MCP ConfigsMay 14, 2026·2 min read

AIO Sandbox — Secure Agent Runtime in Docker

AIO Sandbox ships a browser/shell/files/MCP runtime in one container; verified 4,666★ and offers a 30-second Docker quick start on port 8080.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Stage only
Trust
Trust: Established
Entrypoint
Asset
Safe staging command
npx -y tokrepo@latest install 4c7e217d-bc3a-5018-823c-3aef3386f9cb --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

AIO Sandbox ships a browser/shell/files/MCP runtime in one container; verified 4,666★ and offers a 30-second Docker quick start on port 8080.

Best for: Running tools that need isolation: browser automation, code execution, and MCP services in one place

Works with: Docker + MCP clients (connect to the built-in MCP endpoint)

Setup time: 2-8 minutes

Key facts (verified)

  • GitHub: 4668 stars · 400 forks · pushed 2026-05-13.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: docker run -p 8080:8080 ghcr.io/agent-infra/sandbox:latest.

Main

  • Use it when you need a reproducible agent workstation: VNC browser + shell + filesystem in one sandbox container.
  • Prefer explicit URLs from README: docs /v1/docs, VNC /vnc/..., code-server /code-server/, MCP /mcp.
  • Treat seccomp=unconfined as a deliberate security tradeoff; use it only on trusted hosts and isolate network/FS too.

Source-backed notes

  • README Quick Start shows a single Docker command exposing port 8080 and calls it “Get up and running in 30 seconds”.
  • README lists endpoints: docs (/v1/docs), VNC browser, VSCode server, and MCP services (/mcp).
  • README also lists SDK installs for Python (pip install agent-sandbox) and Node (npm install @agent-infra/sandbox).

FAQ

  • Is it only a library?: No—README centers on the Docker all-in-one runtime, plus optional SDKs.
  • Where is the MCP endpoint?: README points to http://localhost:8080/mcp once the container is running.
  • Is seccomp=unconfined safe?: It increases capabilities; use it intentionally and isolate the host/network accordingly.
🙏

Source & Thanks

Source: https://github.com/agent-infra/sandbox > License: Apache-2.0 > GitHub: ⭐ 4668 · forks 400

Thanks to the upstream maintainers for shipping the original project.

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets