Drydock: Hardware-Isolated Sandboxes for AI Coding Agents

When running automated coding tasks with Claude Code or Codex, there's a question worth asking: what happens if the agent gets prompt-injected? It has access to your API keys, filesystem, and can push code.

Drydock takes a straightforward approach: don't try to control agent behavior — contain the blast radius.

It uses Apple's container runtime (requires macOS 26+ and Apple Silicon) to create hardware-isolated sandboxes for each task. API keys never enter the sandbox. The host-side gateway issues short-lived, budget-capped tokens only. Network access is denied by default, with only package registries and API endpoints whitelisted. The only artifact that leaves the sandbox is a git diff, which requires your explicit approval before being pushed.

The workflow is similar to code review: start the broker, submit a task, wait for notification, review the diff, approve or deny. The difference is the hardware isolation layer underneath.

Currently at v0.1.5 alpha with no third-party security audit yet. Worth watching if you heavily use AI coding agents on macOS.

Crawlie: Rust-Powered SEO Crawler with MCP Server

There's no shortage of SEO audit tools, but Crawlie stands out for two reasons: it's written in Rust (fast crawling), and it ships a built-in MCP server that integrates directly with Claude Desktop, Cursor, and other AI tools.

It checks 46+ rules: broken links, redirect chains, missing metadata, mobile compatibility, structured data, and GEO (Generative Engine Optimization) — whether your pages can be cited by AI search engines like ChatGPT and Perplexity.

Usage is simple: crawlie crawl https://example.com runs a full site audit with JSON, CSV, or HTML output. The --fail-on error flag integrates with CI/CD to block deployments when broken links are found.

The MCP mode is more interesting. Configure it in Claude Desktop, then ask "audit spronta.com and tell me the top 5 pages with the lowest GEO scores and how to fix them" — the AI calls crawlie's tools automatically.

MIT license, npm one-click install, macOS desktop app also available.

TesterArmy: YC-Backed AI Testing Platform

Writing test scripts is tedious. TesterArmy's approach: describe what to test in plain English, and an AI agent launches a real browser, clicks, types, and validates like a human user, then gives you screenshots, recordings, and pass/fail reports.

This is a Y Combinator 2026 batch project. The core feature is automatic PR checks — every GitHub deployment triggers a test run without maintaining any test code.

It handles login flows, OAuth verification, OTP input, and other common scenarios. Available via CLI and web dashboard. For small teams without dedicated QA, this "describe-to-test" approach saves significant effort.

Free trial available. Check the website for pricing.