run coding agents in localised airlocked microVMs

Reddit r/AI_Agents Tools

Summary

code-airlock is an open-source tool that runs AI coding agents inside disposable microVMs to avoid granting them direct access to the host filesystem. It clones the repo into a sandbox so agents can work freely, and after completion, users review and pull back only desired changes.

i built code-airlock, an open-source tool for running AI coding agents inside disposable microVMs the problem I kept running into was the tradeoff between approving every command manually and losing most of the time savings, or disabling command prompts and trusting the agent with my actual machine. I tried the second path too often and regretted it. code-airlock runs the agent inside a disposable microVM using Docker Sandboxes. the agent works on a clone of the repo, so it can install dependencies, run builds, start containers, and modify files inside the sandbox without direct access to my host filesystem or credentials. when the agent finishes, I review the diff and pull back only the changes I want! the design choice was to isolate the whole environment instead of maintaining a long list of deny rules. Deny rules are brittle with coding agents because agents are goal-driven and will often route around constraints when trying to finish a task. A microVM gives a clearer blast radius. Current support: - Claude Code - Codex - OpenCode - few others Requirements: - Docker Sandboxes CLI - Hardware virtualization: Apple Silicon or KVM
Original Article

Similar Articles

Running my agents in a VPS

Lobsters Hottest

The author outlines a method for running AI coding agents on an isolated VPS to enable autonomous, asynchronous work without compromising their local machine's security.

Give your agent its own computer (7 minute read)

TLDR AI

LangChain introduces LangSmith Sandboxes, providing each AI agent with its own isolated computer environment for safe code execution, addressing security risks of running untrusted code in containers or locally.