How to run Claude Managed Agents in self-hosted sandboxes

Anthropic’s latest updates to Claude Managed Agents introduce self-hosted sandboxes and MCP tunnels, allowing you to run tool execution and internal data retrieval entirely within your private network. By shifting the execution layer to customer-controlled environments, you can apply your existing security policies to agent actions while Anthropic handles the cloud orchestration loop. This tutorial covers how to configure your infrastructure for private agent execution and establish secure outbound connections.

Understanding the Split Architecture

The new architecture splits the agent workflow into two distinct planes. Context management, error recovery, and multi-agent coordination remain on Anthropic’s infrastructure. The actual execution environment where the agent writes code, edits files, and calls tools now lives within your perimeter.

This separation keeps sensitive packages and repositories completely isolated. You retain full control over audit logging and network policies. Anthropic charges $0.08 per active session-hour plus standard token costs for the Managed Agents orchestration layer. You are responsible for the separate compute costs of your chosen sandbox environment.

Configuring Self-Hosted Sandboxes

You can run sandboxes on your own hardware or route execution through supported managed providers. Integrations are currently available for Cloudflare, Daytona, Modal, and Vercel. Using a managed provider allows you to dynamically mount external file stores and install packages on the fly without provisioning persistent servers.

For workloads requiring specific performance profiles, you can customize the compute resources allocated to the sandbox. You can specify exact CPU cores, memory limits, and custom runtime images. This configuration is necessary when your agent needs to execute compute-heavy tasks like long software builds or localized image generation.

Because no runnable configuration snippets were provided in the release announcement, you should consult the official documentation to view the exact parameter schema for defining runtime images.

Establishing MCP Tunnels

Connecting your agent to internal databases, knowledge bases, and ticketing systems requires secure networking. Model Context Protocol tunnels replace the need to expose internal APIs to the public internet.

You deploy a lightweight gateway within your private network. This gateway establishes a single outbound connection to Anthropic. All traffic is encrypted end-to-end. By relying exclusively on outbound connections, you avoid configuring inbound firewall rules or maintaining public endpoints.

MCP tunnels are supported in both Managed Agents and the standard Messages API. You manage these tunnel connections directly through the workspace settings in the Claude Console.

Limitations and Next Steps

Deploying self-hosted sandboxes shifts the operational burden of compute management to your team. If you choose not to use a managed provider like Vercel or Daytona, you must maintain the runtime images, handle scaling, and monitor the underlying infrastructure yourself.

Evaluate your internal security requirements to determine if routing agent tools through an MCP tunnel meets your compliance needs. You can request access to the MCP tunnels research preview via the Claude Console today.