Manage sandboxed Docker Compose environments for headless OpenCode coding agents.
π Full documentation
jailoc wraps OpenCode agents in isolated Docker containers so they can run autonomously without touching your host system. Each workspace gets its own sandboxed environment with network isolation that blocks private networks by default, letting you control exactly which internal services the agent can reach. You configure which directories to mount as workspaces, which hosts to allowlist, and the agent runs inside with your OpenCode config available read-only.
- π File isolation β the agent only sees directories you explicitly mount. SSH keys, browser profiles, and other projects are invisible. It runs as UID 1000 with all Linux capabilities dropped and
no_new_privsset. - π Network isolation β private networks (RFC 1918, link-local, CGNAT) are blocked by default via iptables. You allowlist only what the agent needs. No pivoting to internal infrastructure.
- π³ Sandboxed Docker β each workspace gets its own Docker daemon via a DinD sidecar. No host socket mounting, no sandbox escape through container breakout.
- β‘ Zero config to start β
jailoc uphandles image resolution, compose generation, firewall setup, and privilege dropping automatically.
Prerequisites: Docker Engine must be running. No docker compose CLI plugin needed β jailoc embeds the Compose SDK.
go install github.com/seznam/jailoc/cmd/jailoc@latestMake sure $GOPATH/bin (default $HOME/go/bin) is on your PATH.
Download the archive for your platform from GitHub Releases (Linux/macOS Γ amd64/arm64), extract, and place the jailoc binary on your PATH.
# Build from source
go build ./cmd/jailoc
# Run unit tests
go test ./...
# Run integration tests (requires Docker)
go test -tags=integration ./...The default base image (Ubuntu 24.04) ships with:
| Category | Tools |
|---|---|
| Runtimes | Go, Node.js, Bun, Python 3 + uv |
| Package managers | npm, Yarn (via corepack), Homebrew |
| Language servers | gopls, typescript-language-server, pyright, yaml-language-server, bash-language-server, jsonnet-language-server, helm-ls |
| CLI tools | Docker CLI, ripgrep, fd, fzf, jq, vim, git, openssh-client |
| Agent stack | OpenCode, oh-my-openagent |
Exact versions are pinned in the embedded Dockerfile and tracked by Renovate.