Docker Sandboxes
Run coding agents dangerously (but safely).
Agents need freedom. Machines don’t.
Coding agents work best when they run unattended. But today’s options force tradeoffs:
- OS sandboxing interrupts workflows and varies by platform
- Containers is a path until agents need Docker too
- Full VMs are slow, heavy, and hard to reset
Permission prompts aren’t autonomy. Isolation is.
YOLO mode, safely.
Each agent runs inside a dedicated microVM with a version of your development environment and only your project workspace mounted in. Agents can install packages, modify configs, and run Docker. Your host stays untouched.
MicroVM isolation
Each sandbox runs in its own microVM, creating a hard security boundary from the host.
Network isolation
Allow and deny lists for network isolation.
Real dev environment
Agents can install system packages, run services, modify files, and work unattended.
One sandbox for all your coding agents
A single sandbox experience for Claude Code, Gemini CLI, Codex, and Kiro.
Agents can use Docker too
Agents can build and run containers without touching your host Docker daemon.
Disposable by default
If an agent goes off the rails, delete the sandbox and spin up a new one instantly.
Built for unattended agents.
Docker Sandboxes let you more confidently use permissive agent modes and flags like --dangerously-skip-permissions. In fact, that’s the default.
Because risk is contained, agents can:
- Run without constant approvals
- Install tools and adapt their environment while running unattended
- Explore larger solution spaces