Docker Sandboxes: Run Agents in YOLO Mode, Safely

Agents have crossed a threshold.

Over a quarter of all production code is now AI-authored, and developers who use agents are merging roughly 60% more pull requests. But these gains only come when you let agents run autonomously. And to unlock that, you have to get out of the way. That means letting agents run without stopping to ask permission at every step, often called YOLO mode.

Doing that on your own machine is risky. An autonomous agent can access files or directories you did not intend for it to touch, read sensitive data, execute destructive commands, or make broad changes while trying to help.

So yes, guardrails matter, but only when they’re enforced outside the agent, not by it. Agents need a true bounding box: constraints defined before execution and clear limits on what it can access and execute. Inside that box, the agent should be able to move fast.

That’s exactly what Docker Sandboxes provide.

They let you run agents in fully autonomous mode with a boundary you define. And Docker Sandboxes are standalone; you don’t need Docker Desktop. That dramatically expands who can use them. For the newest class of builder, whether you’re just getting started with agents or building advanced workflows, you can run them safely from day one.

Docker Sandboxes work out of the box with today’s coding agents like Claude Code, Github Copilot CLI, OpenCode, Gemini CLI, Codex, Docker Agent, and Kiro. They also make it practical to run next-generation autonomous systems like NanoClaw and OpenClaw locally, without needing dedicated hardware like a Mac mini.

Here’s what Docker Sandboxes unlock.

You Actually Get the Productivity Agents Promise

The difference between a cautious agent and a fully autonomous one isn’t just speed. The interaction model changes entirely. In a constrained setup, you become the bottleneck: approving actions instead of deciding what to build next. In a sandbox, you give direction, step away, and come back to a cloned repo, passing tests, and an open pull request. No interruptions. That’s what a real boundary makes possible.

You Stop Worrying About Damage

Running an agent directly on your machine exposes everything it can reach. Mistakes are not hypothetical. Commands like rm -rf, accidental exposure of environment variables, or unintended edits to directories like .ssh can all happen.

Docker Sandboxes offer the strongest isolation environments for autonomous agents. Under the hood, each sandbox runs in its own lightweight microVM, built for strong isolation without sacrificing speed. There is no shared state, no unintended access, and no bleed-through between environments. Environments spin up in seconds (now, even on Windows), run the task, and disappear just as quickly. 

Other approaches introduce tradeoffs. Mounting the Docker socket exposes the host daemon. Docker-in-Docker relies on privileged access. Running directly on the host provides almost no isolation. A microVM-based approach avoids these issues by design. 

Run Any Agent

Docker Sandboxes are fully standalone and work with the tools developers already use, including Claude Code, Codex, GitHub Copilot, Docker Agent, Gemini, and Kiro. They also support emerging autonomous systems like OpenClaw and NanoClaw. There is no new workflow to adopt. Agents continue to open ports, access secrets, and execute multi-step tasks. The only difference is the environment they run in. Each sandbox can be inspected and interacted with through a terminal interface, so you always have visibility into what the agent is doing.

What Teams Are Saying

“Every team is about to have their own team of AI agents doing real work for them. The question is whether it can happen safely. Sandboxes is what that looks like at the infrastructure level.”
— Gavriel Cohen, Creator of NanoClaw

“Docker Sandboxes let agents have the autonomy to do long-running tasks without compromising safety.”
— Ben Navetta, Engineering Lead, Warp

Start in Seconds

For macOS: brew install docker/tap/sbx

For Windows: winget install Docker.sbx

Read the docs to learn more, or get in touch if you’re deploying for a team. If you’re already using Docker Desktop, the new Sandboxes experience is coming there soon. Stay tuned.

What’s Next

You already trust Docker to build, ship, and run your software. Sandboxes extend that trust to agents, giving them room to operate without giving them access to everything.

Autonomous agents are becoming more capable. The limiting factor is no longer what they can do, but whether you can safely let them do it.

Sandboxes make that possible.