Sandcastle by Matt Pocock (@mattpocockuk) orchestrates locally sandboxed coding agents in TypeScript. Each agent runs in its own Docker, Podman, or Vercel container with full isolation — commits made in the sandbox get patched back to the host automatically. The system is 100% offline with no cloud dependency. Invoke agents with a single sandcastle.run() call and Sandcastle handles sandbox lifecycle, branch strategies, and result patching. Provider-agnostic by design: it doesn't care whether the agent inside is Claude Code, Codex, or OpenCode. Published as @ai-hero/sandcastle. The project addresses a critical need as Dynamic Workflows and ultracode can now spawn 85+ parallel agents — isolation becomes structural, not optional.
Sandcastle solves a specific problem that emerged in Q2 2026: what happens when coding agents need to modify your codebase in parallel without stepping on each other? Claude Code’s Dynamic Workflows can spawn up to 1,000 subagents. Ultracode routinely launches 85+ agents from a single prompt. At that scale, file conflicts become inevitable without isolation.
Sandcastle wraps each agent in a Docker container (or Podman, or Vercel sandbox), manages branch strategies, and patches commits back to the host when work completes. The developer interacts with a TypeScript API — one sandcastle.run() call per agent — and Sandcastle handles the rest.
Sandbox isolation: Every agent runs in its own container. No agent can see or interfere with another agent’s work. Commits are staged inside the sandbox and only merged to the host when the work passes validation.
Provider-agnostic: Sandcastle doesn’t care which agent runs inside the sandbox. It ships with integrations for Claude Code, Codex, and OpenCode, but any CLI tool that reads from and writes to a git repository works.
Branch strategies: Configurable strategies for how sandbox work maps to branches — one branch per agent, one branch per task, or direct-to-main with conflict resolution.
Offline-first: No cloud calls, no telemetry, no external dependencies. The entire system runs on your machine.
Developers using multi-agent workflows (Dynamic Workflows, ultracode, or custom parallel agent setups) who need deterministic isolation between concurrent agents. Teams that want sandbox-level security for untrusted or experimental agent code. Anyone building agent pipelines where merge conflicts from parallel work would be catastrophic.
We covered Sandcastle’s role in the agent orchestration portability stack in Harness Wars: Who Owns Your Coding Agent?.
Persistent memory layer for AI coding agents — benchmark-backed (95.2% on LongMemEval-S), 92% fewer tokens per session vs full-context pasting, zero manual memory.add() calls.
Open-source AI pair programming tool that works in your terminal to edit code across your entire repository.
AWS's AI-powered coding assistant that helps developers build, deploy, and optimize applications on AWS with code generation and transformation.