Reverse-Engineering Docker's Undocumented MicroVM API for Sandbox Orchestration
By
yakkomajuri
A five-star bake. Worth schmearing, sharing, saving.
Summary
Docker ships with an undocumented API for spawning microVMs, which the author reverse-engineered to build the open-source Sandbox Agent SDK. This SDK allows orchestrating coding agents inside microVMs. While Docker containers are standard for running backends, they are not suitable for untrusted code execution. Docker Sandboxes quietly introduced this microVM API as a potential unified way to manage sandboxes on your own infrastructure, going beyond just AI agent use cases.
Key quotes
· 4 pulledDocker ships with an undocumented API for spawning microVMs.
We reverse-engineered it and built the open-source Sandbox Agent SDK to allow orchestrating coding agents inside of them.
With the launch of Docker Sandboxes, Docker quietly shipped an undocumented API for microVMs that can power sandboxes.
This looks promising to be a unified way of managing sandboxes on your own infrastructure using microVMs.
You might also wanna read
Docker Sandboxes: How microVMs provide container isolation across platforms
Docker Sandboxes use microVMs to provide enhanced container isolation by running each container with its own isolated Docker daemon instance
briefly.co·4d ago
Agent Sandbox: A Tool for AI Agents to Run Code and Generate Files Locally
Agent Sandbox is a tool that provides AI agents with sandboxed computing capabilities, allowing them to run Python/Bash scripts, install pac
Product Hunt·3mo ago
OpenAI Updates Agents SDK with Codex-Style Harness and Enhanced Sandboxing
OpenAI's Build Hour session, led by engineer Steve Corley, introduced key updates to the Agents SDK, including a new "Codex-style harness" t
startuphub.ai·3d ago