Cloud Sandboxes for Coding Agents
Docker Sandboxes isolates agents in local microVMs. CloudCLI runs them on cloud servers in isolated containers. Your laptop is never exposed, and sessions persist after you close it.
Cloud Containers Are Inherently Sandboxed
Your machine is not involved. The agent runs on a remote server.
Isolation Without microVMs
The agent runs in a dedicated container on a remote server. It cannot access your local files, processes, or network. There is nothing to sandbox locally because the agent is not local.
Sessions That Outlive Your Laptop
Close your laptop, the agent keeps working. Come back hours later and the session is where you left it. No terminal that needs to stay open.
Access From Any Device
Check progress from your phone. Continue coding from a different machine. Hand off a session to a teammate. One environment, any device.
Two Approaches to Safe Agent Execution
Docker Sandboxes and CloudCLI both let agents run freely without risking your system. They take different approaches.
| Feature | Docker Sandboxes | CloudCLI |
|---|---|---|
| Isolation | ||
| Isolation method | Local microVM on your machine | Remote container on cloud server |
| Agent access to your host | Blocked by VM boundary | Not possible (agent is on a different machine) |
| YOLO mode / skip permissions | Yes, default | Yes, default |
| Agents can use Docker | Yes (private daemon per sandbox) | Yes |
| Access & Persistence | ||
| Laptop must stay on | Yes | No |
| Access from phone | No | Yes, full mobile UI |
| Cross-device sessions | No | Yes |
| Sessions survive laptop close | No | Yes |
| Platform & Features | ||
| Supported agents | Claude Code, Gemini, Codex, Copilot, Kiro | Claude Code, Cursor CLI, Codex, Gemini CLI |
| File explorer / Git UI | No (terminal only) | Yes |
| Team environments | No | Shared configs and environments |
| Open source | No | Yes, GPL-3 |
| Requires | Docker Desktop (macOS/Windows) | Browser (any device) |
| Pricing | Free | From €7/month (self-host free) |
| API access | No | Yes (n8n, Linear, Jira) |
| IDE access | No (terminal only) | Yes (web UI, or SSH from VS Code / Cursor) |
| CLI access | Yes (docker sandbox CLI) | Yes (SSH) |
Docker Sandboxes is a good option if you want local isolation and already use Docker Desktop. CloudCLI is a good option if you want cloud persistence, cross-device access, or do not want agents running on your local machine at all.
Common Questions
Each user gets a dedicated Docker container on a remote server. The agent runs there, not on your machine. It cannot access your local files, processes, or network. Isolation is inherent because the agent is on a different machine entirely.
If you want agents to keep running after you close your laptop, if you want to check progress from your phone, or if you want to hand off a session to a teammate. Docker Sandboxes requires your machine to stay on. CloudCLI does not.
If you want everything running locally with no external dependencies, if you already use Docker Desktop, or if your organization requires that code stays on local machines. Docker Sandboxes is included with Docker Desktop at no extra cost.
Yes. Docker Sandboxes for local work when you are at your desk and CloudCLI for long-running tasks or remote access. They are not mutually exclusive.
Claude Code, Cursor CLI, Codex, and Gemini CLI come pre-installed in every CloudCLI environment.
Yes. GPL-3 license, 8,600+ GitHub stars. You can self-host it for free or use the managed cloud version starting at €7/month.
Try CloudCLI
Cloud dev environments for coding agents. Isolated by default. Open source. From €7/month.