Stop Writing Docker Wrappers for Your AI Agent's Code Execution

Every AI agent that executes code needs a sandbox. And teams building one often end up writing the same thing: a Python wrapper around subprocess.run(["docker", "run", ...]) with a growing list of security flags they keep forgetting to set. The Problem Here's what a typical "sandbox" looks like in most agent codebases: import subprocess import json result = subprocess . run ( [ " docker " , " run " , " --rm " , " --network=none " , " --memory=512m " , " --cpus=1 " , " --read-only " , " --security-opt=no-new-privileges " , " --pids-limit=64 " , " python:3.12-slim " , " python3 " , " -c " , " print( ' hello ' ) " ], capture_output = True , text = True , timeout = 300 ) print ( result . stdout ) This works. Until it doesn't: Someone forgets --network=none and your agent starts making HTTP requests. The timeout handling is a mess when Docker itself hangs Parsing stdout/stderr gets fragile fast Cleanup on crash? Good luck Want to swap Docker for Firecracker? Rewrite everything What We Built