docs(local-sandboxes): add Local Sandboxes feature page#89
Conversation
Introduces Local Sandboxes as a feature name (powered by Docker) covering when to use a local sandbox, how they work, prerequisites, how to launch one, what's available inside, and current limitations. - New page: agent-platform/local-agents/local-sandboxes.mdx - security-overview.mdx: rename 'Docker Sandboxes' subsection to 'Local Sandboxes' and link to the new page; trim aspirational bullets that aren't shipping today. - all-settings.mdx: link the 'docker_sandbox' default_session_mode value to the new page. - sidebar.ts: register the new page under Warp Agents > Capabilities. Co-Authored-By: Oz <oz-agent@warp.dev>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This PR adds a new Local Sandboxes docs page and links it from security, settings, and sidebar surfaces. The structure is mostly coherent, but the security and cleanup wording needs tightening before merge because it can overstate container ephemerality and point users at a broad destructive Docker cleanup command.
Concerns
- The security overview calls sandboxes ephemeral even though the new feature page says stopped sandbox containers remain on disk until the user removes them.
- The cleanup guidance recommends
docker container prunewithout warning that it removes all stopped Docker containers, not only Warp-created sandbox containers. - The helper PATH prerequisite asks users to verify an unnamed helper, which makes the troubleshooting step hard to follow.
Security
- Avoid describing Local Sandboxes as ephemeral without the stopped-container persistence caveat; users may rely on that wording for sensitive-data handling decisions.
Verdict
Found: 0 critical, 2 important, 1 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
| ### Local Sandboxes | ||
|
|
||
| Isolate agent execution in containerized environments: | ||
| Run agent conversations and terminal commands in an isolated Docker container on the developer's machine, so the agent can't see or write to the host home directory or current repository by default. Sandboxes are ephemeral — each new sandbox starts in a fresh container with an empty workspace. |
There was a problem hiding this comment.
ephemeral overstates the data-retention guarantee here. Say each launch starts from a fresh container and mention stopped containers can persist until Docker cleanup.
There was a problem hiding this comment.
Fixed in 1b99eb9. The Local Sandboxes subsection no longer claims sandboxes are ephemeral. New copy: "Each sandbox launches in a fresh container with an empty workspace; stopped containers persist on disk until they're removed via Docker." This aligns the security overview with the feature page's cleanup limitation.
| * **Local sessions only** - Local Sandboxes aren't available inside remote SSH sessions or in Warp's web client. | ||
| * **Empty workspace by default** - The sandbox starts in an empty directory. Your local repo isn't mounted in; clone it (or any other code) from inside the sandbox if you need it there. | ||
| * **CLI agent plugin install uses the manual flow** - Third-party CLI agent plugin installers run against the host shell, not the container. Inside a sandbox session, Warp shows the manual install instructions so you can run them inside the container yourself. | ||
| * **No automatic cleanup on close** - Closing a sandbox pane stops the session but doesn't remove the underlying container. Stopped sandbox containers stay on disk until you remove them; run `docker container prune` if you want to free up the space. |
There was a problem hiding this comment.
docker container prune removes all stopped Docker containers, not just Warp sandbox containers. Warn about that scope or point users to Docker's per-container removal flow before recommending it for cleanup.
There was a problem hiding this comment.
Fixed in 1b99eb9. The cleanup bullet now recommends docker ps -a + docker rm <container> for surgical removal, and explicitly warns that docker container prune "removes all stopped containers on your machine, not only sandbox containers — use it only if you're comfortable with that scope."
| ## Prerequisites | ||
|
|
||
| * **Docker installed and running locally** - Warp uses Docker to create the sandbox container. Install Docker Desktop (or your distribution's Docker engine) and confirm `docker info` succeeds before launching a sandbox. | ||
| * **Warp's local sandbox helper available on `PATH`** - Warp invokes a bundled helper to drive the container lifecycle. The helper must be on the `PATH` that your interactive shell sees, not just the `PATH` your GUI launcher provides. If launching the sandbox fails with a "binary not found" error, open a regular Warp terminal and confirm the helper resolves there before retrying. |
There was a problem hiding this comment.
💡 [SUGGESTION] This prerequisite asks users to confirm a helper resolves but intentionally does not name the helper, so the diagnostic is not actionable. Either name the command users should check or rephrase this as a generic troubleshooting step with concrete remediation.
There was a problem hiding this comment.
Fixed in 1b99eb9. The non-actionable "confirm the helper resolves" step is gone. Prerequisites are now a single Docker line, followed by a short troubleshooting note that says: "Warp resolves the container tooling it needs from your interactive shell PATH. If launching a sandbox fails with a binary-not-found error, confirm Docker is running and relaunch Warp from a terminal so it inherits your full PATH." That gives the user a concrete remediation without needing us to name the bundled helper.
- local-sandboxes.mdx: drop bare 'ephemeral' framing in the opening paragraph; clarify that closing the pane ends the session but the stopped container persists on disk. Tighten the rollout note. Reword the 'unfamiliar repo' bullet so it doesn't imply Warp mounts the user's checkout. Collapse the two prerequisites into a single Docker prerequisite plus an actionable PATH troubleshooting note (no internals leak). Switch the '+' UI label from backticks to bold per the docs style guide. Consolidate the 'Bash shell' bullets and rewrite the 'Cloned repositories, when you add them' bullet to read cleaner. Reword the cleanup limitation to warn that 'docker container prune' removes *all* stopped containers, and recommend 'docker ps -a' + 'docker rm <container>' for surgical removal. - security-overview.mdx: replace 'Sandboxes are ephemeral' with copy that distinguishes fresh-launch behavior from stopped-container on-disk persistence so the security overview no longer overstates the data-retention guarantee. Addresses bot review on PR #89: - 3255792999 (security-overview 'ephemeral' overstatement) - 3255793000 ('docker container prune' scope warning) - 3255793001 (non-actionable helper PATH prerequisite) Co-Authored-By: Oz <oz-agent@warp.dev>
|
Pushed Bot comments addressed:
Additional senior-copywriter polish in the same commit:
Validation: style lint on changed files clean, internal link check clean (318 files / 2398 links), full |
|
Closing this PR for now. Will revisit Local Sandboxes documentation later. |
1 participant
Summary
Adds documentation for Local Sandboxes — an isolated, container-based local terminal session that lets users (and agents) run commands without exposing the host home directory or current repo by default. The feature surfaces in the new-session dropdown, via the
/docker-sandboxslash command, and as adefault_session_modevalue insettings.toml, but had no end-user documentation today.The page is named Local Sandboxes (powered by Docker) per direction. Docker is mentioned briefly as the underlying isolation tech, not as the feature name.
New page
src/content/docs/agent-platform/local-agents/local-sandboxes.mdx— combined feature doc covering: what a local sandbox is, when to use one, how they work, prerequisites, three launch surfaces (slash command, new-session menu, default session mode), what is available inside the sandbox, and current limitations. Includes a single:::noteflagging that the feature is rolling out gradually.Cross-link updates
enterprise/security-and-compliance/security-overview.mdx— renamed the existing "Docker Sandboxes" subsection to Local Sandboxes, linked to the new page, and trimmed aspirational bullets (CPU/memory/disk quotas, network controls) that are not actually shipping today.terminal/settings/all-settings.mdx— added an inline link from the"docker_sandbox"value in thedefault_session_modebullet to the new page so users discovering the option from settings can find context.src/sidebar.ts— registered the new page under Warp Agents > Capabilities (next to Computer use, which is the cloud analog).What was deliberately not exposed
Researched
warp-internalto ground the page; took care to avoid leaking implementation details that should stay private:Validation
python3 .agents/skills/check_for_broken_links/check_links.py --internal-only— 0 broken (318 files, 2398 internal links).npm run build— 320 pages built successfully (sidebar compiles, new page renders).Open follow-ups (not part of this PR)
/docker-sandbox. The page documents the actual UI strings; if you want me to file a follow-up to rename the UI to Local Sandbox for full alignment, I can do that as a separate task.PROPER_FEATURE_NAMESlist does not yet include "Local Sandboxes"; I worked around it by lowercasing H2 headers ("How local sandboxes work") rather than modifying the lint config in scope.Conversation: https://staging.warp.dev/conversation/45a1df29-6318-4447-9473-284b3858554a
Plan: https://staging.warp.dev/drive/notebook/UCzVNBib8GZEeCHhjeVD7L
Co-Authored-By: Oz oz-agent@warp.dev