microsoft
diff --git a/‎marketplace.json‎
Lines changed: 22 additions & 0 deletions b/‎marketplace.json‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎plugin/.claude-plugin/plugin.json‎
Lines changed: 21 additions & 0 deletions b/‎plugin/.claude-plugin/plugin.json‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎plugin/.plugin/plugin.json‎
Lines changed: 21 additions & 0 deletions b/‎plugin/.plugin/plugin.json‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎plugin/README.md‎
Lines changed: 22 additions & 0 deletions b/‎plugin/README.md‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎plugin/skills/sandboxes/SKILL.md‎
Lines changed: 128 additions & 0 deletions b/‎plugin/skills/sandboxes/SKILL.md‎
Lines changed: 128 additions & 0 deletions
diff --git a/‎plugin/skills/sandboxes/references/install.md‎
Lines changed: 63 additions & 0 deletions b/‎plugin/skills/sandboxes/references/install.md‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎plugin/skills/sandboxes/references/prerequisites.md‎
Lines changed: 52 additions & 0 deletions b/‎plugin/skills/sandboxes/references/prerequisites.md‎
Lines changed: 52 additions & 0 deletions
@@ -0,0 +1,22 @@
+{
+  "name": "Azure-Container-Apps",
+  "metadata": {
+    "description": "Azure Container Apps skills marketplace — self-contained skills for coding agents (Copilot CLI, Claude Code).",
+    "version": "0.1.0"
+  },
+  "owner": {
+    "name": "Microsoft",
+    "url": "https://github.com/microsoft/azure-container-apps"
+  },
+  "plugins": [
+    {
+      "name": "sandboxes",
+      "source": "./plugin",
+      "description": "Sandboxes — hardware-isolated microVMs with snapshot/resume, scale-to-zero. Driven by the `aca` CLI; Python SDK also available.",
+      "version": "0.0.1-beta",
+      "skills": [
+        "./plugin/skills/sandboxes"
+      ]
+    }
+  ]
+}
@@ -0,0 +1,21 @@
+{
+  "name": "Azure-Container-Apps",
+  "description": "Azure Container Apps skills marketplace — sandboxes (and more, coming soon).",
+  "version": "0.0.1-beta",
+  "author": {
+    "name": "Microsoft",
+    "url": "https://www.microsoft.com"
+  },
+  "homepage": "https://github.com/microsoft/azure-container-apps",
+  "repository": "https://github.com/microsoft/azure-container-apps",
+  "license": "MIT",
+  "keywords": [
+    "azure",
+    "container-apps",
+    "sandbox",
+    "microvm",
+    "ai-agents",
+    "aca"
+  ],
+  "skills": "./skills/"
+}
@@ -0,0 +1,21 @@
+{
+  "name": "Azure-Container-Apps",
+  "description": "Azure Container Apps skills marketplace — sandboxes (and more, coming soon).",
+  "version": "0.0.1-beta",
+  "author": {
+    "name": "Microsoft",
+    "url": "https://www.microsoft.com"
+  },
+  "homepage": "https://github.com/microsoft/azure-container-apps",
+  "repository": "https://github.com/microsoft/azure-container-apps",
+  "license": "MIT",
+  "keywords": [
+    "azure",
+    "container-apps",
+    "sandbox",
+    "microvm",
+    "ai-agents",
+    "aca"
+  ],
+  "skills": "./skills/"
+}
@@ -0,0 +1,22 @@
+# Azure Container Apps Plugins Marketplace
+
+Skills for Azure Container Apps — install once, drive `aca` from natural language
+in your coding agent.
+
+## Install
+
+### GitHub Copilot CLI
+
+```bash
+# Add as a plugin marketplace
+/plugin marketplace add microsoft/azure-container-apps
+
+# Install all skills
+/plugin install sandboxes@Azure-Container-Apps
+```
+
+### Claude Code
+
+```bash
+claude plugin add microsoft/azure-container-apps
+```
@@ -0,0 +1,128 @@
+---
+name: sandboxes
+description: |
+  Sandboxes — hardware-isolated microVMs on Azure Container Apps for
+  running AI-generated code, coding agents, MCP servers, web apps, and
+  ephemeral workloads. Snapshot/resume, scale-to-zero, sub-second
+  startup, deny-default egress. Driven by the `aca` CLI (auth delegates
+  to `az login`).
+
+  Use when the user wants to: create or manage sandbox groups and
+  sandboxes; exec commands or open an interactive shell; read/write
+  files; expose ports; snapshot, stop, resume, commit to a disk, or
+  mount volumes; tighten egress; manage secrets, managed identity,
+  labels; apply YAML specs; or run scenarios like web apps, coding
+  agents, code interpreter, swarms, sandbox inception, computer-use,
+  MCP hosting, data processing, or developer workflows.
+
+  Triggers: "create sandbox", "sandbox group", "aca cli", "aca
+  sandbox", "azure container apps sandbox", "ACA sandbox", "microVM",
+  "isolated VM", "run untrusted code", "exec in sandbox", "sandbox
+  shell", "copy files to sandbox", "sandbox port", "sandbox snapshot",
+  "commit sandbox to disk", "sandbox volume", "mount volume sandbox",
+  "suspend sandbox", "resume sandbox", "sandbox lifecycle",
+  "auto-suspend sandbox", "sandbox secret", "sandbox managed identity",
+  "sandbox labels", "sandbox apply yaml", "egress deny", "egress
+  allow-list", "code interpreter", "agent swarm", "sandbox inception",
+  "coding agent sandbox", "computer use sandbox", "host mcp".
+---
+
+# Sandboxes
+
+Hardware-isolated microVMs on Azure Container Apps. Snapshot/resume,
+scale-to-zero, sub-second startup, deny-default egress. This skill
+drives sandboxes through the **`aca` CLI** — one command surface, no
+ambiguity. Self-contained — everything is under `references/` in this
+folder.
+
+## What it is
+
+- **Resource type:** `Microsoft.App/SandboxGroups` (preview).
+- **Isolation:** each sandbox is its own microVM, safe for untrusted code.
+- **Startup:** sub-second from a prewarmed pool; suspend/resume preserves
+  full memory + disk.
+- **Scale:** zero to thousands; pay nothing when idle.
+- **Auth:** `aca` delegates to `az login` — same identity, same MFA.
+
+> ⚠️ **The `az` CLI has no sandbox commands.** Sandbox groups and
+> sandboxes are managed by `aca` — **not** by `az containerapp …`. The
+> `az containerapp` commands are for the older Apps / Jobs surface and
+> do not touch sandboxes. If you see `az containerapp sandbox …` in a
+> snippet, it's wrong.
+
+## Get started
+
+| | Where |
+|---|---|
+| **Install** | [references/install.md](references/install.md) |
+| **Prerequisites** | [references/prerequisites.md](references/prerequisites.md) |
+| **Quick start** | [references/quickstart.md](references/quickstart.md) |
+| **Full CLI reference** | [references/reference.md](references/reference.md) |
+| **Scenario recipes** | [references/scenarios.md](references/scenarios.md) |
+
+After install, always confirm setup with `aca doctor` — it resolves
+subscription / RG / group / region / role and tells you which check
+is red.
+
+## Capabilities
+
+Everything the platform exposes. Each row is the starting point — open
+[references/reference.md](references/reference.md) for full flags and
+options.
+
+> Command rows below show only the **shape**. In real invocations:
+> - every `aca sandbox <verb>` takes `--id <sandbox-id>`;
+> - every `aca sandboxgroup <noun> <verb>` mutation takes `--name <group>`
+>   (or relies on the default group set via `--set-config`);
+> - omit these from copies into the shell and you'll get a CLI parse error.
+
+| #  | Capability                | What it does                                                                 | `aca` CLI |
+|----|---------------------------|------------------------------------------------------------------------------|-----------|
+| 00 | **Sandbox groups**        | Provision, list/get, assign Data Owner role, tear down.                      | `aca sandboxgroup create / list / get / role create / delete` |
+| 01 | **Sandboxes**             | Create, list, get, delete; cpu/memory/labels/env; parallel.                  | `aca sandbox create / list / get / delete` (+ `--cpu --memory --labels --env`) |
+| 02 | **Snapshots**             | Freeze a running sandbox; boot new ones from that point.                     | `aca sandbox snapshot --id <id> --name X` · `aca sandbox create --snapshot X` |
+| 03 | **Disks**                 | Public disks, build from container image, commit a running sandbox.          | `aca sandboxgroup disk list-public / create --image` · `aca sandbox commit --id <id> --name X` · `aca sandbox create --disk <public-name>` (or `--disk-id <id>` for private/committed disks) |
+| 04 | **Volumes**               | `AzureBlob` (shared) or `DataDisk` (block); mount at create or post-create.  | `aca sandboxgroup volume create --type AzureBlob` · `aca sandbox mount --volume X --path /mnt/x` |
+| 05 | **Lifecycle**             | Stop/resume; auto-suspend after idle; auto-delete after TTL.                 | `aca sandbox stop / resume` · `aca sandbox lifecycle set --auto-suspend 60` |
+| 06 | **Ports**                 | Expose an HTTP port; anonymous or Entra-gated; revoke.                       | `aca sandbox port add --port 8080 [--anonymous]` · `port list / remove` |
+| 07 | **Files**                 | write / read / list / stat / mkdir / delete inside the sandbox.              | `aca sandbox fs write --file ./local` · `fs cat / ls` · `fs cp <src> <dst>` (positional, `sbx-id:/path` syntax) |
+| 08 | **Egress**                | Deny-default outbound + host allow-list; audit decisions; YAML transforms.   | `aca sandbox egress set --default Deny --host-allow "*.host.com"` · `egress show / decisions / apply` |
+| 09 | **Secrets**               | Group-scoped key/value, fetched at runtime from inside the sandbox.          | `aca sandboxgroup secret upsert --name X --values "K=V"` · `secret list / delete` |
+| 10 | **Managed identity**      | System- or User-assigned MI on the group; grant RBAC for cross-group orchestration. | `aca sandboxgroup identity assign --system-assigned` (or `--user-assigned <res-id>`) · `identity show / remove` |
+| 11 | **Labels & selectors**    | `--labels k=v` at create time; AND-filter on list. Fleet management pattern. | `aca sandbox create --labels role=worker,tenant=t42` · `aca sandbox list -l role=worker` |
+| 12 | **Interactive shell**     | Real PTY into a running sandbox.                                             | `aca sandbox shell --id <id>` |
+| 13 | **YAML spec / `apply`**   | Declarative infra-as-code: `init`, `validate`, `apply`, `schema`.            | `aca sandbox init > sandbox.yaml` · `validate` · `apply --file sandbox.yaml` |
+| 14 | **`aca doctor`**          | Diagnose subscription / RG / group / region / role.                          | `aca doctor` |
+
+## Scenarios
+
+Composed patterns that combine the capabilities above. Full sketches
+in [references/scenarios.md](references/scenarios.md).
+
+- **Web apps** — start a server, expose a port anonymously, hit the URL.
+- **Coding agents in a sandbox** — run Copilot CLI / Claude Code / Codex
+  with deny-default egress and (optionally) token-swap rules.
+- **Code interpreter** — LLM generates → exec → observe → iterate;
+  snapshot between turns for rewind.
+- **Swarms** — orchestrator fans work across N worker sandboxes by
+  label selector.
+- **Sandbox inception** — orchestrator runs *inside* a sandbox and uses
+  its managed identity to drive a separate worker group. No credentials
+  in agent code.
+- **Computer-use** — LLM drives a real browser; watch live via noVNC.
+- **MCP hosting** — host an MCP server in a sandbox; expose via port or
+  Dev Tunnel.
+- **Data processing** — producer/consumer pipelines on shared
+  `AzureBlob` volumes.
+- **Developer workflows** — PR builds, ephemeral CI, on-demand dev envs.
+
+## Python SDK (separate)
+
+An early-access Python SDK (`azure-containerapps-sandbox`) is also
+available if you'd rather drive sandboxes from service code instead of
+the CLI. It is **out of scope for this skill** — when the user asks for
+Python, point them at the upstream README and stop:
+
+> https://github.com/microsoft/azure-container-apps/blob/main/docs/early/python-sdk/README.md
+
+Mixing CLI and SDK in the same answer confuses things. Pick one.
@@ -0,0 +1,63 @@
+# Install the `aca` CLI
+
+The `aca` CLI is the primary surface for sandboxes. It delegates
+authentication to the Azure CLI (`az login`).
+
+## Linux / macOS
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/microsoft/azure-container-apps/main/docs/early/aca-cli/install.sh | sh
+```
+
+Pin a specific version:
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/microsoft/azure-container-apps/main/docs/early/aca-cli/install.sh \
+  | ACA_VERSION=aca-cli-v0.1.0-early-access sh
+```
+
+## Windows (PowerShell)
+
+```powershell
+irm https://raw.githubusercontent.com/microsoft/azure-container-apps/main/docs/early/aca-cli/install.ps1 | iex
+```
+
+Pin a specific version:
+
+```powershell
+& ([scriptblock]::Create((irm https://raw.githubusercontent.com/microsoft/azure-container-apps/main/docs/early/aca-cli/install.ps1))) -Version aca-cli-v0.1.0-early-access
+```
+
+## Verify
+
+```bash
+aca --version
+# aca 1.0.0-beta.1
+```
+
+Then log in and run the doctor:
+
+```bash
+az login
+aca doctor
+```
+
+## Uninstall
+
+```bash
+# Linux / macOS
+curl -fsSL https://raw.githubusercontent.com/microsoft/azure-container-apps/main/docs/early/aca-cli/install.sh | sh -s -- --uninstall
+```
+
+```powershell
+# Windows
+& ([scriptblock]::Create((irm https://raw.githubusercontent.com/microsoft/azure-container-apps/main/docs/early/aca-cli/install.ps1))) -Uninstall
+```
+
+## Supported platforms
+
+| Platform | Architecture |
+|---|---|
+| Linux   | x64    |
+| macOS   | ARM64  |
+| Windows | x64    |
@@ -0,0 +1,52 @@
+# CLI prerequisites
+
+## Accounts and access
+
+- **Azure subscription** — one you can create resource groups in.
+  [Create one for free](https://azure.microsoft.com/pricing/purchase-options/azure-account).
+- **Microsoft Entra ID account** — personal Microsoft accounts are **not** supported.
+- **Role** — to create sandboxes inside a group you need the
+  `Container Apps SandboxGroup Data Owner` role on the group. The
+  [quickstart](quickstart.md) shows how to grant it to yourself.
+
+## Tools
+
+- **[Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)** installed and logged in (`az login`).
+  The `aca` CLI delegates auth to `az login` — same identity, same MFA,
+  same conditional-access policies.
+- **An Azure subscription with a resource group.**
+- **`aca` CLI** — installed in one line; see [install.md](install.md).
+- **A shell** — Bash on Linux/macOS; PowerShell or Bash (Git Bash / WSL) on Windows.
+
+## Supported platforms
+
+| Platform | Architecture |
+|---|---|
+| Linux   | x64    |
+| macOS   | ARM64  |
+| Windows | x64    |
+
+## Region
+
+Sandboxes are a preview resource type. Start with a well-supported
+region such as `eastus2` or `westus2`. If a region rejects the group
+create, try another — `aca` will tell you which region the API rejected.
+
+## Doctor checklist
+
+`aca doctor` runs all of the following — green across the board means
+you are ready to create sandboxes:
+
+1. Azure CLI found on `PATH`.
+2. Azure CLI is logged in (`az account show` succeeds).
+3. A default subscription is resolved (flag, env, or config).
+4. A default resource group is resolved.
+5. A default sandbox group is resolved.
+6. A default region is resolved.
+7. The sandbox group exists in Azure.
+8. The caller has the `Container Apps SandboxGroup Data Owner` role on the group.
+
+Each line in `aca doctor` output also tells you **where** the value came
+from — `(flag)`, `(env)`, `(config: sandbox)`, or `(config)` — which is
+invaluable when debugging precedence. See
+[reference.md](reference.md#config) for the precedence model.