singularity-forge/docker/Dockerfile.sandbox

# ──────────────────────────────────────────────
# GSD Docker Sandbox Template
# Base: docker/sandbox-templates:shell
# Purpose: Isolated environment for GSD auto mode
# Usage: docker sandbox create --template ./docker
# ──────────────────────────────────────────────
FROM node:22-bookworm-slim

# System dependencies required by GSD
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    curl \
    ca-certificates \
    openssh-client \
    && rm -rf /var/lib/apt/lists/*

# Install GSD globally — version controlled via build arg
ARG GSD_VERSION=latest
RUN npm install -g gsd-pi@${GSD_VERSION}

# Create non-root user for sandbox isolation
RUN groupadd --gid 1000 gsd \
    && useradd --uid 1000 --gid gsd --shell /bin/bash --create-home gsd

# Persistent GSD state directory
RUN mkdir -p /home/gsd/.gsd && chown -R gsd:gsd /home/gsd/.gsd

# Workspace directory — synced from host via Docker sandbox
WORKDIR /workspace
RUN chown gsd:gsd /workspace

USER gsd

# Expose default GSD web UI port
EXPOSE 3000

ENTRYPOINT ["gsd"]
CMD ["--help"]
feat(docker): add official Docker sandbox template for isolated GSD auto mode (#2360) Ship a Dockerfile.sandbox, docker-compose.yml, .env.example, and docs so users can run GSD auto mode inside an isolated Docker sandbox (MicroVM) without risk to the host filesystem, SSH keys, or other projects. - Dockerfile.sandbox: Node 22 base, gsd-pi pre-installed, non-root user, port 3000 - docker-compose.yml: workspace volume mount, persistent .gsd state, env_file support - .env.example: template for LLM provider keys and optional tool credentials - docker/README.md: setup guide covering sandbox CLI, Compose, two-terminal workflow, credential injection, and network allowlisting - .dockerignore: project-root ignore file for efficient Docker builds - src/tests/docker-template.test.ts: 13 structural tests verifying all template files Fixes #1544 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 15:57:59 -04:00			`# ──────────────────────────────────────────────`
			`# GSD Docker Sandbox Template`
			`# Base: docker/sandbox-templates:shell`
			`# Purpose: Isolated environment for GSD auto mode`
			`# Usage: docker sandbox create --template ./docker`
			`# ──────────────────────────────────────────────`
			`FROM node:22-bookworm-slim`

			`# System dependencies required by GSD`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`git \`
			`curl \`
			`ca-certificates \`
			`openssh-client \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Install GSD globally — version controlled via build arg`
			`ARG GSD_VERSION=latest`
			`RUN npm install -g gsd-pi@${GSD_VERSION}`

			`# Create non-root user for sandbox isolation`
			`RUN groupadd --gid 1000 gsd \`
			`&& useradd --uid 1000 --gid gsd --shell /bin/bash --create-home gsd`

			`# Persistent GSD state directory`
			`RUN mkdir -p /home/gsd/.gsd && chown -R gsd:gsd /home/gsd/.gsd`

			`# Workspace directory — synced from host via Docker sandbox`
			`WORKDIR /workspace`
			`RUN chown gsd:gsd /workspace`

			`USER gsd`

			`# Expose default GSD web UI port`
			`EXPOSE 3000`

			`ENTRYPOINT ["gsd"]`
			`CMD ["--help"]`