sbx: vendor v0.31.0 cli reference

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>

data/sbx_cli/sbx.yaml

@@ -22,7 +22,7 @@ see_also:
     - sbx exec - Execute a command inside a sandbox
     - sbx kit - Manage kit artifacts
     - sbx login - Sign in to Docker
-    - sbx logout - Sign out of Docker
+    - sbx logout - Stop all running sandboxes and sign out of Docker
     - sbx ls - List sandboxes
     - sbx policy - Manage sandbox policies
     - sbx ports - Manage sandbox port publishing

data/sbx_cli/sbx_create.yaml

@@ -6,8 +6,10 @@ description: |-
     Use "sbx run SANDBOX" to attach to the agent after creation.
 usage: sbx create [flags] AGENT PATH [PATH...]
 options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -18,8 +20,13 @@ options:
       usage: help for create
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |
@@ -50,8 +57,8 @@ example: |4-
       # Create with additional read-only workspaces
       sbx create claude . /path/to/docs:ro
 
-      # Create with a Git worktree for isolated changes
-      sbx create --branch=feature/login claude .
+      # Run the agent on an in-container clone of the host repo, wired back via a git-daemon
+      sbx create --clone claude .
 see_also:
     - sbx - Manage AI coding agent sandboxes.
     - sbx create claude - Create a sandbox for claude

data/sbx_cli/sbx_create_claude.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for claude
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_codex.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for codex
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_copilot.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for copilot
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_cursor.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for cursor
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_docker-agent.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for docker-agent
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_droid.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for droid
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_gemini.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for gemini
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_kiro.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for kiro
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_opencode.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for opencode
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_create_shell.yaml

@@ -15,8 +15,10 @@ options:
       default_value: "false"
       usage: help for shell
 inherited_options:
-    - name: branch
-      usage: Create a Git worktree on the given branch
+    - name: clone
+      default_value: "false"
+      usage: |
+        Run the agent on a private in-container clone of the host Git repository (mounted read-only) instead of bind-mounting the workspace; the agent's commits are accessible via the sandbox-<name> git remote on the host
     - name: cpus
       default_value: "0"
       usage: |
@@ -27,8 +29,13 @@ inherited_options:
       usage: Enable debug logging
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_kit.yaml

@@ -1,5 +1,6 @@
 name: sbx kit
 synopsis: Manage kit artifacts
+experimental: true
 description: |-
     Manage kit artifacts.
 

data/sbx_cli/sbx_kit_add.yaml

@@ -1,5 +1,6 @@
 name: sbx kit add
 synopsis: Add a kit to a running sandbox
+experimental: true
 description: |-
     Inject a kit artifact into an already-running sandbox.
 

data/sbx_cli/sbx_kit_inspect.yaml

@@ -1,5 +1,6 @@
 name: sbx kit inspect
 synopsis: Display details about a kit artifact
+experimental: true
 description: |-
     Load and display details about a kit artifact.
 

data/sbx_cli/sbx_kit_pack.yaml

@@ -1,5 +1,6 @@
 name: sbx kit pack
 synopsis: Package a directory as a kit artifact
+experimental: true
 description: |-
     Validate and package a kit artifact directory as a ZIP file.
 

data/sbx_cli/sbx_kit_pull.yaml

@@ -1,12 +1,13 @@
 name: sbx kit pull
 synopsis: Pull a kit artifact from an OCI registry
+experimental: true
 description: |-
     Pull a kit artifact from an OCI registry and save it as a ZIP file.
 
     The reference should be in the format "registry/repo:tag" or
     "registry/repo@sha256:digest" (e.g., "ghcr.io/myorg/my-plugin:1.0").
 
-    Authentication uses your Docker credential store.
+    Authentication: sbx registry secrets (sbx secret set --registry) take priority, falling back to the Docker credential store.
 usage: sbx kit pull REFERENCE [flags]
 options:
     - name: help

data/sbx_cli/sbx_kit_push.yaml

@@ -1,12 +1,13 @@
 name: sbx kit push
 synopsis: Push a kit artifact to an OCI registry
+experimental: true
 description: |-
     Package and push a kit artifact directory to an OCI registry.
 
     The directory must contain a valid spec.yaml. The reference should be
     in the format "registry/repo:tag" (e.g., "ghcr.io/myorg/my-plugin:1.0").
 
-    Authentication uses your Docker credential store.
+    Authentication uses the Docker credential store.
 usage: sbx kit push DIRECTORY REFERENCE [flags]
 options:
     - name: help

data/sbx_cli/sbx_kit_validate.yaml

@@ -1,5 +1,6 @@
 name: sbx kit validate
 synopsis: Validate a kit artifact
+experimental: true
 description: |-
     Validate that a directory or ZIP file is a valid kit artifact.
 

data/sbx_cli/sbx_logout.yaml

@@ -1,11 +1,15 @@
 name: sbx logout
-synopsis: Sign out of Docker
+synopsis: Stop all running sandboxes and sign out of Docker
 usage: sbx logout [flags]
 options:
     - name: help
       shorthand: h
       default_value: "false"
       usage: help for logout
+    - name: "yes"
+      shorthand: "y"
+      default_value: "false"
+      usage: Skip confirmation prompt
 inherited_options:
     - name: debug
       shorthand: D

data/sbx_cli/sbx_run.yaml

@@ -11,9 +11,10 @@ description: |-
     Available agents: claude, codex, copilot, cursor, docker-agent, droid, gemini, kiro, opencode, shell
 usage: sbx run [flags] SANDBOX | AGENT [PATH...] [-- AGENT_ARGS...]
 options:
-    - name: branch
+    - name: clone
+      default_value: "false"
       usage: |
-        Create a Git worktree on the given branch (use --branch auto to auto-generate)
+        Run the agent on a private in-container clone of the host Git repository; must be set at sandbox creation time (no-op when re-attaching to an existing clone-mode sandbox)
     - name: cpus
       default_value: "0"
       usage: |
@@ -24,8 +25,13 @@ options:
       usage: help for run
     - name: kit
       default_value: '[]'
+      experimental: true
       usage: |
         Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: mcp
+      default_value: '[]'
+      usage: |
+        MCP server name to enable (use 'all' for all registered servers). Can be specified multiple times
     - name: memory
       shorthand: m
       usage: |

data/sbx_cli/sbx_secret.yaml

@@ -3,13 +3,16 @@ synopsis: Manage stored secrets
 description: |-
     Manage stored secrets for sandbox environments.
 
-    Secrets are stored per service name (e.g., "github", "anthropic", "openai").
-    When a sandbox starts, the proxy uses stored secrets to authenticate API
-    requests on behalf of the agent. The secret is never exposed directly to the
-    agent.
+    SERVICE SECRETS (e.g. "github", "anthropic", "openai")
+      When a sandbox starts, the proxy uses stored secrets to authenticate API
+      requests on behalf of the agent. The secret is never exposed directly.
+      Scoped globally (shared across all sandboxes) or to a specific sandbox.
 
-    Secrets can be scoped globally (shared across all sandboxes) or to a
-    specific sandbox.
+    REGISTRY SECRETS (e.g. "ghcr.io", "myregistry.azurecr.io")
+      Used to pull private template images and kit artifacts before sandbox
+      creation. Host-only secrets (no -g) are not injected into sandboxes;
+      global secrets (-g) are written as ~/.docker/config.json in every new sandbox.
+      Use "sbx secret set --registry <host> --password-stdin" to store them.
 options:
     - name: help
       shorthand: h

data/sbx_cli/sbx_secret_rm.yaml

@@ -14,6 +14,8 @@ options:
       shorthand: h
       default_value: "false"
       usage: help for rm
+    - name: registry
+      usage: Registry hostname to remove pull credentials for
 inherited_options:
     - name: debug
       shorthand: D
@@ -32,5 +34,11 @@ example: |4-
       # Remove OpenAI or Anthropic credential(s) from global scope (OAuth and/or API key)
       sbx secret rm -g openai
       sbx secret rm -g anthropic
+
+      # Remove registry pull credentials (removes host-only and global entries)
+      sbx secret rm --registry ghcr.io -f
+
+      # Remove only the global (all-sandboxes) registry credential
+      sbx secret rm -g --registry ghcr.io -f
 see_also:
     - sbx secret - Manage stored secrets

data/sbx_cli/sbx_secret_set.yaml

@@ -1,12 +1,17 @@
 name: sbx secret set
 synopsis: Create or update a secret
 description: |-
-    Create or update a secret for a service.
+    Create or update a secret for a service or registry.
 
-    Available services: anthropic, aws, cursor, droid, github, google, groq, mistral, nebius, openai, xai
+    Available services: anthropic, aws, bedrock, cursor, droid, github, google, groq, mistral, nebius, openai, xai
 
     When no arguments are provided, an interactive prompt guides you through
     scope and service selection.
+
+    Use --registry to store pull credentials for a container registry:
+      Without -g: host-only — used for template/kit pulls, not injected into sandboxes.
+      With -g:    global   — host pulls AND written as ~/.docker/config.json in every new sandbox.
+      With SANDBOX as the first argument: scoped to that specific sandbox only.
 usage: sbx secret set [-g | SANDBOX] [SERVICE] [flags]
 options:
     - name: force
@@ -24,9 +29,18 @@ options:
     - name: oauth
       default_value: "false"
       usage: Start OAuth flow and store OAuth tokens (openai/global only)
+    - name: password-stdin
+      default_value: "false"
+      usage: |
+        Read registry password or token from stdin (use with --registry)
+    - name: registry
+      usage: Registry hostname for pull credentials (e.g. ghcr.io)
     - name: token
       shorthand: t
       usage: 'Secret value (less secure: visible in shell history)'
+    - name: username
+      usage: |
+        Registry username (use with --registry; omit for token-only auth)
 inherited_options:
     - name: debug
       shorthand: D
@@ -44,5 +58,14 @@ example: |4-
 
       # Start OpenAI OAuth flow and store global OAuth tokens
       sbx secret set -g openai --oauth
+
+      # Registry: host-only (template/kit pulls, not injected into sandboxes)
+      gh auth token | sbx secret set --registry ghcr.io --password-stdin
+
+      # Registry: global (host pulls + injected into every new sandbox)
+      gh auth token | sbx secret set -g --registry ghcr.io --password-stdin
+
+      # Registry: specific sandbox only
+      gh auth token | sbx secret set my-sandbox --registry ghcr.io --password-stdin
 see_also:
     - sbx secret - Manage stored secrets