Source repo for the Traces Docker Sandboxes kit.
- Docker Hub: https://hub.docker.com/r/tracesdotcom/traces-sbx-kit
- Published refs:
docker.io/tracesdotcom/traces-sbx-kit:0.1.0docker.io/tracesdotcom/traces-sbx-kit:latest
Agent-readable reference repo for building and publishing Docker Sandboxes kits.
The included kits/traces directory is a prototype mixin kit that adds
Traces sharing support to existing Docker Sandbox agents.
Docker Sandboxes kits are experimental. Re-check the Docker docs before making breaking changes: https://docs.docker.com/ai/sandboxes/customize/kits/
kits/
└── traces/
└── spec.yaml # Docker Sandboxes mixin kit for Traces
Prerequisites:
brew install docker/tap/sbx
sbx daemon start --detach
sbx loginConfigure a host-side Traces API key. The real key stays on the host; the
sandbox only sees Docker's proxy-managed sentinel value.
echo "$TRACES_API_KEY" | sbx secret set -g tracesCreate a sandbox with the kit:
sbx run claude --kit docker.io/tracesdotcom/traces-sbx-kit:0.1.0 .
# Or from this repo checkout:
sbx run claude --kit ./kits/traces .For a running sandbox while iterating on the kit:
sbx kit add <sandbox-name> ./kits/tracesInside the sandbox, share the current session:
traces share --cwd "$PWD" --agent auto --jsonAgents should parse the JSON and return data.sharedUrl to the user.
- Installs the Traces CLI release binary into
/usr/local/bin. - Runs
traces setup skills --globalfor Traces-supported agents. - Allows Traces domains plus GitHub release download domains in the sandbox network policy.
- Declares a custom
tracescredential service and maps it to the outboundAuthorizationheader foractions.traces.comandapi.traces.com. - Sets
TRACES_API_KEY=proxy-managedinside the VM; Docker's host-side proxy replaces the outbound auth header with the real host-side secret. - Disables CLI auto-update and Sentry by default to keep behavior deterministic and avoid extra network policy entries.
When an agent is asked to create or update one of these kits, follow this checklist.
Use a mixin kit for add-ons: CLIs, team config, credentials, network access, skills, helper scripts, linters, etc.
Use an agent kit only when defining the complete agent runtime: image, entrypoint, persistence, and launch command.
For Traces, use kind: mixin because Traces extends existing agents.
my-kit/
├── spec.yaml # required
└── files/ # optional static files
├── home/ # copied to /home/agent/
└── workspace/ # copied to the primary workspace
Required top-level fields:
schemaVersion: "1"
kind: mixin
name: lowercase-hyphen-name
displayName: Human Name
description: Short descriptionInstall commands run once during sandbox creation. Startup commands run every
start. Use initFiles for files that need runtime substitution such as
${WORKDIR}.
commands:
install:
- description: Install a tool
user: "0"
command: "apt-get update && apt-get install -y jq"
startup:
- description: Start a background daemon
user: "1000"
background: true
command: ["sh", "-c", "my-daemon &"]
initFiles:
- path: /home/agent/.my-tool/config.json
content: '{"workspace":"${WORKDIR}"}'
onlyIfMissing: trueUse UID 0 for root installs and UID 1000 for the agent user.
Use Docker Sandboxes credential proxy wiring instead:
network:
allowedDomains:
- api.example.com
serviceDomains:
api.example.com: my-service
serviceAuth:
my-service:
headerName: Authorization
valueFormat: "Bearer %s"
credentials:
sources:
my-service:
env:
- MY_SERVICE_API_KEY
environment:
proxyManaged:
- MY_SERVICE_API_KEYThe sandbox sees MY_SERVICE_API_KEY=proxy-managed. Requests to
api.example.com get the real host-side secret injected by Docker's proxy.
Host setup:
echo "$MY_SERVICE_API_KEY" | sbx secret set -g my-serviceEvery domain needed by install commands and runtime commands must be in
network.allowedDomains. For authenticated domains, also add serviceDomains
and serviceAuth.
Keep rules narrow. Prefer exact hosts over broad wildcards.
Top-level memory: | is appended to the agent's memory file when the base
agent kit defines agent.aiFilename. Keep it short and action-oriented.
sbx kit validate ./kits/traces
sbx kit inspect ./kits/tracesPackage for sharing:
sbx kit pack ./kits/traces -o dist/traces-kit.zipKits can be loaded from:
- a local directory or ZIP
- a Git URL
- an OCI registry reference
Recommended model:
- GitHub repo = source of truth. Keep
spec.yaml, docs, examples, and review history here. - OCI artifact = release channel. Publish immutable versioned tags after validation.
- Docker Hub if private distribution matters. Docker's docs currently say private kits are supported only on Docker Hub. Other registries are pulled anonymously, so private GHCR/ECR/etc. kits may fail.
For public kits, Git URLs or GHCR are fine. Docker Hub still makes sense if you
want the most Docker-native install path and private-kit compatibility later.
Use the full docker.io prefix for Docker Hub references.
Example publish flow:
sbx kit validate ./kits/traces
sbx kit push ./kits/traces docker.io/tracesdotcom/traces-sbx-kit:0.1.0
sbx kit push ./kits/traces docker.io/tracesdotcom/traces-sbx-kit:latestExample use from Docker Hub:
sbx run claude --kit docker.io/tracesdotcom/traces-sbx-kit:0.1.0 .Avoid mutable-only distribution. If you publish latest, also publish a
versioned tag like 0.1.0.
- Docker Sandboxes kits are experimental.
- The Traces kit only works for agents with existing Traces adapters.
- Exact current-session detection depends on each agent runtime. Some agents may fall back to the newest trace for the current working directory.
- Docker Agent, Kiro, and Shell would need new Traces adapters or another capture mechanism.
- Kits cannot be removed from a running sandbox; recreate the sandbox for a clean test.