Safe environments for agents. Built by Docker.
It provides sandboxes with controlled access to your filesystem, network, and tools. This means your agents can work autonomously without putting your machine or data at risk.
- Docker-native isolation. Same containerization principles trusted by 20M+ developers.
- Vendor-neutral. Works with the models and tools you’re already using.
- YOLO mode by default: agents work without asking permission
- Private Docker daemon for running test containers
- File access controls between host and sandbox
- Network access control
- Works with Claude Code, Codex, Gemini CLI, OpenCode, and more
brew install docker/tap/sbxwinget install -h Docker.sbxDownload the artifacts for your platform from the latest release.
Download DockerSandboxes-darwin.tar.gz and extract:
tar -xzf DockerSandboxes-darwin.tar.gzDownload DockerSandboxes.msi
and double-click to install, or use the command line:
msiexec /i DockerSandboxes.msi /quietDownload the .deb package from the release and install:
sudo apt install ./DockerSandboxes-linux-amd64.debDownload the .rpm package from the release and install:
sudo dnf install ./DockerSandboxes-linux-amd64.rpmNightly builds from main are available at
docker/sbx-releases/releases/tag/nightly.
On macOS, you can install the nightly build via Homebrew:
brew install docker/tap/ds@nightlyFor other platforms, download the artifacts from the nightly release page and follow the manual install instructions above.
If you run into issues or have feedback, please open an issue on this repository.
Proprietary — Docker Inc. LICENSE