---
id: "action-use-sandcastle"
type: "action-item"
source_timestamps: ["00:24:45", "00:29:59"]
tags: ["security", "automation"]
related: ["concept-afk-agent-work", "entity-sandcastle", "framework-afk-agent-pipeline"]
outcome: "Safe, parallelized background execution of agent tasks without risking local file deletion or secret exfiltration."
speakers: ["Matt Pocock"]
---
# Isolate AFK Agents with Sandcastle

## Action

Implement the [[entity-sandcastle|Sandcastle]] library to run autonomous coding agents inside secure Docker, Podman, or Vercel environments.

## Why

See [[concept-afk-agent-work]] for the broader paradigm and [[framework-afk-agent-pipeline]] for the full pipeline. Without isolation, autonomous agents can delete files, exfiltrate secrets, or corrupt the host git state.

## Expected outcome

Safe, parallelized background execution of agent tasks without risking local file deletion or secret exfiltration.