diff --git a/content/manuals/ai/sandboxes/get-started.md b/content/manuals/ai/sandboxes/get-started.md index 3f7e0f5c08a8..768b93ebf5b5 100644 --- a/content/manuals/ai/sandboxes/get-started.md +++ b/content/manuals/ai/sandboxes/get-started.md @@ -66,6 +66,11 @@ When you ran `docker sandbox run`: The sandbox persists until you remove it. Installed packages and configuration remain available. Run `docker sandbox run ` again to reconnect. +> [!NOTE] +> Agents can modify files in your workspace. Review changes before executing +> code or performing actions that auto-run scripts. See +> [Security considerations](workflows.md#security-considerations) for details. + ## Basic commands Here are essential commands to manage your sandboxes: diff --git a/content/manuals/ai/sandboxes/troubleshooting.md b/content/manuals/ai/sandboxes/troubleshooting.md index 121a160da819..319657874138 100644 --- a/content/manuals/ai/sandboxes/troubleshooting.md +++ b/content/manuals/ai/sandboxes/troubleshooting.md @@ -105,3 +105,17 @@ Also verify the workspace path exists: $ cd $ pwd ``` + +## Sandbox crashes on Windows when launching multiple sandboxes + +On Windows, launching too many sandboxes simultaneously can cause crashes. + +If this happens, recover by closing the OpenVMM processes: + +1. Open Task Manager (Ctrl+Shift+Esc). +2. Find all `docker.openvmm.exe` processes. +3. End each process. +4. Restart Docker Desktop if needed. + +To avoid this issue, launch sandboxes one at a time rather than creating +multiple sandboxes concurrently. diff --git a/content/manuals/ai/sandboxes/workflows.md b/content/manuals/ai/sandboxes/workflows.md index b6e13856fb24..63888784aad4 100644 --- a/content/manuals/ai/sandboxes/workflows.md +++ b/content/manuals/ai/sandboxes/workflows.md @@ -90,6 +90,31 @@ When you remove a sandbox: To preserve a configured environment, create a [Custom template](templates.md). +## Security considerations + +Agents can create and modify any files in your mounted workspace, including +scripts, configuration files, and hidden files. + +After an agent works in a workspace, review changes before performing actions +on your host that might execute code: + +- Committing changes (executes Git hooks) +- Opening the workspace in an IDE (may auto-run scripts or extensions) +- Running scripts or executables the agent created or modified + +Review what changed: + +```console +$ git status # See modified and new files +$ git diff # Review changes to tracked files +``` + +Check for untracked files and be aware that some changes, like Git hooks in +`.git/hooks/`, won't appear in standard diffs. + +This is the same trust model used by editors like Visual Studio Code, which +warn when opening new workspaces for similar reasons. + ## Named sandboxes Use meaningful names for sandboxes you'll reuse: