I have actually been working on something similar but instead of Docker, I am using Apple’s builtin container[1] support to run shell commands and code with real OS-level isolation. It’s fast (spawns in milliseconds) and integrates nicely with things like Claude Code and the Gemini CLI. I open sourced it as CodeRunner[2]. Would love to hear what people think or chat about how it compares.

1. Apple container: https://github.com/apple/container

2. CodeRunner: https://github.com/BandarLabs/coderunner

Caveat: You need M1/M2/M3/M4 mac for this to work. MacOS 26 is optional but recommended.