docker
diff --git a/‎_vale/config/vocabularies/Docker/accept.txt‎
Lines changed: 4 additions & 0 deletions b/‎_vale/config/vocabularies/Docker/accept.txt‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎content/manuals/ai/sandboxes/_index.md‎
Lines changed: 39 additions & 76 deletions b/‎content/manuals/ai/sandboxes/_index.md‎
Lines changed: 39 additions & 76 deletions
diff --git a/‎content/manuals/ai/sandboxes/agents/_index.md‎
Lines changed: 13 additions & 76 deletions b/‎content/manuals/ai/sandboxes/agents/_index.md‎
Lines changed: 13 additions & 76 deletions
@@ -237,6 +237,7 @@ Turtlesim
 typesafe
 Ubuntu
 ufw
+uv
 umask
 uncaptured
 Uncaptured
@@ -259,6 +260,9 @@ windowsfilter
 WireMock
 workdir
 WORKDIR
+[Ww]orktrees?
+[Pp]assthrough
+[Pp]reconfigured
 Xdebug
 xUnit
 XQuartz
 
@@ -10,98 +10,61 @@ params:
       text: Experimental
 ---
 
-{{< summary-bar feature_name="Docker Sandboxes" >}}
+{{< summary-bar feature_name="Docker Sandboxes sbx" >}}
 
-Docker Sandboxes lets you run AI coding agents in isolated environments on your
-machine. Sandboxes provides a secure way to give agents autonomy without
-compromising your system.
+Docker Sandboxes run AI coding agents in isolated microVM sandboxes. Each
+sandbox gets its own Docker daemon, filesystem, and network — the agent can
+build containers, install packages, and modify files without touching your host
+system.
 
-## Why use Docker Sandboxes
-
-AI agents need to execute commands, install packages, and test code. Running
-them directly on your host machine means they have full access to your files,
-processes, and network. Docker Sandboxes isolates agents in microVMs, each with
-its own Docker daemon. Agents can spin up test containers and modify their
-environment without affecting your host.
-
-You get:
-
-- Agent autonomy without host system risk
-- YOLO mode by default - agents work without asking permission
-- Private Docker daemon for running test containers
-- File sharing between host and sandbox
-- Network access control
-
-For a comparison between Docker Sandboxes and other approaches to isolating
-coding agents, see [Comparison to alternatives](./architecture.md#comparison-to-alternatives).
-
-> [!NOTE]
-> MicroVM-based sandboxes require macOS or Windows (experimental). Linux users
-> can use legacy container-based sandboxes with
-> [Docker Desktop 4.57](/desktop/release-notes/#4570).
+## Get started
 
-## How to use sandboxes
+Install the `sbx` CLI and sign in:
 
-To create and run a sandbox:
+{{< tabs >}}
+{{< tab name="macOS" >}}
 
 ```console
-$ cd ~/my-project
-$ docker sandbox run claude
+$ brew install docker/tap/sbx
+$ sbx login
 ```
 
-Replace `claude` with your [preferred agent](./agents/_index.md). This command
-creates a sandbox for your workspace (`~/my-project`) and starts the agent. The
-agent can now work with your code, install tools, and run containers inside the
-isolated sandbox.
-
-## How it works
-
-Sandboxes run in lightweight microVMs with private Docker daemons. Each sandbox
-is completely isolated - the agent runs inside the VM and can't access your
-host Docker daemon, containers, or files outside the workspace.
+{{< /tab >}}
+{{< tab name="Windows" >}}
 
-Your workspace directory syncs between host and sandbox at the same absolute
-path, so file paths in error messages match between environments.
-
-Sandboxes don't appear in `docker ps` on your host because they're VMs, not
-containers. Use `docker sandbox ls` to see them.
-
-For technical details on the architecture, isolation model, and networking, see
-[Architecture](architecture.md).
+```powershell
+> winget install -h Docker.sbx
+> sbx login
+```
 
-### Multiple sandboxes
+{{< /tab >}}
+{{< /tabs >}}
 
-Create separate sandboxes for different projects:
+Then launch an agent in a sandbox:
 
 ```console
-$ docker sandbox run claude ~/project-a
-$ docker sandbox run claude ~/project-b
+$ cd ~/my-project
+$ sbx run claude
 ```
 
-Each sandbox is completely isolated from the others. Sandboxes persist until
-you remove them, so installed packages and configuration stay available for
-that workspace.
-
-## Supported agents
+See the [get started guide](get-started.md) for a full walkthrough, or jump to
+the [usage guide](usage.md) for common patterns.
 
-Docker Sandboxes works with multiple AI coding agents:
-
-- **Claude Code** - Anthropic's coding agent (production-ready)
-- **Codex** - OpenAI's Codex agent (in development)
-- **Copilot** - GitHub Copilot agent (in development)
-- **Gemini** - Google's Gemini agent (in development)
-- **OpenCode** - Multi-provider agent with TUI interface (in development)
-- **[Docker Agent](/ai/docker-agent/)** - Docker's multi-provider coding agent (in development)
-- **Kiro** - Interactive agent with device flow auth (in development)
-- **Shell** - Minimal sandbox for manual agent installation
-
-For detailed configuration instructions, see [Supported agents](agents/).
-
-## Get started
+## Learn more
 
-Head to the [Get started guide](get-started.md) to run your first sandboxed agent.
+- [Agents](agents/) — supported agents and per-agent configuration
+- [Custom environments](agents/custom-environments.md) — build reusable sandbox
+  images with pre-installed tools
+- [Architecture](architecture.md) — microVM isolation, workspace mounting,
+  networking
+- [Security](security/) — isolation model, credential handling, network
+  policies, workspace trust
+- [CLI reference](/reference/cli/sbx/) — full list of `sbx` commands and options
+- [Troubleshooting](troubleshooting.md) — common issues and fixes
+- [FAQ](faq.md) — login requirements, telemetry, etc
 
-## Troubleshooting
+## Docker Desktop integration
 
-See [Troubleshooting](./troubleshooting) for common configuration errors, or
-report issues on the [Docker Desktop issue tracker](https://github.com/docker/desktop-feedback).
+Docker Desktop also includes a [built-in sandbox command](docker-desktop.md)
+(`docker sandbox`) with a subset of features. The `sbx` CLI is recommended for
+most use cases.
@@ -1,84 +1,21 @@
 ---
 title: Supported agents
 linkTitle: Agents
-description: AI coding agents supported by Docker Sandboxes with experimental status and configuration details.
-weight: 50
+weight: 30
+description: AI coding agents supported by Docker Sandboxes.
 ---
 
-{{< summary-bar feature_name="Docker Sandboxes" >}}
+{{< summary-bar feature_name="Docker Sandboxes sbx" >}}
 
-Docker Sandboxes supports multiple AI coding agents. All agents run isolated
-inside microVMs with private Docker daemons.
+Docker Sandboxes runs the following agents out of the box:
 
-## Supported agents
+- [Claude Code](claude-code/)
+- [Codex](codex/)
+- [Copilot](copilot/)
+- [Gemini](gemini/)
+- [Kiro](kiro/)
+- [OpenCode](opencode/)
+- [Docker Agent](docker-agent/)
 
-| Agent                             | Command    | Status       | Notes                                |
-| --------------------------------- | ---------- | ------------ | ------------------------------------ |
-| Claude Code                       | `claude`   | Experimental | Most tested implementation           |
-| Codex                             | `codex`    | Experimental |                                      |
-| Copilot                           | `copilot`  | Experimental |                                      |
-| Gemini                            | `gemini`   | Experimental |                                      |
-| [Docker Agent](/ai/docker-agent/) | `cagent`   | Experimental | Also available as a standalone tool  |
-| Kiro                              | `kiro`     | Experimental |                                      |
-| OpenCode                          | `opencode` | Experimental |                                      |
-| Custom shell                      | `shell`    | Experimental | Minimal environment for manual setup |
-
-## Experimental status
-
-All agents are experimental features. This means:
-
-- Breaking changes may occur between Docker Desktop versions
-- Features may be incomplete or change significantly
-- Stability and performance are not production-ready
-- Limited support and documentation
-
-Use sandboxes for development and testing, not production workloads.
-
-## Using different agents
-
-The agent type is specified when creating a sandbox:
-
-```console
-$ docker sandbox create AGENT [PATH] [PATH...]
-```
-
-Each agent runs in its own isolated sandbox. The agent type is bound to the
-sandbox when created and cannot be changed later.
-
-## Template environment
-
-All agent templates share a common base environment:
-
-- Ubuntu 25.10 base
-- Development tools: Docker CLI (with Buildx and Compose), Git, GitHub CLI, Node.js, Go, Python 3, uv, make, jq, ripgrep
-- Non-root `agent` user with sudo access
-- Private Docker daemon for running additional containers
-- Package managers: apt, pip, npm
-
-Individual agents add their specific CLI tools on top of this base. See
-[Custom templates](../templates.md) to build your own agent images.
-
-## Agent-specific configuration
-
-Each agent has its own credential requirements and authentication flow.
-Credentials are scoped per agent and must be provided specifically for that
-agent (no fallback authentication methods are used).
-
-See the agent-specific documentation:
-
-- [Claude Code](./claude-code.md)
-- [Docker Agent](./docker-agent.md)
-- [Codex](./codex.md)
-- [Copilot](./copilot.md)
-- [Gemini](./gemini.md)
-- [Kiro](./kiro.md)
-- [OpenCode](./opencode.md)
-- [Custom shell](./shell.md)
-
-## Requirements
-
-- Docker Desktop 4.58 or later
-- Platform support:
-  - macOS with virtualization.framework
-  - Windows with Hyper-V {{< badge color=violet text=Experimental >}}
-- API keys or credentials for your chosen agent
+Want to pre-install tools or customize an agent's environment?
+See [Custom environments](custom-environments/).