{"id":2192,"date":"2026-04-16T22:09:53","date_gmt":"2026-04-16T22:09:53","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/all-things-azure\/?p=2192"},"modified":"2026-04-16T22:10:27","modified_gmt":"2026-04-16T22:10:27","slug":"best-of-both-worlds-for-agentic-refactoring-github-copilot-microvms-via-docker-sandbox","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/all-things-azure\/best-of-both-worlds-for-agentic-refactoring-github-copilot-microvms-via-docker-sandbox\/","title":{"rendered":"Best of Both Worlds for Agentic Refactoring: GitHub Copilot + MicroVMs via Docker Sandbox"},"content":{"rendered":"

Legacy codebases frequently contain hardcoded logic and complex build scripts that depend on specific filesystem structures, making them notoriously difficult to modernize in isolated environments. Docker Sandbox addresses this challenge through a bidirectional workspace sync that preserves the same absolute paths inside the sandbox as on the host. This means that when a GitHub Copilot agent refactors a legacy Java or .NET application, file references and build outputs remain consistent across the isolation boundary.<\/span><\/p>\n

The result? Modernized code can be moved back to the host without breaking dependencies.<\/span><\/p>\n

However, one of the most significant pain points in agentic workflows is the requirement for coding agents to interact with Docker itself. Many agents need to build images, run integration tests in containers, or orchestrate multi-container stacks via docker compose. In a standard container environment, this typically requires mounting the host’s \/var\/run\/docker.sock<\/span> into the container – effectively granting the agent full root-level access to the host Docker daemon. This is a serious security risk: a compromised or misbehaving agent could enumerate all running containers, pull sensitive images, or even escape the sandbox entirely.<\/span><\/p>\n

In this blog, we explore the feasibility of using GitHub Copilot alongside isolated runtimes such as Docker Sandbox to modernize legacy applications. Specifically, we walk through containerizing a sample legacy Java application (code available here<\/a>) and preparing it for AI-assisted refactoring, and we demonstrate how these products work together to balance developer productivity with security and isolation.<\/span><\/p>\n

 <\/p>\n

Testing containerized legacy code in isolation<\/span><\/h3>\n

A core part of modernizing legacy systems is containerization, or moving monolithic apps into OCI-compliant images. To do this autonomously, an agent must be able to run docker build and docker compose to verify its work. Traditional containers make this risky by requiring access to the host Docker socket. Docker Sandboxes provide a private, isolated Docker daemon within microVM, allowing agents to build and test containerized versions of legacy code without any visibility into or impact on the host’s primary Docker environment.<\/span><\/p>\n

Here\u2019s what a containerization workflow looks like with GitHub Copilot + Docker Sandbox:<\/span><\/p>\n

$ docker sandbox run copilot ~\/asset-manager-mod<\/span><\/p>\n

Creating new sandbox ‘copilot-asset-manager-mod’…<\/span><\/p>\n

copilot: Pulling from docker\/sandbox-templates<\/span><\/p>\n

75ccbb183316: Pull complete<\/span><\/p>\n

5a47b0b23034: Pull complete<\/span><\/p>\n

37e8fa2e5d6f: Pull complete<\/span><\/p>\n

7b336c9714b3: Download complete<\/span><\/p>\n

0bdd8a5ca3bd: Download complete<\/span><\/p>\n

Digest: sha256:4685bd6f84acea2c5017a2a03354cc7c9168334f5b7b1049e5a9e944051797a7<\/span><\/p>\n

Status: Downloaded newer image for docker\/sandbox-templates:copilot<\/span><\/p>\n

\u2713 Created sandbox copilot-sandbox-2026-03-26-160741 in VM copilot-asset-manager-mod<\/span><\/p>\n

\u00a0 Workspace: C:\\Users\\cindywang\\asset-manager-mod<\/span><\/p>\n

\u00a0 Agent: copilot<\/span><\/p>\n

 <\/p>\n

To connect to this sandbox, run:<\/span><\/p>\n

\u00a0 docker sandbox run copilot-asset-manager-mod<\/span><\/p>\n

 <\/p>\n

Starting copilot agent in sandbox ‘copilot-asset-manager-mod’…<\/span><\/p>\n

Workspace: C:\\Users\\cindywang\\asset-manager-mod<\/span><\/p>\n

 <\/p>\n

Authentication is being handled through delegation. Within the terminal, type \/login to complete auth via GitHub or GitHub Enterprise.<\/span><\/p>\n

\"docker<\/a><\/p>\n

 <\/p>\n

Mitigate risks during dependency upgrades<\/span><\/h3>\n

Modernizing a codebase typically involves updating thousands of unaudited dependencies. The risk of a “supply chain attack”, where an agent pulls a malicious package from a public registry, is high. Docker Sandboxes mitigate this through HTTP\/HTTPS filtering proxies that implement a “smart deny-all” policy. The sandbox allows the agent to reach essential registries, e.g. npm, PyPI, etc. while blocking access to local networks and cloud metadata endpoints, preventing data exfiltration during high-volume dependency updates.<\/span><\/p>\n

In an isolated environment, this can be addressed without too much overhead:<\/span><\/p>\n

\"manage<\/a><\/p>\n

 <\/p>\n

From \u201cperiodic clean-ups\u201d to continuous, high-velocity modernization operations<\/span><\/h3>\n

Legacy modernization often requires thousands of repetitive refactoring tasks, such as updating deprecated APIs, converting callbacks to async\/await, or adding error handling. In a standard environment, agents require constant human approval to prevent destructive actions, creating “approval fatigue” that bottlenecks the development flow. Docker Sandboxes allow agents to run in “YOLO mode\u201d, executing commands without permission prompts, because the microVM enforces a hard security boundary that protects the host from accidental data deletion (e.g., rm -rf \/) or malicious code execution.<\/span><\/p>\n

The ability to run fleets of agents that perform mass refactoring across thousands of legacy repos at the same time has significant implications in ROI. Today, autonomous agents merge roughly 60% more pull requests than those requiring constant supervision, and at an enterprise-scale, the use of a secure sandbox directly translates into reclaimed developer hours and a reduction in technical debt. This construct allows organizations to move through common modernization scenarios such as rehost, refactor, rearchitect, etc. at a speed that was previously impossible due to manual security review requirements.<\/span><\/p>\n

Here\u2019s an example of what running fleet (parallel agent executions) looks like in action via Docker Desktop:<\/span><\/p>\n

\"fleet1<\/a><\/p>\n

\"fleet2<\/a><\/p>\n

\"fleet3<\/a><\/p>\n

\"fleet4<\/a><\/p>\n

\"fleet5<\/a><\/p>\n

\"fleet6<\/a><\/p>\n

\"fleet7<\/a><\/p>\n

 <\/p>\n

Consistency in preserving absolute paths and synchronizing filesystems<\/span><\/h3>\n

A common frustration with virtualized development environments is the disconnect between the host’s filesystem and the guest’s view. GitHub Copilot + Docker Sandboxes address this through bidirectional workspace synchronization, where the developer’s project directory is mounted directly into the sandbox. To ensure compatibility with standard build tools, the sandbox maintains the same absolute path as the host system. If a developer is working in \/Users\/dev\/my-project on macOS, the agent sees the same path inside the MicroVM. This preservation of absolute paths is vital for ensuring that error messages, configuration files, and IDE integrations remain synchronized and coherent across the isolation boundary.<\/span><\/p>\n

Using vscode as an example:<\/span><\/p>\n

\"filesys<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Legacy codebases frequently contain hardcoded logic and complex build scripts that depend on specific filesystem structures, making them notoriously difficult to modernize in isolated environments. Docker Sandbox addresses this challenge through a bidirectional workspace sync that preserves the same absolute paths inside the sandbox as on the host. This means that when a GitHub Copilot […]<\/p>\n","protected":false},"author":172649,"featured_media":1743,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,19,134,92,109,89],"tags":[],"class_list":["post-2192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-github-copilot","category-github-copilot-cli","category-modernization","category-platform-engineering","category-thought-leadership"],"acf":[],"blog_post_summary":"

Legacy codebases frequently contain hardcoded logic and complex build scripts that depend on specific filesystem structures, making them notoriously difficult to modernize in isolated environments. Docker Sandbox addresses this challenge through a bidirectional workspace sync that preserves the same absolute paths inside the sandbox as on the host. This means that when a GitHub Copilot […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/posts\/2192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/users\/172649"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/comments?post=2192"}],"version-history":[{"count":1,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/posts\/2192\/revisions"}],"predecessor-version":[{"id":2209,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/posts\/2192\/revisions\/2209"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/media\/1743"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/media?parent=2192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/categories?post=2192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/all-things-azure\/wp-json\/wp\/v2\/tags?post=2192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}