<p align="center"> <img alt="//Dockside" src="https://user-images.githubusercontent.com/354555/145203965-b573f43b-757a-4471-a39c-d2e53b1acb41.png" width="75%"/> </p> <p align="center"> <a href="https://github.com/newsnowlabs/dockside"><img alt="GitHub stars" src="https://img.shields.io/github/stars/newsnowlabs/dockside?style=flat-square&logo=github"></a> <a href="https://hub.docker.com/r/newsnowlabs/dockside"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/newsnowlabs/dockside?style=flat-square&logo=docker"></a> <a href="https://github.com/newsnowlabs/dockside/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/badge/licence-Apache%202.0-blue?style=flat-square"></a> <img alt="AI-ready" src="https://img.shields.io/badge/AI--ready-Claude%20%7C%20Codex%20%7C%20Copilot-8A2BE2?style=flat-square"> </p>

Introduction

Dockside is a self-hosted platform for teams who want a devcontainer for every branch — isolated, browser-accessible, HTTPS-secured, and ready in seconds, on your own infrastructure.

Each devcontainer (or devtainer, as we call them) is automatically provisioned with a browser IDE, SSH access, and a dedicated HTTPS reverse proxy with per-service subdomains. No per-project configuration required. Spin one up per branch, per task, per developer — or per AI agent session.

Note on terminology: Dockside's devtainers are development containers in the general sense. They predate and differ from the VS Code devcontainer spec (.devcontainer/devcontainer.json), though they serve the same core purpose: a reproducible, isolated environment for each piece of work.

Running AI coding tools? Dockside devcontainers are natural sandboxes for Claude Code, OpenAI Codex, GitHub Copilot and similar. The Claude and Codex CLIs — and their VS Code extensions — run natively inside Dockside's integrated IDEs. Each AI session is isolated in its own container. And coming soon: built-in network firewall management to define exactly what AI agents can reach, reproducing purpose-built AI devcontainer security without elevated capabilities or weakened isolation.

<h3 align="center">Our sponsors</h3> <p align="center"> <a title="NewsNow is hiring: work on Dockside and other existing projects" href="https://www.newsnow.co.uk/careers/?utm_source=GitHub&utm_medium=cpc&utm_campaign=2021-10-21-Developer-Roles&utm_content=SponsoredHiringAd" target="_blank"><img alt="Dockside sponsor NewsNow is hiring" src="https://user-images.githubusercontent.com/354555/144637598-5cc14a58-6918-4170-8b47-bbd26cb84062.png"></a> </p>

AI-assisted development

AI coding tools work best when they have their own isolated environment to operate in — somewhere they can install dependencies, run tests, edit files, and make mistakes, without affecting anything else. Dockside devcontainers are a natural fit.

• Claude Code and OpenAI Codex CLIs run natively inside Dockside's integrated IDEs (OpenVSCode Server and Theia), as do their VS Code extensions. Point an AI agent at a fresh devcontainer, let it work, then review the result — all contained.
• Per-session isolation: each AI coding session gets its own devcontainer. Unintended side-effects — runaway processes, unexpected file changes, dependency conflicts — stay within that container's blast radius and don't touch your host or other devcontainers.
• Network firewall management (coming soon): configurable outbound firewall rules per Docker custom network, letting you define exactly what AI agents can and cannot reach. Assign a devcontainer to a restricted network and Dockside enforces the rules — without requiring elevated container capabilities or weakening isolation.

Why Dockside?

| | Dockside | GitHub Codespaces | Gitpod | Coder | |---|---|---|---|---| | Self-hosted / private cloud | ✅ | ❌ | ✅ | ✅ | | No per-seat cloud fees | ✅ | ❌ | ❌ | ✅ | | Your data stays on your infra | ✅ | ❌ | ❌ | ✅ | | Full root in containers | ✅ | ❌ | ❌ | Partial | | AI CLI tools run natively in IDE | ✅ | Partial | Partial | Partial | | Per-network outbound firewall for AI | ✅ soon | ❌ | ❌ | ❌ | | Browser IDE + SSH + VS Code + JetBrains | ✅ | Partial | ✅ | ✅ | | Integrated access-controlled HTTPS staging server | ✅ | ❌ | ❌ | ❌ | | Works on your laptop | ✅ | ❌ | Partial | ❌ | | Open source | ✅ Apache 2.0 | ❌ | Partial | ✅ AGPL |

Dockside's sweet spot: teams that want Codespaces-style devcontainers without the cloud lock-in, and teams that want to run AI coding agents safely and privately on their own infrastructure.

Features

Core features:

• Instantly launch disposable devcontainers: one per task, bug, feature, design iteration, or AI agent session.
• Powerful IDE bundle including OpenVSCode Server and Theia, plus first-class SSH and support for VS Code Remote Development using SSH or JetBrains development over SSH.
• AI-ready devcontainers: Claude Code, OpenAI Codex, GitHub Copilot and other AI tools and CLIs run natively inside every devcontainer's integrated IDE. Isolate each AI agent session in its own container for safe, auditable agentic development.
• An access-controlled HTTPS reverse proxy automatically provisioned for every devcontainer, with separately configurable domain name prefixes for each subservice.
• SSH server with automated authorized_keys provision for every devcontainer.
• User authentication and access control to running devcontainers and their web services.
• Fine-grained user and role-based access control to devcontainer functionality and underlying system resources.
• Launch devcontainers from stock Docker images, or from your own.
• Root access within devcontainers, so developers can upgrade their environment and install operating system packages when and how they need.
• Bundled GitHub CLI (gh) with per-user token support for seamless gh pr checkout and other GitHub operations.

Benefits for developers:

• Code in a clone of your production environment, avoiding troublesome deploy-time errors and bugfixing.
• Switch between and hand over tasks instantly. No more laborious branch switching, or committing code before it’s ready. git stash will be a thing of the past.
• Work from anywhere. All you need is a browser. Or connect with VS Code, JetBrains, or any other IDE capable of remote development over SSH. Or SSH in directly and use your favourite terminal editor or toolchain. You choose.
• Run AI coding agents — Claude Code, Codex, GitHub Copilot — safely inside isolated devcontainers. Each agent session is self-contained, and coming-soon firewall controls let you define exactly what AI tools can reach on the network.
• Unifying on an IDE within a team can deliver great productivity benefits through improved knowledge-share and better choices of plugins and tooling.
• SSH access facilitates use of any terminal editor or command line tool and seamless VS Code remote development via the Remote SSH extension.
• Develop against production databases (or production database clones) when necessary.

Benefits for code reviewers:

• Access your colleagues’ devcontainers directly for code review.
• No more staring at code wondering what it does, or time-consuming setup, when their code is already running.
• Annotate their code directly with your comments as to points they should address.
• To save time, when you know best, apply and test your own fixes directly to their code.

Benefits for product managers and senior management:

• High visibility of product development progress. Access always-on application revisions and works-in-progress, wherever you are in the world.
• Every feature branch can have its own running environment — share a link with stakeholders to review work in progress without waiting for a dedicated staging deployment.

Advanced features:

• Runtime agnostic: use runC (Docker's default), Sysbox (for Docker-in-Dockside devtainers), gVisor (for sandboxed kernel isolation), or RunCVM (for full KVM VMs on amd64); see Alternative runtimes.
• Apply Docker system resource limits to devtainers, and communicate available system resources to devtainers using LXCFS.
• Support for launching multi-architecture devtainers using qemu-user-static.
• Firewall or redirect outgoing devcontainer traffic using custom Docker networks — useful for isolating AI agent network access or mirroring production network topologies.
• Access Dockside devtainers via multiple domain names, when needed to stage or simulate multi-domain web applications.
• Command-line interface (dockside CLI) for scripting, automation, and CI/CD integration.
• Autodetection of available runtimes, networks and IDEs from the host environment.

Video walkthrough

<p align="center"> <a title="Click to view video in HD on YouTube" href="https://www.youtube.com/embed/buAefREyngQ" target="_blank"><img src="https://user-images.githubusercontent.com/354555/135777679-67fd1424-f01f-4072-ac3e-ed910c8711af.gif" alt="Dockside Walkthrough Video" width="70%"></a> </p>

Recorded in 2021 — the core workflow remains the same, though the UI has evolved since then.

Host requirements

Dockside is supported on Intel (amd64/x86), Apple M1/M2 (arm64) and Raspberry Pi (arm/v7) hardware platforms, via a multiarch Docker image that contains native binary implementations of Dockside for all three