WARNING: This is experimental software. It may break or change in unexpected ways at any point. Use at your own risk.

NOTE: This tool is tightly coupled with my personal development setup. I use devenv and Nix for all my projects. If you're not already using devenv/Nix, this tool is probably not for you - the onboarding cost will be high and there are likely simpler alternatives for your use case.

Isolated sandbox environments for AI agents. Run untrusted AI agent loops on your codebase without risking your working tree.

Slopbox creates disposable Docker containers where AI agents can freely modify code. Changes stay isolated until you explicitly apply them to your main repository.

Key features:

• Agents work on git worktrees, not your actual repo
• Shared Nix store across sandboxes (fast rebuilds)
• Review diffs before applying changes
• Multiple concurrent agent sessions
• Works with any devenv-based project

┌─────────────────────────────────────────────────────────┐
│                      Host Machine                       │
│  ┌───────────────┐    ┌─────────────────────────────┐   │
│  │  Your Repo    │    │  ~/.cache/slopbox/          │   │
│  │  (untouched)  │    │  ├── repos/*.git (mirrors)  │   │
│  └───────────────┘    │  └── worktrees/ (clones)    │   │
│                       └─────────────────────────────┘   │
│                                                         │
│  ┌────────────────────────────────────────────────────┐ │
│  │              Docker                                │ │
│  │  ┌─────────────────┐  ┌─────────────────────────┐  │ │
│  │  │ slopbox-daemon  │  │ slopbox-<feature>       │  │ │
│  │  │ (nix daemon)    │  │ (agent sandbox)         │  │ │
│  │  │                 │  │                         │  │ │
│  │  │ /nix (volume)◄──┼──┤ /nix (read-only)        │  │ │
│  │  └─────────────────┘  │ /workspace (worktree)   │  │ │
│  │                       └─────────────────────────┘  │ │
│  └────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘

inputs:
  slopbox:
    url: github:denibertovic/slopbox

{ inputs, ... }: {
  imports = [
    inputs.slopbox.devenvModules.default
  ];

  # ... your other config
}

The sandbox runs the exact same devenv shell as your local environment. Any tools you want available inside the sandbox must be declared in your devenv config.

For Claude Code, add to your package.json:

{
  "devDependencies": {
    "@anthropic-ai/claude-code": "^1"
  }
}

And ensure Node.js is enabled in devenv.nix:

{
  languages.javascript = {
    enable = true;
    npm.install.enable = true;
  };
}

This way, when the sandbox runs devenv shell, Claude Code (and any other npm packages) will be installed and available.

devenv update slopbox

Enter your devenv shell and run slop init to see the build commands:

devenv shell
slop init

It will show the required build commands:

docker build -f /nix/store/.../Dockerfile.daemon -t slopbox-daemon:latest /nix/store/.../
docker build -t slopbox:latest /nix/store/.../

Run both commands, then run slop init again to start the daemon.

slop init

This creates the shared Nix volume and starts the daemon container.

slop my-feature

This will:

1. Create a git mirror of your repo (first run only)
2. Create branch agent/my-feature
3. Clone to a worktree at ~/.cache/slopbox/worktrees/agent/my-feature
4. Launch a container with that worktree mounted at /workspace
5. Drop you into a devenv shell inside the container

The agent (or you) can now make any changes. They're isolated from your real repo.

slop my-feature -c claude
slop my-feature -c "npm test"
slop my-feature -c bash

slop resume my-feature

Re-enter a sandbox, keeping all previous changes.

slop diff my-feature

Shows a diff between your current HEAD and the agent's branch.

slop apply my-feature              # merge
slop apply my-feature --squash     # squash merge
slop apply my-feature --cherry-pick # cherry-pick

Brings the agent's changes into your current branch.

slop status          # Show daemon status and active sandboxes
slop stop            # Stop the daemon (preserves nix store)
slop list            # List all agent branches/worktrees
slop gc              # Clean up old worktrees (default: >7 days)
slop gc --all        # Remove all worktrees
slop gc 14           # Remove worktrees older than 14 days

1. Git mirror: Your repo is mirrored to ~/.cache/slopbox/repos/<repo>.git
2. Agent branches: Each sandbox gets a branch like agent/my-feature or agent/my-feature-1
3. Worktrees: Full clones (not git worktrees) at ~/.cache/slopbox/worktrees/agent/<feature>
4. Shared Nix: A daemon container holds the Nix store; sandbox containers mount it read-only
5. Isolation: Containers can't access your real repo, only the worktree clone

The worktree's branch is only pushed back to the bare mirror when you exit the sandbox. This happens automatically at the end of slop <feature> and slop resume.

This means:

• slop diff and slop apply only see commits that were pushed (i.e., from previous sessions)
• If you're still inside a sandbox, your latest commits won't be visible to diff/apply yet
• You must exit the sandbox (exit the shell or let the command finish) for changes to sync

If the agent is still running and you want to check progress, you can look directly at the worktree:

git -C ~/.cache/slopbox/worktrees/agent/my-feature log --oneline

• XDG_CACHE_HOME: Override cache location (default: ~/.cache)
• AI_ENV_NODE_MODULES_CACHE: Set to 0 to disable shared node_modules volume

If ~/.claude exists, it's mounted into the sandbox so Claude Code works seamlessly.

Since the sandbox is isolated, you can skip Claude's permission prompts:

slop my-feature -c "claude --dangerously-skip-permissions"

I'd like to automate this (detect we're in a sandbox and pass the flag automatically) but haven't figured that out yet.

There's an instructions file at /etc/slop/instructions.txt inside the sandbox that explains to AI agents how to work in the isolated environment (how to install tools, git workflow, etc.).

You need to manually tell the agent to read it - I haven't figured out a way to automate this yet. Add something like this to your initial prompt:

Before starting, read /etc/slop/instructions.txt for important context about this environment.

The instructions cover:

• How to install ephemeral tools with nix shell vs permanent dependencies in devenv.nix
• Git workflow (agent branches, committing freely, etc.)

This approach has trade-offs:

• Slow - Even with caching (shared nix store, node_modules volumes), spinning up a sandbox is slower than running locally. The first run for a project is especially slow as it populates caches.
• Disk space - Each worktree is a full clone, and the shared nix store can grow large over time. Run slop gc periodically.
• Complexity - Adds Docker, nix daemon, volumes, and git mirrors on top of your normal workflow. More moving parts = more things that can break.
• No automation for agent instructions - You have to manually tell agents to read /etc/slop/instructions.txt every time.

MIT