I built a lightweight sandboxing tool that works on macOS and linux in Nix. Wrap any agent binary so that it only has write access to CWD, and the tools, state directories and environment variables it needs. I built this as a development tool for people wanting to run agents in YOLO mode, not as a comprehensively secure sandboxing tool. Network access is left open.
I built a lightweight sandboxing tool that works on macOS and linux in Nix. Wrap any agent binary so that it only has write access to CWD, and the tools, state directories and environment variables it needs. I built this as a development tool for people wanting to run agents in YOLO mode, not as a comprehensively secure sandboxing tool. Network access is left open.