Skip to content

Add guide: run a Java coding agent safely with Docker Sandboxes#25474

Open
dvdksn wants to merge 14 commits into
docker:mainfrom
dvdksn:worktree-java-sbx-guide
Open

Add guide: run a Java coding agent safely with Docker Sandboxes#25474
dvdksn wants to merge 14 commits into
docker:mainfrom
dvdksn:worktree-java-sbx-guide

Conversation

@dvdksn

@dvdksn dvdksn commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Description

Adds a new guide, Run a Java coding agent safely with Docker Sandboxes, under content/guides/.

The guide walks through building a reusable sbx kit that makes a coding agent productive on a Spring Boot project inside an isolated microVM:

  • Run a Java project in a bare sandbox and see what's missing (no JDK/Maven, default-deny network).
  • Write a mixin kit that installs SDKMAN, a Temurin JDK 25, and Maven, and puts java/mvn on PATH for both sbx exec and the agent's shell.
  • Discover the minimal network allowlist a Spring Boot + Maven workflow needs via sbx policy log, instead of guessing. - this is currently not possible (on latest main) - needs a fix upstream.
  • Run Testcontainers integration tests (Kafka + MySQL + Ryuk) against the sandbox's built-in Docker daemon.
  • Commit the kit so the whole team gets the same isolated setup from one command.

The sample is based on the official Testcontainers guide tc-guide-testing-spring-boot-kafka-listener.

Also in this PR

  • Features the new guide in place of Use OpenCode with Docker Model Runner (moves featured: true to the new guide at weight: 3; the OpenCode guide keeps its tags/weight, just unfeatured).
  • Adds Temurin to the Vale vocabulary (_vale/config/vocabularies/Docker/accept.txt).

Open items

  • A screenshot of the sbx TUI network-approval view is left as a <!-- TODO --> in the "Open the network" section and needs to be added before this leaves draft.

🤖 Generated with Claude Code

Add a guide that builds a reusable sbx kit to make a coding agent
productive on a Spring Boot project inside an isolated microVM: install
SDKMAN, a Temurin JDK, and Maven, put them on PATH for both sbx exec and
the agent shell, discover the minimal network allowlist, and run
Testcontainers integration tests against the sandbox's Docker daemon.

Feature the new guide in place of "Use OpenCode with Docker Model
Runner", and add Temurin to the Vale vocabulary.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@netlify

netlify Bot commented Jul 1, 2026

Copy link
Copy Markdown

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 0463622
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/6a450570f465190008fb72fe
😎 Deploy Preview https://deploy-preview-25474--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

The new Java coding agent sandbox guide is well-structured and technically solid. Two medium-severity issues need attention before publishing:

  1. Meta-commentary aside (line 21): The security risk is stated indirectly; a direct statement would be clearer and more consistent with the style guide.
  2. Placeholder date (line 333): 2026-xx-xx in the example output will render verbatim on the published page.

No missing front matter, no broken Markdown, no vendored-file edits, and no missing redirects were found. The Vale vocabulary addition and the featured flag change are clean.

Comment thread content/guides/java-coding-agent-sandbox.md
Comment thread content/guides/java-coding-agent-sandbox.md
dvdksn and others added 13 commits July 1, 2026 11:58
- Reframe the title/description around safely running a coding agent on a
  Java project (the agent is general, the development is Java-specific).
- Reword the sample description to emphasize a representative Java setup
  instead of "a good test of the whole setup".
- Format in-agent (Claude Code `!` shell) interactions as plaintext
  without a shell `$` prompt; keep `console` for host commands.
- Frame `.sbx/kits/<name>/` as a suggested location and clarify that
  committing the kit is optional but good for sharing across a team.
- Switch the kit spec to the current `network.allow` property and drop
  the allowedDomains deprecation callout.
- Clarify that the sandbox denies outbound network requests by default.
- Move the human launch command to the README, add kit-specific agent
  context via the `agentContext` key instead of CLAUDE.md, and add a tip
  about enforcing sandbox use through agent instructions.
- Link both the kits overview and the kit spec reference.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The allowedDomains -> allow rename isn't in the shipped kit-reference.md
(only memory -> agentContext, kind: agent -> sandbox, and the agent ->
sandbox block rename are documented). Align the guide's spec with the
reference as it stands.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Running through the guide showed the base image already includes a JDK
(Java 25); only Maven is missing. Reframe the intro and the bare-sandbox
check to reflect this: the sandbox preinstalls a useful tool set but not
everything, manual installs are per-sandbox and drift, and a kit makes
provisioning consistent and reusable. Note the kit still pins a JDK so
the version doesn't drift with the base image.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the <sandbox-name> placeholders with a concrete 'java-tmp' name:
launch with 'sbx run --name java-tmp', target it directly in policy log
and exec, and force-remove it with 'sbx rm -f java-tmp' between phases
and at the end. Keep the README's launch command in its clean, nameless
form.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A kit whose install commands need the network can't be run without a
network block: the blocked requests fail the install and 'sbx run' never
finishes creating the sandbox. Stop instructing the reader to run the
kit before the allowlist exists. Explain the up-front requirement,
declare the allowlist directly, and move domain discovery into a
failure-free tip (allow all briefly, build, read 'sbx policy log', then
lock down). Section that runs the tests is now the first successful
--kit create.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove the tip that suggested 'sbx policy allow network "**"' to
discover domains — it's a hack. The guide already sequences things to
avoid the problem: the allowlist is declared as part of building the
kit, before the kit is ever run. Reword the two 'discover' references to
match the declare-up-front approach.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move the 'sbx kit validate' step out of the toolchain-install section
(where it ran against an incomplete, install-only spec) to the top of
the test section, after the network allowlist is added and just before
the first run. Reflects the declare-up-front flow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dvdksn dvdksn marked this pull request as ready for review July 1, 2026 12:45
@dvdksn dvdksn requested review from a team and shelajev July 1, 2026 12:45

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

> relaunch you with `sbx run claude --kit .sbx/kits/java-toolchain`.
> ```
>
> It's opinionated, but it turns "use the sandbox" from a suggestion into

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Meta-commentary phrase "It's opinionated, but…" violates Docker style guide

Docker's style guide prohibits meta-commentary — phrases that comment on the advice itself rather than stating information directly. "It's opinionated, but…" is in the same category as "It's worth noting that…" or "Keep in mind that…": it adds a layer of self-reflection instead of stating the fact.

Suggested rewrite:

This turns "use the sandbox" from a suggestion into something the agent helps enforce.

linkTitle: Kit out your sandbox for Java
description: Use a Docker Sandbox and a reusable sbx kit to run a coding agent on a Spring Boot project, without giving it unrestricted access to your machine.
keywords: ai, sbx, docker sandboxes, java, spring boot, testcontainers, maven, sdkman, coding agent, kit
weight: 3

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] New guide uses same weight: 3 as opencode-model-runner.md, producing ambiguous sidebar ordering

Both content/guides/java-coding-agent-sandbox.md (added by this PR) and content/guides/opencode-model-runner.md (unchanged) declare weight: 3. Hugo uses weight for sidebar ordering; when two pages share the same value, sort order falls back to Hugo's tiebreaking behavior (typically alphabetical by filename), which is undocumented and could change between Hugo versions.

If the intent is for the new guide to appear before the OpenCode guide, set weight: 3 for the new guide and bump the OpenCode guide to weight: 4 (or vice versa), so the ordering is explicit.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

The new Java coding agent sandbox guide is technically thorough and well-structured. Front matter is complete. The opencode-model-runner.md change (removing featured: true) is correct. The Temurin vocabulary addition is appropriate.

Five medium-severity style guide violations were found in the new guide — all in newly added content. No broken commands, broken Markdown, or missing redirects were identified.

@@ -0,0 +1,471 @@
---
title: Run a coding agent safely on a Java project with Docker Sandboxes
linkTitle: Kit out your sandbox for Java

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] linkTitle uses colloquial slang

The value Kit out your sandbox for Java uses the British/colloquial idiom "kit out" (meaning to equip or outfit), which is inconsistent with Docker's documentation voice. The style guide requires action-oriented, plain US English for navigation titles.

Consider a more direct alternative such as: Java coding agent sandbox or Run a Java coding agent in a sandbox.

featured: true
---

Coding agents are most useful when they can build and test your project:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Opening paragraph does not answer "What will I learn?" and "Why does this matter?"

The Docker style guide requires the first paragraph to answer two questions: what the reader will learn, and why it matters. The current opening paragraph is entirely problem-context framing — it explains what agents need and the risk of running them on your machine, but defers "What will I learn?" to a bullet list after a two-paragraph preamble.

Consider leading with the outcome and benefit, then providing the context. For example:

In this guide, you'll build a reusable sbx kit so a coding agent can build and test a Spring Boot project inside an isolated microVM — with a full Java toolchain, a working Docker daemon, and a minimal network allowlist. That means the agent can do real work without accessing your credentials or full file system.

the `claude` agent attached to your terminal. The agent can read and edit your
files, and it has its own Docker daemon, and the base image comes with a useful
set of tools — but not everything a given project needs. Ask it to check the
toolchain, or run the check yourself through the agent's `!` shell (the `!`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Parenthetical explanation violates style guide

The Docker style guide says to avoid parentheses in technical documentation and restructure as a separate sentence instead. The phrase (the ! prefix runs a command in the sandbox and prints the result) should be its own sentence:

The ! prefix runs a command in the sandbox and prints the result. Ask it to check the toolchain, or run the check yourself:

and you can see exactly what the agent is allowed to reach.

> [!NOTE]
> Your host might already have broader policy rules (for GitHub or Docker Hub,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Colloquial "say" should be "for example"

The word "say" used here is a colloquial British English construction meaning "for example." Docker documentation is written in US English, and the style guide says to use "for example" or "such as" — not "e.g.", and certainly not "say."

Suggested rewrite:

Your host might already have broader policy rules — for example, for GitHub or Docker Hub — from other work.

> relaunch you with `sbx run claude --kit .sbx/kits/java-toolchain`.
> ```
>
> It's opinionated, but it turns "use the sandbox" from a suggestion into

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Meta-commentary "It's opinionated" — state the fact directly

The Docker style guide says to avoid meta-commentary and state facts directly. "It's opinionated" is a subjective characterization that adds no factual value. The second clause already states the practical benefit clearly.

Suggested rewrite — simply drop the first clause:

This turns "use the sandbox" from a suggestion into something the agent helps enforce.

@dvdksn

dvdksn commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

I'm not very happy with this guide atm, because there is a glaring UX gap in discovering which domains you need to allow in your network policy. I've reported that upstream in docker/sandboxes#3961

Until that is fixed, I'd like to hold off with publishing, because it really just means there's no way to "discover" what you need to whitelist. You just have to know 🫠 So I'll follow up with updates once the workflow is better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants