--- title: "Docker" description: "Build and run Sandbox Agent in a Docker container." --- Docker is not recommended for production isolation of untrusted workloads. Use dedicated sandbox providers (E2B, Daytona, etc.) for stronger isolation. ## Quick start Run the published full image with all supported agents pre-installed: ```bash docker run --rm -p 3000:3000 \ -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \ -e OPENAI_API_KEY="$OPENAI_API_KEY" \ rivetdev/sandbox-agent:0.3.1-full \ server --no-token --host 0.0.0.0 --port 3000 ``` The `0.3.1-full` tag pins the exact version. The moving `full` tag is also published for contributors who want the latest full image. If you also want the desktop API inside the container, install desktop dependencies before starting the server: ```bash docker run --rm -p 3000:3000 \ -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \ -e OPENAI_API_KEY="$OPENAI_API_KEY" \ node:22-bookworm-slim sh -c "\ apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y curl ca-certificates bash libstdc++6 && \ rm -rf /var/lib/apt/lists/* && \ curl -fsSL https://releases.rivet.dev/sandbox-agent/0.3.x/install.sh | sh && \ sandbox-agent install desktop --yes && \ sandbox-agent server --no-token --host 0.0.0.0 --port 3000" ``` In a Dockerfile: ```dockerfile RUN sandbox-agent install desktop --yes ``` ## TypeScript with dockerode ```typescript import Docker from "dockerode"; import { SandboxAgent } from "sandbox-agent"; const docker = new Docker(); const PORT = 3000; const container = await docker.createContainer({ Image: "rivetdev/sandbox-agent:0.3.1-full", Cmd: ["server", "--no-token", "--host", "0.0.0.0", "--port", `${PORT}`], Env: [ `ANTHROPIC_API_KEY=${process.env.ANTHROPIC_API_KEY}`, `OPENAI_API_KEY=${process.env.OPENAI_API_KEY}`, `CODEX_API_KEY=${process.env.CODEX_API_KEY}`, ].filter(Boolean), ExposedPorts: { [`${PORT}/tcp`]: {} }, HostConfig: { AutoRemove: true, PortBindings: { [`${PORT}/tcp`]: [{ HostPort: `${PORT}` }] }, }, }); await container.start(); const baseUrl = `http://127.0.0.1:${PORT}`; const sdk = await SandboxAgent.connect({ baseUrl }); const session = await sdk.createSession({ agent: "codex" }); await session.prompt([{ type: "text", text: "Summarize this repository." }]); ``` ## Building a custom image with everything preinstalled If you need to extend your own base image, install Sandbox Agent and preinstall every supported agent in one step: ```dockerfile FROM node:22-bookworm-slim RUN apt-get update && apt-get install -y --no-install-recommends \ bash ca-certificates curl git && \ rm -rf /var/lib/apt/lists/* RUN curl -fsSL https://releases.rivet.dev/sandbox-agent/0.3.x/install.sh | sh && \ sandbox-agent install-agent --all RUN useradd -m -s /bin/bash sandbox USER sandbox WORKDIR /home/sandbox EXPOSE 2468 ENTRYPOINT ["sandbox-agent"] CMD ["server", "--host", "0.0.0.0", "--port", "2468"] ``` ## Building from source ```bash docker build -f docker/release/linux-x86_64.Dockerfile -t sandbox-agent-build . docker run --rm -v "$PWD/artifacts:/artifacts" sandbox-agent-build ``` Binary output: `./artifacts/sandbox-agent-x86_64-unknown-linux-musl`.