Merge pull request #23700 from dvdksn/docker-sandboxes

docker sandboxes

Author: dvdksn

_vale/config/vocabularies/Docker/accept.txt

@@ -1,5 +1,7 @@
 (?i)[A-Z]{2,}'?s
-
+jq
+ripgrep
+sandboxing
 Adreno
 Aleksandrov
 Amazon

content/manuals/ai/compose/_index.md

@@ -2,8 +2,8 @@
 build:
   render: never
 title: AI and Docker Compose
-weight: 40
+weight: 50
 params:
   sidebar:
     group: AI
----
+---

content/manuals/ai/gordon/_index.md

@@ -1,7 +1,7 @@
 ---
 title: Ask Gordon
 description: Streamline your workflow with Docker's AI-powered assistant in Docker Desktop and CLI.
-weight: 10
+weight: 40
 params:
   sidebar:
     badge:

content/manuals/ai/mcp-catalog-and-toolkit/_index.md

@@ -7,7 +7,7 @@ params:
     badge:
       color: blue
       text: Beta
-weight: 30
+weight: 10
 description: Learn about Docker's MCP catalog on Docker Hub
 keywords: Docker, ai, mcp servers, ai agents, extension, docker desktop, llm, docker hub
 grid:

content/manuals/ai/mcp-catalog-and-toolkit/sandboxes.md renamed to content/manuals/ai/mcp-catalog-and-toolkit/e2b-sandboxes.md

@@ -1,37 +1,18 @@
 ---
-title: Sandboxes
-description: "Learn how sandboxes provide secure, isolated execution environments for AI agents in the MCP ecosystem, enabling safe code execution and protecting production systems."
-keywords: Sandboxes, E2B, MCP Gateway, isolated environment, AI agent security
-params:
-  sidebar:
-    badge:
-      color: green
-      text: New
-weight: 50
+title: E2B sandboxes
+description: Cloud-based secure sandboxes for AI agents with built-in Docker MCP Gateway integration
+keywords: E2B, cloud sandboxes, MCP Gateway, AI agents, MCP Catalog
+aliases:
+  - /ai/mcp-catalog-and-toolkit/sandboxes/
 ---
 
-Sandboxes are isolated execution environments that provide secure, controlled spaces for running code and applications without affecting the host system. They create strict boundaries around executing processes, preventing access to unauthorized resources while providing consistent, reproducible environments. Think of it as a virtual "playground" with clearly defined boundaries, where code can execute freely within those boundaries but cannot escape to impact other systems or access sensitive data.
+Docker has partnered with [E2B](https://e2b.dev/), a provider of secure cloud sandboxes for AI agents. Through this partnership, every E2B sandbox includes direct access to Docker's [MCP Catalog](https://hub.docker.com/mcp), a collection of 200+ tools from publishers including GitHub, Notion, and Stripe.
 
-In the Model Context Protocol ecosystem, sandboxes address several critical challenges that arise when AI agents need to execute code or interact with external systems. They enable safe code execution for AI-generated scripts, secure tool validation for MCP servers, and multi-tenant isolation when multiple agents share infrastructure. This ensures that sensitive credentials and data remain protected within appropriate security boundaries while maintaining compliance and audit requirements.
-
-## Key features
-
-- Isolation and Security: Complete separation between executing code and the host environment, with strict controls over file access, network connections, and system calls.
-- Resource Management: Fine-grained control over CPU, memory, disk space, and network usage to prevent resource exhaustion.
-- Reproducible Environments: Consistent, predictable execution environments. Code that runs successfully in one sandbox instance will behave identically in another.
-- Ephemeral Environments: Temporary, disposable environments that can be destroyed after task completion, leaving no persistent artifacts.
-
-## E2B sandboxes
-
-Docker has partnered with [E2B](https://e2b.dev/), a provider of secure cloud sandboxes for AI agents. Through this partnership, every E2B sandbox now includes direct access to Docker’s [MCP Catalog](https://hub.docker.com/mcp), a collection of 200+ tools, including ones from known publishers such as GitHub, Notion, and Stripe, all enabled through the Docker MCP Gateway.
-
-When creating a new sandbox, E2B users can specify which MCP tools the sandbox should access. E2B then launches these MCP tools and provides access through the Docker MCP Gateway.
-
-The following example shows how to set up an E2B sandbox with GitHub and Notion MCP servers.
+When you create a sandbox, you specify which MCP tools it should access. E2B launches these tools and provides access through the Docker MCP Gateway.
 
 ## Example: Using GitHub and Notion MCP server
 
-The following example demonstrates how to analyze data in Notion and create GitHub issues. By the end, you'll understand how to connect multiple MCP servers in an E2B sandbox and orchestrate cross-platform workflows.
+This example demonstrates how to connect multiple MCP servers in an E2B sandbox. You'll analyze data in Notion and create GitHub issues using Claude.
 
 ### Prerequisites
 
@@ -40,29 +21,28 @@ Before you begin, make sure you have the following:
 - [E2B account](https://e2b.dev/docs/quickstart) with API access
 - Anthropic API key for Claude
 
-    >[!Note]
-    >
-    > This example uses Claude CLI which comes pre-installed in E2B sandboxes. However,
-    > you can adapt the example to work with other AI assistants of your choice. See
-    > [E2B's MCP documentation](https://e2b.dev/docs/mcp/quickstart) for alternative
-    > connection methods.
+  > [!NOTE]
+  > This example uses Claude Code which comes pre-installed in E2B sandboxes.
+  > However, you can adapt the example to work with other AI assistants of your
+  > choice. See [E2B's MCP documentation](https://e2b.dev/docs/mcp/quickstart)
+  > for alternative connection methods.
 
 - Node.js 18+ installed on your machine
 - Notion account with:
   - A database containing sample data
   - [Integration token](https://www.notion.com/help/add-and-manage-connections-with-the-api)
 - GitHub account with:
-    - A repository for testing
-    - Personal access token with `repo` scope
+  - A repository for testing
+  - Personal access token with `repo` scope
 
 ### Set up your environment
 
 Create a new directory and initialize a Node.js project:
 
-```bash
-mkdir mcp-e2b-quickstart
-cd mcp-e2b-quickstart
-npm init -y
+```console
+$ mkdir mcp-e2b-quickstart
+$ cd mcp-e2b-quickstart
+$ npm init -y
 ```
 
 Configure your project for ES modules by updating `package.json`:
@@ -80,24 +60,26 @@ Configure your project for ES modules by updating `package.json`:
 
 Install required dependencies:
 
-```bash
-npm install e2b dotenv
+```console
+$ npm install e2b dotenv
 ```
 
 Create a `.env` file with your credentials:
 
-```bash
+```console
+$ cat > .env << 'EOF'
 E2B_API_KEY=your_e2b_api_key_here
 ANTHROPIC_API_KEY=your_anthropic_api_key_here
 NOTION_INTEGRATION_TOKEN=ntn_your_notion_integration_token_here
 GITHUB_TOKEN=ghp_your_github_pat_here
+EOF
 ```
 
 Protect your credentials:
 
-```bash
-echo ".env" >> .gitignore
-echo "node_modules/" >> .gitignore
+```console
+$ echo ".env" >> .gitignore
+$ echo "node_modules/" >> .gitignore
 ```
 
 ### Create an E2B sandbox with MCP servers
@@ -108,8 +90,8 @@ echo "node_modules/" >> .gitignore
 Create a file named `index.ts`:
 
 ```typescript
-import 'dotenv/config';
-import { Sandbox } from 'e2b';
+import "dotenv/config";
+import { Sandbox } from "e2b";
 
 async function quickstart(): Promise<void> {
   console.log("Creating E2B sandbox with Notion and GitHub MCP servers...\n");
@@ -120,7 +102,8 @@ async function quickstart(): Promise<void> {
     },
     mcp: {
       notion: {
-        internalIntegrationToken: process.env.NOTION_INTEGRATION_TOKEN as string,
+        internalIntegrationToken: process.env
+          .NOTION_INTEGRATION_TOKEN as string,
       },
       githubOfficial: {
         githubPersonalAccessToken: process.env.GITHUB_TOKEN as string,
@@ -135,17 +118,17 @@ async function quickstart(): Promise<void> {
   console.log(`MCP Gateway URL: ${mcpUrl}\n`);
 
   // Wait for MCP initialization
-  await new Promise<void>(resolve => setTimeout(resolve, 1000));
+  await new Promise<void>((resolve) => setTimeout(resolve, 1000));
 
-  // Connect Claude CLI to MCP gateway
-  console.log("Connecting Claude CLI to MCP gateway...");
+  // Connect Claude to MCP gateway
+  console.log("Connecting Claude to MCP gateway...");
   await sbx.commands.run(
     `claude mcp add --transport http e2b-mcp-gateway ${mcpUrl} --header "Authorization: Bearer ${mcpToken}"`,
     {
       timeoutMs: 0,
       onStdout: console.log,
-      onStderr: console.log
-    }
+      onStderr: console.log,
+    },
   );
 
   console.log("\nConnection successful! Cleaning up...");
@@ -157,8 +140,8 @@ quickstart().catch(console.error);
 
 Run the script:
 
-```typescript
-npx tsx index.ts
+```console
+$ npx tsx index.ts
 ```
 
 {{< /tab >}}
@@ -200,8 +183,8 @@ async def quickstart():
     # Wait for MCP initialization
     await asyncio.sleep(1)
 
-    # Connect Claude CLI to MCP gateway
-    print("Connecting Claude CLI to MCP gateway...")
+    # Connect Claude to MCP gateway
+    print("Connecting Claude to MCP gateway...")
 
     def on_stdout(output):
         print(output, end='')
@@ -229,22 +212,22 @@ if __name__ == "__main__":
 
 Run the script:
 
-```python
-python index.py
+```console
+$ python index.py
 ```
 
 {{< /tab >}}
 {{</tabs >}}
 
 You should see:
 
-```bash
+```console
 Creating E2B sandbox with Notion and GitHub MCP servers...
 
 Sandbox created successfully!
 MCP Gateway URL: https://50005-xxxxx.e2b.app/mcp
 
-Connecting Claude CLI to MCP gateway...
+Connecting Claude to MCP gateway...
 Added HTTP MCP server e2b-mcp-gateway with URL: https://50005-xxxxx.e2b.app/mcp
 
 Connection successful! Cleaning up...
@@ -257,16 +240,16 @@ Now, test the setup by running a simple workflow that searches Notion and create
 {{< tabs group="" >}}
 {{< tab name="Typescript">}}
 
->[!IMPORTANT]
+> [!IMPORTANT]
 >
 > Replace `owner/repo` in the prompt with your actual GitHub username and repository
 > name (for example, `yourname/test-repo`).
 
 Update `index.ts` with the following example:
 
 ```typescript
-import 'dotenv/config';
-import { Sandbox } from 'e2b';
+import "dotenv/config";
+import { Sandbox } from "e2b";
 
 async function exampleWorkflow(): Promise<void> {
   console.log("Creating sandbox...\n");
@@ -277,7 +260,8 @@ async function exampleWorkflow(): Promise<void> {
     },
     mcp: {
       notion: {
-        internalIntegrationToken: process.env.NOTION_INTEGRATION_TOKEN as string,
+        internalIntegrationToken: process.env
+          .NOTION_INTEGRATION_TOKEN as string,
       },
       githubOfficial: {
         githubPersonalAccessToken: process.env.GITHUB_TOKEN as string,
@@ -291,16 +275,16 @@ async function exampleWorkflow(): Promise<void> {
   console.log("Sandbox created successfully\n");
 
   // Wait for MCP servers to initialize
-  await new Promise<void>(resolve => setTimeout(resolve, 3000));
+  await new Promise<void>((resolve) => setTimeout(resolve, 3000));
 
   console.log("Connecting Claude to MCP gateway...\n");
   await sbx.commands.run(
     `claude mcp add --transport http e2b-mcp-gateway ${mcpUrl} --header "Authorization: Bearer ${mcpToken}"`,
     {
       timeoutMs: 0,
       onStdout: console.log,
-      onStderr: console.log
-    }
+      onStderr: console.log,
+    },
   );
 
   console.log("\nRunning example: Search Notion and create GitHub issue...\n");
@@ -315,8 +299,8 @@ async function exampleWorkflow(): Promise<void> {
     {
       timeoutMs: 0,
       onStdout: console.log,
-      onStderr: console.log
-    }
+      onStderr: console.log,
+    },
   );
 
   await sbx.kill();
@@ -327,16 +311,16 @@ exampleWorkflow().catch(console.error);
 
 Run the script:
 
-```typescript
-npx tsx index.ts
+```console
+$ npx tsx index.ts
 ```
 
 {{< /tab >}}
 {{< tab name="Python">}}
 
 Update `index.py` with this example:
 
->[!IMPORTANT]
+> [!IMPORTANT]
 >
 > Replace `owner/repo` in the prompt with your actual GitHub username and repository
 > name (for example, `yourname/test-repo`).
@@ -418,16 +402,16 @@ if __name__ == "__main__":
 
 Run the script:
 
-```bash
-python workflow.py
+```console
+$ python workflow.py
 ```
 
 {{< /tab >}}
 {{</tabs >}}
 
 You should see:
 
-```bash
+```console
 Creating sandbox...
 
 Running example: Search Notion and create GitHub issue...
@@ -456,14 +440,13 @@ Successfully created test issue:
 Both operations completed successfully. The MCP servers are properly configured and working.
 ```
 
-You've successfully created an E2B sandbox with multiple MCP servers and used Claude to orchestrate a workflow across Notion and GitHub.
-
-You can extend this example to combine any of the 200+ MCP servers in the Docker MCP Catalog to build sophisticated automation workflows for your specific needs.
+The sandbox connected multiple MCP servers and orchestrated a workflow across Notion and GitHub. You can extend this pattern to combine any of the 200+ MCP servers in the Docker MCP Catalog.
 
 ## Related pages
 
 - [How to build an AI-powered code quality workflow with SonarQube and E2B](/guides/github-sonarqube-sandbox.md)
 - [Docker + E2B: Building the Future of Trusted AI](https://www.docker.com/blog/docker-e2b-building-the-future-of-trusted-ai/)
+- [Docker Sandboxes](/manuals/ai/sandboxes/_index.md)
 - [Docker MCP Toolkit and Catalog](/manuals/ai/mcp-catalog-and-toolkit/_index.md)
 - [Docker MCP Gateway](/manuals/ai/mcp-catalog-and-toolkit/mcp-gateway.md)
 - [E2B MCP documentation](https://e2b.dev/docs/mcp)

content/manuals/ai/model-runner/_index.md

@@ -4,7 +4,7 @@ linkTitle: Model Runner
 params:
   sidebar:
     group: AI
-weight: 20
+weight: 30
 description: Learn how to use Docker Model Runner to manage and run AI models.
 keywords: Docker, ai, model runner, docker desktop, docker engine, llm
 aliases: