We Reverse-Engineered Docker Sandbox's Undocumented MicroVM API
5 hours ago
- #microVMs
- #Docker
- #sandbox-security
- Docker has introduced an undocumented API for microVMs with its Sandboxes, initially for AI coding agents like Claude and Codex.
- MicroVMs offer better security for untrusted code than containers by using separate kernels, similar to AWS Lambda and Fly.io.
- The microVM API includes endpoints for creating, listing, and destroying VMs, accessible via a Unix socket on the host system.
- Each microVM runs its own isolated Docker daemon, with images loaded via archiving and containers run with proxy settings for networking.
- The Sandbox Agent SDK simplifies building agent orchestration systems by managing VM lifecycle, communication, and multi-agent support.
- Use cases include untrusted code execution, AI coding agents, multi-tenant plugins, and secure CI/CD with VM-level isolation.
- Docker Sandboxes require Docker Desktop 4.58+ on macOS or Windows, using platform-specific virtualization, with Linux unsupported.