Manage Sandboxes
This page covers creating sandboxes and managing them. For background on what sandboxes are and how isolation works, refer to About Sandboxes.
Docker must be running before you create a gateway or sandbox. If it is not, the CLI
returns a connection-refused error (os error 61) without explaining
the cause. Start Docker and try again.
Create a Sandbox
Create a sandbox with a single command. For example, to create a sandbox with Claude, run:
Every sandbox requires a gateway. If you run openshell sandbox create without a gateway, the CLI auto-bootstraps a local gateway.
Remote Gateways
If you plan to run sandboxes on a remote host or a cloud-hosted gateway, set up the gateway first. Refer to Manage Gateways for deployment options and multi-gateway management.
GPU Resources
To request GPU resources, add --gpu:
Custom Containers
Use --from to create a sandbox from a pre-built community package, a local directory, or a container image:
The CLI resolves community names against the OpenShell Community catalog, pulls the bundled Dockerfile and policy, builds the image locally, and creates the sandbox. For the full catalog and how to contribute your own, refer to Community Sandboxes.
Connect to a Sandbox
Open an SSH session into a running sandbox:
Launch VS Code or Cursor directly into the sandbox workspace:
When --editor is used, OpenShell keeps the sandbox alive and installs an
OpenShell-managed SSH include file instead of cluttering your main
~/.ssh/config with generated host blocks.
Execute a Command in a Sandbox
Run a one-shot command inside a running sandbox without opening an interactive shell:
Pipe stdin into the command:
The command’s exit code is propagated to the CLI, so exec works in scripts that check return codes.
Run an interactive shell with a TTY:
OpenShell allocates a TTY automatically when both stdin and stdout are terminals. Force the behavior with --tty or disable it with --no-tty.
Monitor and Debug
List all sandboxes:
Get detailed information about a specific sandbox. The output lists Policy source (sandbox or global), Revision (the active policy’s row version for that source), and the formatted active policy YAML:
Print only that policy YAML for scripting (same effective policy, no metadata):
Stream sandbox logs to monitor agent activity and diagnose policy decisions:
OpenShell Terminal combines sandbox status and live logs in a single real-time dashboard:
Use the terminal to spot blocked connections marked action=deny and inference-related proxy activity. If a connection is blocked unexpectedly, add the host to your network policy. Refer to Policies for the workflow.
Port Forwarding
Forward a local port to a running sandbox to access services inside it, such as a web server or database:
List and stop active forwards:
You can also forward a port at creation time with --forward:
SSH Config
Generate an SSH config entry for a sandbox so tools like VS Code Remote-SSH can connect directly:
Append the output to ~/.ssh/config or use --editor on sandbox create/sandbox connect for automatic setup.
Transfer Files
Upload files from your host into the sandbox:
Download files from the sandbox to your host:
You can also upload files at creation time with the --upload flag on
openshell sandbox create.
Delete Sandboxes
Deleting a sandbox stops all processes, releases resources, and purges injected credentials.
Next Steps
- To follow a complete end-to-end example, refer to the Github Sandbox tutorial.
- To supply API keys or tokens, refer to Manage Providers.
- To control what the agent can access, refer to Policies.
- To use a pre-built environment, refer to the Community Sandboxes catalog.
