Pinning your coding agent to a reproducible container

The fastest way to lose an afternoon is to let a coding agent accumulate state on a machine you can’t rebuild. Treat the agent’s home as cattle, not a pet.

Here’s the minimal container entrypoint — note the volume mount that survives a rebuild while everything else stays disposable:

run-agent.sh
#!/usr/bin/env bash
set -euo pipefail


# Only this path persists. Wipe the container freely; config survives.
docker run --rm -it \
  -v "$HOME/.agent:/root/.agent" \
  agent-image:latest

The flags do the work: --rm throws the container away on exit, and the single -v mount keeps the one directory that actually holds configuration.

If you’re migrating an existing setup, the change is usually this small:

Terminal window
docker run -it -v "$HOME:/root" agent-image:latest
docker run --rm -it -v "$HOME/.agent:/root/.agent" agent-image:latest

Mounting your whole home directory feels convenient until the agent writes somewhere you didn’t expect. Scope the mount down and the blast radius shrinks to a single folder you can inspect in version control.