Docker Sandboxes run AI coding agents in isolated microVM sandboxes. Each sandbox gets its own Docker daemon, filesystem, and network β the agent can build containers, install packages, and modify files without touching your host system.
NoteThe
sbx
CLI is free to use, including for commercial work. Only[organization governance]requires a separate paid subscription.
Organization admins can centrally manage sandbox network and filesystem policies from the Docker Admin Console, so the same rules apply uniformly across every developer's machine. Available on a separate paid subscription.
For complete system requirements, see the get started prerequisites.
Install the sbx
CLI and sign in:
$ brew trust docker/tap
$ brew install docker/tap/sbx
$ sbx login
> winget install -h Docker.sbx
> sbx login
bash
$ curl -fsSL https://get.docker.com | sudo REPO_ONLY=1 sh
$ sudo apt-get install docker-sbx
$ sudo usermod -aG kvm $USER
$ newgrp kvm
$ sbx login
Then launch an agent in a sandbox:
$ cd ~/my-project
$ sbx run claude
See the get started guide for a full walkthrough, or jump to the usage guide for common patterns.
Agentsβ supported agents and per-agent configurationCustomizeβ reusable templates and declarative kits for extending or tailoring sandboxesArchitectureβ microVM isolation, workspace mounting, networkingSecurityβ isolation model, credential handling, and network policiesCLI referenceβ full list ofsbx
commands and optionsTroubleshootingβ common issues and fixesFAQβ login requirements, telemetry, etc
Your feedback shapes what gets built next. If you run into a bug, hit a missing feature, or have a suggestion, open an issue at github.com/docker/sbx-releases/issues.