Skip to main content
The Docker sandbox runs the agent server inside a Docker container. This is the default and recommended option for most users.
In some self-hosted deployments, the sandbox provider is controlled via the legacy RUNTIME environment variable. Docker is the default.

Why Docker?

  • Isolation: reduces risk when the agent runs commands.
  • Reproducibility: consistent environment across machines.

Mounting your code into the sandbox

If you want OpenHands to work directly on a local repository, mount it into the sandbox.

Recommended: CLI launcher

If you start OpenHands via: 
openhands serve --mount-cwd
your current directory will be mounted into the sandbox workspace.

Using SANDBOX_VOLUMES

You can also configure mounts via the SANDBOX_VOLUMES environment variable (format: host_path:container_path[:mode]): 
export SANDBOX_VOLUMES=$PWD:/workspace:rw
Anything mounted read-write into /workspace can be modified by the agent.

Custom sandbox images

To customize the container image (extra tools, system deps, etc.), see Custom Sandbox Guide.