Guides
EN ES
Back to Fragua
Documentation
Agent in isolated container

Why run in isolation

What you risk by running an agent against your own machine — and what a container gives you instead.

A coding agent runs real commands: it installs gems, edits files, and pushes to GitHub. Pointed at your everyday machine it has the same reach you do. Giving it its own container draws a hard line around what it can touch.

Running on your own machine

When the agent runs directly on your own machine, it inherits your whole environment — your files, your credentials, your global toolchains. Most of the time that's fine; the problem is the times it isn't.

  • Your data is in reach. The agent can read and write anywhere your user can — dotfiles, SSH keys, other projects — not just the repo it's working on.
  • Your toolchain drifts. A stray gem install, a global Node package, or a different Ruby version can quietly change how your other projects build.
  • Mistakes hit the real thing. A wrong path in a destructive command, or a dependency that runs install scripts, lands on your actual machine with no undo.

What isolation gives you

A contained blast radius
The agent only sees its own volumes. Whatever it writes, deletes, or breaks stays inside the container, never your home folder.
A complete, repeatable stack
The image ships the full Rails toolchain and every native library, so bundle install just works — the same way on every machine, every rebuild.
Your machine stays clean
No global gems, no Node packages, no Ruby version juggling on the host. Your everyday setup is exactly as you left it.
Disposable credentials
The agent gets its own GitHub key and tokens, kept in volumes you can wipe and revoke independently of your personal identity.

Pick a runtime

You need a container runtime to host the agent. Two paths get you there: Apple Container is Mac-only, while Docker runs on Windows, Linux, or a Mac. Both reach the same isolated stack — pick the one that fits your machine.

Apple Container

Apple's own containerization, built into macOS. Nothing extra to install, and the lightest option on Apple silicon.

Needs Apple silicon and macOS 15 or later.

Rather not use the terminal? Try Right Crane (opens in a new tab)

Apple Container setup

Docker

Runs on Windows, Linux, or a Mac, on Intel or Apple silicon. Docker Desktop works everywhere; on a Mac, OrbStack is a lighter, faster runtime.

Lighter on a Mac: OrbStack (opens in a new tab)

Docker & OrbStack setup