CloudCodeTree LogoCloudCodeTree
AI NewsTutorialsAbout
CloudCodeTree Logo
CloudCodeTree
  • AI News
  • Tutorials
  • About
← Back to AI News
Run Claude Agents Inside Your Own Infrastructure: Self-Hosted Sandboxes and Private MCP Tunnels

Run Claude Agents Inside Your Own Infrastructure: Self-Hosted Sandboxes and Private MCP Tunnels

Chris Harper

2 min read

Jun 25, 2026 · 21:07 UTC

AI
Workflow
Claude Code
Agents
MCP

TL;DR: Claude Managed Agents now support running tool calls inside your own infrastructure and reaching private MCP servers via an outbound-only tunnel — no public endpoints, no data leaving your network.

When Claude Managed Agents runs today, tool execution happens in Anthropic's cloud sandbox. That works until your agent needs to touch private codebases, internal APIs, or regulated data that can't leave your network. Two capabilities fix this.

Self-hosted sandboxes: tool execution stays in your perimeter

The agent's orchestration loop (context management, planning, error recovery) stays on Anthropic's infrastructure. What moves is the execution of your tools — Bash commands, file reads, API calls — into your own environment. Inside your perimeter, your existing network policies, audit logging, and secrets management apply automatically.

Supported sandbox providers:

  • Cloudflare — microVMs with zero-trust secrets injection and customizable proxies
  • Daytona — long-running stateful computers (useful for multi-step builds)
  • Modal — AI-optimized VMs with sub-second startup
  • Vercel — VM security with VPC peering and millisecond startup

You can also use your own infrastructure.

To configure:

  1. Pick a provider and follow their cookbook at platform.claude.com/docs/en/managed-agents/self-hosted-sandboxes
  2. Set sandbox.type = "self-hosted" in your agent config with your endpoint URL
  3. Deploy via Claude Console — tool calls now execute in your environment

MCP tunnels: reach private internal tool servers without a public endpoint

MCP tunnels let agents call MCP servers that live inside your private network — a private database, internal knowledge base, ticketing system, or private API — without exposing those servers to the internet.

Architecture: a lightweight gateway binary you deploy on any machine with network access to your MCP server makes one outbound connection — no inbound firewall rules, no public port opened, traffic encrypted end-to-end. Each server gets a hostname under your tunnel domain: postgres.<your-tunnel-domain>, docs.<your-tunnel-domain>.

A Cloudflare-hosted sandbox session (outside your network) can still call your internal MCP server through the tunnel. A self-hosted session can use tunneled servers alongside public ones.

To get started: request access at platform.claude.com (MCP tunnels are in research preview), then deploy the tunnel gateway binary. Docs at platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/overview.

Use both together: agent loop in Anthropic's cloud, tool execution inside your perimeter, internal MCP servers exposed only via tunnel — without a single inbound firewall rule.

Sources: Claude blog: New in Claude Managed Agents | Self-hosted sandboxes docs | MCP tunnels docs