Ask HN: How are you sandboxing coding agents?
via news.ycombinator.com
Short excerpt below. Read at the original source.
I’ve seen people rely on built-in sandboxes, use git worktrees (sometimes inside devcontainers), or run the whole agent inside a Linux VM with minimal host mounts. On Linux, I’ve also seen firejail/bubblewrap mentioned. For folks actually using these tools day-to-day: What’s your default setup? Have you had any “learned the hard way” moments? What tradeoff […]