# AIO Sandbox — Secure Agent Runtime in Docker

> AIO Sandbox ships a browser/shell/files/MCP runtime in one container; verified 4,666★ and offers a 30-second Docker quick start on port 8080.

## Install

Merge the JSON below into your `.mcp.json`:

## Quick Use

```bash
docker run --security-opt seccomp=unconfined --rm -it -p 8080:8080 ghcr.io/agent-infra/sandbox:latest
# Docs: http://localhost:8080/v1/docs  | MCP: http://localhost:8080/mcp
```

## Intro

AIO Sandbox ships a browser/shell/files/MCP runtime in one container; verified 4,666★ and offers a 30-second Docker quick start on port 8080.

**Best for:** Running tools that need isolation: browser automation, code execution, and MCP services in one place

**Works with:** Docker + MCP clients (connect to the built-in MCP endpoint)

**Setup time:** 2-8 minutes

### Key facts (verified)

- GitHub: 4668 stars · 400 forks · pushed 2026-05-13.
- License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
- README-backed entrypoint: `docker run -p 8080:8080 ghcr.io/agent-infra/sandbox:latest`.

## Main

- Use it when you need a reproducible agent workstation: VNC browser + shell + filesystem in one sandbox container.
- Prefer explicit URLs from README: docs `/v1/docs`, VNC `/vnc/...`, code-server `/code-server/`, MCP `/mcp`.
- Treat `seccomp=unconfined` as a deliberate security tradeoff; use it only on trusted hosts and isolate network/FS too.

### Source-backed notes

- README Quick Start shows a single Docker command exposing port 8080 and calls it “Get up and running in 30 seconds”.
- README lists endpoints: docs (`/v1/docs`), VNC browser, VSCode server, and MCP services (`/mcp`).
- README also lists SDK installs for Python (`pip install agent-sandbox`) and Node (`npm install @agent-infra/sandbox`).

### FAQ

- **Is it only a library?**: No—README centers on the Docker all-in-one runtime, plus optional SDKs.
- **Where is the MCP endpoint?**: README points to `http://localhost:8080/mcp` once the container is running.
- **Is `seccomp=unconfined` safe?**: It increases capabilities; use it intentionally and isolate the host/network accordingly.

## Source & Thanks

> Source: https://github.com/agent-infra/sandbox
> License: Apache-2.0
> GitHub: ⭐ 4668 · forks 400

Thanks to the upstream maintainers for shipping the original project.

---

<!-- ZH -->

## 快速使用

```bash
docker run --security-opt seccomp=unconfined --rm -it -p 8080:8080 ghcr.io/agent-infra/sandbox:latest
# Docs: http://localhost:8080/v1/docs  | MCP: http://localhost:8080/mcp
```

## 简介

AIO Sandbox 把浏览器/Shell/文件系统/MCP 打包进一个容器；已验证 4,666★，并给出 30 秒 Docker Quick Start（端口 8080，含 docs/VNC/MCP 入口）。

**适合谁用：** 需要隔离运行的工具链：浏览器自动化、代码执行、MCP 服务一体化

**适用环境：** Docker + MCP 客户端（连接内置 MCP 端点）

**配置耗时：** 2-8 minutes

### 关键事实（已验证）

- GitHub：4668 stars · 400 forks；最近更新 2026-05-13。
- 许可证：Apache-2.0；作者头像与仓库链接均已通过 GitHub API 复核。
- README 中可对照的入口命令：`docker run -p 8080:8080 ghcr.io/agent-infra/sandbox:latest`。

## 正文

- 当你需要可复现的“Agent 工作站”时用它：VNC 浏览器 + Shell + 文件系统统一在一个沙箱容器里。
- 按 README 的固定入口验证：`/v1/docs`、`/vnc/...`、`/code-server/` 与 `/mcp`。
- `seccomp=unconfined` 是明显的安全权衡：只在可信宿主机使用，并配合网络/文件系统隔离策略。

### 基于来源的要点

- README Quick Start 提供单条 Docker 命令并暴露 8080 端口，标注“30 seconds”上手。
- README 列出端点：文档（`/v1/docs`）、VNC 浏览器、VSCode Server，以及 MCP（`/mcp`）。
- README 同时提供 SDK：Python（`pip install agent-sandbox`）与 Node（`npm install @agent-infra/sandbox`）。

### 常见问题

- **它只是 SDK 吗？**：不是。README 核心是 Docker 一体化运行时，SDK 是可选配套。
- **MCP 端点在哪里？**：容器启动后按 README 访问 `http://localhost:8080/mcp`。
- **`seccomp=unconfined` 安全吗？**：会提升容器能力；需要谨慎使用，并强化宿主机与网络隔离。

## 来源与感谢

> Source: https://github.com/agent-infra/sandbox
> License: Apache-2.0
> GitHub: ⭐ 4668 · forks 400


---
Source: https://tokrepo.com/en/workflows/aio-sandbox-secure-agent-runtime-in-docker
Author: AI Open Source