sanity-gravity
Health Pass
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 25 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in lib/proxy_manager.py
- rm -rf — Recursive force deletion command in sandbox/rootfs/usr/local/bin/chrome-cleanup.sh
Permissions Pass
- Permissions — No dangerous permissions requested
This tool provides containerized, disposable Docker sandboxes for AI agents, allowing them to safely execute arbitrary code and interact with desktop applications without risking the host operating system.
Security Assessment
This tool inherently executes shell commands and interacts with the filesystem, but it is specifically designed to isolate those actions within Docker containers. Two flags were raised for the `rm -rf` recursive force deletion command found in `lib/proxy_manager.py` and `sandbox/rootfs/usr/local/bin/chrome-cleanup.sh`. In the context of a sandbox management utility, these are expected operations (specifically for cleaning up browser processes and managing sandbox lifecycle). There are no hardcoded secrets present and no dangerous host-level permissions are requested. The self-signed certificates for local browser access are standard for this type of utility. Overall risk is rated as Low, provided you run it in the isolated Docker environment it is designed for.
Quality Assessment
The project is in active development, with its last push occurring today. It uses the permissive Apache-2.0 license and has a clear, detailed description. The codebase features continuous integration (CI). With 25 GitHub stars, it is a relatively new project, meaning community trust is growing but not yet extensive.
Verdict
Safe to use, provided it is strictly utilized within its intended Dockerized environment to manage isolated AI agent tasks.
Providing a strong Gravity in the wild world of Antigravity (AI Agents), to preserve the developer's Sanity.
Sanity-Gravity: The Antigravity Sandbox
A containerized sandbox for Agentic AI — full desktop, headless CLI, or SSH-only, in seconds.
Prerequisites
- Docker & Docker Compose (v2.0+)
- Python 3.7+
- Tested on: Ubuntu (amd64/arm64), macOS (Apple Silicon)
TL;DR
# 1. Clone
git clone https://github.com/shiritai/sanity-gravity.git
cd sanity-gravity
# 2. Build the images (one-time)
./sanity-cli build
# 3. Launch the recommended sandbox
./sanity-cli up -v ag-xfce-kasm --password mysecret
Open https://localhost:8444 — your sandboxed desktop is ready!
- Username: your host OS username
- Password:
mysecret(default:antigravity)
The self-signed certificate warning on localhost is expected. Click through it.
Why Sanity-Gravity?
AI agents run arbitrary code. One rogue rm -rf / and your host is toast. Sanity-Gravity confines every agent action inside a disposable Docker container while streaming a full desktop experience to your browser — or providing just a minimal SSH shell when that's all you need.
| Feature | Description |
|---|---|
| Host Isolation | Even if an agent runs rm -rf / or downloads malware, only the sandbox is destroyed. Your host stays untouched. |
| Full GUI Desktop | Ubuntu 24.04 + XFCE4 + KasmVNC. Agents operate browsers and GUI apps just like a human would. |
| Headless CLI Agents | Minimal images for Gemini CLI and Claude Code — no desktop overhead, just SSH. |
| Out-of-the-Box | Pre-installed with Antigravity IDE, Google Chrome, and Git. Zero setup time. |
| Seamless Disk I/O | Smart UID/GID mapping. No root-owned file disasters after host volume mounts. |
| Multi-Instance | Parallel isolated sandboxes. Host ports are auto-allocated when unspecified (zero conflicts), or can be set manually. |
| Container Snapshots | Freeze your configured environment (installed software, active logins) into a new image branch. |
| IDE Safe Upgrade | Built-in dpkg-divert protection prevents apt upgrade from breaking Antigravity or Chrome. |
| SSH Agent Proxy | Use host SSH keys inside containers — no private key copying required. |
| Multi-Arch | All images support both amd64 and arm64. |
Choose Your Sandbox
Every image is described by a tag: {agent}-{desktop}-{connector}. Pick one that matches your use case:
| I want to... | Tag | Connect via |
|---|---|---|
| Run Antigravity IDE in browser | ag-xfce-kasm |
https://localhost:8444 |
| Run Antigravity IDE via VNC | ag-xfce-vnc |
localhost:5901 |
| Use Gemini CLI in a terminal | gc-none-ssh |
ssh -p 2222 ... |
| Use Gemini CLI with a desktop | gc-xfce-kasm |
https://localhost:8444 |
| Use Claude Code in a terminal | cc-none-ssh |
ssh -p 2222 ... |
| Use Claude Code with a desktop | cc-xfce-kasm |
https://localhost:8444 |
First time? Start with
ag-xfce-kasm— it gives you the full desktop experience via your browser.
There are 11 valid combinations in total. See Modular Tag System for the full matrix, dimension model, and constraint rules.
Command Reference
Lifecycle
./sanity-cli up -v <tag> # Start a sandbox
--password <pwd> # SSH/VNC password (default: antigravity)
--workspace <path> # Host directory to mount (default: ./workspace)
--name <name> # Project name for multi-instance (default: sanity-gravity)
--cpus <n> --memory <n> # Resource limits (e.g. --cpus 2 --memory 4G)
--image <img> # Use a snapshot image instead of the default
./sanity-cli down # Stop and remove containers
./sanity-cli stop / start # Pause / resume
./sanity-cli restart # Force restart
./sanity-cli clean # Deep cleanup: containers, volumes, and local images
Inspection
./sanity-cli status # Show running instances
./sanity-cli shell # Drop into container shell (zsh, fallback to bash)
--use {zsh,bash} # Pick shell explicitly (disables fallback)
./sanity-cli open # Open web desktop in browser
Build
./sanity-cli build [tag...] # Build images (default: all)
--no-cache # Disable Docker layer cache
./sanity-cli list # Show all valid tags
./sanity-cli list --json # JSON output (for CI matrix)
./sanity-cli check # Verify Docker prerequisites
Full reference with all flags and environment variables: CLI Reference
Advanced Features
IDE Management & Safe Upgrade
Sanity-Gravity provides a robust defense mechanism against accidental IDE or browser uninstallation caused by apt upgrade.
- Host side:
sanity-climanages container lifecycles. Maintenance commands auto-inject the latest protection script into the target container, ensuring backward compatibility with legacy snapshots. - Container side:
gravity-cli(built-in) safely manages Antigravity IDE and Google Chrome viadpkg-divert, guaranteeing their--no-sandboxprivilege protections survive system updates.
From the Host
# Safely update IDE to the latest package version
./sanity-cli ide update --name sanity-gravity
# Nuclear option: full wipe + clean reinstall to fix persistent crashes
./sanity-cli ide reinstall --name sanity-gravity
Inside the Container
sudo gravity-cli update-ide # Equivalent to 'ide update'
sudo gravity-cli reinstall-ide # Equivalent to 'ide reinstall'
SSH Agent Proxy
A built-in proxy bridges your host's SSH Agent Socket into the container. This enables git push / git pull inside the sandbox using your host's private keys — without ever copying them.
./sanity-cli up handles this automatically. For manual control:
./sanity-cli proxy status # Check proxy and active connections
./sanity-cli proxy setup # Restart / fix proxy
./sanity-cli proxy remove # Terminate proxy
Multi-Instance
Run unlimited parallel sandboxes using --name:
# Launch a second instance
./sanity-cli up -v ag-xfce-kasm --name dev-02 --workspace /tmp/dev02
Zero-Conflict Guarantee: sanity-cli auto-allocates free host ports when using a custom name. Check your assigned ports via ./sanity-cli status. Target a specific instance with --name (e.g. ./sanity-cli down --name dev-02).
Container Snapshots
Freeze your configured environment — installed software, login sessions, custom settings — into a reusable image.
Create a snapshot:
./sanity-cli snapshot --name my-base-env --tag my-verified-state:v1Launch from the snapshot:
./sanity-cli up -v ag-xfce-kasm --name new-experiment --image my-verified-state:v1
SSH Access
All images — including GUI variants — expose SSH on port 2222 by default. This enables:
- Headless automation — script tasks from the host without opening a desktop
- Port forwarding —
ssh -L 3000:localhost:3000 -p 2222 $USER@localhost - Remote development — VS Code Remote SSH, JetBrains Gateway
ssh -p 2222 $USER@localhost
Project Structure
sanity-gravity/
├── sanity-cli # CLI entry point (Python 3, no external deps)
├── sandbox/
│ ├── Dockerfile.base # Base layer: Ubuntu 24.04 + SSH + supervisord
│ ├── layers/
│ │ ├── desktops/ # xfce, none
│ │ ├── agents/ # ag (Antigravity), gc (Gemini CLI), cc (Claude Code)
│ │ └── connectors/ # kasm (KasmVNC), vnc (TigerVNC), ssh
│ └── rootfs/ # Shared overlay (entrypoint, gravity-cli, supervisor configs)
├── lib/ # Proxy manager module
├── config/ # Runtime-generated docker-compose files (git-ignored)
├── tests/ # Pytest integration suite
├── workspace/ # Default bind-mounted workspace
└── .github/workflows/ # CI/CD pipelines
For details on the 4-layer FROM-chained build system and CI architecture, see Architecture and CI/CD.
What's in a Name?
"Sanity-Gravity" — providing a strong Gravity (constraints) in the unpredictable world of Antigravity (AI agents), to preserve the developer's Sanity.
By confining unvetted AI execution to disposable containers, we eliminate irreversible damage: accidental file deletion, credential hijacking, configuration pollution.
License
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found