Stop Writing Docker Wrappers for Your AI Agent's Code Execution

Every AI agent that executes code needs a sandbox. And teams building one often end up writing the same thing: a Python wrapper around subprocess.run(["docker", "run", ...]) with a growing list of security flags they keep forgetting to set. The Problem Here's what a typical "sandbox" looks like in most agent codebases: import subprocess import json result = subprocess.run( ["docker", "run", "--rm", "--network=none", "--memory=512m", "--cpus=1", "--read-only", "--security-opt=no-new-privileges", "--pids-limit=64", "python:3.12-slim", "python3", "-c", "print('hello')"], capture_output=True, text=True, timeout=300 ) print(result.stdout) This works. Until it doesn't: Someone forgets --network=none and your agent starts making HTTP requests. The timeout handling is a mess when Docker itself hangs Parsing stdout/stderr gets fragile fast Cleanup on crash? Good luck Want to swap Docker for Firecracker? Rewrite everything What We Built Roche is a sandbox orchestrator that replaces all of that w