The secret proxy trick is something I expect to become standard at some point in the near future. I first saw this trick being used in Deno Sandboxes (https://docs.deno.com/sandboxes/security/) but it's cheap/easy to implement so I'd be surprised if this doesn't become the standard for a lot of these BaaS platforms.
6 months back I started dockerizing my setup after multiple npm vulnerabilities.
Then I wrote a small tool[1] to streamline my sandboxing.
Now, I run agents inside it for keeping my non-working-directory files safe.
For some tools like markdown linter, I run them without network access as well.
This looks awesome! Do you have a mental process you run through to determine what gets run in the sandbox, or is it your default mode for all tools?
> This looks awesome! Do you have a mental process you run through to determine what gets run in the sandbox, or is it your default mode for all tools?
Here's what I use it for right now
- yarn
- npm
- pnpm
- mdl - Ruby-based Markdown linter
- fastlane - Ruby-based mobile app release tool by Google
- Claude Code
- Gemini CLI
Over time, my goal is to run all CLI-based tools that only need access to the current directory (and not parent directories) via this.
I would like to see more articles about agent sandboxes. With agents gaining popularity we need a higher fraction of users to understand containers and sandboxes and their risk profiles, and then to communicate their understandings to friends and family. It is a harder task than explaining ChatGPT, and it often feels like a hindrance.
Totally, devcontainers are fantastic! In this agent sandboxing space there's also Leash, which in addition to Docker/Orbstack/Podman provides a sophisticated macOS-native system extension mode - https://github.com/strongdm/leash
I don't think containers are enough especially for the security side of things.
Imo microvm's+ dev containers seem like a good fit though
Hugged to death? Seeing SSL failure to the site from CloudFlare.
The secret proxy trick is something I expect to become standard at some point in the near future. I first saw this trick being used in Deno Sandboxes (https://docs.deno.com/sandboxes/security/) but it's cheap/easy to implement so I'd be surprised if this doesn't become the standard for a lot of these BaaS platforms.
6 months back I started dockerizing my setup after multiple npm vulnerabilities.
Then I wrote a small tool[1] to streamline my sandboxing.
Now, I run agents inside it for keeping my non-working-directory files safe.
For some tools like markdown linter, I run them without network access as well.
1- https://github.com/ashishb/amazing-sandbox
This looks awesome! Do you have a mental process you run through to determine what gets run in the sandbox, or is it your default mode for all tools?
> This looks awesome! Do you have a mental process you run through to determine what gets run in the sandbox, or is it your default mode for all tools?
Here's what I use it for right now
- yarn - npm - pnpm - mdl - Ruby-based Markdown linter - fastlane - Ruby-based mobile app release tool by Google - Claude Code - Gemini CLI
Over time, my goal is to run all CLI-based tools that only need access to the current directory (and not parent directories) via this.
I would like to see more articles about agent sandboxes. With agents gaining popularity we need a higher fraction of users to understand containers and sandboxes and their risk profiles, and then to communicate their understandings to friends and family. It is a harder task than explaining ChatGPT, and it often feels like a hindrance.
This was also a great read: https://www.luiscardoso.dev/blog/sandboxes-for-ai
devcontainers, devcontainers, devcontainers
Totally, devcontainers are fantastic! In this agent sandboxing space there's also Leash, which in addition to Docker/Orbstack/Podman provides a sophisticated macOS-native system extension mode - https://github.com/strongdm/leash
I don't think containers are enough especially for the security side of things.
Imo microvm's+ dev containers seem like a good fit though
Hugged to death? Seeing SSL failure to the site from CloudFlare.