AutoGen Docker Executor vs a Hardened Agent Sandbox
If you are evaluating autogen docker code executor isolation for running model-written code, start with the good news: AutoGen genuinely ships DockerCommandLineCodeExecutor, and it really does put generated code in a Docker container instead of your Python process. That is a meaningful boundary and a real step up from executing code in-process. This post credits that up front, then draws the honest line between "a container" and a hardened agent code sandbox — the difference between Docker's defaults and a profile purpose-built for untrusted model code, plus the piece AutoGen's executor does not do at all: bridging each tool call back through host governance.