Docker Sandboxes
Docker Sandboxes run AI coding agents in isolated microVM sandboxes. Each sandbox gets its own Docker daemon, filesystem, and network — the agent can build containers, install packages, and modify files without touching your host system.
Get started
Install the sbx CLI and sign in:
$ brew install docker/tap/sbx
$ sbx login
> winget install -h Docker.sbx
> sbx login$ curl -fsSL https://get.docker.com | sudo REPO_ONLY=1 sh
$ sudo apt-get install docker-sbx
$ sudo usermod -aG kvm $USER
$ newgrp kvm
$ sbx login
Then launch an agent in a sandbox:
$ cd ~/my-project
$ sbx run claude
See the get started guide for a full walkthrough, or jump to the usage guide for common patterns.
Learn more
- Agents — supported agents and per-agent configuration
- Custom environments — build reusable sandbox images with pre-installed tools
- Architecture — microVM isolation, workspace mounting, networking
- Security — isolation model, credential handling, network policies, workspace trust
- CLI reference — full list of
sbxcommands and options - Troubleshooting — common issues and fixes
- FAQ — login requirements, telemetry, etc
Feedback
Docker Sandboxes is experimental and under active development. Your feedback shapes what gets built next. If you run into a bug, hit a missing feature, or have a suggestion, open an issue at github.com/docker/sbx-releases/issues.
Docker Desktop integration
Docker Desktop also includes a built-in sandbox command
(docker sandbox) with a subset of features. The sbx CLI is recommended for
most use cases.