GoKawiilDocker ships with an undocumented API for spawning microVMs. We reverse-engineered it and built the open-source Sandbox Agent SDK to allow orchestrating coding agents inside of them.
Docker & containers are the standard for how we’ve been running backends. Recently, more workloads have been moving to sandboxes for untrusted code execution, which Docker is not suitable for.
With the launch of Docker Sandboxes, Docker quietly shipped an undocumented API for microVMs that can power sandboxes.
This looks promising to be a unified way of managing sandboxes on your own infrastructure using microVMs, just like Docker did for containers 10 years ago. (Today it only supports macOS/Windows. Requires nested virtualization.)
Docker Sandboxes (launch post) are Docker’s solution for running AI coding agents safely. Claude Code, Codex, and Gemini need to run arbitrary code, install packages, and modify files. MicroVMs let them run --dangerously-skip-permissions without being dangerous.
Docker shipped a simple CLI:
docker sandbox run claude ~/project
At first glance, this looks like a glorified docker run command, but under the hood Docker is using a completely different technology: microVMs.
Containers are what most developers know and love when they run docker run . They provide basic file system, network, and process isolation between the host machine.
However, it’s a common misconception that containers are good enough for running untrusted code (AI agents, user-submitted scripts, multi-tenant plugins).
... continue reading