AI-powered code agents like Claude Code can autonomously edit files, run commands, and interact with your development environment. This power comes with risks: unrestricted filesystem access, exposed credentials, and unmonitored API usage. How do you harness this capability safely?

This talk presents a practical containerization approach for running CLI code agents in complete isolation from your host system. You'll learn how to build secure environments that maintain persistent authentication, enable workspace access through volume mounts, and provide full API request logging, all while keeping the agent sandboxed.

I'll demonstrate a production-ready setup using Docker containers that includes credential management, an API proxy for request logging and monitoring, and Datasette integration for analyzing API usage patterns. You'll see how to structure volumes for security, implement network isolation, and maintain developer productivity while enforcing safety boundaries.