{"id":51547765,"url":"https://github.com/opscart/docker-sandbox-devops","last_synced_at":"2026-07-09T20:01:07.393Z","repository":{"id":360113200,"uuid":"1248009374","full_name":"opscart/docker-sandbox-devops","owner":"opscart","description":"Hands-on exploration of Docker Sandboxes — labs, architecture notes, threat model, and DevOps templates for running AI coding agents in isolated microVMs","archived":false,"fork":false,"pushed_at":"2026-05-25T02:59:16.000Z","size":59,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-25T04:29:45.018Z","etag":null,"topics":["ai-agents","claude-code","devops","docker","docker-sandbox","kubernetes","microvm","platform-engineering","sbx","security"],"latest_commit_sha":null,"homepage":"https://opscart.com","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opscart.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-24T04:18:22.000Z","updated_at":"2026-05-25T02:59:20.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/opscart/docker-sandbox-devops","commit_stats":null,"previous_names":["opscart/docker-sandbox-devops"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/opscart/docker-sandbox-devops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opscart%2Fdocker-sandbox-devops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opscart%2Fdocker-sandbox-devops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opscart%2Fdocker-sandbox-devops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opscart%2Fdocker-sandbox-devops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opscart","download_url":"https://codeload.github.com/opscart/docker-sandbox-devops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opscart%2Fdocker-sandbox-devops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35311289,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-09T02:00:07.329Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","claude-code","devops","docker","docker-sandbox","kubernetes","microvm","platform-engineering","sbx","security"],"created_at":"2026-07-09T20:01:06.472Z","updated_at":"2026-07-09T20:01:07.387Z","avatar_url":"https://github.com/opscart.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-sandbox-devops\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./docs/images/banner.png\" \n       alt=\"Docker Sandbox DevOps — microVM isolation for AI coding agents\" \n       width=\"100%\"\u003e\n\u003c/p\u003e\n\n![sbx](https://img.shields.io/badge/sbx-v0.30.0-0db7ed?logo=docker\u0026logoColor=white)\n\n![sbx](https://img.shields.io/badge/sbx-v0.30.0-0db7ed?logo=docker\u0026logoColor=white)\n![k3d](https://img.shields.io/badge/k3d-v5.7.4-326ce5?logo=kubernetes\u0026logoColor=white)\n![License](https://img.shields.io/badge/license-MIT-22c55e)\n![Platform](https://img.shields.io/badge/platform-macOS%20Apple%20Silicon-lightgrey)\n![Status](https://img.shields.io/badge/Docker%20Sandboxes-Early%20Access-f97316)\n\nA hands-on engineering exploration of [Docker Sandboxes](https://docs.docker.com/ai/sandboxes/) — the isolation layer for running AI coding agents safely on a developer's laptop.\n\n\u003e **Independent project.** Not affiliated with Docker, Inc. All findings are based on real experiments. Docker Sandboxes is Early Access — features may change. See [`tested-with.md`](./tested-with.md) for verified versions.\n\n\n\u003e **By [Shamsher Khan](https://opscart.com)** — Senior DevOps Engineer, IEEE Senior Member,\n\u003e DZone Core Member, CNCF blog contributor. Part of the\n\u003e [OpsCart](https://opscart.com) technical publication focused on\n\u003e Kubernetes, Docker, and platform engineering.\n\n---\n\n## The problem this solves\n\nYou run Claude Code, Copilot CLI, or Gemini CLI on your laptop. The agent has your full user permissions — every repo, every `.env` file, every kubeconfig context. You give it a task and walk away.\n\nDocker Sandboxes runs the agent in a microVM. You mount one directory. The agent sees one directory. Your other repos, credentials, and cluster contexts don't exist inside the sandbox.\n\n```\nWithout sandbox                    With Docker Sandbox\n─────────────────                  ───────────────────────────────\nAgent → full laptop access         Agent → one repo, one cluster\n       ↳ all repos                        proxy injects credentials\n       ↳ ~/.aws, ~/.ssh                   private Docker daemon\n       ↳ all kube contexts               network policy enforced\n       ↳ raw API keys in env             kernel-level isolation\n```\n\n---\n\n## What's in this repo\n\n### Labs — 5 verified, real terminal output only\n\n| Lab | What it covers | Key finding |\n|---|---|---|\n| [01 — Install and first run](./labs/01-install-and-first-run/) | `sbx` install, login, daemon lifecycle, network policy selection | Daemon auto-starts on `sbx run`; `sbx version` reports unavailable when daemon is stopped |\n| [02 — Network policy probes](./labs/02-network-policy-probes/) | Balanced policy probe matrix across 13 endpoints | Blocking is HTTP 403, not TCP; DNS unfiltered; HTTP CONNECT allows any port to allowed hosts |\n| [03 — Isolation verification](./labs/03-isolation-verification/) | Filesystem, process, Docker daemon, credential, host network probes | Private Docker Engine per sandbox; credentials never in env; localhost is sandbox-scoped |\n| [04 — Parallel coding agents](./labs/04-parallel-coding-agents/) | `--branch` mode, Git worktrees, multi-agent on one repo | `--branch` shares one microVM; isolation is Git-level not VM-level |\n| [05 — DevOps workloads](./labs/05-devops-workloads/) | Custom template with kubectl, helm, kustomize, azure-cli | kustomize ARM64 install script fails silently; template iteration cycle is the real friction |\n\n### Scenarios — integrated real-world workflows\n\n| Scenario | What it shows | Status |\n|---|---|---|\n| [Kubernetes debugging](./scenarios/kubernetes-debugging/) | AI agent fixes a broken deployment against a real cluster — both k3d (self-contained) and external cluster approaches | ✅ Complete |\n| Multi-agent orchestration | True VM-level isolation using separate workspace directories | 🚧 Planned |\n| CI/CD safe testing | Agent tests pipeline changes safely before running in real CI | 🚧 Planned |\n\n### Docs — synthesized findings\n\n| Doc | Contents |\n|---|---|\n| [`docs/00-overview.md`](./docs/00-overview.md) | What Docker Sandboxes is, at engineering depth |\n| [`docs/architecture-notes.md`](./docs/architecture-notes.md) | microVM, proxy, credential flow, gateway bridge |\n| [`docs/threat-model.md`](./docs/threat-model.md) | What's protected, what has nuance, what isn't |\n| [`docs/comparison-notes.md`](./docs/comparison-notes.md) | `docker run` vs `sbx run` — verified from lab findings |\n| [`docs/friction-log.md`](./docs/friction-log.md) | Dated, real-time capture of what broke and how it was fixed |\n\n---\n\n## Architecture\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./docs/images/architecture.png\"\n       alt=\"Docker Sandbox isolation architecture — macOS host, microVM sandbox, network policy zones\"\n       width=\"100%\"\u003e\n\u003c/p\u003e\n\n---\n## Quick start\n\n```bash\n# Install\nbrew install docker/tap/sbx    # macOS\nwinget install Docker.sbx      # Windows\n\n# Login and select network policy\nsbx login\n\n# Run your first sandbox\nsbx run claude\n\n# Verify isolation\nsbx exec -it \u003csandbox-name\u003e bash\nenv | grep -i anthropic    # empty — credentials never enter the sandbox\nls /Users/\u003cyou\u003e/           # shows only the mounted project\n```\n\nStart with [`labs/01-install-and-first-run/`](./labs/01-install-and-first-run/) for a complete walkthrough.\n\n---\n\n## Kubernetes debugging scenario\n\nThe flagship scenario: an AI agent investigates and fixes a broken Kubernetes deployment — running an entire k3d cluster inside the sandbox using the private Docker daemon.\n\n```bash\n# 1. Start sandbox with DevOps toolkit\nsbx run claude \\\n  --template ghcr.io/opscart/sbx-devops-toolkit:v1.1.0 \\\n  --name kubernetes-debugging\n\n# 2. Create k3d cluster inside the sandbox (sbx-specific fixes included)\nbash scripts/k3d-create-sbx.sh\n\n# 3. Deploy broken app and give agent the task\nbash scripts/reset-demo.sh\n# → agent finds two bugs, fixes manifests, redeploys, verifies stability\n# → destroy sandbox: cluster, workloads, and agent state are all gone\n```\n\n\u003e **Why k3d inside the sandbox needs a special script:** the microVM kernel doesn't expose `/dev/kmsg` and doesn't support VXLAN (flannel's default backend). See [`docs/friction-log.md`](./docs/friction-log.md) for the full diagnostic trail and the three-part fix.\n\n---\n\n## Custom DevOps template\n\n```dockerfile\nFROM docker/sandbox-templates:claude-code-docker\n# adds: kubectl v1.31.4, helm v3.16.4, kustomize v5.4.3, azure-cli 2.86.0, k3d v5.7.4\n```\n\nBuilt and published at `ghcr.io/opscart/sbx-devops-toolkit:v1.1.0`. Build your own:\n\n```bash\ndocker build --platform linux/arm64 \\\n  -t \u003cyour-registry\u003e/sbx-devops-toolkit:v1.0.0 \\\n  templates/dev-environment/\ndocker push \u003cyour-registry\u003e/sbx-devops-toolkit:v1.0.0\n```\n\n---\n\n## Repo layout\n\n```\ndocker-sandbox-devops/\n├── docs/\n│   ├── 00-overview.md          # engineering overview\n│   ├── architecture-notes.md   # microVM, proxy, credential flow\n│   ├── threat-model.md         # what's protected and what isn't\n│   ├── comparison-notes.md     # docker run vs sbx run (lab-verified)\n│   └── friction-log.md         # live log — what broke and how it was fixed\n├── labs/\n│   ├── 01-install-and-first-run/\n│   ├── 02-network-policy-probes/\n│   ├── 03-isolation-verification/\n│   ├── 04-parallel-coding-agents/\n│   └── 05-devops-workloads/\n├── scenarios/\n│   └── kubernetes-debugging/\n│       ├── manifests/           # working state (agent writes here)\n│       ├── manifests-broken/    # original broken state for demo resets\n│       ├── TASK.md              # agent's instruction file\n│       └── FINDINGS.md          # agent-generated findings report\n├── templates/\n│   └── dev-environment/\n│       └── Dockerfile           # DevOps toolkit image\n├── scripts/\n│   ├── k3d-create-sbx.sh        # k3d cluster creation with sbx fixes\n│   └── reset-demo.sh            # restore broken state for repeated demos\n├── tested-with.md               # sbx version + per-lab verification status\n└── CLAUDE.md                    # context file for Claude Code\n```\n\n---\n\n## Tested with\n\n| Component | Version |\n|---|---|\n| `sbx` | v0.30.0 |\n| Host | macOS Apple Silicon |\n| DevOps template | `ghcr.io/opscart/sbx-devops-toolkit:v1.1.0` |\n| k3d | v5.7.4 |\n| k3s | v1.30.4+k3s1 |\n\nAll labs verified. See [`tested-with.md`](./tested-with.md) for per-lab status.\n\n---\n\n## Contributing\n\nIssues, kit contributions, scenario PRs, and friction-log entries are welcome. See [`CONTRIBUTING.md`](./CONTRIBUTING.md).\n\nNo invented terminal output. No unverified claims. Vendor-neutral tone.\n\n## License\n\nMIT. See [`LICENSE`](./LICENSE).\n\n## Maintainer\n\n**[Shamsher Khan](https://opscart.com)** — Senior DevOps Engineer managing 8+ AKS clusters\nfor Fortune 500 clients. IEEE Senior Member · DZone Core Member · CNCF blog contributor.\n\n- 🌐 [opscart.com](https://opscart.com)\n- 🐙 [github.com/opscart](https://github.com/opscart)\n- 📝 [DZone profile](https://dzone.com/users/shamsk22)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopscart%2Fdocker-sandbox-devops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopscart%2Fdocker-sandbox-devops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopscart%2Fdocker-sandbox-devops/lists"}