And for the macos users, I can’t recommend nono enough. (Paying it forward, since it was here on HN that I learned about it.)

Good DX, straightforward permissions system, starts up instantly. Just remember to disable CC’s auto-updater if that’s what you’re using. My sandbox ranking: nono > lima > containers.

▲

pbowyer 7 hours ago | parent | next [-]

This nono? https://github.com/always-further/nono

> Just remember to disable CC’s auto-updater if that’s what you’re using.

Why?

	▲	lemontheme 2 hours ago \| parent [-]
		Might be something specific to my and my colleagues' systems, but it breaks the TUI. It needs git authentication, which fails, and the TUI stops accepting input reliably

▲

vorticalbox 6 hours ago | parent | prev | next [-]

I’m using safe house [0] its a bash wrapper around sandbox-exec

0 https://agent-safehouse.dev/

▲

faeyanpiraat 7 hours ago | parent | prev [-]

I've just switched to lima, and cant find anything about "nono" can you post a link?

	▲	lemontheme 2 hours ago \| parent [-]
		I really like lima too. It's my go-to recommendation for light VMs. But I do consider it slightly less convenient. A good example of why is project-local .venv/ directories, which are the default with uv. With Lima, what happens is that macOS package builds get mounted into a Linux system, with potential incompatibility issues. Run uv sync inside the VM and now things are invalid on the macOS side. I wasn't able to find a way to mount the CWD except for certain subdirectories. Another example is network filtering. Lima (understandably) doesn't offer anything here. You can set up a firewall inside the VM, but there's no guarantee your agent won't find a way to touch those rules. You can set it up outside the VM, but then you're also proxying through a MITM. So, for the use case of running Claude Code in --dangerously-skip-permissions mode, Lima is more hassle than Nono