feat: add sandboxed Ralph execution and initiative mode

Docker sandbox:
- Dockerfile extending official Claude sandbox with Metis CLI and plugin
- run-sandboxed-ralph.sh launcher script with auth handling

Ralph improvements:
- New /metis-ralph-initiative command to execute all tasks under an initiative
- Tasks no longer auto-transition to completed - user reviews first
- Progress logged to task documents as working memory
- State file renamed to .claude/metis-ralph-active.yaml (simpler format)
- --sandboxed flag to run in isolated Docker container

Author: Dylan Storey

docker/Dockerfile.claude-sandbox

@@ -0,0 +1,53 @@
+# Claude Code Sandbox with Metis
+# Extends Docker's official Claude sandbox with Metis work management
+#
+# Base image includes:
+# - Claude Code with automated credential handling
+# - Docker CLI, GitHub CLI, Node.js, Go, Python 3, Git, ripgrep, jq
+# - Runs as non-root 'agent' user with sudo access
+#
+# This image adds:
+# - Metis CLI and MCP server
+# - Metis plugin for Claude Code
+
+FROM docker/sandbox-templates:claude-code
+
+# Install Rust (needed to build Metis)
+USER root
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+# Install build dependencies for Metis
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    pkg-config \
+    libsqlite3-dev \
+    libssl-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Clone and build Metis CLI (includes MCP server via `metis mcp` subcommand)
+ARG METIS_VERSION=main
+RUN git clone --depth 1 --branch ${METIS_VERSION} https://github.com/colliery-io/metis.git /tmp/metis \
+    && cd /tmp/metis \
+    && cargo build --release -p metis-docs-cli \
+    && cp target/release/metis /usr/local/bin/metis \
+    && chmod +x /usr/local/bin/metis \
+    && rm -rf /tmp/metis /root/.cargo/registry /root/.cargo/git
+
+# Install Metis plugin for the agent user
+USER agent
+
+# Clone Metis repo to get plugin files (uses same version as CLI build)
+ARG PLUGIN_VERSION=main
+RUN mkdir -p /home/agent/.claude/plugins/marketplaces/colliery-io-metis/plugins \
+    && git clone --depth 1 --branch ${PLUGIN_VERSION} https://github.com/colliery-io/metis.git /tmp/metis-plugin \
+    && cp -r /tmp/metis-plugin/plugins/metis /home/agent/.claude/plugins/marketplaces/colliery-io-metis/plugins/ \
+    && rm -rf /tmp/metis-plugin
+
+# Configure MCP server for Metis
+RUN mkdir -p /home/agent/.claude && \
+    echo '{"mcpServers":{"metis":{"command":"metis","args":["mcp","--project-path","/workspace"]}}}' > /home/agent/.mcp.json
+
+# Back to agent user for runtime
+WORKDIR /workspace
+CMD ["claude"]

docker/claude-sandbox.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# Run Claude Code in isolated container
+#
+# Usage:
+#   ./claude-sandbox.sh              # Normal sandboxed session (no network)
+#   ./claude-sandbox.sh --auth       # Enable network for OAuth login
+#   ./claude-sandbox.sh -- <args>    # Pass args to claude
+#
+# OAuth: Tokens are stored in ~/.claude on your host. The container mounts
+# this directory, so once authenticated, tokens persist across runs.
+# If you need to re-authenticate, use --auth flag.
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
+IMAGE_NAME="claude-sandbox-mimir"
+
+# Parse arguments
+NETWORK_MODE="none"
+CLAUDE_ARGS=()
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --auth)
+            NETWORK_MODE="host"
+            echo "⚠️  Network enabled for OAuth authentication"
+            shift
+            ;;
+        --)
+            shift
+            CLAUDE_ARGS=("$@")
+            break
+            ;;
+        *)
+            CLAUDE_ARGS+=("$1")
+            shift
+            ;;
+    esac
+done
+
+# Build if image doesn't exist
+if ! docker image inspect "$IMAGE_NAME" &>/dev/null; then
+    echo "Building sandbox image (this may take a few minutes)..."
+    docker build -t "$IMAGE_NAME" -f "$SCRIPT_DIR/Dockerfile.claude-sandbox" "$SCRIPT_DIR"
+fi
+
+echo "Starting Claude Code sandbox..."
+echo "  Project: $PROJECT_DIR"
+echo "  Network: $NETWORK_MODE"
+echo ""
+
+# Run container
+docker run -it --rm \
+    -v "$PROJECT_DIR:/workspace" \
+    -v "$HOME/.claude:/root/.claude" \
+    --network "$NETWORK_MODE" \
+    --workdir /workspace \
+    "$IMAGE_NAME" \
+    claude "${CLAUDE_ARGS[@]}"

docker/run-sandboxed-ralph.sh

@@ -0,0 +1,242 @@
+#!/bin/bash
+# Run Metis Ralph in a sandboxed Docker container
+#
+# Usage:
+#   ./run-sandboxed-ralph.sh <SHORT_CODE> [OPTIONS]
+#
+# Options:
+#   --task                Run single task (auto-detected from short code)
+#   --max-iterations N    Maximum iterations (default: unlimited)
+#   --attach              Attach to container instead of background
+#
+# Uses Docker's official sandbox feature which:
+#   - Handles OAuth authentication automatically
+#   - Stores credentials in persistent Docker volume
+#   - Provides isolated execution environment
+#   - Includes Claude Code and common dev tools
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Parse arguments
+SHORT_CODE=""
+MAX_ITERATIONS=""
+ATTACH_MODE=false
+TASK_MODE=false
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --max-iterations)
+            MAX_ITERATIONS="$2"
+            shift 2
+            ;;
+        --attach)
+            ATTACH_MODE=true
+            shift
+            ;;
+        --task)
+            TASK_MODE=true
+            shift
+            ;;
+        -h|--help)
+            cat << 'EOF'
+Run Metis Ralph in a sandboxed Docker container
+
+USAGE:
+    ./run-sandboxed-ralph.sh <SHORT_CODE> [OPTIONS]
+
+ARGUMENTS:
+    SHORT_CODE    Task (PROJ-T-NNNN) or Initiative (PROJ-I-NNNN) short code
+
+OPTIONS:
+    --task                Execute a single task (auto-detected from code format)
+    --max-iterations N    Maximum iterations before auto-stop
+    --attach              Attach to container (default: background)
+    -h, --help            Show this help
+
+AUTHENTICATION:
+    Uses Docker's official sandbox which handles OAuth automatically.
+    On first run, you'll be prompted to authenticate via browser.
+    Credentials are stored in Docker volume 'docker-claude-sandbox-data'.
+
+EXAMPLES:
+    # Run all tasks under an initiative
+    ./run-sandboxed-ralph.sh PROJ-I-0001
+
+    # Run a single task
+    ./run-sandboxed-ralph.sh PROJ-T-0001
+
+    # Attach to see output in real-time
+    ./run-sandboxed-ralph.sh PROJ-T-0001 --attach
+
+COMPLETION:
+    Progress is logged to Metis documents in .metis/
+EOF
+            exit 0
+            ;;
+        -*)
+            echo "Unknown option: $1" >&2
+            exit 1
+            ;;
+        *)
+            if [[ -z "$SHORT_CODE" ]]; then
+                SHORT_CODE="$1"
+            fi
+            shift
+            ;;
+    esac
+done
+
+# Validate short code
+if [[ -z "$SHORT_CODE" ]]; then
+    echo "Error: No short code provided" >&2
+    echo "Usage: ./run-sandboxed-ralph.sh <SHORT_CODE> [OPTIONS]" >&2
+    exit 1
+fi
+
+# Determine mode from short code if not explicitly set
+if [[ "$SHORT_CODE" =~ ^[A-Z]+-T-[0-9]+$ ]]; then
+    TASK_MODE=true
+    CONTAINER_PREFIX="ralph-task"
+    MODE_NAME="Task"
+    RALPH_CMD="/metis-ralph"
+elif [[ "$SHORT_CODE" =~ ^[A-Z]+-I-[0-9]+$ ]]; then
+    CONTAINER_PREFIX="ralph-initiative"
+    MODE_NAME="Initiative"
+    RALPH_CMD="/metis-ralph-initiative"
+else
+    echo "Error: Invalid short code format: $SHORT_CODE" >&2
+    echo "Expected: PREFIX-T-NNNN (task) or PREFIX-I-NNNN (initiative)" >&2
+    exit 1
+fi
+
+# Find project root (look for .metis directory)
+PROJECT_DIR="$(pwd)"
+while [[ "$PROJECT_DIR" != "/" ]]; do
+    if [[ -d "$PROJECT_DIR/.metis" ]]; then
+        break
+    fi
+    PROJECT_DIR="$(dirname "$PROJECT_DIR")"
+done
+
+if [[ ! -d "$PROJECT_DIR/.metis" ]]; then
+    echo "Error: Could not find .metis directory" >&2
+    echo "Run from within a Metis project directory" >&2
+    exit 1
+fi
+
+echo "========================================"
+echo "  Sandboxed Ralph Launcher"
+echo "========================================"
+echo ""
+echo "Mode:       $MODE_NAME"
+echo "Short Code: $SHORT_CODE"
+echo "Project:    $PROJECT_DIR"
+echo ""
+
+# Build the prompt for Claude
+RALPH_PROMPT="Execute $RALPH_CMD $SHORT_CODE"
+if [[ -n "$MAX_ITERATIONS" ]]; then
+    RALPH_PROMPT="$RALPH_PROMPT --max-iterations $MAX_ITERATIONS"
+fi
+
+# Check if docker sandbox is available
+if ! docker sandbox --help &>/dev/null 2>&1; then
+    echo "Error: 'docker sandbox' command not available" >&2
+    echo "" >&2
+    echo "Docker sandbox requires Docker Desktop with AI features enabled." >&2
+    echo "See: https://docs.docker.com/ai/sandboxes/get-started/" >&2
+    exit 1
+fi
+
+# Check if sandbox is authenticated
+# Credentials are stored inside the sandbox container at /home/agent/.claude/.credentials.json
+check_sandbox_auth() {
+    # Find any running claude sandbox for this workspace
+    local container_name
+    container_name=$(docker ps --filter "label=docker/sandbox=true" --format "{{.Names}}" 2>/dev/null | head -1)
+
+    if [[ -n "$container_name" ]]; then
+        # Check if credentials exist in the running container
+        local has_creds
+        has_creds=$(docker exec "$container_name" test -f /home/agent/.claude/.credentials.json 2>/dev/null && echo "yes")
+        if [[ "$has_creds" == "yes" ]]; then
+            echo "$container_name"  # Return container name for reuse
+            return 0
+        fi
+    fi
+
+    return 1
+}
+
+echo "Checking sandbox authentication..."
+EXISTING_CONTAINER=$(check_sandbox_auth)
+if [[ -z "$EXISTING_CONTAINER" ]]; then
+    echo ""
+    echo "========================================"
+    echo "  Authentication Required"
+    echo "========================================"
+    echo ""
+    echo "No authenticated Docker sandbox found."
+    echo ""
+    echo "Please run this command in your terminal:"
+    echo ""
+    echo "  docker sandbox run -w $PROJECT_DIR claude"
+    echo ""
+    echo "This will:"
+    echo "  1. Open a browser for OAuth login"
+    echo "  2. Start an interactive Claude session"
+    echo "  3. Keep the sandbox running for Ralph to use"
+    echo ""
+    echo "IMPORTANT: Keep the sandbox running (don't exit)."
+    echo "Then re-run this script in another terminal."
+    echo ""
+    echo "Alternatively, use an API key:"
+    echo ""
+    echo "  export ANTHROPIC_API_KEY='sk-ant-...'"
+    echo "  docker sandbox run -e ANTHROPIC_API_KEY -w $PROJECT_DIR claude"
+    echo ""
+    exit 1
+fi
+echo "Authentication: OK"
+echo "Using sandbox: $EXISTING_CONTAINER"
+echo ""
+
+echo "Launching Ralph..."
+echo "Prompt: $RALPH_PROMPT"
+echo ""
+
+LOG_FILE="$PROJECT_DIR/.metis/ralph-sandbox-$(date +%Y%m%d-%H%M%S).log"
+
+# Run with docker sandbox
+if [[ "$ATTACH_MODE" == "true" ]]; then
+    # Attached mode - run in foreground
+    echo "Running in foreground..."
+    docker exec -it "$EXISTING_CONTAINER" claude --print "$RALPH_PROMPT"
+else
+    # Detached mode - run in background
+    echo "Running in background..."
+    echo ""
+
+    # Run the command inside the existing sandbox container
+    nohup docker exec "$EXISTING_CONTAINER" claude --print "$RALPH_PROMPT" > "$LOG_FILE" 2>&1 &
+    EXEC_PID=$!
+
+    echo "Ralph started!"
+    echo ""
+    echo "  Container: $EXISTING_CONTAINER"
+    echo "  PID:       $EXEC_PID"
+    echo "  Log:       $LOG_FILE"
+    echo ""
+    echo "MONITORING:"
+    echo "  tail -f $LOG_FILE"
+    echo ""
+    echo "PROGRESS:"
+    echo "  Progress is logged to Metis documents in:"
+    echo "  $PROJECT_DIR/.metis/"
+    echo ""
+    echo "STOP:"
+    echo "  kill $EXEC_PID"
+    echo ""
+fi

plugins/metis/commands/cancel-metis-ralph.md

@@ -1,23 +1,23 @@
 ---
 description: "Cancel active Metis Ralph loop"
-allowed-tools: ["Bash(test -f .claude/metis-ralph.local.md:*)", "Bash(rm .claude/metis-ralph.local.md)", "Read(.claude/metis-ralph.local.md)"]
+allowed-tools: ["Bash(test -f .claude/metis-ralph-active.yaml:*)", "Bash(rm .claude/metis-ralph-active.yaml)", "Read(.claude/metis-ralph-active.yaml)"]
 hide-from-slash-command-tool: "true"
 ---
 
 # Cancel Metis Ralph
 
 To cancel the Metis Ralph loop:
 
-1. Check if `.claude/metis-ralph.local.md` exists using Bash: `test -f .claude/metis-ralph.local.md && echo "EXISTS" || echo "NOT_FOUND"`
+1. Check if `.claude/metis-ralph-active.yaml` exists using Bash: `test -f .claude/metis-ralph-active.yaml && echo "EXISTS" || echo "NOT_FOUND"`
 
 2. **If NOT_FOUND**: Say "No active Metis Ralph loop found."
 
 3. **If EXISTS**:
-   - Read `.claude/metis-ralph.local.md` to get the current state:
+   - Read `.claude/metis-ralph-active.yaml` to get the current state:
      - `iteration:` field for iteration count
      - `mode:` field for loop type (task or decompose)
      - `short_code:` field for the document being worked on
-   - Remove the file using Bash: `rm .claude/metis-ralph.local.md`
+   - Remove the file using Bash: `rm .claude/metis-ralph-active.yaml`
    - Report: "Cancelled Metis Ralph loop for [SHORT_CODE] (was at iteration N, mode: MODE)"
 
-Note: Cancelling does NOT revert any Metis document phase transitions that were made during the loop.
+Note: Cancelling does NOT revert any Metis document phase transitions. Progress logged to the task document is preserved.