Skip to main content
TripleBits Apprentice - Software for Agents

Menu

Sign In Register

Docker Runtime Isolation

Understand why Docker is required for Apprentice agent execution, how runtime profiles, folder mounts, browser isolation, and workload ports work.

18 views

Docker Runtime Isolation

Docker is required for Apprentice because it is part of the agent isolation model.

Agents do not run commands directly on the host shell. They run through a Docker-backed runtime where Apprentice can control users, home directories, mounted folders, browser state, provider setup, MCP tools, and permissions.

Why Docker Is Required

Docker gives Apprentice a controlled Linux runtime for:

  • Agent execution.
  • CLI provider execution.
  • Browser automation.
  • MCP server runtime.
  • Mounted project folders.
  • Per-agent home and profile data.
  • VNC-assisted browser login.

Without Docker, Apprentice cannot provide the same runtime boundary.

Shared And Per-Agent Runtime Profiles

Apprentice supports runtime isolation profiles.

Shared mode uses a shared runtime container with scoped users, homes, profiles, and configured mounts for agents.

Per-agent mode uses a separate runtime container for the agent and mounts only that agent's configured workspace, home, browser profile, and explicit volumes.

The available runtime behavior depends on current app settings and agent configuration.

Folder Mounts

Host folders become visible to the agent only when you configure them.

Volumes are mounted under the agent's home directory. A volume named project appears as:

~/project

Use RO for folders the agent should inspect. Use RW only where file changes are intended.

Browser Isolation

Browser automation runs inside the agent runtime.

Apprentice can keep browser state per agent and support interactive login through a local VNC session. This lets the user authenticate the agent's browser profile without giving the agent direct control of the host browser.

Workload Ports

Agent-built local apps are not reachable from the host by default.

If a workflow needs to open a port from the agent container, map it intentionally to a loopback host port.

What Docker Does Not Solve

Docker is not a substitute for careful permissions.

You still need to control:

  • Mounted folders.
  • Read-write access.
  • Shell capability.
  • External MCP tools.
  • Integrations.
  • Provider credentials.
  • AI guardrails.

Host compromise, Docker compromise, and trusted provider or MCP server compromise are outside the normal local sandbox guarantee.

Troubleshooting

If agents do not start, check Docker first.

If folders are missing, check volume configuration.

If browser automation fails, check runtime health and browser settings.

If MCP server runtime fails, check MCP Library and the agent MCP Servers tab.

Next Step

Review credentials and secrets to understand how API keys, integration tokens, and MCP secrets should be handled.