From 02a1a9da69809e45ee0a843982f4473f980009cb Mon Sep 17 00:00:00 2001
From: Deepak Vij <deepak.vij@bytedance.com>
Date: Mon, 1 Jun 2026 15:58:52 -0700
Subject: [PATCH] feat(sandboxes): add aio-sandbox image

Adds a new all-in-one sandbox image that includes browser automation,
shell access, MCP integration, and VS Code Server.

Signed-off-by: Deepak Vij <deepak.vij@bytedance.com>
---
 README.md                        |  1 +
 sandboxes/aio-sandbox/Dockerfile | 25 +++++++++++++++++++++++++
 sandboxes/aio-sandbox/README.md  | 27 +++++++++++++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 sandboxes/aio-sandbox/Dockerfile
 create mode 100644 sandboxes/aio-sandbox/README.md

diff --git a/README.md b/README.md
index 150f822..90ccc41 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ This repo is the community ecosystem around OpenShell -- a hub for contributed s
 
 | Sandbox                 | Description                                                  |
 | ----------------------- | ------------------------------------------------------------ |
+| `sandboxes/aio-sandbox/` | All-in-one sandbox with browser, shell, MCP, and VS Code Server |
 | `sandboxes/base/`       | Foundational image with system tools, users, and dev environment |
 | `sandboxes/droid/`      | Android automation and mobile testing workflows              |
 | `sandboxes/gemini/`     | Gemini CLI workflows                                         |
diff --git a/sandboxes/aio-sandbox/Dockerfile b/sandboxes/aio-sandbox/Dockerfile
new file mode 100644
index 0000000..41d35b8
--- /dev/null
+++ b/sandboxes/aio-sandbox/Dockerfile
@@ -0,0 +1,25 @@
+# syntax=docker/dockerfile:1.4
+
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+# AIO Sandbox image for OpenShell
+#
+# Builds on the open source aio sandbox and adds sandbox user and group for openshell compatibility.
+# Build:  docker build -t openshell-aio-sandbox --build-arg BASE_IMAGE=ghcr.io/agent-infra/sandbox:latest .
+# Run:    openshell sandbox create --from aio-sandbox
+
+ARG BASE_IMAGE=ghcr.io/agent-infra/sandbox:latest
+FROM ${BASE_IMAGE}
+
+USER root
+
+# Create a sandbox user and group in the baseline aio-sandbox image 
+RUN groupadd -r sandbox && \
+    useradd -r -g sandbox -m -d /home/sandbox -s /bin/bash sandbox && \
+    mkdir -p /workspace && \
+    chown -R sandbox:sandbox /home/sandbox /workspace
+
+USER sandbox
+
+ENTRYPOINT ["/bin/bash"]
diff --git a/sandboxes/aio-sandbox/README.md b/sandboxes/aio-sandbox/README.md
new file mode 100644
index 0000000..bd5ce0c
--- /dev/null
+++ b/sandboxes/aio-sandbox/README.md
@@ -0,0 +1,27 @@
+# AIO Sandbox Integration with OpenShell
+
+OpenShell sandbox image pre-configured with [AIO Sandbox](https://github.com/agent-infra/sandbox) for AIO-Sandbox powered rich built-in agent capabilities such as browser automation, shell access, file operations, VS Code Server, and MCP integration.
+
+## What's Included
+
+- Everything from the [aio sandbox](https://github.com/agent-infra/sandbox/blob/main/README.md)
+
+## Build
+
+```bash
+docker build -t openshell-aio-sandbox .
+```
+
+To build against a specific base image:
+
+```bash
+docker build -t openshell-aio-sandbox --build-arg BASE_IMAGE=ghcr.io/agent-infra/sandbox:latest .
+```
+
+## Usage
+
+### Create a sandbox
+
+```bash
+openshell sandbox create --from aio-sandbox
+```