Running an AFK agent without permission requests means giving it a lot of freedom. That's risky. Without supervision, an agent can delete entire directories, exfiltrate sensitive code, or break your system in ways that take hours to fix.
The solution is Sandcastle. Sandcastle runs agents inside isolated sandboxes where they can only touch files you've explicitly shared. The agent can still explore code, run bash commands, and work with git, but it's confined to that sandbox. Permission requests become unnecessary because the agent cannot harm the rest of your system.
This is safer than trying to restrict agents with rules alone. Agents can break out of software sandboxes if they try hard enough. Sandcastle supports multiple sandbox types, including Docker containers and E2B sandboxes, which work at the operating system level - they're much harder to escape.
Choose the right version for your operating system (Mac, Windows, or Linux).
Alternatively, you can use Podman, which is free and open source: https://podman.io/. Docker Desktop is free but has licensing constraints for large organizations.
Make sure the application is running before moving to the next step.
.sandcastle directory in your project.env.example fileYou'll see environment variables that need to be added to a .env file. These variables authenticate your coding agent inside the Docker container.
.env file in the .sandcastle directoryCopy the contents from .env.example and fill in your authentication details:
ANTHROPIC_API_KEY=your-api-key-here
Use your Anthropic API key for authentication. Get one from https://console.anthropic.com/.