Docker Images

Shai works with Docker images that include the required sandboxing utilities.

Overview

Shai provides two official images:

1. shai-base - Minimal image with only sandboxing essentials
2. shai-mega - Full-featured development environment (default)

You can also create custom images based on your needs.

Quick Comparison

Which Image Should I Use?

Use shai-mega if:

• You’re just getting started with Shai
• You work with multiple languages
• You want AI tools pre-installed
• Disk space isn’t a concern

Use shai-base if:

• You’re building custom images
• You need fast startup (CI/CD)
• You want minimal overhead
• You have specific tooling requirements

Use a custom image if:

• You need specialized tools
• You have specific version requirements
• You’re working with embedded systems
• You need GPU support

Image Registry

Both official images are hosted on GitHub Container Registry:

1# Pull shai-base
2docker pull ghcr.io/colony-2/shai-base:latest
3
4# Pull shai-mega
5docker pull ghcr.io/colony-2/shai-mega:latest

Configuration

Specify the image in .shai/config.yaml:

 1type: shai-sandbox
 2version: 1
 3
 4# Use shai-mega (default)
 5image: ghcr.io/colony-2/shai-mega
 6
 7# Or use shai-base
 8image: ghcr.io/colony-2/shai-base
 9
10# Or use a custom image
11image: ghcr.io/my-org/custom-dev:latest

CLI Override

Override the image at runtime:

1shai -rw src --image ghcr.io/my-org/custom:latest

Requirements

All Shai-compatible images must include:

Required Packages

• supervisord - Process supervisor
• dnsmasq - DNS server for domain filtering
• iptables - Firewall for network egress control
• tinyproxy - HTTP/HTTPS proxy
• bash, coreutils, iproute2, iputils-ping, jq, net-tools, passwd, procps, sed, util-linux

Both official images include these by default.

Learn More