feat(glyph): sandboxed agent container infrastructure

[stackptr]

Summary

• Add services.agent-sandbox NixOS module for running Claude Code in disposable systemd-nspawn containers
• Each run gets: isolated overlay filesystem, bind-mounted workspace, network access for API/MCP calls
• Sandbox is destroyed after completion (or preserved with --keep)
• CLI tool agent-sandbox for launching runs

Architecture

agent-sandbox <repo> <prompt>
  → clone/copy repo to workspace
  → overlay mount: read-only rootfs + writable upper layer
  → systemd-nspawn container with:
      - claude-code, git, node, ripgrep, etc.
      - /workspace bind-mounted (writable)
      - /nix/store bind-mounted (read-only)
      - ANTHROPIC_API_KEY injected from agenix secret
      - --dangerously-skip-permissions (sandbox IS the boundary)
  → agent runs, modifies workspace
  → diff shown on completion
  → sandbox cleaned up

Usage

# Run agent on a remote repo
sudo agent-sandbox https://github.com/org/repo "Fix the failing tests"

# Run agent on a local path, keep sandbox after
sudo agent-sandbox --keep /home/mu/project "Refactor the auth module"

# Specify branch and session name
sudo agent-sandbox -b feat/new-api -n my-session https://github.com/org/repo "Add pagination"

Setup required

• Create hosts/glyph/secrets/agent-sandbox-api-key.age with ANTHROPIC_API_KEY value
• Add to lib/secrets/glyph.nix

Test plan

• Create agenix secret for API key
• Deploy to glyph
• Run sudo agent-sandbox https://github.com/stackptr/rc "List all NixOS hosts configured in this repo"
• Verify container isolation (no access to host filesystem outside /workspace)
• Verify cleanup after completion
• Test --keep flag preserves workspace

🤖 Generated with Claude Code

[stackptr]

• feat(glyph): sandboxed agent container infrastructure #403 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.