Docker Sandboxes
Docker Sandboxes run AI coding agents in isolated microVM sandboxes. Each sandbox gets its own Docker daemon, filesystem, and network — the agent can build containers, install packages, and modify files without touching your host system.
Organization admins can centrally manage sandbox network and filesystem policies from the Docker Admin Console, so the same rules apply uniformly across every developer's machine. Available on a separate paid subscription.
Get started
Install the sbx CLI and sign in:
$ brew install docker/tap/sbx
$ sbx login
> winget install -h Docker.sbx
> sbx login$ curl -fsSL https://get.docker.com | sudo REPO_ONLY=1 sh
$ sudo apt-get install docker-sbx
$ sudo usermod -aG kvm $USER
$ newgrp kvm
$ sbx login
Then launch an agent in a sandbox:
$ cd ~/my-project
$ sbx run claude
See the get started guide for a full walkthrough, or jump to the usage guide for common patterns.
Learn more
- Agents — supported agents and per-agent configuration
- Customize — reusable templates and declarative kits for extending or tailoring sandboxes
- Architecture — microVM isolation, workspace mounting, networking
- Security — isolation model, credential handling, network policies, workspace trust
- CLI reference — full list of
sbxcommands and options - Troubleshooting — common issues and fixes
- FAQ — login requirements, telemetry, etc
Feedback
Your feedback shapes what gets built next. If you run into a bug, hit a missing feature, or have a suggestion, open an issue at github.com/docker/sbx-releases/issues.