sandbox-cli:sandbox-setup
This skill should be used when the user asks to "install sandbox-cli", "setup sandbox", "configure sandbox-cli", "get sandbox-cli working", "download sandbox-cli", or "I don't have sandbox-cli installed".
Best use case
sandbox-cli:sandbox-setup is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
This skill should be used when the user asks to "install sandbox-cli", "setup sandbox", "configure sandbox-cli", "get sandbox-cli working", "download sandbox-cli", or "I don't have sandbox-cli installed".
Teams using sandbox-cli:sandbox-setup should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/sandbox-setup/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How sandbox-cli:sandbox-setup Compares
| Feature / Agent | sandbox-cli:sandbox-setup | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
This skill should be used when the user asks to "install sandbox-cli", "setup sandbox", "configure sandbox-cli", "get sandbox-cli working", "download sandbox-cli", or "I don't have sandbox-cli installed".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
---
context: main
---
# Skill: sandbox-setup
**Name:** Sandbox CLI Setup
**Description:** Install and configure the sandbox-cli tool for managing OCP shared clusters via the RHDP Sandbox API.
---
## Purpose
Guide the user through installing sandbox-cli and authenticating with the Sandbox API. This skill handles platform detection, binary download, VPN verification, and initial login.
## Workflow
### Step 1: Detect Platform
Determine the user's OS and architecture:
```bash
uname -s # Darwin or Linux
uname -m # arm64 or x86_64
```
Map to binary name:
- macOS Apple Silicon: `sandbox-cli-darwin-arm64`
- macOS Intel: `sandbox-cli-darwin-amd64`
- Linux x86_64: `sandbox-cli-linux-amd64`
- Linux ARM: `sandbox-cli-linux-arm64`
### Step 2: Check if Already Installed
```bash
which sandbox-cli && sandbox-cli version
```
If already installed, check if it's up to date by running `sandbox-cli status` and skip to Step 4.
### Step 3: Download and Install
Download the latest release from GitHub:
```bash
# Get latest release URL
PLATFORM="darwin-arm64" # adjust based on Step 1
curl -sL "https://github.com/rhpds/sandbox/releases/latest/download/sandbox-cli-${PLATFORM}" -o /usr/local/bin/sandbox-cli
chmod +x /usr/local/bin/sandbox-cli
```
If `/usr/local/bin` requires sudo, suggest:
```bash
curl -sL "https://github.com/rhpds/sandbox/releases/latest/download/sandbox-cli-${PLATFORM}" -o ~/bin/sandbox-cli
chmod +x ~/bin/sandbox-cli
# Ensure ~/bin is in PATH
```
Verify installation:
```bash
sandbox-cli version
```
### Step 4: Verify Red Hat VPN Connection
**CRITICAL:** The sandbox API is IP-restricted. The user MUST be on Red Hat VPN. Always verify VPN connectivity before any sandbox-cli operation.
Run this check:
```bash
host squid.redhat.com
```
**If the DNS resolves** (returns an IP address like `10.x.x.x`), the user is on VPN. Proceed.
**If it fails** with `NXDOMAIN`, `not found`, or `connection timed out`, the user is NOT on VPN. Stop and tell them:
> You are NOT connected to the Red Hat VPN. The sandbox API is IP-restricted and all commands will fail with EOF errors. Please connect to the Red Hat VPN before proceeding.
Do NOT proceed with login or any sandbox-cli commands until VPN is confirmed.
### Step 5: Login
Ask the user for:
1. **Server URL** - The sandbox API endpoint (default: `https://restricted-babylon-sandbox-api.apps.infra-us-east-1.infra.demo.redhat.com`)
2. **Login Token** - A JWT token issued by a sandbox admin
Then run:
```bash
sandbox-cli login --server <SERVER_URL> --token <TOKEN>
```
Expected output on success:
```
Authenticating with <SERVER_URL>...
Using Red Hat VPN proxy (squid.redhat.com:3128)
Login successful. Access token saved to ~/.local/sandbox-cli/config.json
Token expires: <date>
```
If you get an `EOF` error, the VPN check in Step 4 may have given a false positive. Ask the user to verify their VPN connection and retry.
### Step 6: Verify
```bash
sandbox-cli status
```
This shows client version, server connection, proxy status, and authentication state.
## Troubleshooting
| Error | Cause | Fix |
|-------|-------|-----|
| `EOF` error on login | Not on VPN | Connect to Red Hat VPN, verify with `host squid.redhat.com` |
| `authentication failed` | Invalid or expired token | Get a new token from a sandbox admin |
| `command not found` | Binary not in PATH | Check install location and PATH |
| `permission denied` | Binary not executable | Run `chmod +x /path/to/sandbox-cli` |
## Important Notes
- Configuration is saved to `~/.local/sandbox-cli/config.json`
- Access tokens auto-refresh when expired
- The CLI auto-detects Red Hat VPN and uses squid proxy (`squid.redhat.com:3128`)
- Requires Go 1.22+ if building from source