diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts
index 922e5fd..8e6ea14 100644
--- a/src/docker-manager.test.ts
+++ b/src/docker-manager.test.ts
@@ -317,6 +317,13 @@ describe('docker-manager', () => {
       expect(agent.dns_search).toEqual([]);
     });
 
+    it('should configure extra_hosts for host.docker.internal', () => {
+      const result = generateDockerCompose(mockConfig, mockNetworkConfig);
+      const agent = result.services.agent;
+
+      expect(agent.extra_hosts).toEqual(['host.docker.internal:host-gateway']);
+    });
+
     it('should override environment variables with additionalEnv', () => {
       const originalEnv = process.env.GITHUB_TOKEN;
       process.env.GITHUB_TOKEN = 'original_token';
diff --git a/src/docker-manager.ts b/src/docker-manager.ts
index 0d58c60..3313901 100644
--- a/src/docker-manager.ts
+++ b/src/docker-manager.ts
@@ -297,6 +297,7 @@ export function generateDockerCompose(
     },
     dns: dnsServers, // Use configured DNS servers (prevents DNS exfiltration)
     dns_search: [], // Disable DNS search domains to prevent embedded DNS fallback
+    extra_hosts: ['host.docker.internal:host-gateway'], // Enable host.docker.internal on Linux
     volumes: agentVolumes,
     environment,
     depends_on: {
diff --git a/src/types.ts b/src/types.ts
index d0b6356..2cf3148 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -418,11 +418,21 @@ export interface DockerService {
 
   /**
    * DNS search domains for the container
-   * 
+   *
    * Appended to unqualified hostnames during DNS resolution.
    */
   dns_search?: string[];
 
+  /**
+   * Extra hosts to add to /etc/hosts in the container
+   *
+   * Array of host:ip mappings. Used to enable host.docker.internal
+   * on Linux where it's not available by default.
+   *
+   * @example ['host.docker.internal:host-gateway']
+   */
+  extra_hosts?: string[];
+
   /**
    * Volume mount specifications
    *