{"id":3306,"date":"2026-01-26T15:06:54","date_gmt":"2026-01-26T15:06:54","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/01\/26\/docker-sandboxes-run-claude-code-and-other-coding-agents-unsupervised-but-safely\/"},"modified":"2026-01-26T15:06:54","modified_gmt":"2026-01-26T15:06:54","slug":"docker-sandboxes-run-claude-code-and-other-coding-agents-unsupervised-but-safely","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/01\/26\/docker-sandboxes-run-claude-code-and-other-coding-agents-unsupervised-but-safely\/","title":{"rendered":"Docker Sandboxes: Run Claude Code and Other Coding Agents Unsupervised (but Safely)"},"content":{"rendered":"<p>We introduced Docker Sandboxes in experimental preview a few months ago. Today, we\u2019re launching the next evolution with microVM isolation, available now on macOS. Windows and Linux support is coming soon.<\/p>\n<p>We started Docker Sandboxes to answer the question:<\/p>\n<h2 class=\"wp-block-heading has-lg-font-size\"><strong>How do I run Claude Code or Gemini CLI safely?<\/strong><\/h2>\n<p>Sandboxes provide disposable, isolated environments purpose-built for coding agents. Each agent runs in an isolated version of your development environment, so when it installs packages, modifies configurations, deletes files, or runs Docker containers, your host machine remains untouched.<\/p>\n<p>This isolation lets you run agents like <strong>Claude Code, Gemini CLI, Codex, and Kiro<\/strong> with autonomy. Since they can\u2019t harm your computer, let them run free.<\/p>\n<p>Since our first <a href=\"https:\/\/www.docker.com\/blog\/docker-sandboxes-a-new-approach-for-coding-agent-safety\/\">preview<\/a>, Docker Sandboxes have evolved. They\u2019re now more secure, easier to use, and more powerful.<\/p>\n<h2 class=\"wp-block-heading has-lg-font-size\"><strong>Level 4 Coding Agent Autonomy<\/strong><\/h2>\n<p>Claude Code and other coding agents fundamentally change how developers write and maintain code. But a practical question remains: how do you let an agent run unattended (without constant permission prompts), while still protecting your machine and data?\u00a0<\/p>\n<p>Most developers quickly run into the same set of problems trying to solve this:<\/p>\n<ul class=\"wp-block-list\">\n<li>OS-level sandboxing interrupts workflows and isn\u2019t consistent across platforms<\/li>\n<li>Containers seem like the obvious answer, until the agent needs to run Docker itself<\/li>\n<li>Full VMs work, but are slow, manual, and hard to reuse across projects<\/li>\n<\/ul>\n<p>We started building Docker Sandboxes specifically to fill this gap.<\/p>\n<h2 class=\"wp-block-heading has-lg-font-size\"><strong>Docker Sandboxes: MicroVM-Based Isolation for Coding Agents<\/strong><\/h2>\n<p><strong>Defense-in-depth, isolation by default<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>Each agent runs inside a dedicated microVM<\/li>\n<li>Only your project workspace is mounted into the sandbox<\/li>\n<li>Hypervisor-based isolation significantly reduces host risk<\/li>\n<\/ul>\n<p><strong>A real development environment<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>Agents can install system packages, run services, and modify files<\/li>\n<li>Workflows run unattended, without constant permission approvals<\/li>\n<\/ul>\n<p><strong>Safe Docker access for coding agents<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>Coding agents can build and run Docker containers inside the MicroVM<\/li>\n<li>They have no access to the host Docker daemon<\/li>\n<\/ul>\n<p><strong>One sandbox, many coding agents<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>Use the same sandbox experience with Claude Code, Gemini CLI, Codex, and Kiro<\/li>\n<li>More to come (and we\u2019re taking requests!)<\/li>\n<\/ul>\n<p><strong>Fast reset, no cleanup<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>If an agent goes off the rails, delete the sandbox and spin up a fresh one in seconds<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading has-lg-font-size\"><strong>What\u2019s New Since the Preview and What\u2019s Next<\/strong><\/h2>\n<p>The experimental preview validated the core idea: coding agents need an execution environment with clear isolation boundaries, not a stream of permission prompts. The early focus was developer experience, making it easy to spin up an environment that felt natural and productive for real workflows.<\/p>\n<p>As <a href=\"https:\/\/x.com\/mattpocockuk\" rel=\"nofollow\">Matt Pocock<\/a> put it, <em>\u201cDocker Sandboxes have the best DX of any local AI coding sandbox I\u2019ve tried.\u201d<\/em><\/p>\n<p>With this release, we\u2019re making Sandboxes more powerful and secure with no compromise on developer experience.<\/p>\n<h2 class=\"wp-block-heading has-md-font-size\"><strong>What\u2019s New<\/strong><\/h2>\n<ul class=\"wp-block-list\">\n<li><strong>MicroVM-based isolation<\/strong><strong><br \/><\/strong> Sandboxes now run on dedicated microVMs, adding a hard security boundary.<\/li>\n<li><strong>Network isolation with allow and deny lists<\/strong><strong><br \/><\/strong>Control over coding agent network access.<\/li>\n<li><strong>Secure Docker execution for agents<\/strong><strong><br \/><\/strong>Docker Sandboxes are the only sandboxing solution we\u2019re aware of that allows coding agents to build and run Docker containers while remaining isolated from the host system.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading has-md-font-size\"><strong>What\u2019s Next<\/strong><\/h2>\n<p>We\u2019re continuing to expand Docker Sandboxes based on developer feedback:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Windows support<\/strong><\/li>\n<li><strong>MCP Gateway support<\/strong><\/li>\n<li><strong>Ability to expose ports to the host device and access host-exposed services<\/strong><\/li>\n<li><strong>Support for additional coding agents<\/strong><\/li>\n<\/ul>\n<p>Docker Sandboxes were made for developers who want to run coding agents unattended, experiment freely, and recover instantly when something goes wrong. They extend the usability of containers\u2019 isolation principles but with hard boundaries.<\/p>\n<p>If you\u2019ve been holding back on using agents because of permission prompts, system risk, or Docker-in-Docker limitations, Docker Sandboxes are built to remove those constraints.<\/p>\n<p>We\u2019re iterating quickly, and feedback from real-world usage will directly shape what comes next.<\/p>","protected":false},"excerpt":{"rendered":"<p>We introduced Docker Sandboxes in experimental preview a few months ago. Today, we\u2019re launching the next evolution with microVM isolation, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":94,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=3306"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3306\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/94"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=3306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=3306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=3306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}