zlacker

[return to "A deep dive on agent sandboxes"]
1. ashish+bz[view] [source] 2026-01-13 05:29:06
>>icyfox+(OP)
6 months back I started dockerizing my setup after multiple npm vulnerabilities.

Then I wrote a small tool[1] to streamline my sandboxing.

Now, I run agents inside it for keeping my non-working-directory files safe.

For some tools like markdown linter, I run them without network access as well.

1- https://github.com/ashishb/amazing-sandbox

◧◩
2. Gerhar+kJ4[view] [source] 2026-01-14 08:13:20
>>ashish+bz
Very nice! Quite a coincidence, but the NPM disaster also prompted me to build litterbox.work as a possible solution. It is a very different approach though.
◧◩◪
3. tapete+wM4[view] [source] 2026-01-14 08:44:51
>>Gerhar+kJ4
Why not just use the standard Linux tool bubblewrap?
[go to top]