Can't speak for the benefits of https://nono.sh/ since I haven't used it, but a downside of using docker for this is that it gets complicated if you want the agent to be allowed to do docker stuff without giving it dangerous permissions. I have a Vagrant setup inspired by this blogpost https://blog.emilburzo.com/2026/01/running-claude-code-dange..., but a bug in VirtualBox is making one core run at 100% the entire time so I haven't used it much.
