Support AGN disposable Docker environments

[manojsinghnegiwd]

Summary

Add support for AGN environments: disposable Docker environments that mimic the current working directory, execute a prompt/task inside the isolated environment, return a summary of what happened, and then delete the environment.

The motivation is safety. Even when agents receive non-destructive instructions, they may still perform destructive actions. Running prompts in disposable environments lets us observe behavior and capture results without risking the real working tree or host environment.

Task

Implement support for spinning up an AGN-managed Docker environment that:

• Mirrors or otherwise faithfully mimics the current working directory.
• Runs a provided prompt/task inside that environment.
• Captures a useful summary of actions taken, results, failures, and any produced outputs.
• Tears down and deletes the environment after execution.
• Ensures destructive actions performed by the agent are contained to the disposable environment.

Acceptance Criteria

• A user can opt into running a prompt in an AGN disposable Docker environment.
• The environment starts from the current working directory state without mutating the original working directory.
• The agent can execute normally inside the containerized environment.
• The system returns a concise execution summary to the caller.
• The container/environment is deleted after completion or failure.
• Failure paths still clean up the environment where possible.
• Documentation explains why the feature exists: non-destructive prompts can still lead to destructive agent behavior, so isolation is required.

Open Questions

• Should the environment copy the working directory, mount it read-only, or use another snapshot mechanism?
• What level of filesystem/network/process isolation is required by default?
• Should artifacts or diffs be optionally preserved before teardown?
• How should long-running prompts, timeouts, and resource limits be handled?