Forem: Ajeet Singh Raina

How Autonomous AI Agents Become Secure by Design With Docker Sandboxes

Ajeet Singh Raina — Wed, 15 Apr 2026 03:52:42 +0000

I've been running AI coding agents for a while now. Claude Code on my MacBook, pointed at a project directory, autonomously editing files, running tests, pushing commits. It's genuinely useful — the kind of useful that makes you wonder how you shipped code without it.

But a few months ago I started asking myself a question I'd been quietly avoiding: what exactly can this agent reach while it's running?

The answer, once I actually looked, was uncomfortable. Everything. It could reach everything I could reach ~ my SSH keys, my AWS credentials, my .env files, my Git tokens. Not because it was malicious. Just because it was running on my laptop, as me, with my permissions.

The risk isn't that your agent is malicious. It's that agents are increasingly reading external content — READMEs, web pages, GitHub issues, pull request descriptions. Any of that content could contain a prompt injection that redirects the agent's behavior. You don't need a sophisticated attack. You just need an agent that's trying to do its job.

That's when Docker Sandboxes (sbx) started making a lot more sense to me. In the full post I walk through how a single architectural change collapses the blast radius of an AI agent — without slowing it down.

👉 Continue reading on ajeetraina.com

Interested to learn more about AI Coding Agent and Docker Sandboxing ? Don't miss out my upcoming session this Saturday 18th April at "Docker for AI" Show-n-Tell event at FAI Office, Indiranagar, Bengaluru.

Running NVIDIA Nemotron on a Mac with Docker Model Runner: What You Need to Know

Ajeet Singh Raina — Sun, 08 Mar 2026 08:50:51 +0000

Docker Model Runner just got a major upgrade for Mac users. With the introduction of vllm-metal - a new backend that brings vLLM inference to macOS via Apple Silicon's Metal GPU - you can now run MLX models through the same OpenAI-compatible API, the same Claude Code-compatible API, and the same Docker workflow you already know.

I put this to the test by running NVIDIA Nemotron models on my Mac. Here's what the experience looks like, what works today, and what's coming very soon.

What is vllm-metal?

vllm-metal is a plugin for vLLM that brings high-performance LLM inference to Apple Silicon. Developed by Docker engineers and now contributed to the open-source vLLM community, it unifies MLX (Apple's machine learning framework) and PyTorch under a single compute pathway — plugging directly into vLLM's existing engine, scheduler, and OpenAI-compatible API server.

The architecture is elegant:

+-------------------------------------------------------------+
|                          vLLM Core                          |
|        Engine | Scheduler | API | Tokenizers                |
+-------------------------------------------------------------+
                             |
+-------------------------------------------------------------+
|                   vllm_metal Plugin Layer                   |
|   | Platform  |  | Worker    |  | ModelRunner            |  |
+-------------------------------------------------------------+
                             |
+-------------------------------------------------------------+
|                   Unified Compute Backend                   |
|   | MLX (Primary inference) | PyTorch (model loading)  |   |
+-------------------------------------------------------------+
                             |
+-------------------------------------------------------------+
|              Metal GPU / Apple Silicon Unified Memory       |
+-------------------------------------------------------------+

Source ~ https://www.docker.com/blog/docker-model-runner-vllm-metal-macos/

What makes this particularly powerful on Apple Silicon is unified memory. Unlike discrete GPUs where data must be copied between CPU and GPU memory, Apple Silicon shares a single memory pool. vllm-metal exploits this with zero-copy tensor operations — combined with paged attention for KV cache management and Grouped-Query Attention support.

Getting Started

Update to Docker Desktop 4.62 or later for Mac, then install the backend:

docker model install-runner --backend vllm-metal

That's it. Docker Model Runner automatically routes MLX models to vllm-metal when the backend is installed.

vLLM Now Runs Everywhere with Docker Model Runner

This release completes vLLM support across all three major platforms:

Platform	Backend	GPU
Linux	vllm	NVIDIA (CUDA)
Windows (WSL2)	vllm	NVIDIA (CUDA)
macOS	vllm-metal	Apple Silicon (Metal)

The same docker model commands work regardless of platform. Docker Model Runner picks the right backend automatically.

Which Models Work with vllm-metal?

vllm-metal works with safetensors models in MLX format. The mlx-community on Hugging Face maintains a large collection of quantized models optimized for Apple Silicon. Some great starting points:

# Lightweight and fast
docker model run hf.co/mlx-community/Llama-3.2-1B-Instruct-4bit

# Strong 7B
docker model run hf.co/mlx-community/Mistral-7B-Instruct-v0.3-4bit

# Latest coding model
docker model run hf.co/mlx-community/Qwen3-Coder-Next-4bit

Running NVIDIA Nemotron on Mac

With vllm-metal installed, let's look at what the Nemotron lineup offers on Mac today.

Llama-3.1-Nemotron-Nano-8B (Recommended)

This is a standard transformer model fine-tuned by NVIDIA for instruction following and reasoning. It runs well on Mac via vllm-metal:

docker model run hf.co/nvidia/Llama-3.1-Nemotron-Nano-8B-v1

On a 32GB or 64GB Mac, this model runs comfortably. On a 16GB Mac, free up unified memory first by reducing Docker Desktop's VM memory limit (Settings → Resources → Advanced → set to 4–5 GB).

Nemotron-3-Nano-30B: The Mamba2 Frontier

The 30B model uses a hybrid SSM (State Space Model) architecture — combining Mamba2 layers with attention layers. This is architecturally novel and represents the next frontier of efficient inference: better long-context performance, lower memory footprint at runtime, and compelling throughput characteristics.

Mamba2 support in mlx-lm is actively maturing, and as it does, models like Nemotron-3-Nano-30B will run natively through vllm-metal. This is an exciting space to watch — especially on higher-memory Macs where the 30B model size becomes practical.

The $599 AI Development Rig

One of the most compelling stories in this release: a base Mac Mini M4 at $599 is now a viable vLLM development environment. Because Apple Silicon uses unified memory, the 16GB (or upgraded 32GB/64GB) RAM is directly accessible by the GPU, enabling you to:

Develop and test locally using the same OpenAI-compatible API as production
Mirror production — the same API surface as an H100 cluster, on your desk
Run efficiently — a fraction of the power consumption and heat of a discrete GPU rig

This democratizes access to vLLM development in a way that wasn't possible before. Previously, getting started with high-throughput vLLM required an RTX 4090 ($1,700+) or enterprise-grade GPU cards. Now, the barrier to entry is a Mac Mini.

vllm-metal vs llama.cpp: Benchmark Context

Docker benchmarked both backends on Llama 3.2 1B Instruct with 4-bit quantization:

max_tokens	llama.cpp (tok/s)	vLLM-Metal (tok/s)
128	333.3	251.5
512	345.1	279.0
1024	338.5	275.4
2048	339.1	279.5

llama.cpp shows ~1.2–1.3x higher raw throughput on this benchmark. However, vllm-metal brings things that raw token speed doesn't capture: the full vLLM engine, including its scheduler, paged attention, batching, and production-grade OpenAI-compatible API. For developers building real applications, that consistency and API compatibility often matters more than peak throughput on a single request.

Hardware Recommendations

Mac Configuration	What to Run
M-series, 16GB	`mlx-community/Llama-3.2-1B-Instruct-4bit`, `ai/phi4-mini`
M-series, 32GB	Nemotron 8B, `mlx-community/Mistral-7B-Instruct-v0.3-4bit`
M-series Max/Ultra, 64GB+	Nemotron 8B comfortably, 30B models as SSM support matures

I'm upgrading to a MacBook Pro Max this month — full benchmarks and multi-model Nemotron demos coming soon.

Open Source at the Core

Docker contributed vllm-metal to the vLLM open-source community — it now lives under the vLLM GitHub organization. This means every developer in the ecosystem can benefit from and contribute to high-performance inference on Apple Silicon. The project has also had significant contributions from Lik Xun Yuan, Ricky Chen, and Ranran Haoran Zhang.

Quick Start

# Install vllm-metal backend (Docker Desktop 4.62+ required)
docker model install-runner --backend vllm-metal

# Run a Nemotron model
docker model run hf.co/nvidia/Llama-3.1-Nemotron-Nano-8B-v1

# Or try an mlx-community model
docker model run hf.co/mlx-community/Mistral-7B-Instruct-v0.3-4bit

# List all downloaded models
docker model ls

Learn More

Want to learn more? Come, join me at Collabnix Community Meet and NVIDIA GTC 2026 Watch Party this March 21st virtually. Don't forget to register here

Arm Migration via Arm MCP Server, Docker MCP Toolkit, VS Code and Co-Pilot

Ajeet Singh Raina — Mon, 02 Mar 2026 06:17:12 +0000

This video detail the use of the Docker MCP Toolkit to automate the migration of software from x86 to Arm64 architecture. By integrating specialized Arm MCP Servers with AI assistants like GitHub Copilot, developers can significantly reduce the manual labor required for complex porting tasks.

The system automatically identifies x86-specific dependencies, converts legacy SIMD intrinsics to Arm NEON equivalents, and updates Dockerfiles to ensure hardware compatibility.

This workflow streamlines the modernization of legacy C++ applications by connecting natural language commands to containerized diagnostic and transformation tools. Ultimately, the guide demonstrates how to achieve substantial cost savings and performance gains on cloud platforms like AWS Graviton with minimal architectural expertise.

Click to read the blog

NanoClaw just moved from Apple Containers to Docker

Ajeet Singh Raina — Sat, 28 Feb 2026 06:57:32 +0000

NanoClaw just moved from Apple Containers to Docker and the reason behind it is a masterclass in open source stewardship.

Gavriel Cohen built NanoClaw AI as a personal project. He uses a Mac, loved Apple Containers for their lightweight Apple Silicon optimization, and shipped what worked for him. Simple, honest, personal.

Then thousands of developers started using it. Production workloads. Businesses building on top of it. A real community formed.

And that’s when he made a decision that not every creator has the humility to make:

“The defaults should serve the community, not just me.”

He switched to Docker ~ battle-tested, universally supported, runs everywhere because it was the right thing for the project, not his personal preference.

Apple Containers are still fully supported. Run /convert-to-apple-container and in ~30 seconds it merges changes into your codebase via git ~ minimal token usage, deterministic in most cases, with Claude resolving merge conflicts.

This is what great open source leadership looks like. Knowing when to get out of your own way.

Congrats to the NanoClaw community on this milestone 🐳

👉 https://x.com/Gavriel_Cohen/status/2026028681907339382

Running OpenClaw on NVIDIA Jetson Thor with Docker Model Runner: A Complete Guide

Ajeet Singh Raina — Mon, 23 Feb 2026 05:40:30 +0000

What if you could run your own AI-powered Discord bot completely local, no cloud APIs, no subscription fees on an NVIDIA Jetson Thor? That's exactly what we did. In this guide, I'll walk you through setting up OpenClaw, an open-source AI agent framework, powered by Docker Model Runner running Qwen3 8B locally on NVIDIA Jetson Thor.

The result? A fully functional Discord bot that responds to messages using a locally hosted LLM, with zero data leaving your network.

Prerequisites

Before we begin, make sure you have the following ready:

NVIDIA Jetson Thor with Docker Engine installed
Docker Model Runner plugin enabled
Node.js v22+ installed
A Discord account with server admin access
Basic familiarity with the terminal

Step 1: Install OpenClaw

OpenClaw provides a one-liner installer that detects your OS and sets everything up via npm:

curl -fsSL https://openclaw.ai/install.sh | bash

You should see output confirming the installation:

🦞 OpenClaw Installer
✓ Detected: linux
✓ Node.js v22.22.0 found
✓ npm configured for user installs
🦞 OpenClaw installed successfully (2026.2.21-2)!

Choose Custom Provider.

Please Note: The right URL would like https://localhost:12434/v1. We will change it later point of time

Step 2: Verify Docker Model Runner

Docker Model Runner lets you run LLMs locally as part of Docker's ecosystem. First, let's check what models are available:

docker model ls

MODEL NAME           PARAMETERS  QUANTIZATION     ARCHITECTURE  SIZE
llama3.2:3B-Q4_K_M   3.21 B      IQ2_XXS/Q4_K_M  llama         1.87 GiB
qwen3:8B-Q4_K_M      8.19 B      IQ2_XXS/Q4_K_M  qwen3         4.68 GiB
smollm2              361.82 M    IQ2_XXS/Q4_K_M  llama         256.35 MiB

We'll use Qwen3 8B as our primary model — it offers a solid balance of intelligence and performance for the Jetson Thor's capabilities.

Verify the API Endpoint

Docker Model Runner exposes an OpenAI-compatible API on port 12434:

curl -s http://localhost:12434/v1/models | jq .

{
  "object": "list",
  "data": [
    { "id": "ai/smollm2", "object": "model", "owned_by": "docker" },
    { "id": "ai/llama3.2:3B-Q4_K_M", "object": "model", "owned_by": "docker" },
    { "id": "ai/qwen3:8B-Q4_K_M", "object": "model", "owned_by": "docker" }
  ]
}

Test a Chat Completion

curl -s http://localhost:12434/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "qwen3:8B-Q4_K_M",
    "messages": [{"role": "user", "content": "Hello, say hi in one sentence"}],
    "max_tokens": 500
  }' | jq '.choices[0].message.content'

"Hello! How can I assist you today?"

If you see a response, your model runner is working perfectly.

Important: Configure Context Size

By default, Docker Model Runner may use a 4096-token context window, which is too small for OpenClaw (minimum 16,000 tokens required). Bump it up:

docker model configure --context-size 32768 ai/qwen3:8B-Q4_K_M

Verify the configuration:

docker model configure show ai/qwen3:8B-Q4_K_M

[
  {
    "Backend": "llama.cpp",
    "Model": "ai/qwen3:8B-Q4_K_M",
    "Config": {
      "context-size": 32768
    }
  }
]

Step 3: A Note on Qwen3's Thinking Mode

Qwen3 has a built-in "thinking" mode that uses tokens for chain-of-thought reasoning before generating a visible response. If you set max_tokens too low (e.g., 50), you might get an empty content field because all tokens were consumed by reasoning_content.

The fix is simple: use a higher max_tokens value (500+), or disable thinking mode by adding /nothink as a system prompt. For OpenClaw usage with 32K+ context, this won't be an issue.

Step 4: Configure OpenClaw

Run the setup wizard:

openclaw setup

OpenClaw should auto-detect Docker Model Runner. The key configuration in ~/.openclaw/openclaw.json should look like this:

{
  "models": {
    "mode": "merge",
    "providers": {
      "dmr": {
        "baseUrl": "http://localhost:12434/v1",
        "apiKey": "dmr-local",
        "api": "openai-completions",
        "models": [
          {
            "id": "ai/qwen3:8B-Q4_K_M",
            "name": "Qwen3 8B (64K context)",
            "contextWindow": 65536,
            "maxTokens": 65536
          },
          {
            "id": "ai/llama3.2:3B-Q4_K_M",
            "name": "Llama 3.2 3B",
            "contextWindow": 32768,
            "maxTokens": 32768
          }
        ]
      }
    }
  },
  "agents": {
    "defaults": {
      "model": {
        "primary": "dmr/ai/qwen3:8B-Q4_K_M"
      }
    }
  }
}

Pro Tip: Make sure the baseUrl uses /v1 (not /engines/v1). The /engines/v1 endpoint may report incorrect context window sizes, causing OpenClaw to reject the model with a "context window too small" error.

Please Note: During the OpenClaw installer, if you chose Discord then it might ask for Discord Bot. Keep it ready before you proceed further.

Step 5: Create a Discord Bot

Now for the fun part — connecting OpenClaw to Discord.

Create the Application

Go to the Discord Developer Portal
Click New Application and name it (e.g., "OpenClaw Bot")
Click Create

Configure the Bot

Click Bot in the left sidebar
Scroll to Privileged Gateway Intents
Enable Message Content Intent — this is critical for the bot to read messages
Click Save Changes
Scroll up and click Reset Token to generate a bot token
Copy the token — you'll need it next

Fix the Install Link (Avoid "Code Grant" Errors)

This is a common gotcha. Go to Installation in the left sidebar and set the Install Link to None. This prevents the dreaded "Integration requires code grant" error when trying to invite the bot.

Generate the Invite URL

Go to OAuth2 → URL Generator
Under Scopes, check only bot
Under Bot Permissions, check: Send Messages, Read Message History, View Channels
Copy the generated URL at the bottom
Open it in your browser, select your server, and click Authorize

Or use this URL template directly (replace YOUR_CLIENT_ID):

https://discord.com/oauth2/authorize?client_id=YOUR_CLIENT_ID&permissions=68608&scope=bot

Step 6: Add Discord to OpenClaw

Add the Discord channel with your bot token:

openclaw channels add --channel discord --token YOUR_DISCORD_BOT_TOKEN

Or edit the config directly:

nano ~/.openclaw/openclaw.json

Add the Discord section under channels:

"channels": {
  "discord": {
    "enabled": true,
    "token": "YOUR_DISCORD_BOT_TOKEN",
    "groupPolicy": "open",
    "streamMode": "off"
  }
}

Step 7: Start the Gateway

openclaw gateway --verbose

You should see the bot come online:

[gateway] agent model: dmr/ai/qwen3:8B-Q4_K_M
[gateway] listening on ws://127.0.0.1:18789
[discord] [default] starting provider (@OpenClaw Bot)
[discord] logged in to discord as 1475353419764994181

Step 8: Pair Your Discord Account

OpenClaw uses a pairing system for DMs. Send a direct message to your bot on Discord (e.g., "Hello"). The bot will respond with a pairing code:

OpenClaw: access not configured.
Your Discord user id: 663426992733159434
Pairing code: 9TRNA3AL

Approve the pairing in your terminal:

openclaw pairing approve --channel discord 9TRNA3AL

Now send another message — and watch Qwen3 respond through your Discord bot, running entirely on your Jetson Thor!

The Architecture

Here's what's happening under the hood:

Discord (your messages)
        │
        ▼
┌─────────────────┐
│  OpenClaw       │
│  Gateway        │
│  (WebSocket)    │
│  Port 18789     │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Docker Model   │
│  Runner         │
│  Port 12434     │
│  (OpenAI API)   │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Qwen3 8B       │
│  (llama.cpp)    │
│  NVIDIA GPU     │
└─────────────────┘

Everything runs locally on the Jetson Thor. Your messages go from Discord → OpenClaw Gateway → Docker Model Runner → Qwen3 on the GPU, and the response flows back the same way. No cloud, no API keys (except Discord's bot token), no per-token costs.

Troubleshooting

Here are some issues we encountered and how to fix them:

"Model context window too small (4096 tokens)"

This happens when Docker Model Runner defaults to 4096 context. Fix it with:

docker model configure --context-size 32768 ai/qwen3:8B-Q4_K_M

Also ensure your OpenClaw config uses baseUrl: "http://localhost:12434/v1" (not /engines/v1).

"Integration requires code grant" when inviting the bot

Go to the Discord Developer Portal → Installation → set Install Link to None. Then use a clean invite URL with only the bot scope.

Empty responses from Qwen3

Qwen3's thinking mode can consume all tokens before generating a visible response. Increase max_tokens to 500+ or use /nothink as a system prompt.

Bot not appearing in Discord server

Make sure you've authorized the bot using the OAuth2 URL with the bot scope. Check the gateway logs for [discord] logged in to discord as ... to confirm the bot is connected.

What's Next?

With OpenClaw running on Jetson Thor, you now have a foundation for building powerful local AI agents. Some ideas to explore:

Add more channels: Connect Telegram, WhatsApp, or Slack alongside Discord
Install skills: Extend your bot with OpenClaw skills for image generation, web browsing, and more
Run as a service: Use systemctl to keep the gateway running 24/7
Try different models: Swap between Qwen3 8B and Llama 3.2 3B depending on your speed vs. quality needs
Build custom skills: Create modular capability packages that teach your bot new tricks

The beauty of this setup is that it's entirely self-hosted. Your conversations stay on your hardware, your models run on your GPU, and you have complete control over the experience.

Conclusion

Running OpenClaw with Docker Model Runner on NVIDIA Jetson Thor demonstrates the power of edge AI. In under 30 minutes, we went from a bare Jetson Thor to a fully functional Discord bot powered by a locally running 8B parameter model. No cloud dependencies, no recurring API costs, and complete data privacy.

The combination of Docker's containerized model management, OpenClaw's multi-channel agent framework, and NVIDIA's GPU acceleration makes this setup both practical and powerful. Whether you're building a personal assistant, a community bot, or an edge AI prototype, this stack gives you everything you need.

Happy hacking! 🦞

Top 5 Reasons Why I'm Attending NVIDIA GTC 2026 (And Why You Should Too!)

Ajeet Singh Raina — Fri, 13 Feb 2026 08:01:21 +0000

If there's one AI event you absolutely cannot afford to miss this year, it's NVIDIA GTC 2026. Happening March 16–19 in San Jose, CA (and virtually!), GTC has firmly established itself as what Jensen Huang himself calls the "Super Bowl of AI."

As someone who lives and breathes at the intersection of containers, DevOps, and AI — and having watched the agentic AI revolution unfold firsthand through my work with Docker and the Collabnix community — I can tell you: GTC 2026 is shaping up to be the most important tech event of the year.

NVIDIA GTC is the developer conference for the era of AI and the metaverse. It’s where students, developers, researchers, creators, IT decision-makers, and business leaders gather to learn how to shape our world with the power of AI, accelerated computing, data science, and more. Here are my top 5 reasons why I'm going, and why you should register today — virtual attendance is completely FREE!

1. Jensen Huang's Keynote — Where the Future Gets Announced

Every year, Jensen Huang takes the stage and rewrites the industry roadmap. This year's keynote is on Monday, March 16, 11 a.m.–1 p.m. PDT at the SAP Center, preceded by the GTC Live 2026 Pregame Show (8–11 a.m. PDT) featuring industry leaders breaking down the AI advances shaping the year ahead. The keynote will be live-streamed and available on demand afterward — so even if you can't make it live, you won't miss a thing.

Last year, Huang unveiled the Vera Rubin platform at CES 2026 — a six-chip AI supercomputer delivering a jaw-dropping 5x performance leap over Blackwell and a 10x reduction in token costs. At GTC, expect deeper architectural details on Rubin deployment timelines, the NVL72 rack-scale systems, and what comes next on the roadmap (hints of Rubin Ultra in 2027 and Kyber in 2028 have already been teased).

If you want to know where the entire AI industry is heading before anyone else, the keynote is where it happens.

2. Agentic AI Takes Center Stage — And It's My World

GTC 2026 is zeroing in on Agentic AI as a core theme, and as someone building multi-agent systems with Docker Compose and exploring multi-LLM architectures daily, this couldn't be more relevant.

NVIDIA has described the shift from "Generative" to "Agentic" AI as the defining transition of this era. Unlike simple chatbots that respond to prompts, agentic models are designed to execute complex, multi-step workflows — coding entire applications, managing supply chains, conducting scientific research — with minimal human intervention.

Dedicated sessions will cover reasoning models, multi-step workflows, enterprise-scale agent deployments, and the software frameworks (CUDA-X, NIM microservices, ASTRA security) that make it all possible. For anyone working on "Agents as the New Microservices," this is the place to be.

3. Docker Is at GTC 2026 — And You Should Visit the Booth!

Here's something that makes this event even more special for me — Docker is an official exhibitor at GTC 2026! If you're a developer working with containers and AI, this is a must-visit stop at the Exhibit Hall.

Docker has been at the forefront of making AI development accessible to every developer. If you haven't already seen it, check out how Docker Model Runner on the new NVIDIA DGX Spark is creating a whole new paradigm for developing AI locally — combining the DGX Spark's GB10 Grace Blackwell Superchip with Docker's familiar developer workflow for seamless local model inference. With just a docker model pull and docker model run, you get full GPU acceleration through NVIDIA's container runtime. Add Docker Hardened Images (DHI) for enterprise-grade security, and Docker is redefining how we build, ship, and run AI-powered applications.

Stop by the Docker booth for hands-on demos and to see firsthand how containers are becoming the backbone of the agentic AI era. If you've been following my "Agents are the New Microservices" work, you already know how tightly Docker and multi-agent architectures go together. This is where that story comes alive.

4. Physical AI, Robotics & The Omniverse

One of the most exciting tracks at GTC 2026 focuses on Physical AI — the convergence of AI with robotics and the real world. Sessions will explore how simulation-driven training is moving autonomous systems from pilots into production.

NVIDIA's ecosystem here is staggering: Cosmos for synthetic training data, Isaac GR00T N1 for humanoid robot foundation models, Newton physics engine for robotics simulation, and the Alpamayo open reasoning model for autonomous vehicles. The Omniverse continues to evolve as the digital twin platform tying it all together.

For developers curious about how containerized AI workloads will power the next generation of robots and autonomous systems, these sessions are a goldmine.

5. 500+ Sessions, World-Class Networking & Unforgettable Experiences

GTC isn't just about watching talks — it's about doing and connecting. The conference features:

500+ technical sessions spanning Agentic AI, AR/VR, Robotics, LLMs, Computer Vision, Developer Tools, Data Science, quantum computing, digital twins, healthcare AI, and accelerated computing
70+ hands-on training labs led by NVIDIA experts
Expert-led workshops with certification tracks recognized across the industry
Developer Days & Hackathons for build-first learners
Connect With the Experts sessions for direct access to NVIDIA engineers
300+ exhibits showcasing groundbreaking innovations

GTC 2025 drew 25,000 attendees, and 2026 is expected to be even bigger. The hallway conversations, structured meetups, and after-hours events (who can forget last year's Taiwanese night market?) are where real connections happen. The Startup Showcase highlights emerging companies with founders demoing prototypes. Enterprise leaders from companies like Microsoft, Google, Amazon, Meta, Siemens, and Mercedes-Benz will be sharing how they're deploying AI at scale.

As someone who runs a 17,000+ member community and organizes Docker meetups worldwide, I can't overstate the value of being in the room where it happens.

Bonus: Sessions I'm Most Excited About

With 500+ sessions to choose from, building your agenda can feel overwhelming. I had the pleasure of receiving a personal invitation from Kari Briski at NVIDIA, and her session picks are spot on. Here are the ones I'm most excited about:

Open-Source AI Shaping the Next Era of Intelligent Digital Workers [S81789] — This is Kari Briski's own session, and it's one I'd highly recommend catching right after Jensen's keynote. She'll be exploring how open-source AI is driving the next era of intelligent digital workers — a topic that's incredibly relevant to anyone building agentic systems and multi-agent architectures. Don't miss it!

More Sessions Kari Recommends (And I Agree!):

The State of Open-Source AI [S81791] — Hugging Face and NVIDIA team up to discuss where open-source AI stands today. As someone who believes deeply in the power of open communities (we built Collabnix on that very principle!), this session is a must-attend. Open models are catching up to the frontier fast, and this will be the definitive update on that trajectory.

Nemotron Unpacked: Build, Fine-Tune, and Deploy NVIDIA's Open Models [S81719] — Presented by Bryan Catanzaro, VP of NVIDIA Research. NVIDIA's Nemotron family of open models has been a game-changer for developers building agentic systems. This session will go deep on how to build, fine-tune, and deploy these models — exactly the kind of hands-on knowledge you can take back to your projects immediately.

Practical Context Engineering: Eliminate Bugs With High-Signal AI Code Review [S81612] — CodeRabbit joins to talk about context engineering for AI-powered code review. If you're working with AI coding assistants (and who isn't at this point?), understanding how to feed the right context to eliminate bugs is critical. This is where agentic AI meets real-world developer workflows.

Code with Context: Build an Agentic IDE that Truly Understands Your Codebase [S81528] — Cursor presents their approach to building an agentic IDE that genuinely understands your entire codebase. For developers building multi-agent systems and complex applications, an IDE that can reason about your code contextually is the ultimate productivity multiplier.

How to Register (Virtual Is FREE!)

Digital registration is completely free — there's no reason not to sign up. Whether you attend in person or virtually, you'll get access to Jensen's keynote and hundreds of sessions on demand.

Register for GTC 2026 here (use this link to register through our community!)

For in-person attendees, use referral code GTC-NVR6N0BG for an extra 25% off your Conference pass. Options include:

4-Day Conference Pass — full access including the live keynote, all sessions, exhibits, and networking events
1-Day Conference Pass — flexible single-day attendance
Exhibits Only Pass — access to the exhibit hall
Virtual Access — FREE! Included with all pass types

Academic, government, and non-profit attendees can save 40% with a qualifying email address. Group discounts of 30%+ are available when purchasing three or more of the same pass type.

The event takes place at the San Jose McEnery Convention Center with the keynote at the SAP Center. Book your hotel early through the official EventSphere portal — last year, hotel prices near the venue soared to $2,500/night!

Browse the full GTC Session Catalog to start building your personalized agenda.

🎁 Collabnix Community Giveaway!

To celebrate GTC 2026, I'm running a special giveaway for the Collabnix community! Register for GTC using this link and you could win a $100 BrevCode credit — perfect for powering your next AI project in the cloud.

Stay tuned on our Slack and Discord channels for giveaway details, a community watch party for Jensen's keynote, and post-event highlights where we'll break down the biggest announcements together.

See You in San Jose!

GTC is more than just a conference. It's an opportunity to connect, learn, and share with the brightest minds in AI and beyond. Whether you're building agentic AI systems, deploying AI at the edge, containerizing ML workloads, or simply trying to understand where this incredible wave of innovation is heading — GTC 2026 is where you need to be.

Register for free (virtual) here and join me at the biggest AI event of the year!

I'm looking forward to seeing you there.

Ajeet Singh Raina is a Docker Captain, founder of Collabnix, and Community Content Marketing Specialist at Docker Inc. Follow him on Twitter @ajeetraina and connect with the community at collabnix.com.

#NVIDIAGTC #GTC2026 #AI #AgenticAI #Docker #DevOps #MachineLearning

Let's Build, Share and Deploy Agents: The Docker cagent Workshop

Ajeet Singh Raina — Wed, 04 Feb 2026 03:51:15 +0000

The world of AI is shifting fast. We've moved from single-model chatbots to multi-agent systems where specialized AI agents collaborate, delegate, and get real work done — just like a well-orchestrated team of microservices. And if you've been following along, you know I believe agents are the new microservices.

That's why I'm thrilled to announce an upcoming hands-on workshop: "Let's Build, Share and Deploy Agents: The Docker cagent Workshop."
Just like Docker gave us Build, Ship, Run for containers, cagent brings the same philosophy to AI agents — Build your agents, Share them with your team, and Deploy them anywhere.

What's This Workshop About?

In this workshop, we'll go beyond the theory and get our hands dirty building, orchestrating, and deploying AI agents using cagent — Docker's approach to building AI agent teams. Think of it as Docker Compose, but for AI agents.

Whether you're a developer curious about multi-agent systems or a DevOps engineer looking to understand the next wave of AI infrastructure, this workshop is designed for you.

What You'll Learn

By the end of this session, you'll walk away with practical knowledge on how to define and configure AI agents using cagent, orchestrate multi-agent teams that collaborate on complex tasks, deploy agent systems using familiar Docker workflows, and integrate tools and APIs into your agent pipelines using MCP (Model Context Protocol).

This isn't a slide-heavy lecture — expect to spend most of the time building real, working agent setups on your own machine.

Who Should Attend?

This workshop is perfect for developers and DevOps engineers exploring AI agent architectures, Docker users who want to extend their skills into the AI space, anyone curious about multi-agent orchestration and the future of AI-powered development, and tech leads evaluating agent frameworks for their teams.
No prior experience with AI agents is required — just bring your laptop, a Docker installation, and your curiosity.

We're keeping this workshop intimate to ensure everyone gets hands-on support. If you're interested, please fill out the registration form below to secure your spot:
👉 Register Here — Fill Out the Form

Don't wait too long — once seats are full, they're full.

Why Build, Share and Deploy?

If you've been part of the Collabnix community, you've seen how Docker's Build, Ship, Run philosophy transformed the way we build and ship software. Agents are the next evolution — and cagent brings that same Docker DNA to the AI agent world.

Instead of monolithic AI systems, we're moving toward composable, containerized agents that can be built with simple configurations, shared across teams and communities, and deployed anywhere Docker runs. The Docker ecosystem is uniquely positioned to lead this shift, and cagent is at the heart of it.

This workshop is your chance to get ahead of the curve.

Got Questions?

Drop a comment below, reach out on the Collabnix Slack, or ping me on Twitter/X. I'd love to hear what you're most excited to learn.

See you at the workshop! 🐳

Teaching Clawdbot About Docker

Ajeet Singh Raina — Mon, 26 Jan 2026 03:32:33 +0000

Last weekend, I stumbled onto something called Clawdbot. It's basically a self-hosted AI assistant that you can chat with through Discord, Slack, or even WhatsApp. Cool, but I wasn't sure what I'd actually use it for.

Then it hit me — what if I could just ask it about my Docker environment instead of typing commands?

So I tried it. And honestly? I was impressed.

Why Bother When We Have Ask Gordon?

I work at Docker. I use Ask Gordon daily — it's brilliant for Dockerfile optimization, DHI migrations, and debugging right inside Docker Desktop.

But here's the thing: I'm not always in Docker Desktop.

Sometimes I'm on my phone in a Discord server and want to quickly check if my home lab containers are healthy. Sometimes I want my Collabnix community members to interact with Docker through a bot. Sometimes I just want an assistant that does Docker and a dozen other things — all in one place.

That's where Clawdbot comes in. It's not replacing Gordon. It's extending Docker intelligence to places Gordon doesn't go.

Creating the Docker Skill

Clawdbot has this concept of "skills" — basically markdown files that tell the AI how to do specific things. So I created a simple Docker skill:

mkdir -p ~/clawd/skills/docker

Here's what my SKILL.md file looks like:

### 🐳 Docker Management Skill

You help users manage Docker containers, images, and compose stacks.
Use the exec tool to run Docker commands when asked.

### Container Operations

| Task | Command |
|------|---------|
| List running | `docker ps` |
| List all | `docker ps -a` |
| View logs | `docker logs <name> --tail 100` |
| Follow logs | `docker logs <name> -f --tail 50` |
| Stats | `docker stats --no-stream` |
| Inspect | `docker inspect <name>` |
| Exec into | `docker exec -it <name> sh` |
| Restart | `docker restart <name>` |
| Stop | `docker stop <name>` |

### Image Operations

| Task | Command |
|------|---------|
| List images | `docker images` |
| Pull image | `docker pull <image>` |
| Build | `docker build -t <name> .` |
| Security scan | `docker scout cves <image>` |
| Recommendations | `docker scout recommendations <image>` |

### Docker Compose

| Task | Command |
|------|---------|
| List services | `docker compose ps` |
| Start stack | `docker compose up -d` |
| Stop stack | `docker compose down` |
| View logs | `docker compose logs --tail 50` |
| Pull updates | `docker compose pull` |

### System & Cleanup

| Task | Command |
|------|---------|
| Disk usage | `docker system df` |
| Detailed usage | `docker system df -v` |
| Prune all | `docker system prune -f` |
| List networks | `docker network ls` |
| List volumes | `docker volume ls` |

### Output Formatting

For cleaner output, use format flags:


docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"



docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"


### Safety Rules

- ALWAYS confirm before running: rm, prune, down, stop, kill
- Limit log output with --tail to avoid flooding
- Never expose secrets or env vars in responses
- When in doubt, show the command first and ask

The key was telling it when to use these commands and how to present the output in a way that's actually useful. Notice the safety rules at the bottom — I don't want it randomly pruning my images without asking!

The Moment It Clicked

I opened the Clawdbot dashboard and typed:

> "Show me all my Docker images"

Instead of dumping 75 lines of raw output, it came back with this:

**Here's your Docker image collection:**

| Category | Count | Notable |
|----------|-------|---------|
| DHI/Custom | ~20 | kafka, kubectl, prometheus |
| Docker Official | 7 | sandbox-templates, lsp |
| Databases | 3 | MySQL 8.0, Postgres 18, Redis |
| MCP Servers | 4 | github, hackernews |
| Base Images | 6 | alpine, busybox, ubuntu |

**Biggest space hogs:**
- armlimited/arm-mcp — 3.06GB
- docker/sandbox-templates:claude-code — 1.84GB
- docs-server:latest — 2.33GB

**Total:** ~75 images

And then it asked: "Want me to help clean up unused ones?"

That's when I realized — this isn't just running commands. It's actually understanding my Docker environment and presenting it in a way that makes sense.

What I Use It For Now

Quick health checks: "Are any containers restarting?" — It checks and tells me in plain English.

Cleanup sessions: "Find images I haven't used in a month" — It identifies candidates and asks before removing anything.

Debugging: "Why is my nginx container unhealthy?" — It pulls logs, checks the health status, and summarizes what's wrong.

Learning: My teammates can ask it Docker questions and get helpful answers without memorizing flags.

How to Try It Yourself

Option 1: Docker (my preference)

# Clone the repo
git clone https://github.com/clawdbot/clawdbot.git
cd clawdbot

# Run the setup script — handles everything
./docker-setup.sh

This builds the image, runs onboarding, and starts the gateway. Open http://127.0.0.1:18789/ and paste the token it generates.

Option 2: Direct install

curl -fsSL https://clawd.bot/install.sh | bash
clawdbot onboard --install-daemon
clawdbot gateway

Then create your Docker skill:

mkdir -p ~/clawd/skills/docker
# Add your SKILL.md file with Docker commands

The whole thing took me maybe 15 minutes.

Getting Started with Clawdbot: The Complete Step-by-Step Guide

Ajeet Singh Raina — Mon, 26 Jan 2026 02:23:43 +0000

Deploy your personal AI assistant across WhatsApp, Telegram, Discord, and 10+ messaging platforms

Note: Clawdbot project has been renamed to OpenClaw

OpenClaw is an open-source, self-hosted personal AI assistant that connects to your favorite messaging platforms. Unlike cloud-based AI assistants, Clawdbot runs entirely on your infrastructure, giving you complete control over your data while providing seamless AI interactions across WhatsApp, Telegram, Discord, Slack, Signal, iMessage, and more.

This guide will take you from zero to a fully working Clawdbot instance in under 30 minutes.

Prerequisites
Install the CLI
Run the Onboarding Wizard
Start the Gateway
Verify Installation
Connect Your First Channel
Understanding DM Safety & Pairing
Send Your First Message
Essential Commands Reference
Next Steps
Troubleshooting

Step 0: Prerequisites

Before installing Clawdbot, ensure your system meets these requirements:

System Requirements

Requirement	Details
Node.js	Version 22 or higher (required)
Operating System	macOS, Linux, or Windows (via WSL2)
Memory	Minimum 2GB RAM recommended
Storage	~500MB for installation

Check Node.js Version

node --version
# Should output: v22.x.x or higher

If you need to install or upgrade Node.js:

# Using nvm (recommended)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
source ~/.bashrc  # or ~/.zshrc
nvm install 22
nvm use 22

# Or using Homebrew (macOS)
brew install node@22

Windows Users: Install WSL2 First

Windows users must use WSL2 (Windows Subsystem for Linux). Native Windows is not supported.

# In PowerShell (Admin)
wsl --install -d Ubuntu

# After restart, open Ubuntu and continue with Linux instructions

Optional but Recommended

Brave Search API Key: For web search capabilities
- Get your key at https://brave.com/search/api/
- Configure later with: clawdbot configure --section web
pnpm: If building from source

  npm install -g pnpm

Step 1: Install the Clawdbot CLI

Choose your preferred installation method:

Method A: Quick Install Script (Recommended)

macOS / Linux:

curl -fsSL https://clawd.bot/install.sh | bash

Windows (PowerShell in WSL2):

# Inside WSL2 Ubuntu terminal
curl -fsSL https://clawd.bot/install.sh | bash

Method B: Global npm Install

npm install -g clawdbot@latest

Or with pnpm:

pnpm add -g clawdbot@latest

Verify Installation

clawdbot --version
# Should output the current version number

Installing ClawdBot using Docker

# Clone the repo
git clone https://github.com/clawdbot/clawdbot.git
cd clawdbot

# Run the setup script — handles everything
./docker-setup.sh

This builds the image, runs onboarding, and starts the gateway. Open http://127.0.0.1:18789/ and paste the token it generates.

Step 2: Run the Onboarding Wizard

The onboarding wizard is the easiest way to configure Clawdbot. It handles:

Model and authentication setup
Gateway configuration
Channel connections (WhatsApp, Telegram, Discord, etc.)
Security settings (DM pairing)
Background service installation

Launch the Wizard

clawdbot onboard --install-daemon

What the Wizard Will Ask

1. Gateway Mode

? Gateway mode:
  ❯ Local (run on this machine)
    Remote (connect to existing gateway)

Choose Local for your first installation.

2. Authentication Method

? Authentication method:
  ❯ Anthropic API Key (recommended)
    OpenAI API Key
    OAuth (Claude Pro/Max subscription)
    OpenAI Code (Codex subscription)

Recommended: Use an Anthropic API Key for the best experience with Claude models.

Get your API key at: https://console.anthropic.com/
The wizard will securely store it in ~/.clawdbot/

3. Model Selection

? Default model:
  ❯ anthropic/claude-opus-4-5 (best quality)
    anthropic/claude-sonnet-4-5 (balanced)
    openai/gpt-4-turbo
    openai/gpt-4o

4. Channel Configuration

? Which channels do you want to enable?
  ◉ WhatsApp
  ◯ Telegram
  ◯ Discord
  ◯ Slack
  ◯ Signal

Select the channels you want to use. You can add more later.

5. Personal Phone Number (for WhatsApp)

? Your WhatsApp phone number (for allowlist):
  +1234567890

Enter your phone number in E.164 format (with country code). This adds you to the allowlist so you can message your bot.

6. Install Background Service

? Install as background service?
  ❯ Yes (recommended - auto-starts on boot)
    No (manual start only)

Choose Yes to have Clawdbot run automatically.

For Discord, you might need to configure bot token first:

For the first time, I faced the following issue - Error 4014 means your Discord bot is trying to use privileged intents that haven't been enabled in the Discord Developer Portal.

I followd the steps to fix Discord Intents:

Open Discord Developer Portal
Select your bot application
Navigate to Bot → Privileged Gateway Intents
Enable these intents:

✅ MESSAGE CONTENT INTENT (required for reading messages)
✅ SERVER MEMBERS INTENT (optional, for member info)
✅ PRESENCE INTENT (optional)

Click Save Changes

By now, your Gateway should run successfully!

✅ Gateway listening on ws://127.0.0.1:18789
✅ Browser control on http://127.0.0.1:18791
✅ Model: anthropic/claude-opus-4-5
✅ Canvas mounted
✅ Heartbeat started

Configuration Files Created

After the wizard completes, these files are created:

~/.clawdbot/
├── clawdbot.json          # Main configuration
├── credentials/
│   ├── oauth.json         # OAuth tokens (if using)
│   └── whatsapp/
│       └── default/
│           └── creds.json # WhatsApp session
└── agents/
    └── main/
        └── agent/
            └── auth-profiles.json  # API keys

Step 3: Start the Gateway

If you installed the background service, the gateway should already be running. Check its status:

clawdbot gateway status

Manual Start (if needed)

For foreground operation with verbose logging:

clawdbot gateway --port 18789 --verbose

You should see output like:

[Gateway] Starting on ws://127.0.0.1:18789
[Gateway] Control UI available at http://127.0.0.1:18789/
[Gateway] WhatsApp channel initializing...
[Gateway] Ready

Access the Dashboard

Open your browser and navigate to:

http://127.0.0.1:18789/

This opens the Control UI where you can:

Monitor gateway health
View active sessions
Check channel status
Send test messages

Note: If you configured a gateway token, you'll need to enter it in the Control UI settings.

Step 4: Verify the Installation

Run these commands to ensure everything is working:

Check Overall Status

clawdbot status

Expected output:

Gateway: running (ws://127.0.0.1:18789)
Auth: configured (anthropic)
Channels:
  - whatsapp: ready (linked)
  - telegram: not configured
  - discord: not configured
Sessions: 0 active

Health Check

clawdbot health

Expected output:

Gateway Health: OK
  Uptime: 5m 23s
  Memory: 124MB
  Auth: valid
  Channels: 1/1 healthy

Run Doctor (Comprehensive Check)

clawdbot doctor

This performs a comprehensive system check and reports any issues.

Step 5: Connect Your First Channel

Option A: WhatsApp (Most Popular)

WhatsApp uses QR-based device linking via WhatsApp Web protocol.

Step 5.1: Get a Phone Number

Recommended: Use a dedicated phone number for your Clawdbot:

Old spare phone with an eSIM
Prepaid SIM card
WhatsApp Business on a separate number

Alternative: Use your personal number (requires selfChatMode)

Step 5.2: Link WhatsApp

clawdbot channels login

This displays a QR code in your terminal:

█▀▀▀▀▀█ ▄▄▄▄▄ █▀▀▀▀▀█
█ ███ █ █▄▄▄█ █ ███ █
█ ▀▀▀ █ ▀▄▄▄▀ █ ▀▀▀ █
▀▀▀▀▀▀▀ █ █ █ ▀▀▀▀▀▀▀
[Scan this QR code with WhatsApp]

Step 5.3: Scan the QR Code

Open WhatsApp on your phone
Go to Settings → Linked Devices
Tap Link a Device
Scan the QR code displayed in your terminal

Step 5.4: Verify Connection

clawdbot channels status

Expected output:

WhatsApp:
  Status: connected
  Account: +1234567890
  Linked: true
  Last activity: just now

WhatsApp Configuration

Your ~/.clawdbot/clawdbot.json should include:

{
  "channels": {
    "whatsapp": {
      "dmPolicy": "allowlist",
      "allowFrom": ["+1234567890"]
    }
  }
}

Configuration Options:

Option	Description	Default
`dmPolicy`	`allowlist`, `pairing`, `open`, `disabled`	`pairing`
`allowFrom`	Array of allowed phone numbers (E.164)	`[]`
`selfChatMode`	Enable if using personal number	`false`
`groupPolicy`	`allowlist`, `open`, `disabled`	`allowlist`

Option B: Telegram

Step 5.1: Create a Bot

Open Telegram and message @BotFather
Send /newbot
Follow the prompts to name your bot
Copy the bot token provided

Step 5.2: Configure Telegram

clawdbot configure --section telegram

Or manually edit ~/.clawdbot/clawdbot.json:

{
  "channels": {
    "telegram": {
      "botToken": "123456789:ABCdefGHIjklMNOpqrsTUVwxyz"
    }
  }
}

Step 5.3: Restart Gateway

clawdbot gateway restart

Option C: Discord

Step 5.1: Create a Discord Application

Go to Discord Developer Portal
Click New Application
Go to Bot → Add Bot
Copy the bot token
Enable required intents:
- Message Content Intent
- Server Members Intent (optional)

Step 5.2: Configure Discord

{
  "channels": {
    "discord": {
      "token": "your-discord-bot-token"
    }
  }
}

Step 5.3: Invite Bot to Server

Create an invite URL with required permissions:

https://discord.com/api/oauth2/authorize?client_id=YOUR_APP_ID&permissions=274877908992&scope=bot

Step 6: DM Safety and Pairing

Clawdbot implements a pairing system to prevent unwanted message processing. This is crucial for security.

How Pairing Works

Unknown Sender → Sends DM → Clawdbot
                              │
                              ▼
                    ┌─────────────────┐
                    │ Generate 6-digit│
                    │  pairing code   │
                    └────────┬────────┘
                              │
                              ▼
              Sender receives: "Pair with code: 123456"
              (Message is NOT processed)
                              │
                              ▼
            Admin approves: clawdbot pairing approve whatsapp 123456
                              │
                              ▼
                   Sender added to allowlist
                   Future messages processed

Managing Pairing Requests

List pending requests:

clawdbot pairing list whatsapp

Output:

Pending pairing requests for whatsapp:
  Code: 123456  Phone: +1987654321  Expires: 59m
  Code: 789012  Phone: +1555123456  Expires: 45m

Approve a request:

clawdbot pairing approve whatsapp 123456

Reject a request:

clawdbot pairing reject whatsapp 123456

DM Policies Explained

Policy	Behavior
`pairing`	Unknown senders get pairing code (default, most secure)
`allowlist`	Only explicitly allowed numbers can message
`open`	Anyone can message (requires `allowFrom: ["*"]`)
`disabled`	DMs completely disabled

Recommended: Start with pairing and approve trusted contacts.

Step 7: Send Your First Message

Method A: Via WhatsApp/Telegram

Simply send a message to your Clawdbot from an approved number:

You: Hello Clawdbot!
Clawdbot: Hello! I'm Clawd, your personal AI assistant. How can I help you today? 🦞

Method B: Via CLI

clawdbot message send --target +1234567890 --message "Hello from CLI!"

Method C: Via Agent CLI

For interactive conversations:

clawdbot agent --message "What's the weather like today?"

With thinking mode enabled:

clawdbot agent --message "Solve this logic puzzle..." --thinking high

Method D: Via WebChat

Open the Control UI dashboard and use the WebChat interface:

http://127.0.0.1:18789/

Step 8: Essential Commands Reference

Gateway Management

# Check gateway status
clawdbot gateway status

# Start gateway (foreground)
clawdbot gateway --port 18789 --verbose

# Restart gateway
clawdbot gateway restart

# Stop gateway
clawdbot gateway stop

# View logs
clawdbot logs --follow

Channel Management

# List all channels
clawdbot channels status

# Login to WhatsApp
clawdbot channels login

# Logout from WhatsApp
clawdbot channels logout

# Login to specific account (multi-account)
clawdbot channels login --account work

Session Management

# List active sessions
clawdbot sessions list

# View session history
clawdbot sessions history <session-id>

# Reset a session
clawdbot sessions reset <session-id>

Pairing Management

# List pending pairing requests
clawdbot pairing list whatsapp

# Approve pairing
clawdbot pairing approve whatsapp <code>

# Reject pairing
clawdbot pairing reject whatsapp <code>

Configuration

# Open configuration wizard
clawdbot configure

# Configure specific section
clawdbot configure --section web
clawdbot configure --section telegram

# Run doctor (diagnostic)
clawdbot doctor

# View full status
clawdbot status --all

Chat Commands (In-Chat)

Send these commands directly in WhatsApp/Telegram:

Command	Description
`/status`	Show session status (model, tokens, cost)
`/new` or `/reset`	Reset the conversation
`/compact`	Compress conversation context
`/think <level>`	Set thinking level (off/minimal/low/medium/high/xhigh)
`/verbose on\	off`
`/usage off\	tokens\
{% raw %}`/activation mention\	always`

Step 9: Next Steps

Congratulations! You have a working Clawdbot installation. Here's what to explore next:

Customize Your Agent

Create a workspace at ~/clawd/ with custom prompts:

mkdir -p ~/clawd

Add these files:

AGENTS.md - Agent instructions
SOUL.md - Personality definition
TOOLS.md - Custom tool instructions

Docker Sandboxes: A Deep Dive into Secure AI Agent Isolation

Ajeet Singh Raina — Sun, 18 Jan 2026 07:24:09 +0000

Tools like Claude Code, Gemini CLI, and others can write code, debug issues, install packages, and manage entire development workflows. But with great power comes significant risk: giving an autonomous agent unrestricted access to your local machine opens the door to unintended consequences, from dependency conflicts to catastrophic file system modifications.

Docker Sandboxes represents Docker's answer to this challenge—a purpose-built isolation layer designed specifically for the age of agentic AI. Docker Sandboxes is an experimental feature designed to provide a secure, isolated environment for running AI coding agents locally.

The Problem Docker Sandboxes Solves

Before diving into the solution, let's understand the problem space.

AI coding agents operate differently from traditional development tools. They don't just suggest code; they execute it. They install packages, modify files, run shell commands, and interact with your development environment in ways that can have lasting consequences.

The uncomfortable truth is that most LLM tools have full access to your machine by default, with only imperfect attempts at blocking risky behavior. The risks fall into several categories.

File System Risks: An agent might modify files outside your project directory, delete important configurations, or make changes that are difficult to reverse. Stories of AI agents accidentally wiping home directories aren't just hypothetical—they've happened.
Dependency Conflicts: When agents install packages and dependencies globally, they can create conflicts with other projects on your system, leading to the dreaded "it works on my machine" problems in reverse.
Security Vulnerabilities: Giving an agent unrestricted network and file access could expose sensitive data or create security holes. Research from NVIDIA's AI Red Team (CVE-2024-12366) demonstrated how AI-generated code can escalate into remote code execution when executed without proper isolation.
Credential Exposure: Agents with access to your full file system might inadvertently expose API keys, SSH credentials, or other secrets stored in configuration files.

Operating system-level sandboxing approaches have been attempted, but they have fundamental limitations. They sandbox only the agent process itself, not the full environment the agent needs. This means the agent constantly needs to access the host system for basic tasks like installing packages, running code, and managing dependencies, leading to constant permission prompts that interrupt workflows.

What Are Docker Sandboxes?

Docker Sandboxes is an experimental feature introduced in Docker Desktop 4.50+ that lets AI coding agents run safely in isolated containers while maintaining a seamless development experience. The core insight is that container-based isolation is designed for exactly the kind of dynamic, iterative workflows that coding agents need.

When you run a sandboxed agent, Docker creates a container from a template image and mounts your current working directory into the container at the same absolute path. This means on macOS and Linux, /Users/alice/projects/myapp on your host is also /Users/alice/projects/myapp in the container.

The sandbox provides several key capabilities. Agents can execute commands, install packages, and modify files inside a containerized workspace that mirrors your local directory. Docker discovers your Git user.name and user.email configuration and injects it into the container so commits made by the agent are attributed to you. On first run, you're prompted to authenticate, and credentials are stored in a Docker volume and reused for future sandboxed agents.
Docker enforces one sandbox per workspace. When you run docker sandbox run in the same directory, Docker reuses the existing container. This means state—installed packages, temporary files—persists across agent sessions in that workspace.

Getting Started
- Create a Directory
- Run the Sandbox
- List and Inspect Sandboxes
- Managing Sandboxes
Verify the Isolation
- Test 1: Check if SSH Directory Exists
- Test 2: Try to Access AWS Credentials
- Test 3: Try to Access Documents Folder
- Test 4: Confirm Project Folder Access
- Test 5: The Nuclear Option
- Test 5b: Sandbox Home Directory Contents
- Test 6: Verify Git Identity Injection
Test Path Matching
Test State Persistence
- Step 1: Install a Package
- Step 2: Exit the Sandbox
- Step 3: Re-enter and Verify
Test Environment Variables
Test Docker Socket Access
Real-World Demo: Playwright Browser Testing
Test Summary
Key Takeaways

Getting Started

Prerequisites

Docker Desktop 4.56+

1. Create a Directory

mkdir -p /Users/ajeetsraina/sandbox-testing
cd /Users/ajeetsraina/sandbox-testing

2. Run the Sandbox

docker sandbox run

docker: 'docker sandbox run' requires at least 1 argument

Usage:  docker sandbox run [options] <agent> [agent-options]

See 'docker sandbox run --help' for more information

Available Agents:
  claude          Run Claude AI agent inside a sandbox
  gemini          Run Gemini AI agent inside a sandbox

docker sandbox run claude

3. List and Inspect Sandboxes

docker sandbox ls

SANDBOX ID     TEMPLATE                               NAME                               WORKSPACE                            STATUS    CREATED
275d94b417bf   docker/sandbox-templates:claude-code   claude-sandbox-2026-01-11-004116   /Users/ajeetsraina/sandbox-testing   running   2026-01-10 19:12:10

docker sandbox inspect 275d94b417bf

[
  {
    "id": "275d94b417bf8f4c29f6f3c7317f20f6b9636b3f3121d303149a066d8330428e",
    "name": "claude-sandbox-2026-01-11-004116",
    "workspace": "/Users/ajeetsraina/sandbox-testing",
    "created_at": "2026-01-10T19:12:10.888151834Z",
    "status": "running",
    "template": "docker/sandbox-templates:claude-code",
    "labels": {
      "com.docker.sandbox.agent": "claude",
      "com.docker.sandbox.credentials": "sandbox",
      "com.docker.sandbox.workingDirectory": "/Users/ajeetsraina/sandbox-testing",
      "com.docker.sandbox.workingDirectoryInode": "186434127",
      "com.docker.sandboxes": "templates",
      "com.docker.sandboxes.base": "ubuntu:questing",
      "com.docker.sandboxes.flavor": "claude-code",
      "com.docker.sdk": "true",
      "com.docker.sdk.client": "0.1.0-alpha011",
      "com.docker.sdk.container": "0.1.0-alpha012",
      "com.docker.sdk.lang": "go",
      "docker/sandbox": "true",
      "org.opencontainers.image.ref.name": "ubuntu",
      "org.opencontainers.image.version": "25.10"
    }
  }
]

Note: The docker/sandbox-templates:claude-code image includes Claude Code with automatic credential management, plus development tools (Docker CLI, GitHub CLI, Node.js, Go, Python 3, Git, ripgrep, jq). It runs as a non-root agent user with sudo access and launches Claude with --dangerously-skip-permissions by default.

4. Managing Sandboxes

Since Docker enforces one sandbox per workspace, the same sandbox is reused each time you run docker sandbox run <agent> in a given directory. To create a fresh sandbox, you need to remove the existing one first:

docker sandbox ls           # Find the sandbox ID
docker sandbox rm <sandbox-id>
docker sandbox run <agent>  # Creates a new sandbox

Verify the Isolation

Test 1: Check if SSH Directory Exists

ls -la ~/.ssh/

Result:

Bash(ls -la ~/.ssh/)
  ⎿  Error: Exit code 2
     ls: cannot access '/home/agent/.ssh/': No such file or directory

✅ That's the sandbox working!

Notice the path: /home/agent/.ssh/ — the sandbox can't see your host's SSH keys at all. They simply don't exist inside the container.

Test 2: Try to Access AWS Credentials

ls -la ~/.aws/

Result:

Bash(ls -la ~/.aws/)
  ⎿  Error: Exit code 2
     ls: cannot access '/home/agent/.aws/': No such file or directory

✅ AWS credentials protected!

Test 3: Try to Access Documents Folder

ls ~/Documents/

Result:

● The ~/Documents/ directory doesn't exist in this environment.

  This is a sandboxed environment with a minimal filesystem. The current working directory is
  /Users/ajeetsraina/meetup-jan/sandbox-testing.

  Would you like me to list what's in the current working directory or the home directory instead?

✅ Documents folder blocked!

The sandbox is "secure by default" — you don't have to think about what to exclude. It only sees your project folder.

Test 4: Confirm Project Folder Access

ls -la /Users/ajeetsraina/meetup-jan/sandbox-testing/

Result:

Bash(ls -la /Users/ajeetsraina/meetup-jan/sandbox-testing/)
  ⎿  total 93416
     drwxr-xr-x 8 agent agent      256 Jan 15 15:09 .
     drwxr-xr-x 3 root  root      4096 Jan 15 15:52 ..
     … +7 lines (ctrl+o to expand)

✅ It works!

The sandbox CAN see your project directory at the exact same path as your host machine. That's path matching in action.

Test 5: The Nuclear Option

Can it delete your home directory?

rm -rf ~/

Result:

I won't run that command. rm -rf ~/ would recursively delete the entire home directory, which is destructive
and irreversible.

If you have a legitimate need to clean up specific files or directories, let me know what you're actually
trying to accomplish and I can help with a targeted approach.

Claude's safety guardrails kicked in! But even if it ran, see Test 5b for why it wouldn't matter.

Test 5b: Sandbox Home Directory Contents

ls -la ~/

Result:

Bash(ls -la ~/)
  ⎿  total 64
     drwxr-xr-x 1 agent agent 4096 Jan 15 16:23 .
     drwxr-xr-x 1 root  root  4096 Jan 10 00:23 ..
     … +9 lines (ctrl+o to expand)

● The home directory contains:
  ┌──────────────┬──────┬─────────────────────┐
  │     Item     │ Type │     Description     │
  ├──────────────┼──────┼─────────────────────┤
  │ .cache/      │ dir  │ Cache files         │
  ├──────────────┼──────┼─────────────────────┤
  │ .claude/     │ dir  │ Claude Code config  │
  ├──────────────┼──────┼─────────────────────┤
  │ .claude.json │ file │ Claude settings     │
  ├──────────────┼──────┼─────────────────────┤
  │ .docker/     │ dir  │ Docker config       │
  ├──────────────┼──────┼─────────────────────┤
  │ .gitconfig   │ file │ Git configuration   │
  ├──────────────┼──────┼─────────────────────┤
  │ .local/      │ dir  │ Local user data     │
  ├──────────────┼──────┼─────────────────────┤
  │ .npm/        │ dir  │ npm cache           │
  ├──────────────┼──────┼─────────────────────┤
  │ workspace/   │ dir  │ Workspace directory │
  └──────────────┴──────┴─────────────────────┘

🎯 This is the key insight!

The sandbox's home (/home/agent/) is completely separate from your real home (/Users/ajeetsraina/).

If `rm -rf ~/` runs...	Without Sandbox	With Sandbox
What gets deleted	Your real home: Documents, SSH keys, years of work	Just `/home/agent/`: cache, npm, empty sandbox stuff
Impact	Catastrophic 💀	Nothing important ✅

Test 6: Verify Git Identity Injection

cat ~/.gitconfig

Result:

Read(~/.gitconfig)
  ⎿  Read 3 lines

● [safe]
      directory = /Users/ajeetsraina/meetup-jan/sandbox-testing

  The gitconfig just has a safe.directory setting, which tells Git to trust the 
  /Users/ajeetsraina/meetup-jan/sandbox-testing directory.

Test 6b: Check full Git config

git config --global --list

Result:

safe.directory=/Users/ajeetsraina/meetup-jan/sandbox-testing

⚠️ Note: Git identity (user.name, user.email) was not auto-injected despite being configured on the host. Will work with Sandboxes team and get it fixed.

Test 7: Path Matching

Path matching ensures that file paths are identical inside and outside the sandbox. This is crucial for:

Error messages that make sense
Copy-paste paths that work
IDE integration
Git path consistency

Why Path Matching Matters

Without Path Matching	With Path Matching (Docker Sandboxes)
Host: `/Users/ajeet/project/src/Button.tsx`	Host: `/Users/ajeet/project/src/Button.tsx`
Container: `/workspace/src/Button.tsx`	Container: `/Users/ajeet/project/src/Button.tsx` ✅
Error messages show `/workspace/...` — confusing!	Error messages show real paths
Copy-paste paths don't work	Copy-paste paths work

Step 1: Create a File on HOST

# On your host terminal
mkdir -p ~/meetup-jan/sandbox-testing/src/components
echo "export const Button = () => <button>Click me</button>" > ~/meetup-jan/sandbox-testing/src/components/Button.tsx

Verify it exists:

cat ~/meetup-jan/sandbox-testing/src/components/Button.tsx

Result:

export const Button = () => <button>Click me</button>

Step 2: Start the Sandbox

cd ~/meetup-jan/sandbox-testing
docker sandbox run claude

Step 3: Access File Using FULL PATH Inside Sandbox

Inside the sandbox, use the exact same path as your host:

cat /Users/ajeetsraina/meetup-jan/sandbox-testing/src/components/Button.tsx

Result:

● Bash(cat /Users/ajeetsraina/meetup-jan/sandbox-testing/src/components/Button.tsx)
  ⎿  export const Button = () => <button>Click me</button>

✅ Same path works inside the sandbox!

Step 4: Verify Working Directory

pwd

Result:

● Bash(pwd)
  ⎿  /Users/ajeetsraina/meetup-jan/sandbox-testing

✅ Working directory matches your host path!

Step 5: Access with Relative Path

cat src/components/Button.tsx

Result:

● Bash(cat src/components/Button.tsx)
  ⎿  export const Button = () => <button>Click me</button>

✅ Relative paths work too!

Step 6: Create a File INSIDE Sandbox

Create a new file using the full path:

echo "console.log('created inside sandbox')" > /Users/ajeetsraina/meetup-jan/sandbox-testing/src/utils.js

Verify inside sandbox:

cat /Users/ajeetsraina/meetup-jan/sandbox-testing/src/utils.js

Result:

● Bash(cat /Users/ajeetsraina/meetup-jan/sandbox-testing/src/utils.js)
  ⎿  console.log('created inside sandbox')

Step 7: Verify File Exists on HOST

Exit the sandbox:

exit

Check on your host:

cat ~/meetup-jan/sandbox-testing/src/utils.js

Result:

console.log('created inside sandbox')

✅ File created inside sandbox appears on host at the same path!

Visual Comparison

┌─────────────────────────────────────────────────────────────────────────┐
│                    REGULAR DOCKER CONTAINER                             │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                         │
│  HOST                              CONTAINER                            │
│  /Users/ajeet/project/             /workspace/                          │
│  ├── src/                          ├── src/                             │
│  │   └── app.js                    │   └── app.js                       │
│  └── package.json                  └── package.json                     │
│                                                                         │
│  ❌ Paths are DIFFERENT                                                 │
│  ❌ Error: "File not found at /workspace/src/app.js"                    │
│  ❌ You think: "Where is /workspace? That's not my path!"               │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────────────────┐
│                      DOCKER SANDBOXES                                   │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                         │
│  HOST                              SANDBOX                              │
│  /Users/ajeet/project/             /Users/ajeet/project/                │
│  ├── src/                          ├── src/                             │
│  │   └── app.js                    │   └── app.js                       │
│  └── package.json                  └── package.json                     │
│                                                                         │
│  ✅ Paths are IDENTICAL                                                 │
│  ✅ Error: "File not found at /Users/ajeet/project/src/app.js"          │
│  ✅ You think: "I know exactly where that is!"                          │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘

Path Matching Summary

Test	Result
Full path access from sandbox	✅ Working
Working directory matches host	✅ Working
Relative paths work	✅ Working
Files created in sandbox appear on host	✅ Working
Files created on host appear in sandbox	✅ Working

Test 8: State Persistence

Step 1: Install a Package

npm install -g cowsay

Then test it works:

cowsay "Hello from sandbox"

Result:

● Bash(cowsay "hello from sandbox")
  ⎿   ____________________
     < hello from sandbox >
      --------------------
            \   ^__^
             \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||

Step 2: Exit the Sandbox

exit

Or type /exit in Claude Code.

Step 3: Re-enter and Verify

docker sandbox run claude

Then test if cowsay is still there:

cowsay "I persisted!"

Result:

● Done! The cow has spoken.

✅ State persistence confirmed!

Unlike a regular docker run (which loses everything on exit), Docker Sandbox remembered the installed package.

Test 9: Environment Variables

Environment variables must be set at sandbox creation time.

Step 1: Remove Existing Sandbox

# On your host terminal
docker sandbox ls
docker sandbox rm <sandbox-id>

Step 2: Create Sandbox with Environment Variables

docker sandbox run -e MY_SECRET=supersecret123 -e APP_ENV=development claude

Step 3: Verify Inside Sandbox

echo $MY_SECRET
echo $APP_ENV

Result:

● Bash(echo $MY_SECRET)
  ⎿  supersecret123

● Bash(echo $APP_ENV)
  ⎿  development

Step 4: Confirm Full Environment Access

printenv | grep -E "MY_SECRET|APP_ENV"

Result:

● Bash(printenv | grep -E "MY_SECRET|APP_ENV")
  ⎿  MY_SECRET=supersecret123
     APP_ENV=development

✅ Environment variables working!

⚠️ Important Limitation: You cannot hot-reload environment variables. To change them, you must remove and recreate the sandbox (which loses installed packages).

Test 10: Docker Socket Access

This allows the agent to run Docker commands inside the sandbox.

⚠️ Security Warning: Mounting the Docker socket grants the agent full access to your Docker daemon, which has root-level privileges. Only use this when necessary.

Step 1: Remove Existing Sandbox

# On your host terminal
exit
docker sandbox rm <sandbox-id>

Step 2: Create Sandbox with Docker Socket

docker sandbox run --mount-docker-socket claude

Step 3: Test Docker Access

docker ps

Result:

● Bash(docker ps)
  ⎿  Error: Exit code 1
     permission denied while trying to connect to the docker API at unix:///var/run/docker.sock

Docker socket requires sudo inside the sandbox:

sudo docker ps

Result:

● Bash(sudo docker ps)
  ⎿  CONTAINER ID   IMAGE                                  COMMAND                  CREATED              STATUS
     dbab95b2ae42   docker/sandbox-templates:claude-code   "sh -c 'sleep 5; if …"   About a minute ago   Up About a minute
     … +9 lines

✅ Docker socket access working!

The agent can now:

List and manage containers
Build Docker images
Run docker compose commands
Execute integration tests with Testcontainers

Test 11: Real-World Demo - Playwright Browser Testing

This demonstrates a practical use case: running browser tests in the sandbox without polluting your host system.

Step 1: Create Project Directory

# On host
mkdir -p ~/meetup-jan/playwright-demo
cd ~/meetup-jan/playwright-demo

# Remove any existing sandbox
docker sandbox ls
docker sandbox rm <sandbox-id-if-exists>

# Start fresh sandbox
docker sandbox run claude

Step 2: Create and Run Playwright Test

Inside the sandbox, ask Claude to create a Playwright test:

Create a simple Playwright test that:
1. Goes to https://collabnix.com
2. Takes a screenshot
3. Verifies the page title contains "Collabnix"

Claude will:

Initialize the project with npm init
Install Playwright and browsers (~500MB)
Create the test file
Run the test

Result:

● Bash(npx playwright test) timeout: 1m 0s
  ⎿  Running 1 test using 1 worker
       ✓  1 tests/collabnix.spec.ts:3:5 › Collabnix homepage (5.2s)

● Bash(ls -la collabnix-screenshot.png)
  ⎿  -rw-r--r-- 1 agent agent 666902 Jan 15 18:03 collabnix-screenshot.png

● Done. The Playwright test has been created and executed successfully.

  playwright-demo/
  ├── package.json
  ├── playwright.config.ts
  ├── tests/
  │   └── collabnix.spec.ts
  └── collabnix-screenshot.png  (generated)

  Result: 1 test passed in 6.3s

Step 3: Verify Isolation on Host

Exit the sandbox and check your host:

exit

Check what's on your host:

# Screenshot IS in your project (shared via mount) ✅
ls -la ~/meetup-jan/playwright-demo/collabnix-screenshot.png

# Playwright browsers are NOT on your host ✅
ls ~/.cache/ms-playwright/

Result:

Location	On Host?	Why?
`collabnix-screenshot.png`	✅ Yes	Project folder is mounted
`node_modules/`	✅ Yes	Project folder is mounted
`~/.cache/ms-playwright/` (500MB browsers)	❌ No	Isolated in sandbox
`~/.npm/` cache	❌ No	Isolated in sandbox

✅ This is the power of Docker Sandboxes!

Your project files are accessible and shared
Heavy dependencies (browsers, caches) stay in the sandbox
Your host system stays clean
Re-enter the sandbox later and Playwright is still installed

Test Summary

Feature	Expected	Result
🔒 SSH keys blocked	Blocked	✅ Working
🔒 AWS credentials blocked	Blocked	✅ Working
🔒 Documents blocked	Blocked	✅ Working
📁 Project folder accessible	Accessible	✅ Working
🎯 Path matching	Same paths	✅ Working
💾 State persistence	Persists	✅ Working
🔧 Environment variables	Available	✅ Working
🐳 Docker socket access	With sudo	✅ Working
🎭 Playwright isolation	Browsers isolated	✅ Working
🪪 Git identity injection	Auto-injected	⚠️ Not working

Key Takeaways

Regular Container	Docker Sandbox
You manually decide what to mount	Auto-mounts only project directory
Could accidentally mount `~/.ssh`, `~/.aws`	Automatically excludes sensitive dirs
Different paths inside vs outside	Same paths (path matching)
No Git identity	Should auto-inject Git config
State lost on exit	State persists per workspace

Docker Sandboxes = Secure by Default 🛡️

After a Decade on Meetup: Why We Built an Event Operating System

Ajeet Singh Raina — Sun, 28 Dec 2025 09:24:59 +0000

Hey DevOps community! 👋

I need to share something that's been brewing for a while, and it's time to get real with you all.

The Meetup.com Journey

We've been using Meetup.com for the Collabnix community for almost a decade now. And honestly? Meetup has been fantastic for what it does - creating events, getting those RSVPs, building that initial community momentum. But here's where the story gets interesting (and frustrating).

The Pain Points Nobody Talks About

Let me walk you through what organizing a community event actually looks like:

Finding Venues: Every. Single. Time. It's the same struggle. Where do we host this meetup? Who do we reach out to? Is there space available? What are the facilities? You're basically starting from scratch each time, maintaining your own spreadsheet of contacts.

The Sponsor Hunt: I'm not even talking about big-money sponsors here. Just someone who can help with food and beverages for our community members who show up after work, hungry and ready to learn. Where do you find food sponsors? Seriously, where? There's no directory, no systematic approach.

Speaker Management: We open a CFP (Call for Papers), publish it somewhere, cross our fingers, and wait. Hoping speakers will somehow stumble upon it and fill out their details. There's no proper speaker hub like speakershub.com. No centralized system to manage proposals, communicate with speakers, or track their requirements.

The Email Hell: Most of our coordination happens through email threads. Try finding that one caterer's email from three months ago. Or that venue contact who helped us last time. Good luck digging through hundreds of emails.

The Hard Truth: There's honestly no platform that helps you find event catering easily. No single effective platform for venue discovery. No integrated system for sponsor management.

Platforms vs. Operating Systems

Here's what hit me: Event platforms help you PUBLISH events. They don't help you RUN events.

Platforms like Luma? Beautiful for publishing and getting the word out. But they stop right there. They don't solve the CORE problems we face as organizers:

How do I find a venue?
How do I manage my speaker pipeline?
How do I coordinate with sponsors?
How do I handle catering logistics?
How do I keep all communication in one place?

Everything remains fragmented. Scattered. Chaotic.

Introducing Convene: An Event Operating System

So here's the news I'm excited to share: The Collabnix community spent the last 8 months working closely with the Intelliconvene team. Together, we've built something fundamentally different.

Convene isn't just another event publishing platform.

Think of it as an Event Operating System - a complete infrastructure layer for running community events. Everything you need:

🏢 Venue discovery and management
🎤 Speaker hub and CFP management
🤝 Sponsor coordination
🍕 Catering logistics
💬 Centralized communication
📊 Analytics and insights

All in one place. No more juggling between Meetup, Google Sheets, Gmail, Slack, and a dozen other tools.

The Transition

We'll be gradually moving the Collabnix community to Convene. This isn't a rushed migration - we're doing this thoughtfully because we respect the community we've built over the years.

We've already announced our first event on Convene: https://intelliconvene.com/events/694f82a94d41b3d423f4f0c6

Built By Organizers, For Organizers

Here's what makes this different: This was built by people who've lived the pain. We've organized hundreds of Docker and Kubernetes meetups globally across our 17,000+ member community on Slack and Discord. We know what keeps organizers up at night because we ARE those organizers.

This isn't a product team guessing at what event organizers need. This is organizers building the tool they wish they'd had all along.

What's Next?

I'll be sharing more details about:

How the transition will work
Feature deep-dives
Tips for other community organizers
Lessons learned from 8 months of building this

For now, I'm just excited to finally have a solution to problems we've been wrestling with for years.

If you're a community organizer dealing with the same fragmented workflow, I'd love to hear your thoughts. What's your biggest pain point in organizing events?

Let's build better tools for our communities, together.

Join our Slack

One Year of Model Context Protocol: From Experiment to Industry Standard

Ajeet Singh Raina — Fri, 26 Dec 2025 06:30:57 +0000

The Birth of a Standard

On November 25, 2024, Anthropic introduced something that would fundamentally reshape how AI systems connect with the world: the Model Context Protocol (MCP).

Created by Anthropic developers David Soria Parra and Justin Spahr-Summers, MCP addressed what engineers called the "M×N problem"—the combinatorial explosion of connecting M different AI models with N different tools or data sources.

The Problem MCP Solved

Before MCP, connecting ten AI applications to 100 tools meant potentially 1,000 different custom integrations. MCP reduced this to a simple equation: implement the client protocol once, implement the server protocol once, and everything works together.

The Timeline: A Year of Unprecedented Growth

Q1 2025: Foundation Phase (November 2024 - February 2025)

November 25, 2024 - Launch

Anthropic open-sources MCP with SDKs in Python and TypeScript
Reference servers released: Google Drive, Slack, GitHub, Git, Postgres, and Puppeteer
Early adopters: Block and Apollo integrate MCP
Development tools companies (Zed, Replit, Codeium, Sourcegraph) begin integrations

December 2024 - January 2025

Claude Desktop app gets native MCP support
First community-built servers emerge

February 2025

Over 1,000 community-built MCP servers available

Q2 2025: The Inflection Point (March - May)

March 26, 2025 - The Game Changer

OpenAI CEO Sam Altman announced on X:

"People love MCP and we are excited to add support across our products. available today in the agents SDK and support for chatgpt desktop app + responses api coming soon!"

This same day, MCP launched its second major specification (2025-03-26) introducing:

Streamable HTTP transport for cloud deployments
Comprehensive OAuth 2.1 authorization framework
Enhanced remote deployment capabilities

April 2025

Google DeepMind CEO Demis Hassabis confirms MCP support for Gemini models
Security researchers identify critical issues: prompt injection, tool permissions, lookalike tools
Ecosystem reaches 5,800+ MCP servers

April 22, 2025 - Docker Enters the MCP Arena

Docker announces Docker MCP Catalog and Docker MCP Toolkit, bringing container-grade security to the MCP ecosystem:

Docker MCP Catalog:

Centralized discovery platform integrated with Docker Hub
100+ verified MCP servers at launch
Partnership with Stripe, Elastic, Neo4j, Heroku, Pulumi, Grafana Labs, Kong Inc., New Relic, Continue.dev and more
Publisher verification and versioned releases
Built on Docker Hub's infrastructure (20+ billion pulls monthly)

Docker MCP Toolkit:

One-click MCP server deployment from Docker Desktop
Built-in OAuth support and secure credential storage
Seamless integration with Gordon (Docker AI Agent), Claude, Cursor, VS Code, Windsurf, Continue.dev, and Goose
Enterprise controls: Registry Access Management (RAM) and Image Access Management (IAM)
Containerized MCP servers for isolation and security

Docker President and COO Mark Cavage:

"Building functional AI applications shouldn't feel radically different from building any other app."

May 2025

Microsoft announces Windows 11 as "agentic OS" with native MCP support
Microsoft Copilot Studio reaches General Availability with MCP integration
May 5, 2025: Docker MCP Catalog and Toolkit enter Beta

Read the complete story

Forem: Ajeet Singh Raina

How Autonomous AI Agents Become Secure by Design With Docker Sandboxes

Running NVIDIA Nemotron on a Mac with Docker Model Runner: What You Need to Know

What is vllm-metal?

Getting Started

vLLM Now Runs Everywhere with Docker Model Runner

Which Models Work with vllm-metal?

Running NVIDIA Nemotron on Mac

Llama-3.1-Nemotron-Nano-8B (Recommended)

Nemotron-3-Nano-30B: The Mamba2 Frontier

The $599 AI Development Rig

vllm-metal vs llama.cpp: Benchmark Context

Hardware Recommendations

Open Source at the Core

Quick Start

Learn More

Arm Migration via Arm MCP Server, Docker MCP Toolkit, VS Code and Co-Pilot

NanoClaw just moved from Apple Containers to Docker

Running OpenClaw on NVIDIA Jetson Thor with Docker Model Runner: A Complete Guide

Prerequisites

Step 1: Install OpenClaw

Step 2: Verify Docker Model Runner

Verify the API Endpoint

Test a Chat Completion

Important: Configure Context Size

Step 3: A Note on Qwen3's Thinking Mode

Step 4: Configure OpenClaw

Step 5: Create a Discord Bot

Create the Application

Configure the Bot

Fix the Install Link (Avoid "Code Grant" Errors)

Generate the Invite URL

Step 6: Add Discord to OpenClaw

Step 7: Start the Gateway

Step 8: Pair Your Discord Account

The Architecture

Troubleshooting

"Model context window too small (4096 tokens)"

"Integration requires code grant" when inviting the bot

Empty responses from Qwen3

Bot not appearing in Discord server

What's Next?

Conclusion

Top 5 Reasons Why I'm Attending NVIDIA GTC 2026 (And Why You Should Too!)

1. Jensen Huang's Keynote — Where the Future Gets Announced

2. Agentic AI Takes Center Stage — And It's My World

3. Docker Is at GTC 2026 — And You Should Visit the Booth!

4. Physical AI, Robotics & The Omniverse

5. 500+ Sessions, World-Class Networking & Unforgettable Experiences

Bonus: Sessions I'm Most Excited About

More Sessions Kari Recommends (And I Agree!):

How to Register (Virtual Is FREE!)

🎁 Collabnix Community Giveaway!

See You in San Jose!

Let's Build, Share and Deploy Agents: The Docker cagent Workshop

What's This Workshop About?

What You'll Learn

Who Should Attend?

Why Build, Share and Deploy?

Got Questions?

Teaching Clawdbot About Docker

Why Bother When We Have Ask Gordon?

Creating the Docker Skill

The Moment It Clicked

What I Use It For Now

How to Try It Yourself

Getting Started with Clawdbot: The Complete Step-by-Step Guide

Table of Contents

Step 0: Prerequisites

System Requirements

Check Node.js Version

Windows Users: Install WSL2 First

Optional but Recommended

Step 1: Install the Clawdbot CLI

Method A: Quick Install Script (Recommended)

Method B: Global npm Install

Verify Installation

Installing ClawdBot using Docker

Step 2: Run the Onboarding Wizard

Launch the Wizard