A CLI tool for managing sandboxed AI web development agents.
sandctl provisions isolated VM environments on Hetzner Cloud where AI coding agents can work on development tasks safely.
- Bun 1.x
bun install
bun run buildmake installmake build-allbun install
bun run build
./sandctl --help
./sandctl versionbun run lint
bun test tests/unit/
bun run test:e2e:contracts
bun run test:e2e
bun run buildNotes:
test:e2erunsbuildfirst, then all files undertests/e2e/. Live infrastructure checks inlive-smoke.test.tsare skipped by default unlessSANDCTL_LIVE_SMOKE=1is set.
Contract tests verify compiled-binary behaviour without live infrastructure or secrets. They cover:
tests/e2e/config-path-contract.test.ts— config file path resolution and XDG/home-dir overridestests/e2e/init-new-agent-contract.test.ts—new/initagent command flag contractstests/e2e/legacy-sessions-contract.test.ts— backwards-compatible session file schema
Run all three together:
bun run test:e2e:contractsContract tests run in CI as the contract-tests job (deterministic, no secrets required) after the build job succeeds.
To run the real cloud smoke flow (new -> list -> exec -> destroy), provide credentials and opt in:
SANDCTL_LIVE_SMOKE=1 HETZNER_API_TOKEN=<token> bun test tests/e2e/live-smoke.test.ts- TypeScript CI is required on pull requests.
- Live smoke (
tests/e2e/live-smoke.test.ts) is a required PR check before merge, configured in the target branch protection/ruleset. HETZNER_API_TOKENmust be configured as a repository secret; when missing, thee2ejob fails rather than skipping.- Fork PRs are unsupported for this required check because repository secrets are unavailable, so the
e2ejob fails by design.
- SSH agent discovery and console behavior are tested with injected runtime/platform data so parity checks stay OS-independent.
- Run
bun test tests/unit/ssh/macos-parity.test.tsto validate macOS path/terminal assumptions without requiring macOS at runtime.