Using a Docker Sandbox for a Coding Agent

Source: Dev.to

This guide shows a concrete, end‑to‑end example of how Docker Sandboxes can be created and used to safely run autonomous coding agents that can install packages, modify files, and even run Docker — without touching your host machine.

Scenario

You want to let a coding agent:

• Modify a real codebase
• Install system dependencies
• Build and run containers
• Run unattended with permissive flags

…but without risking your laptop or credentials. Docker Sandboxes solve this by running the agent inside a disposable microVM with only your project workspace mounted.

Step 1: Create a Sandbox

Create a new sandbox using your local project directory as the workspace:

docker sandbox create --name agent-sandbox --workspace ./my-project

What this does:

• Creates a dedicated microVM
• Mounts only ./my-project into the sandbox
• Keeps your OS, home directory, and secrets isolated

Step 2: Enter the Sandbox

Start an interactive shell inside the sandbox:

docker sandbox exec agent-sandbox bash

You are now inside the sandbox, not your host machine. From this point on:

• Any package installs
• Any config changes
• Any Docker commands

…are fully isolated.

Step 3: Run a Coding Agent (Unattended)

Inside the sandbox, run your coding agent in permissive mode:

claude-code run --dangerously-skip-permissions --project /workspace

Why this is safe:

• The agent runs inside a microVM
• Only the project directory is writable
• No access to your host OS, SSH keys, or credentials

This is the intended workflow for Docker Sandboxes.

Step 4: Let the Agent Install Dependencies

The agent can freely modify the environment:

apt-get update
apt-get install -y nodejs npm

No permission prompts, no approval loops, and no risk to your machine.

Step 5: Let the Agent Use Docker

Inside the sandbox, the agent can build and run containers:

docker build -t my-app .
docker run -p 8080:8080 my-app

Important notes:

• This does not use your host Docker daemon
• Containers run entirely inside the sandbox microVM

This capability is what makes Docker Sandboxes fundamentally different from regular containers.

Step 6: Review the Results on the Host

Exit the sandbox and inspect the changes:

git diff

You’ll see only the intentional code changes made by the agent—no stray system packages, no modified OS files, and no lingering background processes.

Step 7: Delete the Sandbox

When you’re done, delete the sandbox:

docker sandbox delete agent-sandbox

The microVM is destroyed immediately, wiping the environment. Nothing persists except your code changes, so you start clean the next time.

Why This Pattern Works

Docker Sandboxes give agents:

• A real operating system
• Package managers and system tools
• Docker access
• Full autonomy

While giving you:

• Strong isolation via microVMs
• Disposable environments
• Zero host contamination
• Confidence to use permissive agent modes

When to Use Docker Sandboxes

This pattern is ideal when:

• Running coding agents unattended
• Using flags like --dangerously-skip-permissions
• Allowing agents to install tools dynamically
• Letting agents build and run containers
• Experimenting aggressively without fear

Agents need freedom. Your machine doesn’t.