There is a growing habit among developers: walking between meetings cradling a half-open laptop, or keeping the screen slightly propped open during a 1:1 just to keep it awake. This is because closing the lid means killing the active coding agent (such as Claude Code, Codex, Kiro, or Cursor CLI) running inside. Business Insider even dedicated an article to this developer struggle.
At their core, these agents require five things: a shell, a filesystem, the project checked out, dependencies installed, and proper permissions. Your laptop has all five, but it won the job simply because it was the closest machine, not the right one.
To address this, #AWS has introduced the Amazon #Bedrock AgentCore Runtime. It provides a dedicated environment for every session: an isolated Linux microVM with a persistent workspace, a real shell, and deterministic command execution. While many sandbox products offer similar environments, AgentCore stands out by shipping the essential surrounding ecosystem out of the box:
- Identity Layer: Ensures the agent acts on behalf of the user who triggered it.
- Gateway: Connects Claude Code, Codex, and others to tools like GitHub, Jira, and Slack via a single Model Context Protocol (#MCP) endpoint, keeping active tokens safely outside the agent.
- Observability: Directs every agent step into Amazon CloudWatch, seamlessly integrating with existing enterprise monitoring.
With this setup, developers can finally close their laptop lids. Later in this post, we will hand the same GitHub issue to Claude Code, Codex, Kiro, and Cursor simultaneously—each in its own microVM—and evaluate them based on critical metrics: latency, dollar cost, and whether tests pass on the first try.
Why Your Laptop is the Wrong Host
Before diving in, let's look at why local laptops are ill-suited for hosting agents. Four reasons stand out:
- Blast Radius: The agent shares your local shell, filesystem, tokens, VPN, and loaded SSH keys. A single prompt-injected README poses a catastrophic security risk.
- Exposed Secrets: Sensitive files like
.env,~/.aws/credentials, and private~/.npmrcregistry tokens sit right alongside the code the agent edits, violating the principle of least privilege. - Flawed Parallelism: Using
git worktreeto run multiple agents simultaneously is only a half-fix, often leading to tool and environment conflicts. - Uptime Dependency: The agent's progress is entirely bound to your laptop remaining powered, awake, and connected to the internet.
[AgentUpdate Depth Analysis] The launch of AWS Bedrock AgentCore marks a critical transition of AI Agent runtimes from "local localhost" to "enterprise-grade cloud hosting." This transition is pivotal as coding assistants evolve from single-user Copilots to autonomous, multi-agent workflows. While lightweight sandboxes like Fly.io offer microVM isolation, AWS distinguishes itself by merging robust enterprise compliance with the emerging Model Context Protocol (MCP) standard. By natively handling identity propagation, credential externalization, and CloudWatch auditability, AgentCore resolves the primary bottlenecks preventing enterprises from adopting autonomous coding agents: security, trust, and visibility. Moving forward, this "secure sandbox + standardized protocol (MCP) + enterprise observability" framework will likely become the blueprint for Agent hosting, paving the way for reliable, unsupervised background engineering tasks at scale.
