What it does sandboxd is a single Go binary that runs on your server and turns Docker into a multi-tenant platform for AI coding agents. POST to create a sandbox, POST again to dispatch a prompt to OpenCode or Claude Code, and the resulting app is immediately live at a shareable URL. When idle, sandboxes stop to free RAM; the next request wakes them transparently.

The interesting bit The architecture is aggressively boring by design: SQLite for state, Traefik for routing, the docker CLI for orchestration. The authors explicitly reject Kubernetes and warm pools, betting that a reconciler loop converging Docker to a local database is simpler and cheaper than a cluster for this specific problem. The “boring” stack is the point — they claim you can read the entire control plane in an afternoon.

Key highlights

• One-command install (./install.sh) on a Linux box with Docker; no separate database or message queue
• Pre-installed OpenCode and Claude Code CLIs in every sandbox; SSE streaming of agent progress
• Automatic preview URLs with TLS via Traefik; sandboxes self-register routes
• Stop-on-idle + wake-on-request: memory is freed, files persist on disk, one cheap server hosts many users
• Hardened containers: cap-drop ALL, no-new-privileges, read-only rootfs
• MIT-licensed, self-hosted, no vendor lock-in

Caveats

• Explicitly beta status; single Docker host only (Kubernetes backend is a “great first contribution,” not implemented)
• Auth is off by default for local use; production requires manual token configuration
• The authors themselves say skip it for one-off personal containers — a shell script is simpler

Verdict Worth a look if you’re building an AI app-builder product, coding playground, or per-user preview environment and need to own the infrastructure. Skip if you just want isolated dev containers for yourself, or if you need multi-host orchestration today.