Carter Temm

Sandboxed codegen agents with Docker

I've often absent-mindedly wondered how far you can get by giving Claude (specifically Claude Code/Cowork) a difficult task, a way to verify it, and then just telling it to go ham.

There was a time when this was difficult to do without a headache or without inviting every overzealous teenage hacker to your doorstep. To do it you needed a separate computer, or a VPS, plus maybe a firewall depending on your level of paranoia.

Docker recently announced AI sandboxes with out-of-the-box support for every major command-line based code generation tool. When you spin up a sandbox, Codex/Claude Code/Gemini CLI runs in its own micro virtual machine. You can also configure inbound and outbound network isolation through both allow and deny lists. This configuration is so good that flags like --dangerously-skip-permissions are the default.

At the time of writing (early March 2026) it is available for MacOS and Windows hosts as long as you have Docker Desktop 4.58 or later. Here are the steps I took to get this running on a Windows machine using Claude Code:

  1. Open up Docker Desktop. Find the update CTA, which should be near the bottom of the page. Click "Download update" then "Install" once the download is complete.
  2. If you don't have an update CTA, just check the bottom right corner of the application and ensure your version is anything > 4.58.
  3. Find your Claude Code session key by going to .claude in your user directory, then find .credentials.json. Copy out the value for accessToken.
  4. Launch WSL by typing wsl from a command prompt. Though you theoretically don't need this, I would rather not give Claude access to my account for security reasons. This is done through environment variables (see below).
  5. Set your API key (session key) as a persistent environment variable. Open ~/.bashrc or your shell's configuration file (nano ~/.bashrc), go to the end of the file, and add export ANTHROPIC_API_KEY=sk-ant-xxx, placing the access token you copied in step 3 after the = sign.
  6. Restart docker desktop, then go back to WSL (wsl), and finally rerun the shell configuration file to make sure the environment variable you set is initialized: source ~/.bashrc
  7. cd to the directory you want to use, then docker sandbox run claude.

From here, just wait. Docker will download a pre-configured Claude image and begin provisioning the VM.

Happy Clauding!