Extract shared base image, pin tool versions, add standalone usage docs

- Extract system packages, Go, Go tools, and Node.js into base/Dockerfile
- Claude and codex Dockerfiles extend the base, each with its own username
- Pin gopls, delve, golangci-lint, and RTK to specific versions
- CI workflow builds base first, then sandboxes in parallel
- Add "Running standalone" section with credential and mount examples
- Add AGENTS.md, CLAUDE.md, .gitignore

Author: changkun

.github/workflows/release.yml

@@ -13,7 +13,43 @@ permissions:
   packages: write
 
 jobs:
-  build-and-push:
+  build-base:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Compute base image tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/sandbox-base
+          tags: |
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=raw,value=latest
+
+      - name: Build and push base
+        uses: docker/build-push-action@v6
+        with:
+          context: base
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=sandbox-base
+          cache-to: type=gha,mode=max,scope=sandbox-base
+
+  build-sandboxes:
+    needs: build-base
     strategy:
       matrix:
         image:
@@ -24,7 +60,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
       - uses: docker/setup-qemu-action@v3
       - uses: docker/setup-buildx-action@v3
 
@@ -53,5 +88,7 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            BASE_IMAGE=ghcr.io/${{ github.repository_owner }}/sandbox-base:latest
           cache-from: type=gha,scope=${{ matrix.image.name }}
           cache-to: type=gha,mode=max,scope=${{ matrix.image.name }}

.gitignore

@@ -0,0 +1 @@
+.DS_Store

AGENTS.md

@@ -0,0 +1,61 @@
+# AGENTS.md
+
+Instructions for AI agents working on this repository.
+
+## Project Overview
+
+Container images for [Wallfacer](https://github.com/changkun/wallfacer) agent sandboxes. Three images are built from this repo:
+
+- **sandbox-base**: shared base with OS packages, Go, Go tools, Node.js, Python, and RTK
+- **sandbox-claude**: extends base with the Claude Code CLI
+- **sandbox-codex**: extends base with the OpenAI Codex CLI
+
+## Structure
+
+```
+base/Dockerfile         Shared base image (Ubuntu 24.04, Go, Node.js, Go tools, RTK)
+claude/Dockerfile       Claude Code sandbox (FROM base)
+claude/entrypoint.sh    Claude Code entrypoint
+codex/Dockerfile        Codex sandbox (FROM base)
+codex/entrypoint.sh     Codex entrypoint with argument translation
+Makefile                Build targets (base, claude, codex, clean)
+.github/workflows/      CI: build-base then build-sandboxes (multi-arch)
+```
+
+## Build Commands
+
+```bash
+make              # Build all images (base, claude, codex)
+make base         # Build base image only
+make claude       # Build claude sandbox (builds base first)
+make codex        # Build codex sandbox (builds base first)
+make clean        # Remove all images
+make RUNTIME=docker  # Use Docker instead of Podman
+```
+
+## Conventions
+
+- All shared system-level dependencies (OS packages, Go, Go tools, Node.js) go in `base/Dockerfile`. User creation, RTK, and CLI installs go in each child Dockerfile.
+- Each image has its own non-root user (UID 1000): `claude` for sandbox-claude, `codex` for sandbox-codex. Wallfacer hardcodes paths under `/home/claude/` and `/home/codex/` for volume mounts, so these usernames must not change.
+- Major Go tools are pinned to specific versions via build ARGs. Utility tools use `@latest`.
+- RTK version is pinned via the `RTK_VERSION` build ARG.
+- Entrypoints handle RTK init at runtime (not build time) because the config volume is mounted at container start.
+- The codex entrypoint translates Claude Code-style flags to Codex CLI format and emits a Claude Code-compatible JSON envelope.
+
+## Entrypoint Contract
+
+Wallfacer expects sandbox images to:
+
+- Use `/workspace` as the working directory
+- Run as non-root (UID 1000)
+- Accept Claude Code-compatible flags (`-p <prompt>`, `--verbose`, `--output-format stream-json`, `--model <val>`, `--resume <val>`)
+- Emit a final JSON line: `{result, session_id, stop_reason, is_error, total_cost_usd, usage}`
+
+## CI/CD
+
+The release workflow (`.github/workflows/release.yml`) runs on version tags (`v*`) and manual dispatch:
+
+1. **build-base**: builds and pushes `sandbox-base` (multi-arch amd64/arm64)
+2. **build-sandboxes**: builds and pushes `sandbox-claude` and `sandbox-codex` from the pushed base
+
+Images are published to `ghcr.io/latere-ai/`.

CLAUDE.md

@@ -0,0 +1,3 @@
+# CLAUDE.md
+
+This file is an alias for [AGENTS.md](./AGENTS.md).

Makefile

@@ -1,20 +1,29 @@
 SHELL   := /bin/bash
 RUNTIME := podman
 
+BASE_IMAGE         := sandbox-base:latest
+BASE_GHCR_IMAGE    := ghcr.io/latere-ai/sandbox-base:latest
 CLAUDE_IMAGE       := sandbox-claude:latest
 CLAUDE_GHCR_IMAGE  := ghcr.io/latere-ai/sandbox-claude:latest
 CODEX_IMAGE        := sandbox-codex:latest
 CODEX_GHCR_IMAGE   := ghcr.io/latere-ai/sandbox-codex:latest
 
-.PHONY: all claude codex clean
+.PHONY: all base claude codex clean
 
 all: claude codex
 
-claude:
-	$(RUNTIME) build -t $(CLAUDE_IMAGE) -t $(CLAUDE_GHCR_IMAGE) -f claude/Dockerfile claude/
+base:
+	$(RUNTIME) build -t $(BASE_IMAGE) -t $(BASE_GHCR_IMAGE) -f base/Dockerfile base/
 
-codex:
-	$(RUNTIME) build -t $(CODEX_IMAGE) -t $(CODEX_GHCR_IMAGE) -f codex/Dockerfile codex/
+claude: base
+	$(RUNTIME) build --build-arg BASE_IMAGE=$(BASE_IMAGE) \
+		-t $(CLAUDE_IMAGE) -t $(CLAUDE_GHCR_IMAGE) -f claude/Dockerfile claude/
+
+codex: base
+	$(RUNTIME) build --build-arg BASE_IMAGE=$(BASE_IMAGE) \
+		-t $(CODEX_IMAGE) -t $(CODEX_GHCR_IMAGE) -f codex/Dockerfile codex/
 
 clean:
-	-$(RUNTIME) rmi $(CLAUDE_IMAGE) $(CLAUDE_GHCR_IMAGE) $(CODEX_IMAGE) $(CODEX_GHCR_IMAGE)
+	-$(RUNTIME) rmi $(CLAUDE_IMAGE) $(CLAUDE_GHCR_IMAGE) \
+		$(CODEX_IMAGE) $(CODEX_GHCR_IMAGE) \
+		$(BASE_IMAGE) $(BASE_GHCR_IMAGE)

README.md

@@ -4,20 +4,23 @@ Container images for [Wallfacer](https://github.com/changkun/wallfacer) agent sa
 
 ## Images
 
+- **sandbox-base**: shared base image with OS packages, Go, Go tools, Node.js, Python, and RTK
+  `ghcr.io/latere-ai/sandbox-base`
 - **sandbox-claude**: Claude Code CLI sandbox
   `ghcr.io/latere-ai/sandbox-claude`
 - **sandbox-codex**: OpenAI Codex CLI sandbox
   `ghcr.io/latere-ai/sandbox-codex`
 
 ## What's inside
 
-Both images share a common base (Ubuntu 24.04, multi-arch amd64/arm64):
+The base image (Ubuntu 24.04, multi-arch amd64/arm64) provides:
 
 - **OS**: Ubuntu 24.04 with `build-essential`, `git`, `curl`, `wget`, `vim`, `jq`, `ripgrep`, `openssh-client`
 - **Go**: 1.25.7 + tooling (gopls, goimports, delve, golangci-lint, staticcheck, gosec, and more)
 - **Node.js**: 22 LTS
 - **Python**: 3 with pip and venv
 - **Non-root user**: UID 1000, passwordless sudo
+- **[RTK](https://github.com/rtk-ai/rtk)**: token-optimized CLI proxy for reduced token usage
 
 Image-specific additions:
 
@@ -26,8 +29,6 @@ Image-specific additions:
 - **sandbox-codex**
   - [Codex CLI](https://github.com/openai/codex) (`@openai/codex`)
 
-Both images also include [RTK](https://github.com/rtk-ai/rtk), a token-optimized CLI proxy for reduced token usage.
-
 ## Using pre-built images
 
 Pre-built multi-arch images are published to GHCR on every release:
@@ -47,15 +48,14 @@ Replace `podman` with `docker` if using Docker.
 
 ## Building locally
 
-If you want to customize the images or build from source:
-
 ```bash
 git clone https://github.com/latere-ai/images.git
 cd images
 
-make            # Build both images
-make claude     # Build Claude sandbox only
-make codex      # Build Codex sandbox only
+make            # Build all images (base, claude, codex)
+make base       # Build base image only
+make claude     # Build Claude sandbox (builds base first)
+make codex      # Build Codex sandbox (builds base first)
 make clean      # Remove all images
 ```
 
@@ -67,13 +67,98 @@ make RUNTIME=docker
 
 Built images are tagged as both `sandbox-claude:latest` (local) and `ghcr.io/latere-ai/sandbox-claude:latest` (registry name). Wallfacer finds images by the local name, so local builds work without any configuration change.
 
+## Running standalone
+
+You can run these images directly without Wallfacer. Each sandbox needs credentials and a workspace directory mounted into the container.
+
+### Claude sandbox
+
+Claude Code authenticates via either an OAuth token or an API key. Pass credentials through an env file and mount a named volume for Claude's config directory.
+
+1. Create an env file (e.g. `~/.claude-sandbox.env`):
+
+   ```
+   ANTHROPIC_API_KEY=sk-ant-...
+   ```
+
+   Or, if using OAuth (from `claude setup-token`):
+
+   ```
+   CLAUDE_CODE_OAUTH_TOKEN=your-oauth-token
+   ```
+
+2. Run the container:
+
+   ```bash
+   docker run --rm -it \
+     --env-file ~/.claude-sandbox.env \
+     -v claude-config:/home/claude/.claude \
+     -v "$(pwd)":/workspace/myproject \
+     -w /workspace/myproject \
+     ghcr.io/latere-ai/sandbox-claude:latest \
+     -p "explain this project"
+   ```
+
+The named volume `claude-config` persists Claude's session data, settings, and CLAUDE.md cache between runs. The first run may take a moment while Claude Code initializes.
+
+To start an interactive session instead of a one-shot prompt:
+
+```bash
+docker run --rm -it \
+  --env-file ~/.claude-sandbox.env \
+  -v claude-config:/home/claude/.claude \
+  -v "$(pwd)":/workspace/myproject \
+  -w /workspace/myproject \
+  --entrypoint claude \
+  ghcr.io/latere-ai/sandbox-claude:latest
+```
+
+### Codex sandbox
+
+Codex authenticates via an API key passed through an env file. If you have logged in with `codex` on the host, you can also bind-mount the auth cache.
+
+1. Create an env file (e.g. `~/.codex-sandbox.env`):
+
+   ```
+   OPENAI_API_KEY=sk-...
+   ```
+
+2. Run the container:
+
+   ```bash
+   docker run --rm -it \
+     --env-file ~/.codex-sandbox.env \
+     -v "$(pwd)":/workspace/myproject \
+     -w /workspace/myproject \
+     ghcr.io/latere-ai/sandbox-codex:latest \
+     -p "explain this project"
+   ```
+
+   Or, if you have `~/.codex/auth.json` from a prior `codex` login on the host, mount it read-only instead of using an env file:
+
+   ```bash
+   docker run --rm -it \
+     -v ~/.codex:/home/codex/.codex:ro \
+     -v "$(pwd)":/workspace/myproject \
+     -w /workspace/myproject \
+     ghcr.io/latere-ai/sandbox-codex:latest \
+     -p "explain this project"
+   ```
+
+### Notes
+
+- Replace `docker` with `podman` if preferred.
+- The `-p "..."` flag passes a one-shot prompt. The entrypoint translates this into the appropriate CLI invocation.
+- Mount additional project directories as needed under `/workspace/`.
+- To limit resources: `--cpus 2 --memory 4g`.
+
 ## Entrypoint contract
 
-Wallfacer expects the following from sandbox images:
+These details are relevant if you are building custom images on top of the sandboxes or integrating them into your own orchestration.
 
 - **Working directory**: `/workspace` (workspaces are mounted as subdirectories)
 - **User**: non-root (UID 1000)
-- **Entrypoint**: accepts Claude Code-compatible flags (`-p <prompt>`, `--verbose`, `--output-format stream-json`, `--model <model>`, `--resume <session>`)
+- **Entrypoint**: accepts Claude Code-compatible flags (`-p <prompt>`, `--verbose`, `--output-format stream-json`, `--model <val>`, `--resume <val>`)
 - **Output**: last line of stdout must be a JSON object with `{result, session_id, stop_reason, is_error, total_cost_usd, usage}`
 - **Environment variables**: receives `ANTHROPIC_API_KEY` / `CLAUDE_CODE_OAUTH_TOKEN` (Claude) or `OPENAI_API_KEY` (Codex) via `--env-file`
-- **Config volume**: Claude config mounted at `/home/<user>/.claude`
+- **Config volume**: Claude config at `/home/claude/.claude`, Codex auth at `/home/codex/.codex`

base/Dockerfile

@@ -0,0 +1,75 @@
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TZ=UTC
+
+# --- System packages ---
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    git \
+    curl \
+    wget \
+    vim \
+    jq \
+    unzip \
+    zip \
+    ca-certificates \
+    gnupg \
+    openssh-client \
+    sudo \
+    locales \
+    ripgrep \
+    python3 \
+    python3-pip \
+    python3-venv \
+    && locale-gen en_US.UTF-8 \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+ENV LANG=en_US.UTF-8
+ENV LC_ALL=en_US.UTF-8
+
+# --- Go ---
+ARG GO_VERSION=1.25.7
+RUN ARCH=$(dpkg --print-architecture) && \
+    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${ARCH}.tar.gz" \
+    | tar -C /usr/local -xzf - && \
+    ln -s /usr/local/go/bin/go /usr/local/bin/go && \
+    ln -s /usr/local/go/bin/gofmt /usr/local/bin/gofmt
+
+# --- Go tools ---
+# Major tools are pinned to specific versions for reproducibility.
+# Utility tools use @latest (stable, rarely breaking).
+ARG GOPLS_VERSION=v0.21.1
+ARG DLV_VERSION=v1.24.2
+ARG GOLANGCI_LINT_VERSION=v2.11.3
+ENV GOPATH=/root/go
+ENV PATH=$PATH:/root/go/bin
+RUN go install golang.org/x/tools/gopls@${GOPLS_VERSION} && \
+    go install golang.org/x/tools/cmd/goimports@latest && \
+    go install golang.org/x/tools/cmd/gorename@latest && \
+    go install golang.org/x/tools/cmd/godoc@latest && \
+    go install github.com/go-delve/delve/cmd/dlv@${DLV_VERSION} && \
+    go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@${GOLANGCI_LINT_VERSION} && \
+    go install honnef.co/go/tools/cmd/staticcheck@latest && \
+    go install github.com/fatih/gomodifytags@latest && \
+    go install github.com/josharian/impl@latest && \
+    go install github.com/cweill/gotests/gotests@latest && \
+    go install github.com/rogpeppe/godef@latest && \
+    go install github.com/ramya-rao-a/go-outline@latest && \
+    go install github.com/securego/gosec/v2/cmd/gosec@latest && \
+    rm -rf /root/go/pkg /root/.cache/go-build
+# Move tools to /usr/local so they are available to all users
+RUN cp /root/go/bin/* /usr/local/bin/ && rm -rf /root/go
+ENV GOPATH=
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# --- Node.js 22 LTS ---
+ARG NODE_MAJOR=22
+RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_MAJOR}.x | bash - && \
+    apt-get install -y nodejs && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# --- Workspace ---
+RUN mkdir -p /workspace
+
+WORKDIR /workspace