sandboxed.sh

sandboxed.sh is a self-hosted cloud orchestrator that runs multiple AI coding agent runtimes (Claude Code, OpenCode, and Amp) in isolated Linux workspaces. It provides mission control to start, stop, and monitor agent missions with real-time streaming, and a Git-backed library for skills, tools, rules, agents, and MCPs. The system is designed to keep sensitive data local by isolating workspaces and offers an optional MCP Registry for additional tool servers when needed. You interact with it through its Web dashboard (Next.js) and, if enabled, via its API for programmatic control of missions and workspaces. Tools and runtimes are orchestrated under a single umbrella, allowing you to deploy, monitor, and manage AI coding workloads efficiently across multiple runtimes from Claude Code, OpenCode, and Amp.

To use it, install the Docker-based deployment and launch the container. The dashboard exposes a UI to configure libraries, create and manage missions, and monitor resource usage in real time. You can connect to a library repository, define skills and tools, and orchestrate agent workflows across the supported runtimes. Advanced users can leverage the Mission API and Workspace API to integrate Sandboxed.sh into custom automation or CI/CD pipelines, enabling automated deployment, testing, and execution of AI-assisted tasks within isolated workspaces.

Prerequisites:

• A Linux server (recommended Ubuntu 22.04+ / 24.04) or compatible environment
• Docker and Docker Compose installed on the host
• Sufficient RAM and CPU for running multiple isolated workspaces (depends on workload)

Step 1: Prepare the host

• Update the system and install Docker if not present

sudo apt-get update
sudo apt-get install -y docker.io docker-compose
sudo systemctl enable --now docker

Step 2: Pull and run the sandboxed.sh container

• This will pull the official image (th0rgal/sandboxed.sh) and start the service on port 3000

docker pull th0rgal/sandboxed.sh:latest

Step 3: Run the container with environment configuration

• Create a local .env with necessary configuration (see docs for details)
• Run the container (adjust as needed for your environment)

# Example .env contents placeholder
#  - DATABASE_URL=postgres://user:pass@host:5432/db
#  - SECRET_KEY_BASE=...

# Start container (continuing from prior commands)
docker run -d -p 3000:3000 \
  --name sandboxed.sh \
  -e ENV_FILE=/root/.env \
  -v /path/to/.env:/root/.env:ro \
  th0rgal/sandboxed.sh:latest

Step 4: Access the dashboard

• Open http://<server-ip>:3000 to access the Sandboxed.sh dashboard

Step 5: Initial setup

• Follow the on-screen guide to connect to your library repository, configure skills/tools, and create your first mission. See the Getting Started docs for detailed steps.

Step 6: Optional advanced setup

• If you need privileged container workspaces or specific runtime configurations, adjust the docker-compose or container flags as described in the official docs.

For full installation instructions, see the Docker guide:

• docs/install-docker.md

Note: The exact image tag and environment variables may vary by release. Refer to the official repository for the latest config templates.

Tips and common issues:

• Ensure your host has adequate resources (CPU, RAM, disk) to support multiple isolated workspaces.
• If you enable privileged container workspaces, be aware of security implications and only enable it if necessary (as described in the docs).
• The library is Git-backed; keep your library repository accessible to the host and configure proper permissions.
• If you plan to use the MCP Registry or additional tool servers, ensure network access and proper port mappings are configured.
• The ENV_FILE approach allows you to centralize configuration. Keep secrets secure and do not commit them to your repository.
• When upgrading, review breaking changes in the new sandboxed.sh release notes and adjust runtime configurations accordingly.