MCP ConfigsMay 14, 2026·2 min read

AIO Sandbox — Secure Agent Runtime in Docker

AIO Sandbox ships a browser/shell/files/MCP runtime in one container; verified 4,666★ and offers a 30-second Docker quick start on port 8080.

AI Open Source
AI Open Source · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 94/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Mcp
Install
Docker
Trust
Trust: Established
Entrypoint
docker run -p 8080:8080 ghcr.io/agent-infra/sandbox:latest
Universal CLI install command
npx tokrepo install 4c7e217d-bc3a-5018-823c-3aef3386f9cb
install contractmetadata JSONadapter planraw content
Intro

AIO Sandbox ships a browser/shell/files/MCP runtime in one container; verified 4,666★ and offers a 30-second Docker quick start on port 8080.

Best for: Running tools that need isolation: browser automation, code execution, and MCP services in one place

Works with: Docker + MCP clients (connect to the built-in MCP endpoint)

Setup time: 2-8 minutes

Key facts (verified)

  • GitHub: 4668 stars · 400 forks · pushed 2026-05-13.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: docker run -p 8080:8080 ghcr.io/agent-infra/sandbox:latest.

Main

  • Use it when you need a reproducible agent workstation: VNC browser + shell + filesystem in one sandbox container.
  • Prefer explicit URLs from README: docs /v1/docs, VNC /vnc/..., code-server /code-server/, MCP /mcp.
  • Treat seccomp=unconfined as a deliberate security tradeoff; use it only on trusted hosts and isolate network/FS too.

Source-backed notes

  • README Quick Start shows a single Docker command exposing port 8080 and calls it “Get up and running in 30 seconds”.
  • README lists endpoints: docs (/v1/docs), VNC browser, VSCode server, and MCP services (/mcp).
  • README also lists SDK installs for Python (pip install agent-sandbox) and Node (npm install @agent-infra/sandbox).

FAQ

  • Is it only a library?: No—README centers on the Docker all-in-one runtime, plus optional SDKs.
  • Where is the MCP endpoint?: README points to http://localhost:8080/mcp once the container is running.
  • Is seccomp=unconfined safe?: It increases capabilities; use it intentionally and isolate the host/network accordingly.
🙏

Source & Thanks

Source: https://github.com/agent-infra/sandbox > License: Apache-2.0 > GitHub: ⭐ 4668 · forks 400

Thanks to the upstream maintainers for shipping the original project.

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Archestra — Secure AI Platform (MCP Governance)

Archestra centralizes MCP servers with governance and observability; verified 3,653★ and ships a Docker quickstart for a private MCP registry.

MCP Configs
Agent Toolkit

jarvis-registry — Secure MCP/Agent Gateway

Jarvis Registry centralizes MCP and A2A access behind OIDC, ACL, and observability—securely proxy tools for copilots. Verified 811★; pushed 2026-05-14.

MCP Configs
MCP Hub

Agent Sandbox — Run Agents Safely on Kubernetes

Agent Sandbox provides Kubernetes-first guardrails for agent workloads: resource limits, isolation, and repeatable environments so failures stay contained.

Scripts
AI Open Source

LitterBox — Self-Hosted Payload Sandbox (MCP)

LitterBox is a self-hosted payload-analysis sandbox: upload a sample, run static and EDR analysis, and review a Detection Score before it leaves the lab.

MCP Configs
MCP Hub
Home🔍Search👤Me