Table of contents
Docker Sandboxes run AI coding agents in isolated microVM sandboxes. Each sandbox gets its own Docker daemon, filesystem, and network — the agent can build containers, install packages, and modify files without touching your host system.
Note
The
sbxCLI is free to use, including for commercial work. Only organization governance requires a separate paid subscription.
Organization admins can centrally manage sandbox network and filesystem policies from the Docker Admin Console, so the same rules apply uniformly across every developer's machine. Available on a separate paid subscription.
Get started
For complete system requirements, see the get started prerequisites.
Install the sbx CLI and sign in:
$ brew install docker/tap/sbx
$ sbx login
> winget install -h Docker.sbx
> sbx login$ curl -fsSL https://get.docker.com | sudo REPO_ONLY=1 sh
$ sudo apt-get install docker-sbx
$ sudo usermod -aG kvm $USER
$ newgrp kvm
$ sbx login
Then launch an agent in a sandbox:
$ cd ~/my-project
$ sbx run claude
See the get started guide for a full walkthrough, or jump to the usage guide for common patterns.
Learn more
- Agents — supported agents and per-agent configuration
- Customize — reusable templates and declarative kits for extending or tailoring sandboxes
- Architecture — microVM isolation, workspace mounting, networking
- Security — isolation model, credential handling, and network policies
- CLI reference — full list of
sbxcommands and options - Troubleshooting — common issues and fixes
- FAQ — login requirements, telemetry, etc
Feedback
Your feedback shapes what gets built next. If you run into a bug, hit a missing feature, or have a suggestion, open an issue at github.com/docker/sbx-releases/issues.