Sandboxed Agents

Real permissions, contained execution.

Coding agents need to read files, write code, and run commands to be useful. The providers know this, which is why they all ship some version of "are you sure?" prompts that you click through fifty times an hour until you stop reading them.

Microhost runs every agent inside an automated sandbox with stricter isolation than the providers ship by default. File system access is scoped to the project. Network access is gated. Shell commands run in a contained environment that can't reach the rest of your machine.

Give the agent real permissions to experiment. Let it try the risky refactor, run the unknown dependency, test the migration script. If it breaks something, it breaks something inside the box. Your machine and your repos are untouched.