From 044f21b06469028c09aa0fb857589e2c60d4c19a Mon Sep 17 00:00:00 2001
From: Benjamin Shafii <benjamin.shafii@gmail.com>
Date: Mon, 9 Feb 2026 19:50:41 -0800
Subject: [PATCH] feat(sandbox): add docker-gated sandbox workspaces

---
 packages/app/src/app/app.tsx                  |  40 ++-
 .../app/components/create-workspace-modal.tsx |  89 ++++--
 .../src/app/components/session/composer.tsx   |  56 +++-
 .../src/app/components/session/sidebar.tsx    |  16 +-
 packages/app/src/app/context/workspace.ts     | 126 +++++++-
 packages/app/src/app/lib/openwork-server.ts   | 124 ++++++++
 packages/app/src/app/lib/tauri.ts             |  50 +++-
 packages/app/src/app/pages/dashboard.tsx      |  19 +-
 packages/app/src/app/pages/session.tsx        |  32 +-
 packages/app/src/i18n/locales/en.ts           |   5 +
 packages/app/src/i18n/locales/zh.ts           |   5 +
 .../desktop/src-tauri/src/commands/openwrk.rs | 281 ++++++++++++++++--
 .../src-tauri/src/commands/workspace.rs       |  42 +++
 packages/desktop/src-tauri/src/lib.rs         |   3 +
 packages/desktop/src-tauri/src/types.rs       |  10 +-
 .../desktop/src-tauri/src/workspace/state.rs  |   3 +
 16 files changed, 833 insertions(+), 68 deletions(-)

diff --git a/packages/app/src/app/app.tsx b/packages/app/src/app/app.tsx
index 354abde1b..552c3d6c8 100644
--- a/packages/app/src/app/app.tsx
+++ b/packages/app/src/app/app.tsx
@@ -4328,6 +4328,7 @@ export default function App() {
       openRenameWorkspace,
       editWorkspaceConnection: openWorkspaceConnectionSettings,
       forgetWorkspace: workspaceStore.forgetWorkspace,
+      stopSandbox: workspaceStore.stopSandbox,
       scheduledJobs: scheduledJobs(),
       scheduledJobsSource: scheduledJobsSource(),
       scheduledJobsSourceReady: scheduledJobsSourceReady(),
@@ -4488,8 +4489,10 @@ export default function App() {
     exportWorkspaceBusy: workspaceStore.exportingWorkspaceConfig(),
     clientConnected: Boolean(client()),
     openworkServerStatus: openworkServerStatus(),
+    openworkServerClient: openworkServerClient(),
     openworkServerSettings: openworkServerSettings(),
     openworkServerHostInfo: openworkServerHostInfo(),
+    openworkServerWorkspaceId: openworkServerWorkspaceId(),
     engineInfo: workspaceStore.engine(),
     stopHost,
     headerStatus: headerStatus(),
@@ -4775,10 +4778,41 @@ export default function App() {
         onConfirm={(preset, folder) =>
           workspaceStore.createWorkspaceFlow(preset, folder)
         }
-        onConfirmWorker={(preset, folder) =>
-          workspaceStore.createWorkerFlow(preset, folder)
+        onConfirmWorker={
+          isTauriRuntime()
+            ? (preset, folder) => workspaceStore.createSandboxFlow(preset, folder)
+            : undefined
         }
-        workerLabel="Create worker"
+        workerDisabled={(() => {
+          if (!isTauriRuntime()) return true;
+          const doctor = workspaceStore.sandboxDoctorResult?.();
+          return !doctor?.ready;
+        })()}
+        workerDisabledReason={(() => {
+          if (!isTauriRuntime()) return t("app.error.tauri_required", currentLocale());
+          const doctor = workspaceStore.sandboxDoctorResult?.();
+          if (doctor?.ready) return null;
+          if (workspaceStore.sandboxDoctorBusy?.()) {
+            return t("dashboard.sandbox_checking_docker", currentLocale());
+          }
+          const message = doctor?.error?.trim();
+          return message || t("dashboard.sandbox_get_ready_desc", currentLocale());
+        })()}
+        workerCtaLabel={t("dashboard.sandbox_get_ready_action", currentLocale())}
+        workerCtaDescription={t("dashboard.sandbox_get_ready_desc", currentLocale())}
+        onWorkerCta={async () => {
+          const url = "https://www.docker.com/products/docker-desktop/";
+          if (isTauriRuntime()) {
+            const { openUrl } = await import("@tauri-apps/plugin-opener");
+            await openUrl(url);
+          } else {
+            window.open(url, "_blank", "noopener,noreferrer");
+          }
+        }}
+        workerRetryLabel={t("common.retry", currentLocale())}
+        onWorkerRetry={() => {
+          void workspaceStore.refreshSandboxDoctor?.();
+        }}
         submitting={busy() && busyLabel() === "status.creating_workspace"}
       />
 
diff --git a/packages/app/src/app/components/create-workspace-modal.tsx b/packages/app/src/app/components/create-workspace-modal.tsx
index 75866f005..14e783df0 100644
--- a/packages/app/src/app/components/create-workspace-modal.tsx
+++ b/packages/app/src/app/components/create-workspace-modal.tsx
@@ -18,6 +18,13 @@ export default function CreateWorkspaceModal(props: {
   subtitle?: string;
   confirmLabel?: string;
   workerLabel?: string;
+  workerDisabled?: boolean;
+  workerDisabledReason?: string | null;
+  workerCtaLabel?: string;
+  workerCtaDescription?: string;
+  onWorkerCta?: () => void;
+  workerRetryLabel?: string;
+  onWorkerRetry?: () => void;
 }) {
   let pickFolderRef: HTMLButtonElement | undefined;
   const translate = (key: string) => t(key, currentLocale());
@@ -76,10 +83,14 @@ export default function CreateWorkspaceModal(props: {
   const title = () => props.title ?? translate("dashboard.create_workspace_title");
   const subtitle = () => props.subtitle ?? translate("dashboard.create_workspace_subtitle");
   const confirmLabel = () => props.confirmLabel ?? translate("dashboard.create_workspace_confirm");
-  const workerLabel = () => props.workerLabel ?? "Create worker";
+  const workerLabel = () => props.workerLabel ?? translate("dashboard.create_sandbox_confirm");
   const isInline = () => props.inline ?? false;
   const submitting = () => props.submitting ?? false;
 
+  const workerDisabled = () => Boolean(props.workerDisabled);
+  const workerDisabledReason = () => (props.workerDisabledReason ?? "").trim();
+  const showWorkerCallout = () => Boolean(props.onConfirmWorker && workerDisabled() && workerDisabledReason());
+
   const content = (
     <div class="bg-gray-2 border border-gray-6 w-full max-w-lg rounded-2xl shadow-2xl overflow-hidden flex flex-col max-h-[90vh]">
       <div class="p-6 border-b border-gray-6 flex justify-between items-center bg-gray-1">
@@ -180,37 +191,63 @@ export default function CreateWorkspaceModal(props: {
             </div>
           </div>
 
-      <div class="p-6 border-t border-gray-6 bg-gray-1 flex justify-end gap-3">
-        <Show when={showClose()}>
-          <Button variant="ghost" onClick={props.onClose} disabled={submitting()}>
-              {translate("common.cancel")}
-          </Button>
+      <div class="p-6 border-t border-gray-6 bg-gray-1 flex flex-col gap-3">
+        <Show when={showWorkerCallout()}>
+          <div class="rounded-xl border border-amber-7/30 bg-amber-2/40 px-4 py-3 text-xs text-amber-11">
+            <div class="font-semibold text-amber-12">{translate("dashboard.sandbox_get_ready_title")}</div>
+            <Show when={props.workerCtaDescription?.trim() || workerDisabledReason()}>
+              <div class="mt-1 text-amber-11 leading-relaxed">
+                {props.workerCtaDescription?.trim() || workerDisabledReason()}
+              </div>
+            </Show>
+            <div class="mt-3 flex flex-wrap items-center gap-2">
+              <Show when={props.onWorkerCta && props.workerCtaLabel?.trim()}>
+                <Button variant="outline" onClick={props.onWorkerCta} disabled={submitting()}>
+                  {props.workerCtaLabel}
+                </Button>
+              </Show>
+              <Show when={props.onWorkerRetry && props.workerRetryLabel?.trim()}>
+                <Button variant="ghost" onClick={props.onWorkerRetry} disabled={submitting()}>
+                  {props.workerRetryLabel}
+                </Button>
+              </Show>
+            </div>
+          </div>
         </Show>
-        <Show when={props.onConfirmWorker}>
+
+        <div class="flex justify-end gap-3">
+          <Show when={showClose()}>
+            <Button variant="ghost" onClick={props.onClose} disabled={submitting()}>
+              {translate("common.cancel")}
+            </Button>
+          </Show>
+          <Show when={props.onConfirmWorker}>
+            <Button
+              variant="outline"
+              onClick={() => props.onConfirmWorker?.(preset(), selectedFolder())}
+              disabled={!selectedFolder() || submitting() || workerDisabled()}
+              title={(() => {
+                if (!selectedFolder()) return translate("dashboard.choose_folder_continue");
+                if (workerDisabled() && workerDisabledReason()) return workerDisabledReason();
+                return undefined;
+              })()}
+            >
+              {workerLabel()}
+            </Button>
+          </Show>
           <Button
-            variant="outline"
-            onClick={() => props.onConfirmWorker?.(preset(), selectedFolder())}
+            onClick={() => props.onConfirm(preset(), selectedFolder())}
             disabled={!selectedFolder() || submitting()}
             title={!selectedFolder() ? translate("dashboard.choose_folder_continue") : undefined}
           >
-            {workerLabel()}
+            <Show when={submitting()} fallback={confirmLabel()}>
+              <span class="inline-flex items-center gap-2">
+                <Loader2 size={16} class="animate-spin" />
+                Creating...
+              </span>
+            </Show>
           </Button>
-        </Show>
-        <Button
-          onClick={() => props.onConfirm(preset(), selectedFolder())}
-          disabled={!selectedFolder() || submitting()}
-          title={!selectedFolder() ? translate("dashboard.choose_folder_continue") : undefined}
-        >
-          <Show
-            when={submitting()}
-            fallback={confirmLabel()}
-          >
-            <span class="inline-flex items-center gap-2">
-              <Loader2 size={16} class="animate-spin" />
-              Creating...
-            </span>
-          </Show>
-        </Button>
+        </div>
       </div>
     </div>
   );
diff --git a/packages/app/src/app/components/session/composer.tsx b/packages/app/src/app/components/session/composer.tsx
index db713a322..086616f60 100644
--- a/packages/app/src/app/components/session/composer.tsx
+++ b/packages/app/src/app/components/session/composer.tsx
@@ -46,6 +46,8 @@ type ComposerProps = {
   recentFiles: string[];
   searchFiles: (query: string) => Promise<string[]>;
   isRemoteWorkspace: boolean;
+  isSandboxWorkspace: boolean;
+  onUploadInboxFiles?: (files: File[]) => void | Promise<void>;
   attachmentsEnabled: boolean;
   attachmentsDisabledReason: string | null;
   listCommands: () => Promise<SlashCommandOption[]>;
@@ -367,6 +369,7 @@ const buildRangeFromOffsets = (root: HTMLElement, start: number, end: number) =>
 export default function Composer(props: ComposerProps) {
   let editorRef: HTMLDivElement | undefined;
   let fileInputRef: HTMLInputElement | undefined;
+  let inboxFileInputRef: HTMLInputElement | undefined;
   let variantPickerRef: HTMLDivElement | undefined;
   let mentionSearchRun = 0;
   let suppressPromptSync = false;
@@ -387,6 +390,7 @@ export default function Composer(props: ComposerProps) {
   const [historyIndex, setHistoryIndex] = createSignal({ prompt: -1, shell: -1 });
   const [history, setHistory] = createSignal({ prompt: [] as ComposerDraft[], shell: [] as ComposerDraft[] });
   const [variantMenuOpen, setVariantMenuOpen] = createSignal(false);
+  const [showInboxUploadAction, setShowInboxUploadAction] = createSignal(false);
   const activeVariant = createMemo(() => props.modelVariant ?? "none");
   const attachmentsDisabled = createMemo(() => !props.attachmentsEnabled);
 
@@ -466,7 +470,7 @@ export default function Composer(props: ComposerProps) {
       }));
     const all = [...agents, ...recentFiles, ...searchFiles];
     const list = query
-      ? fuzzysort.go(query, all, { keys: ["display"] }).map((entry) => entry.obj)
+      ? fuzzysort.go(query, all, { keys: ["display"] }).map((entry: any) => entry.obj)
       : all;
     const groups: MentionGroup[] = [];
     const bucket = new Map<MentionGroup["category"], MentionOption[]>();
@@ -619,7 +623,7 @@ export default function Composer(props: ComposerProps) {
     if (!query) return commands.slice(0, 15);
     return fuzzysort
       .go(query, commands, { keys: ["name", "description"] })
-      .map((entry) => entry.obj)
+      .map((entry: any) => entry.obj)
       .slice(0, 15);
   });
 
@@ -929,7 +933,6 @@ export default function Composer(props: ComposerProps) {
       .map((item) => item.getAsFile())
       .filter((file): file is File => !!file);
     const allFiles = files.length ? files : itemFiles;
-
     if (allFiles.length) {
       event.preventDefault();
       const hasSupported = allFiles.some((file) => ACCEPTED_FILE_TYPES.includes(file.type));
@@ -941,6 +944,20 @@ export default function Composer(props: ComposerProps) {
       return;
     }
 
+    const plainForCheck = clipboard.getData("text/plain") ?? "";
+    const trimmedForCheck = plainForCheck.trim();
+    if (trimmedForCheck && props.isSandboxWorkspace) {
+      const hasFileUrl = /file:\/\//i.test(trimmedForCheck);
+      const hasAbsolutePosix = /(^|\s)\/(Users|home|var|etc|opt|tmp|private|Volumes|Applications)\//.test(trimmedForCheck);
+      const hasAbsoluteWindows = /(^|\s)[a-zA-Z]:\\/.test(trimmedForCheck);
+      if (hasFileUrl || hasAbsolutePosix || hasAbsoluteWindows) {
+        props.onToast(
+          "Sandboxes can't access local file paths. Upload the file to the workspace inbox instead."
+        );
+        setShowInboxUploadAction(Boolean(props.onUploadInboxFiles));
+      }
+    }
+
     const plain = clipboard.getData("text/plain") || clipboard.getData("text") || "";
     const html = clipboard.getData("text/html") || "";
     const raw = plain || (html ? htmlToPlainText(html) : "");
@@ -960,6 +977,12 @@ export default function Composer(props: ComposerProps) {
     emitDraftChange();
   };
 
+  createEffect(() => {
+    if (!props.toast) {
+      setShowInboxUploadAction(false);
+    }
+  });
+
   const handleDrop = (event: DragEvent) => {
     if (!event.dataTransfer) return;
     event.preventDefault();
@@ -1395,7 +1418,18 @@ export default function Composer(props: ComposerProps) {
                    <div class="relative min-h-[120px]">
               <Show when={props.toast}>
                 <div class="absolute bottom-full right-0 mb-2 z-30 rounded-xl border border-dls-border bg-dls-surface px-3 py-2 text-xs text-dls-secondary shadow-lg backdrop-blur-md">
-                  {props.toast}
+                  <div class="flex items-center gap-3">
+                    <span>{props.toast}</span>
+                    <Show when={showInboxUploadAction() && props.onUploadInboxFiles}>
+                      <button
+                        type="button"
+                        class="shrink-0 rounded-md border border-dls-border bg-dls-hover px-2 py-1 text-[10px] text-dls-text hover:bg-dls-active"
+                        onClick={() => inboxFileInputRef?.click()}
+                      >
+                        Upload to inbox
+                      </button>
+                    </Show>
+                  </div>
                 </div>
               </Show>
 
@@ -1429,6 +1463,20 @@ export default function Composer(props: ComposerProps) {
 
                     <div class="mt-3 flex items-center justify-between px-2 pb-2">
                       <div class="flex items-center gap-2">
+                        <input
+                          ref={inboxFileInputRef}
+                          type="file"
+                          multiple
+                          class="hidden"
+                          onChange={(event: Event) => {
+                            const target = event.currentTarget as HTMLInputElement;
+                            const files = Array.from(target.files ?? []);
+                            if (files.length && props.onUploadInboxFiles) {
+                              void Promise.resolve(props.onUploadInboxFiles(files));
+                            }
+                            target.value = "";
+                          }}
+                        />
                         <input
                           ref={fileInputRef}
                           type="file"
diff --git a/packages/app/src/app/components/session/sidebar.tsx b/packages/app/src/app/components/session/sidebar.tsx
index 399e0a879..eca91d19f 100644
--- a/packages/app/src/app/components/session/sidebar.tsx
+++ b/packages/app/src/app/components/session/sidebar.tsx
@@ -1,5 +1,5 @@
 import { For, Show, createEffect, createMemo, createSignal, onCleanup } from "solid-js";
-import { Check, ChevronDown, GripVertical, Loader2, Plus, RefreshCcw, Settings, Trash2 } from "lucide-solid";
+import { Check, ChevronDown, GripVertical, Loader2, Plus, RefreshCcw, Settings, Square, Trash2 } from "lucide-solid";
 
 import type { TodoItem, WorkspaceConnectionState } from "../../types";
 import type { WorkspaceInfo } from "../../lib/tauri";
@@ -41,6 +41,7 @@ export type SidebarProps = {
   onEditWorkspace: (workspaceId: string) => void;
   onTestWorkspaceConnection: (workspaceId: string) => void;
   onForgetWorkspace: (workspaceId: string) => void;
+  onStopSandbox?: (workspaceId: string) => void;
   onReorderWorkspace: (fromId: string, toId: string | null) => void;
   onSelectSession: (workspaceId: string, sessionId: string) => void;
   selectedSessionId: string | null;
@@ -359,7 +360,7 @@ export default function SessionSidebar(props: SidebarProps) {
                                 </span>
                                 <Show when={group.workspace.workspaceType === "remote"}>
                                   <span class="text-[9px] uppercase tracking-wide px-1.5 py-0.5 rounded-full bg-gray-3 text-gray-11">
-                                    Remote
+                                    {group.workspace.sandboxContainerName?.trim() ? "Sandbox" : "Remote"}
                                   </span>
                                 </Show>
                               </div>
@@ -439,6 +440,17 @@ export default function SessionSidebar(props: SidebarProps) {
                                 Test connection
                               </button>
                             </Show>
+                            <Show when={group.workspace.sandboxContainerName?.trim() && props.onStopSandbox}>
+                              <button
+                                type="button"
+                                class="inline-flex items-center gap-1.5 rounded-md border border-gray-6 px-2 py-1 text-[10px] text-gray-10 hover:text-gray-12 hover:border-gray-7 hover:bg-gray-2 transition-colors"
+                                onClick={() => props.onStopSandbox?.(group.workspace.id)}
+                                disabled={isConnecting()}
+                              >
+                                <Square size={12} />
+                                Stop sandbox
+                              </button>
+                            </Show>
                             <button
                               type="button"
                               class="inline-flex items-center gap-1.5 rounded-md border border-gray-6 px-2 py-1 text-[10px] text-gray-10 hover:text-gray-12 hover:border-gray-7 hover:bg-gray-2 transition-colors"
diff --git a/packages/app/src/app/context/workspace.ts b/packages/app/src/app/context/workspace.ts
index d05acb2d8..dbdb1a754 100644
--- a/packages/app/src/app/context/workspace.ts
+++ b/packages/app/src/app/context/workspace.ts
@@ -36,6 +36,8 @@ import {
   engineInstall,
   engineStart,
   engineStop,
+  sandboxDoctor,
+  sandboxStop,
   openwrkInstanceDispose,
   openwrkStartDetached,
   openwrkWorkspaceActivate,
@@ -55,6 +57,7 @@ import {
   workspaceUpdateRemote,
   type EngineDoctorResult,
   type EngineInfo,
+  type SandboxDoctorResult,
   type WorkspaceInfo,
 } from "../lib/tauri";
 import { waitForHealthy, createClient, type OpencodeAuth } from "../lib/opencode";
@@ -133,6 +136,9 @@ export function createWorkspaceStore(options: {
   const [engineDoctorResult, setEngineDoctorResult] = createSignal<EngineDoctorResult | null>(null);
   const [engineDoctorCheckedAt, setEngineDoctorCheckedAt] = createSignal<number | null>(null);
   const [engineInstallLogs, setEngineInstallLogs] = createSignal<string | null>(null);
+  const [sandboxDoctorResult, setSandboxDoctorResult] = createSignal<SandboxDoctorResult | null>(null);
+  const [sandboxDoctorCheckedAt, setSandboxDoctorCheckedAt] = createSignal<number | null>(null);
+  const [sandboxDoctorBusy, setSandboxDoctorBusy] = createSignal(false);
   let lastEngineReconnectAt = 0;
   let reconnectingEngine = false;
 
@@ -517,6 +523,41 @@ export function createWorkspaceStore(options: {
     }
   }
 
+  async function refreshSandboxDoctor() {
+    if (!isTauriRuntime()) {
+      setSandboxDoctorResult(null);
+      setSandboxDoctorCheckedAt(Date.now());
+      return null;
+    }
+    if (sandboxDoctorBusy()) return sandboxDoctorResult();
+    setSandboxDoctorBusy(true);
+    try {
+      const result = await sandboxDoctor();
+      setSandboxDoctorResult(result);
+      return result;
+    } catch (e) {
+      const message = e instanceof Error ? e.message : safeStringify(e);
+      const fallback: SandboxDoctorResult = {
+        installed: false,
+        daemonRunning: false,
+        permissionOk: false,
+        ready: false,
+        error: message,
+      };
+      setSandboxDoctorResult(fallback);
+      return fallback;
+    } finally {
+      setSandboxDoctorCheckedAt(Date.now());
+      setSandboxDoctorBusy(false);
+    }
+  }
+
+  createEffect(() => {
+    if (!createWorkspaceOpen()) return;
+    if (!isTauriRuntime()) return;
+    void refreshSandboxDoctor();
+  });
+
   async function activateWorkspace(workspaceId: string) {
     const id = workspaceId.trim();
     if (!id) return false;
@@ -1154,7 +1195,7 @@ export function createWorkspaceStore(options: {
     }
   }
 
-  async function createWorkerFlow(preset: WorkspacePreset, folder: string | null) {
+  async function createSandboxFlow(preset: WorkspacePreset, folder: string | null) {
     if (!isTauriRuntime()) {
       options.setError(t("app.error.tauri_required", currentLocale()));
       return;
@@ -1165,6 +1206,13 @@ export function createWorkspaceStore(options: {
       return;
     }
 
+    const doctor = await refreshSandboxDoctor();
+    if (!doctor?.ready) {
+      const detail = doctor?.error?.trim() || "Docker is required for sandboxes. Install Docker Desktop, start it, then retry.";
+      options.setError(detail);
+      return;
+    }
+
     options.setBusy(true);
     options.setBusyLabel("status.creating_workspace");
     options.setBusyStartedAt(Date.now());
@@ -1177,7 +1225,7 @@ export function createWorkspaceStore(options: {
         return;
       }
 
-      const name = resolvedFolder.replace(/\\/g, "/").split("/").filter(Boolean).pop() ?? "Worker";
+      const name = resolvedFolder.replace(/\\/g, "/").split("/").filter(Boolean).pop() ?? "Workspace";
 
       // Ensure the workspace folder has baseline OpenWork/OpenCode files.
       const created = await workspaceCreate({ folderPath: resolvedFolder, name, preset });
@@ -1192,8 +1240,8 @@ export function createWorkspaceStore(options: {
         syncActiveWorkspaceId(forgotten.activeId);
       }
 
-      options.setBusyLabel("Starting host...");
-      const host = await openwrkStartDetached({ workspacePath: resolvedFolder });
+      options.setBusyLabel("Starting sandbox...");
+      const host = await openwrkStartDetached({ workspacePath: resolvedFolder, sandboxBackend: "docker" });
 
       setCreateWorkspaceOpen(false);
       options.setTab("scheduled");
@@ -1205,6 +1253,9 @@ export function createWorkspaceStore(options: {
         openworkToken: host.token,
         directory: resolvedFolder,
         displayName: name,
+        sandboxBackend: host.sandboxBackend ?? "docker",
+        sandboxRunId: host.sandboxRunId ?? null,
+        sandboxContainerName: host.sandboxContainerName ?? null,
       });
     } catch (e) {
       const message = e instanceof Error ? e.message : safeStringify(e);
@@ -1221,6 +1272,11 @@ export function createWorkspaceStore(options: {
     openworkToken?: string | null;
     directory?: string | null;
     displayName?: string | null;
+
+    // Sandbox lifecycle metadata (desktop-managed)
+    sandboxBackend?: "docker" | null;
+    sandboxRunId?: string | null;
+    sandboxContainerName?: string | null;
   }) {
     const hostUrl = normalizeOpenworkServerUrl(input.openworkHostUrl ?? "") ?? "";
     const token = input.openworkToken?.trim() ?? "";
@@ -1312,6 +1368,9 @@ export function createWorkspaceStore(options: {
           openworkToken: remoteType === "openwork" ? (token || null) : null,
           openworkWorkspaceId: remoteType === "openwork" ? openworkWorkspace?.id ?? null : null,
           openworkWorkspaceName: remoteType === "openwork" ? openworkWorkspace?.name ?? null : null,
+          sandboxBackend: input.sandboxBackend ?? null,
+          sandboxRunId: input.sandboxRunId ?? null,
+          sandboxContainerName: input.sandboxContainerName ?? null,
         });
         setWorkspaces(ws.workspaces);
         syncActiveWorkspaceId(ws.activeId);
@@ -1331,6 +1390,9 @@ export function createWorkspaceStore(options: {
           openworkToken: remoteType === "openwork" ? (token || null) : null,
           openworkWorkspaceId: remoteType === "openwork" ? openworkWorkspace?.id ?? null : null,
           openworkWorkspaceName: remoteType === "openwork" ? openworkWorkspace?.name ?? null : null,
+          sandboxBackend: input.sandboxBackend ?? null,
+          sandboxRunId: input.sandboxRunId ?? null,
+          sandboxContainerName: input.sandboxContainerName ?? null,
         };
 
         setWorkspaces((prev) => {
@@ -1547,6 +1609,55 @@ export function createWorkspaceStore(options: {
     }
   }
 
+  async function stopSandbox(workspaceId: string) {
+    if (!isTauriRuntime()) {
+      options.setError(t("app.error.tauri_required", currentLocale()));
+      return;
+    }
+
+    const id = workspaceId.trim();
+    if (!id) return;
+
+    const workspace = workspaces().find((entry) => entry.id === id) ?? null;
+    const containerName = workspace?.sandboxContainerName?.trim() ?? "";
+    if (!containerName) {
+      options.setError("Sandbox container name missing.");
+      return;
+    }
+
+    options.setBusy(true);
+    options.setBusyLabel("Stopping sandbox...");
+    options.setBusyStartedAt(Date.now());
+    options.setError(null);
+
+    try {
+      const result = await sandboxStop(containerName);
+      if (!result.ok) {
+        const details = [result.stderr?.trim(), result.stdout?.trim()]
+          .filter(Boolean)
+          .join("\n")
+          .trim();
+        throw new Error(details || `Failed to stop sandbox (status ${result.status})`);
+      }
+
+      // If the user stopped the active workspace, proactively disconnect the client.
+      if (activeWorkspaceId() === id) {
+        options.setClient(null);
+        options.setConnectedVersion(null);
+        options.setSseConnected(false);
+      }
+
+      updateWorkspaceConnectionState(id, { status: "error", message: "Sandbox stopped." });
+    } catch (e) {
+      const message = e instanceof Error ? e.message : safeStringify(e);
+      options.setError(addOpencodeCacheHint(message));
+    } finally {
+      options.setBusy(false);
+      options.setBusyLabel(null);
+      options.setBusyStartedAt(null);
+    }
+  }
+
   async function pickWorkspaceFolder() {
     if (!isTauriRuntime()) {
       options.setError(t("app.error.tauri_required", currentLocale()));
@@ -2302,6 +2413,9 @@ export function createWorkspaceStore(options: {
     engineDoctorResult,
     engineDoctorCheckedAt,
     engineInstallLogs,
+    sandboxDoctorResult,
+    sandboxDoctorCheckedAt,
+    sandboxDoctorBusy,
     projectDir,
     workspaces,
     activeWorkspaceId,
@@ -2333,11 +2447,12 @@ export function createWorkspaceStore(options: {
     testWorkspaceConnection,
     connectToServer,
     createWorkspaceFlow,
-    createWorkerFlow,
+    createSandboxFlow,
     createRemoteWorkspaceFlow,
     updateRemoteWorkspaceFlow,
     updateWorkspaceDisplayName,
     forgetWorkspace,
+    stopSandbox,
     pickWorkspaceFolder,
     exportWorkspaceConfig,
     importWorkspaceConfig,
@@ -2358,5 +2473,6 @@ export function createWorkspaceStore(options: {
     removeAuthorizedDirAtIndex,
     persistReloadSettings,
     setEngineInstallLogs,
+    refreshSandboxDoctor,
   };
 }
diff --git a/packages/app/src/app/lib/openwork-server.ts b/packages/app/src/app/lib/openwork-server.ts
index e33d4dd91..dbb0be2c1 100644
--- a/packages/app/src/app/lib/openwork-server.ts
+++ b/packages/app/src/app/lib/openwork-server.ts
@@ -258,6 +258,20 @@ export type OpenworkWorkspaceExport = {
   commands?: Array<{ name: string; description?: string; template?: string }>;
 };
 
+export type OpenworkArtifactItem = {
+  id: string;
+  name?: string;
+  path?: string;
+  size?: number;
+  createdAt?: number;
+  updatedAt?: number;
+  mime?: string;
+};
+
+export type OpenworkArtifactList = {
+  items: OpenworkArtifactItem[];
+};
+
 type RawJsonResponse<T> = {
   ok: boolean;
   status: number;
@@ -498,6 +512,20 @@ function buildHeaders(
   return headers;
 }
 
+function buildAuthHeaders(token?: string, hostToken?: string, extra?: Record<string, string>) {
+  const headers: Record<string, string> = {};
+  if (token) {
+    headers.Authorization = `Bearer ${token}`;
+  }
+  if (hostToken) {
+    headers["X-OpenWork-Host-Token"] = hostToken;
+  }
+  if (extra) {
+    Object.assign(headers, extra);
+  }
+  return headers;
+}
+
 // Use Tauri's fetch when running in the desktop app to avoid CORS issues
 const resolveFetch = () => (isTauriRuntime() ? tauriFetch : globalThis.fetch);
 
@@ -550,6 +578,56 @@ async function requestJsonRaw<T>(
   return { ok: response.ok, status: response.status, json };
 }
 
+async function requestMultipartRaw(
+  baseUrl: string,
+  path: string,
+  options: { method?: string; token?: string; hostToken?: string; body?: FormData } = {},
+): Promise<{ ok: boolean; status: number; text: string }>{
+  const url = `${baseUrl}${path}`;
+  const fetchImpl = resolveFetch();
+  const response = await fetchImpl(url, {
+    method: options.method ?? "POST",
+    headers: buildAuthHeaders(options.token, options.hostToken),
+    body: options.body,
+  });
+  const text = await response.text();
+  return { ok: response.ok, status: response.status, text };
+}
+
+async function requestBinary(
+  baseUrl: string,
+  path: string,
+  options: { method?: string; token?: string; hostToken?: string } = {},
+): Promise<{ data: ArrayBuffer; contentType: string | null; filename: string | null }>{
+  const url = `${baseUrl}${path}`;
+  const fetchImpl = resolveFetch();
+  const response = await fetchImpl(url, {
+    method: options.method ?? "GET",
+    headers: buildAuthHeaders(options.token, options.hostToken),
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    let json: any = null;
+    try {
+      json = text ? JSON.parse(text) : null;
+    } catch {
+      json = null;
+    }
+    const code = typeof json?.code === "string" ? json.code : "request_failed";
+    const message = typeof json?.message === "string" ? json.message : response.statusText;
+    throw new OpenworkServerError(response.status, code, message, json?.details);
+  }
+
+  const contentType = response.headers.get("content-type");
+  const disposition = response.headers.get("content-disposition") ?? "";
+  const filenameMatch = disposition.match(/filename\*=UTF-8''([^;]+)|filename="?([^";]+)"?/i);
+  const filenameRaw = filenameMatch?.[1] ?? filenameMatch?.[2] ?? null;
+  const filename = filenameRaw ? decodeURIComponent(filenameRaw) : null;
+  const data = await response.arrayBuffer();
+  return { data, contentType, filename };
+}
+
 export function createOpenworkServerClient(options: { baseUrl: string; token?: string; hostToken?: string }) {
   const baseUrl = options.baseUrl.replace(/\/+$/, "");
   const token = options.token;
@@ -879,6 +957,52 @@ export function createOpenworkServerClient(options: { baseUrl: string; token?: s
           method: "DELETE",
         },
       ),
+
+    uploadInbox: async (workspaceId: string, file: File, options?: { path?: string }) => {
+      const id = workspaceId.trim();
+      if (!id) throw new Error("workspaceId is required");
+      if (!file) throw new Error("file is required");
+      const form = new FormData();
+      form.append("file", file);
+      if (options?.path?.trim()) {
+        form.append("path", options.path.trim());
+      }
+
+      const result = await requestMultipartRaw(baseUrl, `/workspace/${encodeURIComponent(id)}/inbox`, {
+        token,
+        hostToken,
+        method: "POST",
+        body: form,
+      });
+
+      if (!result.ok) {
+        let message = result.text.trim();
+        try {
+          const json = message ? JSON.parse(message) : null;
+          if (json && typeof json.message === "string") {
+            message = json.message;
+          }
+        } catch {
+          // ignore
+        }
+        throw new OpenworkServerError(result.status, "request_failed", message || "Inbox upload failed");
+      }
+
+      return result.text;
+    },
+
+    listArtifacts: (workspaceId: string) =>
+      requestJson<OpenworkArtifactList>(baseUrl, `/workspace/${encodeURIComponent(workspaceId)}/artifacts`, {
+        token,
+        hostToken,
+      }),
+
+    downloadArtifact: (workspaceId: string, artifactId: string) =>
+      requestBinary(
+        baseUrl,
+        `/workspace/${encodeURIComponent(workspaceId)}/artifacts/${encodeURIComponent(artifactId)}`,
+        { token, hostToken },
+      ),
   };
 }
 
diff --git a/packages/app/src/app/lib/tauri.ts b/packages/app/src/app/lib/tauri.ts
index 0b70c0338..8e1238b2d 100644
--- a/packages/app/src/app/lib/tauri.ts
+++ b/packages/app/src/app/lib/tauri.ts
@@ -118,6 +118,11 @@ export type WorkspaceInfo = {
   openworkToken?: string | null;
   openworkWorkspaceId?: string | null;
   openworkWorkspaceName?: string | null;
+
+  // Sandbox lifecycle metadata (desktop-managed)
+  sandboxBackend?: "docker" | null;
+  sandboxRunId?: string | null;
+  sandboxContainerName?: string | null;
 };
 
 export type WorkspaceList = {
@@ -172,6 +177,11 @@ export async function workspaceCreateRemote(input: {
   openworkToken?: string | null;
   openworkWorkspaceId?: string | null;
   openworkWorkspaceName?: string | null;
+
+  // Sandbox lifecycle metadata (desktop-managed)
+  sandboxBackend?: "docker" | null;
+  sandboxRunId?: string | null;
+  sandboxContainerName?: string | null;
 }): Promise<WorkspaceList> {
   return invoke<WorkspaceList>("workspace_create_remote", {
     baseUrl: input.baseUrl,
@@ -182,6 +192,9 @@ export async function workspaceCreateRemote(input: {
     openworkToken: input.openworkToken ?? null,
     openworkWorkspaceId: input.openworkWorkspaceId ?? null,
     openworkWorkspaceName: input.openworkWorkspaceName ?? null,
+    sandboxBackend: input.sandboxBackend ?? null,
+    sandboxRunId: input.sandboxRunId ?? null,
+    sandboxContainerName: input.sandboxContainerName ?? null,
   });
 }
 
@@ -195,6 +208,11 @@ export async function workspaceUpdateRemote(input: {
   openworkToken?: string | null;
   openworkWorkspaceId?: string | null;
   openworkWorkspaceName?: string | null;
+
+  // Sandbox lifecycle metadata (desktop-managed)
+  sandboxBackend?: "docker" | null;
+  sandboxRunId?: string | null;
+  sandboxContainerName?: string | null;
 }): Promise<WorkspaceList> {
   return invoke<WorkspaceList>("workspace_update_remote", {
     workspaceId: input.workspaceId,
@@ -206,6 +224,9 @@ export async function workspaceUpdateRemote(input: {
     openworkToken: input.openworkToken ?? null,
     openworkWorkspaceId: input.openworkWorkspaceId ?? null,
     openworkWorkspaceName: input.openworkWorkspaceName ?? null,
+    sandboxBackend: input.sandboxBackend ?? null,
+    sandboxRunId: input.sandboxRunId ?? null,
+    sandboxContainerName: input.sandboxContainerName ?? null,
   });
 }
 
@@ -367,14 +388,41 @@ export type OpenwrkDetachedHost = {
   token: string;
   hostToken: string;
   port: number;
+  sandboxBackend?: "docker" | null;
+  sandboxRunId?: string | null;
+  sandboxContainerName?: string | null;
 };
 
-export async function openwrkStartDetached(input: { workspacePath: string }): Promise<OpenwrkDetachedHost> {
+export async function openwrkStartDetached(input: {
+  workspacePath: string;
+  sandboxBackend?: "none" | "docker" | null;
+  runId?: string | null;
+}): Promise<OpenwrkDetachedHost> {
   return invoke<OpenwrkDetachedHost>("openwrk_start_detached", {
     workspacePath: input.workspacePath,
+    sandboxBackend: input.sandboxBackend ?? null,
+    runId: input.runId ?? null,
   });
 }
 
+export type SandboxDoctorResult = {
+  installed: boolean;
+  daemonRunning: boolean;
+  permissionOk: boolean;
+  ready: boolean;
+  clientVersion?: string | null;
+  serverVersion?: string | null;
+  error?: string | null;
+};
+
+export async function sandboxDoctor(): Promise<SandboxDoctorResult> {
+  return invoke<SandboxDoctorResult>("sandbox_doctor");
+}
+
+export async function sandboxStop(containerName: string): Promise<ExecResult> {
+  return invoke<ExecResult>("sandbox_stop", { containerName });
+}
+
 export async function openworkServerInfo(): Promise<OpenworkServerInfo> {
   return invoke<OpenworkServerInfo>("openwork_server_info");
 }
diff --git a/packages/app/src/app/pages/dashboard.tsx b/packages/app/src/app/pages/dashboard.tsx
index 4fe5e2d28..9e75dc6d3 100644
--- a/packages/app/src/app/pages/dashboard.tsx
+++ b/packages/app/src/app/pages/dashboard.tsx
@@ -120,6 +120,7 @@ export type DashboardViewProps = {
   openRenameWorkspace: (workspaceId: string) => void;
   editWorkspaceConnection: (workspaceId: string) => void;
   forgetWorkspace: (workspaceId: string) => void;
+  stopSandbox: (workspaceId: string) => void;
   scheduledJobs: ScheduledJob[];
   scheduledJobsSource: "local" | "remote";
   scheduledJobsSourceReady: boolean;
@@ -272,7 +273,11 @@ export default function DashboardView(props: DashboardViewProps) {
     workspace.path?.trim() ||
     "Workspace";
   const workspaceKindLabel = (workspace: WorkspaceInfo) =>
-    workspace.workspaceType === "remote" ? "Remote" : "Local";
+    workspace.workspaceType === "remote"
+      ? workspace.sandboxContainerName?.trim()
+        ? "Sandbox"
+        : "Remote"
+      : "Local";
 
   const openSessionFromList = (workspaceId: string, sessionId: string) => {
     // For same-workspace clicks, just select the session without workspace activation
@@ -861,6 +866,18 @@ export default function DashboardView(props: DashboardViewProps) {
                               Edit connection
                             </button>
                           </Show>
+                          <Show when={workspace().sandboxContainerName?.trim()}>
+                            <button
+                              type="button"
+                              class="w-full text-left px-2 py-1.5 text-sm rounded-md hover:bg-dls-hover"
+                              onClick={() => {
+                                props.stopSandbox(workspace().id);
+                                setWorkspaceMenuId(null);
+                              }}
+                            >
+                              Stop sandbox
+                            </button>
+                          </Show>
                           <button
                             type="button"
                             class="w-full text-left px-2 py-1.5 text-sm rounded-md hover:bg-dls-hover text-red-11"
diff --git a/packages/app/src/app/pages/session.tsx b/packages/app/src/app/pages/session.tsx
index 5cda594ec..68607d4ed 100644
--- a/packages/app/src/app/pages/session.tsx
+++ b/packages/app/src/app/pages/session.tsx
@@ -49,7 +49,7 @@ import ProviderAuthModal from "../components/provider-auth-modal";
 import ShareWorkspaceModal from "../components/share-workspace-modal";
 import StatusBar from "../components/status-bar";
 import { buildOpenworkWorkspaceBaseUrl, createOpenworkServerClient } from "../lib/openwork-server";
-import type { OpenworkServerSettings, OpenworkServerStatus } from "../lib/openwork-server";
+import type { OpenworkServerClient, OpenworkServerSettings, OpenworkServerStatus } from "../lib/openwork-server";
 import { join } from "@tauri-apps/api/path";
 import { formatRelativeTime, isTauriRuntime, normalizeDirectoryPath } from "../utils";
 
@@ -83,8 +83,10 @@ export type SessionViewProps = {
   exportWorkspaceBusy: boolean;
   clientConnected: boolean;
   openworkServerStatus: OpenworkServerStatus;
+  openworkServerClient: OpenworkServerClient | null;
   openworkServerSettings: OpenworkServerSettings;
   openworkServerHostInfo: OpenworkServerInfo | null;
+  openworkServerWorkspaceId: string | null;
   engineInfo: EngineInfo | null;
   stopHost: () => void;
   headerStatus: string;
@@ -991,6 +993,32 @@ export default function SessionView(props: SessionViewProps) {
     props.sendPromptAsync(draft).catch(() => undefined);
   };
 
+  const isSandboxWorkspace = createMemo(() => Boolean((props.activeWorkspaceDisplay as any)?.sandboxContainerName?.trim()));
+
+  const uploadInboxFiles = async (files: File[]) => {
+    const client = props.openworkServerClient;
+    const workspaceId = props.openworkServerWorkspaceId?.trim() ?? "";
+    if (!client || !workspaceId) {
+      setToastMessage("Connect to the OpenWork server to upload inbox files.");
+      return;
+    }
+    if (!files.length) return;
+
+    const label = files.length === 1 ? files[0]?.name ?? "file" : `${files.length} files`;
+    setToastMessage(`Uploading ${label} to inbox...`);
+
+    try {
+      for (const file of files) {
+        await client.uploadInbox(workspaceId, file);
+      }
+      const summary = files.map((file) => file.name).filter(Boolean).join(", ");
+      setToastMessage(summary ? `Uploaded to inbox: ${summary}` : "Uploaded to inbox.");
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Inbox upload failed";
+      setToastMessage(message);
+    }
+  };
+
   const handleDraftChange = (draft: ComposerDraft) => {
     props.setPrompt(draft.text);
   };
@@ -1739,6 +1767,8 @@ export default function SessionView(props: SessionViewProps) {
         searchFiles={props.searchFiles}
         listCommands={props.listCommands}
         isRemoteWorkspace={props.activeWorkspaceDisplay.workspaceType === "remote"}
+        isSandboxWorkspace={isSandboxWorkspace()}
+        onUploadInboxFiles={isSandboxWorkspace() ? uploadInboxFiles : undefined}
         attachmentsEnabled={attachmentsEnabled()}
         attachmentsDisabledReason={attachmentsDisabledReason()}
       />
diff --git a/packages/app/src/i18n/locales/en.ts b/packages/app/src/i18n/locales/en.ts
index 7d6edf7b4..61957a0c6 100644
--- a/packages/app/src/i18n/locales/en.ts
+++ b/packages/app/src/i18n/locales/en.ts
@@ -51,6 +51,11 @@ export default {
   "dashboard.create_workspace_title": "Create Workspace",
   "dashboard.create_workspace_subtitle": "Initialize a new folder-based workspace.",
   "dashboard.create_workspace_confirm": "Create Workspace",
+  "dashboard.create_sandbox_confirm": "Create as sandbox",
+  "dashboard.sandbox_get_ready_title": "Sandboxes need Docker",
+  "dashboard.sandbox_get_ready_action": "Get your system ready",
+  "dashboard.sandbox_get_ready_desc": "Run this workspace in an isolated Docker container for safer, more reproducible runs.",
+  "dashboard.sandbox_checking_docker": "Checking Docker...",
   "dashboard.create_remote_workspace_title": "Add Remote Workspace",
   "dashboard.create_remote_workspace_subtitle": "Save an OpenWork server as a workspace.",
   "dashboard.create_remote_workspace_confirm": "Add Workspace",
diff --git a/packages/app/src/i18n/locales/zh.ts b/packages/app/src/i18n/locales/zh.ts
index e55a76e91..240bdc7ea 100644
--- a/packages/app/src/i18n/locales/zh.ts
+++ b/packages/app/src/i18n/locales/zh.ts
@@ -51,6 +51,11 @@ export default {
   "dashboard.create_workspace_title": "创建工作区",
   "dashboard.create_workspace_subtitle": "初始化新的基于文件夹的工作区。",
   "dashboard.create_workspace_confirm": "创建工作区",
+  "dashboard.create_sandbox_confirm": "创建为沙盒",
+  "dashboard.sandbox_get_ready_title": "沙盒需要 Docker",
+  "dashboard.sandbox_get_ready_action": "准备沙盒环境",
+  "dashboard.sandbox_get_ready_desc": "在隔离的 Docker 容器中运行此工作区，更安全、更可复现。",
+  "dashboard.sandbox_checking_docker": "正在检查 Docker...",
   "dashboard.create_remote_workspace_title": "添加远程工作区",
   "dashboard.create_remote_workspace_subtitle": "保存 OpenWork 服务器为工作区。",
   "dashboard.create_remote_workspace_confirm": "添加工作区",
diff --git a/packages/desktop/src-tauri/src/commands/openwrk.rs b/packages/desktop/src-tauri/src/commands/openwrk.rs
index aab09d199..89170458a 100644
--- a/packages/desktop/src-tauri/src/commands/openwrk.rs
+++ b/packages/desktop/src-tauri/src/commands/openwrk.rs
@@ -2,6 +2,7 @@ use serde::Deserialize;
 use serde::Serialize;
 use serde_json::json;
 use std::net::TcpListener;
+use std::process::Command;
 use std::time::{Duration, Instant};
 use tauri::AppHandle;
 use tauri::State;
@@ -10,7 +11,7 @@ use uuid::Uuid;
 
 use crate::openwrk::manager::OpenwrkManager;
 use crate::openwrk::{resolve_openwrk_data_dir, resolve_openwrk_status};
-use crate::types::{OpenwrkStatus, OpenwrkWorkspace};
+use crate::types::{ExecResult, OpenwrkStatus, OpenwrkWorkspace};
 
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
@@ -19,6 +20,75 @@ pub struct OpenwrkDetachedHost {
     pub token: String,
     pub host_token: String,
     pub port: u16,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub sandbox_backend: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub sandbox_run_id: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub sandbox_container_name: Option<String>,
+}
+
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SandboxDoctorResult {
+    pub installed: bool,
+    pub daemon_running: bool,
+    pub permission_ok: bool,
+    pub ready: bool,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub client_version: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub server_version: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub error: Option<String>,
+}
+
+fn run_local_command(program: &str, args: &[&str]) -> Result<(i32, String, String), String> {
+    let output = Command::new(program)
+        .args(args)
+        .output()
+        .map_err(|e| format!("Failed to run {program}: {e}"))?;
+    let status = output.status.code().unwrap_or(-1);
+    let stdout = String::from_utf8_lossy(&output.stdout).to_string();
+    let stderr = String::from_utf8_lossy(&output.stderr).to_string();
+    Ok((status, stdout, stderr))
+}
+
+fn parse_docker_client_version(stdout: &str) -> Option<String> {
+    // Example: "Docker version 26.1.1, build 4cf5afa"
+    let line = stdout.lines().next().unwrap_or("").trim();
+    if !line.to_lowercase().starts_with("docker version") {
+        return None;
+    }
+    Some(line.to_string())
+}
+
+fn parse_docker_server_version(stdout: &str) -> Option<String> {
+    // Example line in `docker info` output: " Server Version: 26.1.1"
+    for line in stdout.lines() {
+        let trimmed = line.trim();
+        if let Some(rest) = trimmed.strip_prefix("Server Version:") {
+            let value = rest.trim();
+            if !value.is_empty() {
+                return Some(value.to_string());
+            }
+        }
+    }
+    None
+}
+
+fn derive_openwrk_container_name(run_id: &str) -> String {
+    // Must match openwrk's docker naming scheme:
+    // `openwrk-${runId.replace(/[^a-zA-Z0-9_.-]+/g, "-").slice(0, 24)}`
+    let mut sanitized = String::new();
+    for ch in run_id.chars() {
+        let ok = ch.is_ascii_alphanumeric() || ch == '_' || ch == '.' || ch == '-';
+        sanitized.push(if ok { ch } else { '-' });
+    }
+    if sanitized.len() > 24 {
+        sanitized.truncate(24);
+    }
+    format!("openwrk-{sanitized}")
 }
 
 fn allocate_free_port() -> Result<u16, String> {
@@ -164,12 +234,29 @@ pub fn openwrk_instance_dispose(
 pub fn openwrk_start_detached(
     app: AppHandle,
     workspace_path: String,
+    sandbox_backend: Option<String>,
+    run_id: Option<String>,
 ) -> Result<OpenwrkDetachedHost, String> {
     let workspace_path = workspace_path.trim().to_string();
     if workspace_path.is_empty() {
         return Err("workspacePath is required".to_string());
     }
 
+    let sandbox_backend = sandbox_backend
+        .unwrap_or_else(|| "none".to_string())
+        .trim()
+        .to_lowercase();
+    let wants_docker_sandbox = sandbox_backend == "docker";
+    let sandbox_run_id = run_id
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty())
+        .unwrap_or_else(|| Uuid::new_v4().to_string());
+    let sandbox_container_name = if wants_docker_sandbox {
+        Some(derive_openwrk_container_name(&sandbox_run_id))
+    } else {
+        None
+    };
+
     let port = allocate_free_port()?;
     let token = Uuid::new_v4().to_string();
     let host_token = Uuid::new_v4().to_string();
@@ -182,35 +269,181 @@ pub fn openwrk_start_detached(
 
     // Start a dedicated host stack for this workspace.
     // We pass explicit tokens and a free port so the UI can connect deterministically.
-    command
-        .args([
-            "start",
-            "--workspace",
-            &workspace_path,
-            "--approval",
-            "auto",
-            "--no-opencode-auth",
-            "--owpenbot",
-            "true",
-            "--detach",
-            "--openwork-host",
-            "0.0.0.0",
-            "--openwork-port",
-            &port.to_string(),
-            "--openwork-token",
-            &token,
-            "--openwork-host-token",
-            &host_token,
-        ])
-        .spawn()
-        .map_err(|e| format!("Failed to start openwrk: {e}"))?;
+    {
+        let mut args: Vec<String> = vec![
+            "start".to_string(),
+            "--workspace".to_string(),
+            workspace_path.clone(),
+            "--approval".to_string(),
+            "auto".to_string(),
+            "--no-opencode-auth".to_string(),
+            "--owpenbot".to_string(),
+            "true".to_string(),
+            "--detach".to_string(),
+            "--openwork-host".to_string(),
+            "0.0.0.0".to_string(),
+            "--openwork-port".to_string(),
+            port.to_string(),
+            "--openwork-token".to_string(),
+            token.clone(),
+            "--openwork-host-token".to_string(),
+            host_token.clone(),
+            "--run-id".to_string(),
+            sandbox_run_id.clone(),
+        ];
 
-    wait_for_openwork_health(&openwork_url, 12_000)?;
+        if wants_docker_sandbox {
+            args.push("--sandbox".to_string());
+            args.push("docker".to_string());
+        }
+
+        // Convert to &str for the shell command builder.
+        let mut str_args: Vec<&str> = Vec::with_capacity(args.len());
+        for arg in &args {
+            str_args.push(arg.as_str());
+        }
+
+        command
+            .args(str_args)
+            .spawn()
+            .map_err(|e| format!("Failed to start openwrk: {e}"))?;
+    }
+
+    let health_timeout_ms = if wants_docker_sandbox { 90_000 } else { 12_000 };
+    wait_for_openwork_health(&openwork_url, health_timeout_ms)?;
 
     Ok(OpenwrkDetachedHost {
         openwork_url,
         token,
         host_token,
         port,
+        sandbox_backend: if wants_docker_sandbox {
+            Some("docker".to_string())
+        } else {
+            None
+        },
+        sandbox_run_id: if wants_docker_sandbox {
+            Some(sandbox_run_id)
+        } else {
+            None
+        },
+        sandbox_container_name,
+    })
+}
+
+#[tauri::command]
+pub fn sandbox_doctor() -> SandboxDoctorResult {
+    let (status, stdout, stderr) = match run_local_command("docker", &["--version"]) {
+        Ok(result) => result,
+        Err(err) => {
+            return SandboxDoctorResult {
+                installed: false,
+                daemon_running: false,
+                permission_ok: false,
+                ready: false,
+                client_version: None,
+                server_version: None,
+                error: Some(err),
+            };
+        }
+    };
+
+    if status != 0 {
+        return SandboxDoctorResult {
+            installed: false,
+            daemon_running: false,
+            permission_ok: false,
+            ready: false,
+            client_version: None,
+            server_version: None,
+            error: Some(format!(
+                "docker --version failed (status {status}): {}",
+                stderr.trim()
+            )),
+        };
+    }
+
+    let client_version = parse_docker_client_version(&stdout);
+
+    // `docker info` is a good readiness check (installed + daemon reachable + perms).
+    let (info_status, info_stdout, info_stderr) = match run_local_command("docker", &["info"]) {
+        Ok(result) => result,
+        Err(err) => {
+            return SandboxDoctorResult {
+                installed: true,
+                daemon_running: false,
+                permission_ok: false,
+                ready: false,
+                client_version,
+                server_version: None,
+                error: Some(err),
+            };
+        }
+    };
+
+    if info_status == 0 {
+        let server_version = parse_docker_server_version(&info_stdout);
+        return SandboxDoctorResult {
+            installed: true,
+            daemon_running: true,
+            permission_ok: true,
+            ready: true,
+            client_version,
+            server_version,
+            error: None,
+        };
+    }
+
+    let combined = format!("{}\n{}", info_stdout.trim(), info_stderr.trim())
+        .trim()
+        .to_string();
+    let lower = combined.to_lowercase();
+    let permission_ok = !lower.contains("permission denied")
+        && !lower.contains("got permission denied")
+        && !lower.contains("access is denied");
+    let daemon_running = !lower.contains("cannot connect to the docker daemon")
+        && !lower.contains("is the docker daemon running")
+        && !lower.contains("error during connect")
+        && !lower.contains("connection refused");
+
+    SandboxDoctorResult {
+        installed: true,
+        daemon_running,
+        permission_ok,
+        ready: false,
+        client_version,
+        server_version: None,
+        error: Some(if combined.is_empty() {
+            format!("docker info failed (status {info_status})")
+        } else {
+            combined
+        }),
+    }
+}
+
+#[tauri::command]
+pub fn sandbox_stop(container_name: String) -> Result<ExecResult, String> {
+    let name = container_name.trim().to_string();
+    if name.is_empty() {
+        return Err("containerName is required".to_string());
+    }
+    if !name.starts_with("openwrk-") {
+        return Err(
+            "Refusing to stop container: expected name starting with 'openwrk-'".to_string(),
+        );
+    }
+    if !name
+        .chars()
+        .all(|ch| ch.is_ascii_alphanumeric() || ch == '_' || ch == '.' || ch == '-')
+    {
+        return Err("containerName contains invalid characters".to_string());
+    }
+
+    let (status, stdout, stderr) = run_local_command("docker", &["stop", &name])?;
+    Ok(ExecResult {
+        ok: status == 0,
+        status,
+        stdout,
+        stderr,
     })
 }
diff --git a/packages/desktop/src-tauri/src/commands/workspace.rs b/packages/desktop/src-tauri/src/commands/workspace.rs
index 8e4d17483..9891e2b1d 100644
--- a/packages/desktop/src-tauri/src/commands/workspace.rs
+++ b/packages/desktop/src-tauri/src/commands/workspace.rs
@@ -211,6 +211,9 @@ pub fn workspace_create(
         openwork_token: None,
         openwork_workspace_id: None,
         openwork_workspace_name: None,
+        sandbox_backend: None,
+        sandbox_run_id: None,
+        sandbox_container_name: None,
     });
 
     state.active_id = id.clone();
@@ -236,6 +239,9 @@ pub fn workspace_create_remote(
     openwork_token: Option<String>,
     openwork_workspace_id: Option<String>,
     openwork_workspace_name: Option<String>,
+    sandbox_backend: Option<String>,
+    sandbox_run_id: Option<String>,
+    sandbox_container_name: Option<String>,
     watch_state: State<WorkspaceWatchState>,
 ) -> Result<WorkspaceList, String> {
     println!("[workspace] create remote request");
@@ -312,6 +318,15 @@ pub fn workspace_create_remote(
         openwork_token,
         openwork_workspace_id,
         openwork_workspace_name,
+        sandbox_backend: sandbox_backend
+            .map(|value| value.trim().to_string())
+            .filter(|value| !value.is_empty()),
+        sandbox_run_id: sandbox_run_id
+            .map(|value| value.trim().to_string())
+            .filter(|value| !value.is_empty()),
+        sandbox_container_name: sandbox_container_name
+            .map(|value| value.trim().to_string())
+            .filter(|value| !value.is_empty()),
     });
     state.active_id = id.clone();
     save_workspace_state(&app, &state)?;
@@ -337,6 +352,9 @@ pub fn workspace_update_remote(
     openwork_token: Option<String>,
     openwork_workspace_id: Option<String>,
     openwork_workspace_name: Option<String>,
+    sandbox_backend: Option<String>,
+    sandbox_run_id: Option<String>,
+    sandbox_container_name: Option<String>,
 ) -> Result<WorkspaceList, String> {
     println!("[workspace] update remote request: {workspace_id}");
     let mut state = load_workspace_state(&app)?;
@@ -417,6 +435,27 @@ pub fn workspace_update_remote(
         }
     }
 
+    if let Some(next_backend) = sandbox_backend
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty())
+    {
+        entry.sandbox_backend = Some(next_backend);
+    }
+
+    if let Some(next_run_id) = sandbox_run_id
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty())
+    {
+        entry.sandbox_run_id = Some(next_run_id);
+    }
+
+    if let Some(next_container) = sandbox_container_name
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty())
+    {
+        entry.sandbox_container_name = Some(next_container);
+    }
+
     save_workspace_state(&app, &state)?;
     println!("[workspace] update remote complete: {id}");
 
@@ -870,6 +909,9 @@ pub fn workspace_import_config(
         openwork_token: None,
         openwork_workspace_id: None,
         openwork_workspace_name: None,
+        sandbox_backend: None,
+        sandbox_run_id: None,
+        sandbox_container_name: None,
     });
     state.active_id = id.clone();
     save_workspace_state(&app, &state)?;
diff --git a/packages/desktop/src-tauri/src/lib.rs b/packages/desktop/src-tauri/src/lib.rs
index e8bd28818..79f02f02c 100644
--- a/packages/desktop/src-tauri/src/lib.rs
+++ b/packages/desktop/src-tauri/src/lib.rs
@@ -23,6 +23,7 @@ use commands::engine::{engine_doctor, engine_info, engine_install, engine_start,
 use commands::misc::{app_build_info, opencode_mcp_auth, reset_opencode_cache, reset_openwork_state};
 use commands::openwrk::{
     openwrk_instance_dispose, openwrk_start_detached, openwrk_status, openwrk_workspace_activate,
+    sandbox_doctor, sandbox_stop,
 };
 use commands::openwork_server::openwork_server_info;
 use commands::scheduler::{scheduler_delete_job, scheduler_list_jobs};
@@ -75,6 +76,8 @@ pub fn run() {
             openwrk_workspace_activate,
             openwrk_instance_dispose,
             openwrk_start_detached,
+            sandbox_doctor,
+            sandbox_stop,
             openwork_server_info,
             owpenbot_info,
             owpenbot_start,
diff --git a/packages/desktop/src-tauri/src/types.rs b/packages/desktop/src-tauri/src/types.rs
index ac6415882..7ac2ea790 100644
--- a/packages/desktop/src-tauri/src/types.rs
+++ b/packages/desktop/src-tauri/src/types.rs
@@ -326,6 +326,14 @@ pub struct WorkspaceInfo {
     pub openwork_workspace_id: Option<String>,
     #[serde(default)]
     pub openwork_workspace_name: Option<String>,
+
+    // Sandbox lifecycle metadata (desktop-managed)
+    #[serde(default)]
+    pub sandbox_backend: Option<String>,
+    #[serde(default)]
+    pub sandbox_run_id: Option<String>,
+    #[serde(default)]
+    pub sandbox_container_name: Option<String>,
 }
 
 #[derive(Debug, Serialize, Clone)]
@@ -373,4 +381,4 @@ impl Default for WorkspaceState {
     }
 }
 
-pub const WORKSPACE_STATE_VERSION: u8 = 3;
+pub const WORKSPACE_STATE_VERSION: u8 = 4;
diff --git a/packages/desktop/src-tauri/src/workspace/state.rs b/packages/desktop/src-tauri/src/workspace/state.rs
index 170ca464e..16a5a39f5 100644
--- a/packages/desktop/src-tauri/src/workspace/state.rs
+++ b/packages/desktop/src-tauri/src/workspace/state.rs
@@ -73,6 +73,9 @@ pub fn ensure_starter_workspace(app: &tauri::AppHandle) -> Result<WorkspaceInfo,
         openwork_token: None,
         openwork_workspace_id: None,
         openwork_workspace_name: None,
+        sandbox_backend: None,
+        sandbox_run_id: None,
+        sandbox_container_name: None,
     })
 }