Feature request: Port exposure/forwarding for docker sandbox

[ykdojo]

Description

The Docker Sandboxes blog post (Jan 30, 2026) lists "Ability to expose ports to the host device and access host-exposed services" under What's Next. I'd like to formally request this as a feature and share a concrete use case.

Use Case

SafeClaw is a project that runs multiple isolated Claude Code sessions in Docker containers, each accessible via a web terminal (ttyd) served on a unique port. A web dashboard manages these sessions.

We'd love to migrate to Docker Sandboxes for Docker in Docker, but we depend heavily on port mapping (-p 127.0.0.1:PORT:7681) to expose the web terminal from each container to the host browser. Without port exposure, there's no way for users to access the terminal UI.

What we need

A flag on docker sandbox create or docker sandbox run (similar to -p / --publish on docker run) that forwards a port from inside the sandbox microVM to the host. For example:

docker sandbox create --name my-sandbox -p 127.0.0.1:7681:7681 claude ~/my-project

Even basic support (a single port or a fixed range) would unblock this use case.

[thaJeztah]

Thanks for reporting.

The sandbox command is implemented as a CLI plugin, and the code is not maintained in this repository; unfortunately, the repository for the plugin is closed-source, so I cannot transfer this ticket, but let me see if I can find someone to look if this would be possible (and where to best report issues with the plugin).

cc @kiview @rcjsuen