Skip to content

Support Docker containerization for agent isolation #25

New issue
New issue
Open
Open
Support Docker containerization for agent isolation#25
Labels
area: agentClaude agent loopenhancementNew feature or requestpriority: highBlocks users or degrades experiencesize: largeSignificant new functionality
@MiniCodeMonkey

Description

@MiniCodeMonkey
MiniCodeMonkey
opened on Feb 27, 2026

Context

Since Chief runs Claude Code with --dangerously-skip-permissions, users have no sandbox protection. Running agents inside Docker containers provides real filesystem and network isolation.

Problem

A user successfully containerized Chief manually, but ran into issues:

  • --dangerously-skip-permissions cannot be used with root/sudo privileges, so the in-container user must be configured as non-root
  • Claude crash logs were not exposed, making debugging the container setup difficult
  • No documentation or tooling exists to help users set this up

Suggested solution

  • Provide a Dockerfile or chief init --docker command that sets up a containerized environment
  • Possibly make this a step in the PRD creation flow (similar to how PRD creation is interactive)
  • Document the non-root user requirement and other container gotchas
  • Consider making containerized execution the default or strongly recommended mode

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: agentClaude agent loopenhancementNew feature or requestpriority: highBlocks users or degrades experiencesize: largeSignificant new functionality

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions