1.0.2/.github/workflows/release.yml

@@ -0,0 +1,68 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+permissions:
+  id-token: write
+  attestations: write
+  contents: write
+
+jobs:
+  release:
+    if: github.repository == 'butler54/sandboxctl'
+    runs-on: ubuntu-latest
+    concurrency:
+      group: release-${{ github.ref }}
+      cancel-in-progress: false
+    environment:
+      name: release
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411  # v2.19.4
+        with:
+          egress-policy: audit
+
+      - name: Generate release bot token
+        id: app-token
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1  # v3.2.0
+        with:
+          app-id: ${{ vars.RELEASE_APP_ID }}
+          private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
+        with:
+          fetch-depth: 0
+          token: ${{ steps.app-token.outputs.token }}
+
+      - name: Setup Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
+        with:
+          python-version: '3.12'
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Python Semantic Release
+        id: release
+        uses: python-semantic-release/python-semantic-release@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0  # v10.5.3
+        with:
+          github_token: ${{ steps.app-token.outputs.token }}
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b  # release/v1
+        if: steps.release.outputs.released == 'true'
+
+      - name: Sign artifacts with Sigstore
+        uses: sigstore/gh-action-sigstore-python@5b79a39c381910c090341a2c9b0bf022c8b387e1  # v3.4.0
+        if: steps.release.outputs.released == 'true'
+        with:
+          inputs: "dist/*"
+
+      - name: Upload to GitHub Releases
+        uses: python-semantic-release/upload-to-gh-release@0a92b5d7ebfc15a84f9801ebd1bf706343d43711  # v9.8.9
+        if: steps.release.outputs.released == 'true'
+        with:
+          github_token: ${{ steps.app-token.outputs.token }}

sandboxctl-1.0.2/.github/workflows/scorecard.yml

@@ -0,0 +1,40 @@
+name: OpenSSF Scorecard
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '30 3 * * 1'
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411  # v2.19.4
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
+        with:
+          persist-credentials: false
+
+      - name: Run Scorecard
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a  # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e  # v4.36.2
+        with:
+          sarif_file: results.sarif

sandboxctl-1.0.2/.gitignore

@@ -0,0 +1,33 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+dist/
+build/
+*.egg
+
+# Virtual environments
+.venv/
+venv/
+
+# Testing
+.coverage
+htmlcov/
+.pytest_cache/
+
+# Ruff
+.ruff_cache/
+
+# uv
+uv.lock
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db

sandboxctl-1.0.2/.pre-commit-config.yaml

@@ -0,0 +1,16 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-yaml
+      - id: check-toml
+      - id: mixed-line-ending
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.11.12
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format

sandboxctl-1.0.2/CHANGELOG.md

@@ -0,0 +1,23 @@
+# CHANGELOG
+
+<!-- version list -->
+
+## v1.0.2 (2026-06-26)
+
+### Bug Fixes
+
+- Trigger release to verify PyPI trusted publisher
+  ([`9bbfec1`](https://github.com/butler54/sandboxctl/commit/9bbfec1156108998d2d2d721b41f089879a3d03e))
+
+
+## v1.0.1 (2026-06-26)
+
+### Bug Fixes
+
+- Port release to dedicated workflow for PyPI OIDC
+  ([`fd7672f`](https://github.com/butler54/sandboxctl/commit/fd7672f8a0a88fba69ee2a42b167bca6526d81e8))
+
+
+## v1.0.0 (2026-06-26)
+
+- Initial Release

sandboxctl-1.0.2/LICENSE

@@ -0,0 +1,190 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to the Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by the Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding any notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 sandboxctl contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

sandboxctl-1.0.2/Makefile

@@ -0,0 +1,28 @@
+.PHONY: install dev lint format test clean uninstall help
+
+install:           ## Install globally via uv tool
+	uv tool install --force -e .
+
+dev:               ## Install in dev mode with all deps
+	uv sync
+
+lint:              ## Check code style
+	uv run ruff check src/ tests/
+	uv run ruff format --check src/ tests/
+
+format:            ## Auto-format code
+	uv run ruff format src/ tests/
+	uv run ruff check --fix src/ tests/
+
+test:              ## Run tests with coverage
+	uv run pytest
+
+clean:             ## Remove build artifacts
+	rm -rf dist/ build/ *.egg-info .ruff_cache .pytest_cache __pycache__ .coverage htmlcov/
+
+uninstall:         ## Remove from uv tools
+	uv tool uninstall sandboxctl
+
+help:              ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-15s\033[0m %s\n", $$1, $$2}'

sandboxctl-1.0.2/PKG-INFO

@@ -0,0 +1,39 @@
+Metadata-Version: 2.4
+Name: sandboxctl
+Version: 1.0.2
+Summary: OpenShell sandbox management CLI
+License-Expression: Apache-2.0
+License-File: LICENSE
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Requires-Python: >=3.12
+Requires-Dist: pydantic-settings>=2.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: typer>=0.15
+Description-Content-Type: text/markdown
+
+# sandboxctl
+
+OpenShell sandbox management CLI.
+
+## Installation
+
+```bash
+pip install sandboxctl
+```
+
+## Development
+
+```bash
+make dev    # install dev dependencies
+make lint   # check code style
+make test   # run tests
+make format # auto-format
+```
+
+## License
+
+Apache-2.0

sandboxctl-1.0.2/README.md

@@ -0,0 +1,22 @@
+# sandboxctl
+
+OpenShell sandbox management CLI.
+
+## Installation
+
+```bash
+pip install sandboxctl
+```
+
+## Development
+
+```bash
+make dev    # install dev dependencies
+make lint   # check code style
+make test   # run tests
+make format # auto-format
+```
+
+## License
+
+Apache-2.0

sandboxctl-1.0.2/SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do not** open a public GitHub issue for security vulnerabilities.
+2. Email the maintainers or use [GitHub's private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability).
+
+We will acknowledge receipt within 48 hours and provide a timeline for a fix.
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.x     | Yes       |

sandboxctl-1.0.2/codecov.yml

@@ -0,0 +1,9 @@
+coverage:
+  status:
+    project:
+      default:
+        target: 75%
+        threshold: 5%
+    patch:
+      default:
+        target: 75%

sandboxctl-1.0.2/commitlint.config.js

@@ -0,0 +1,6 @@
+module.exports = {
+  extends: ["@commitlint/config-conventional"],
+  rules: {
+    "subject-case": [0],
+  },
+};

sandboxctl-1.0.2/examples/containerfiles/Containerfile

@@ -0,0 +1,26 @@
+# Base sandbox Containerfile
+# Customizable per-profile via [sandbox] containerfile field
+#
+# Build args (set by sandboxctl):
+#   GIT_USER_NAME — git commit identity
+#   GIT_USER_EMAIL — git commit identity
+#   DEFAULT_MODEL — Claude model
+
+FROM ghcr.io/nvidia/openshell-community/sandboxes/base:latest
+
+ARG GIT_USER_NAME=""
+ARG GIT_USER_EMAIL=""
+ARG DEFAULT_MODEL="claude-sonnet-4-20250514"
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    jq \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN git config --system commit.gpgsign true && \
+    git config --system gpg.format ssh && \
+    git config --system user.signingkey /sandbox/.ssh/id_ed25519 && \
+    git config --system user.name "${GIT_USER_NAME}" && \
+    git config --system user.email "${GIT_USER_EMAIL}"
+
+ENV CLAUDE_CODE_USE_VERTEX=1
+ENV CLOUD_ML_REGION=global

sandboxctl-1.0.2/examples/policies/policy.yaml

@@ -0,0 +1,37 @@
+# Default sandbox network policy
+# Allows access to common development services
+#
+# Customize per-profile via [sandbox] policy field
+
+network:
+  outbound:
+    allow:
+      # Git hosting
+      - github.com
+      - api.github.com
+      - gitlab.com
+      # Package registries
+      - pypi.org
+      - files.pythonhosted.org
+      - registry.npmjs.org
+      - proxy.golang.org
+      # Container registries
+      - ghcr.io
+      - registry.access.redhat.com
+      # Claude / Vertex AI
+      - global-aiplatform.googleapis.com
+      - us-central1-aiplatform.googleapis.com
+      - us-east1-aiplatform.googleapis.com
+      - oauth2.googleapis.com
+      - accounts.google.com
+      - statsig.anthropic.com
+      - sentry.io
+
+filesystem:
+  readonly:
+    - /usr
+    - /bin
+    - /sbin
+  writable:
+    - /sandbox
+    - /tmp

sandboxctl-1.0.2/examples/profiles/ai-dev.toml

@@ -0,0 +1,16 @@
+# AI-assisted development sandbox profile
+# Includes Claude Code with Vertex AI provider
+# Usage: sandboxctl create --profile ai-dev
+
+[sandbox]
+# default_repo = "my-ai-project"
+# model = "claude-sonnet-4-20250514"
+
+[workspace]
+theme = "Default Dark Modern"
+zoom = -1
+
+[repos]
+github = [
+    # "owner/ai-project",
+]

sandboxctl-1.0.2/examples/profiles/dev.toml

@@ -0,0 +1,14 @@
+# General development sandbox profile
+# Usage: sandboxctl create --profile dev
+
+[sandbox]
+# default_repo = "my-project"
+
+[workspace]
+theme = "Default Dark Modern"
+zoom = -1
+
+[repos]
+github = [
+    # "owner/repo-name",
+]

sandboxctl-1.0.2/examples/profiles/minimal.toml

@@ -0,0 +1,8 @@
+# Minimal sandbox profile — no repos, no extras
+# Usage: sandboxctl create --profile minimal
+
+[sandbox]
+
+[workspace]
+
+[repos]