Honest pros, cons, and verdict on this developer- tool
✅ Real security boundary at the microVM level — not just agent-side prompts
Starting Price
$0 (self-hosted)
Free Tier
No
Category
developer-tools
Skill Level
Developer
A thin CLI wrapper around Docker Sandboxes that runs Claude Code, Codex, or OpenCode in a disposable microVM against a clone of your repo, then brings the work back as ordinary git commits for review.
Code Airlock lets you give coding agents like Claude Code, Codex, and OpenCode real autonomy — installing packages, running tests, starting services, iterating on failures — without giving them your host machine. It is a deliberately small wrapper around Docker Sandboxes (the sbx CLI) that wires the common coding-agent loop together: the agent runs inside a disposable microVM against a private clone of your repository, your host repo stays read-only for the entire run, and the agent's changes come back as normal git commits that you fetch, diff, review, and merge from the host. The core insight is that harness-level permission rules are policy inside the agent process; Code Airlock moves the main safety boundary below the agent, so the agent can be configured to behave well while the microVM limits what happens when it does not. The workflow is three commands: code-airlock run "add pagination and run the tests", code-airlock diff, code-airlock merge — or open a pull request instead with code-airlock pr, pushed from the host with your credentials so the sandbox never needs GitHub access. It supports a configurable network allowlist for model APIs and package registries, per-repo stable sandbox naming, AGENTS.md scaffolding via code-airlock init, opt-in seeding of your personal agent config (commands, skills, subagents) without auth files or histories, tmux-based detached runs for remote servers, doctor and dry-run preflight checks, and visual review via your preferred difftool. Install via npm, Homebrew, or a shell script. MIT licensed; requires Docker Sandboxes with KVM/virtualization. No MCP integration — it wraps the agents themselves.
per month
Code Airlock delivers on its promises as a developer- tool. While it has some limitations, the benefits outweigh the drawbacks for most users in its target market.
A thin CLI wrapper around Docker Sandboxes that runs Claude Code, Codex, or OpenCode in a disposable microVM against a clone of your repo, then brings the work back as ordinary git commits for review.
Yes, Code Airlock is good for developer- work. Users particularly appreciate real security boundary at the microvm level — not just agent-side prompts. However, keep in mind requires docker sandboxes and kvm/virtualization on the host.
Code Airlock starts at $0 (self-hosted). Check their pricing page for the most current rates and features included in each plan.
Code Airlock is best for Letting Claude Code or Codex work unattended with fewer permission prompts while the host stays protected and Reviewing every agent change as ordinary git commits before anything lands in your repo. It's particularly useful for developer- professionals who need advanced features.
There are several developer- tools available. Compare features, pricing, and user reviews to find the best option for your needs.
Last verified March 2026