search

locus sandbox

Create and manage provider Docker sandboxes, including auth, package installs, command execution, shell access, and logs.

Manage Docker-backed provider sandboxes used by Locus execution.

hashtag
Usage

locus sandbox
locus sandbox <subcommand> [options]

hashtag
Subcommands

Subcommand
Description

locus sandbox

Select a provider and create its sandbox

locus sandbox claude

Open an interactive Claude session in the Claude sandbox (for auth)

locus sandbox codex

Open an interactive Codex session in the Codex sandbox (for auth)

locus sandbox install <package...>

Install global npm package(s) inside sandbox(es)

locus sandbox shell <provider>

Open an interactive shell (sh) in a provider sandbox

locus sandbox logs <provider>

Show Docker sandbox logs for a provider sandbox

locus sandbox status

Show configured sandbox names and running state

locus sandbox rm

Remove provider sandboxes and disable sandbox mode

hashtag
Providers

Provider values:

  • claude

  • codex

  • all (supported by install only)

hashtag
Typical Setup Flow

hashtag
install

Install one or more npm packages globally in sandbox environments.

Examples:

hashtag
shell

Open an interactive shell in a provider sandbox.

Example:

hashtag
logs

Show logs for a provider sandbox.

Examples:

hashtag
status

Show whether sandbox mode is enabled, configured sandbox names, and running status for each provider.

hashtag
rm

Remove all configured provider sandboxes and disable sandbox mode.

hashtag
Custom Setup with sandbox-setup.sh

Locus automatically runs .locus/sandbox-setup.sh inside each newly created sandbox after dependency installation. This hook lets you install additional toolchains, set environment variables, or perform any project-specific setup that the sandbox needs.

For JavaScript/TypeScript projects, Locus already handles package installation automatically. The setup script is most useful for non-JS projects or when you need extra tools beyond what the package manager provides.

hashtag
How it works

  1. After creating a sandbox, Locus detects your project ecosystem and installs JS dependencies if applicable.

  2. If .locus/sandbox-setup.sh exists, Locus runs it inside the sandbox with sh.

  3. If no setup script exists and the project is non-JS, Locus prints a warning suggesting you create one.

hashtag
Examples

Python project:

Rust project:

Go project:

JavaScript project with extra system dependencies:

Multi-language monorepo:

hashtag
Tips

  • Keep the script idempotent — it may be re-run via locus sandbox setup.

  • The script runs as root inside the sandbox, so sudo is not needed.

  • The working directory is set to your project root.

  • Use set -e at the top if you want the script to fail fast on errors.

hashtag
Shell Environment with sandbox-profile.sh

When you open an interactive shell with locus sandbox shell <provider>, Locus automatically sets up the environment by adding common binary directories to PATH (node_modules/.bin, .venv/bin, .cargo/bin, go/bin, etc.) and configuring NODE_PATH.

If your project needs additional environment customization — extra PATH entries, environment variables, shell aliases, or functions — create a .locus/sandbox-profile.sh file. Locus sources this file at the end of shell initialization, so your customizations take effect on top of the auto-detected defaults.

hashtag
How it works

  1. Locus opens a shell inside the provider sandbox.

  2. Common bin directories for all ecosystems are auto-detected and added to PATH.

  3. NODE_PATH is configured for sandbox-installed dependencies.

  4. If .locus/sandbox-profile.sh exists, it is sourced (. <file>) in the shell context.

  5. The interactive shell starts.

hashtag
When to use it

  • Your project uses tools installed in non-standard locations

  • You need project-specific environment variables available in the sandbox shell

  • You want shell aliases or helper functions for sandbox debugging

  • You have custom SDK paths, compiler flags, or runtime configuration

hashtag
Examples

Custom environment variables and PATH:

Shell aliases for common tasks:

Multi-language environment setup:

hashtag
Tips

  • This file is sourced, not executed as a subprocess — variables and aliases persist in the shell session.

  • It only runs during locus sandbox shell, not during automated AI agent execution (locus run, locus exec).

  • The working directory is set to your project root when the file is sourced.

  • Keep it lightweight — heavy initialization slows down shell startup.

hashtag
Difference from sandbox-setup.sh

sandbox-setup.sh

sandbox-profile.sh

Purpose

Install toolchains and dependencies

Customize shell environment

When

During sandbox creation (locus sandbox)

During interactive shell (locus sandbox shell)

Execution

Runs as a subprocess (sh <file>)

Sourced in shell context (. <file>)

Runs as

Root, non-interactive

Current user, interactive shell

Use for

apt-get install, pip install, cargo build

export, alias, PATH additions

hashtag
Notes

  • Sandboxes must be created first with locus sandbox.

  • If a provider sandbox is missing or not running, subcommands return guidance to recreate it.

  • Locus enforces .sandboxignore rules when syncing workspace content into sandbox execution.

Previouslocus runNextlocus exec

Last updated