Ask HN: How are you sandboxing your coding agents?

3•kwar13•1h ago

I've seen a few articles here using bubblewrap, vagrant, VMs, even docker to sandbox coding agents to avoid the inevitable disaster. I've personally been using a headless VM but it's quite resource intensive and I'm wondering if there are better ways to do this.

Comments

gnabgib•1h ago

Recent related Ask HN: How are you sandboxing coding agents? (46 points, 25 days ago, 32 comments) https://news.ycombinator.com/item?id=46400129

kwar13•1h ago

thank you!

burntoutgray•1h ago

I use a physically separate system.

i.e. DEV and PROD are completely airgapped.

bitkin_dev•1h ago

Standard VMs are definitely overkill for per-agent instances due to the resource overhead.

If you need strict isolation for untrusted code but want container-like speed, look into Firecracker (MicroVMs) or gVisor (userspace kernel).

Firecracker is what AWS Lambda uses. It strips down the kernel to the bare minimum, so you get VM-level isolation with millisecond boot times and a tiny memory footprint. It’s essentially the sweet spot between "insecure" Docker and "heavy" full VMs.

handfuloflight•1h ago

Orbstack VM.

rubenflamshep•40m ago

Currently I'm using docker-ized git worktrees so I can dangerously skip permissions. It's not great. Worktrees are not the way to go and Claude Code treats docker as a second-class citizen (e.g., going through the MacOS auth flow deletes the linux-based auth tokens you need to mount in the container)

SafeDusk•17m ago

Using https://github.com/aperoc/toolkami which just spins up a worktree with pre-configured Docker containers.

Rugs of War

Ask HN: How does YC / HN think about founder voting splits vs. equity splits?

How long would you survive with no DNA? [video]

Fundamental Engineering Principles

Canada's Prime Minister Mark Carney's Full Speech at Davos

Machine with Concrete – Arthur Ganson [video]

DevOps Didn't Fail – We Just Gave It the Tools It Deserved

Libbbf: Bound Book Format, A high-performance container for comics and manga

Google Health AI Overviews Cite YouTube More Than Any Hospital Site

OpenFlexure Microscope

A series of distributed systems challenges brought to you by Fly.io

I got into an argument on Discord about how inefficient CBR/CBZ is, so I wrote

Virology Lectures 2025 [video]

Drift

Using RL to Double an Agent's Effectiveness in Production Debugging

Show HN: DoceraX – Open "Please wait cannot display this document" PDFs Mac

Can AI Pass Freshman CS? [video]

Explore medieval life and death with these 5 fun interactive maps (2023)

Migrating 13,000 Comments from Drupal to Hugo

An 800 year old prayer book that's decorated with puns (2023)

Air Force One Returns to Joint Base Andrews After 'Minor Electrical Issue'

How Birds Got Human Names (2025)

Why Not Tail Recursion?

Incremental AI Adoption for E-Commerce – Arcturus Labs

Everything Moe

Shingles vaccine may help keep older people biologically younger

Disaster planning for regular folks (2015)

Create video resumes without any recording - perfectclips.netlify.app

DOGE employees may have improperly accessed social security data, DOJ says

ChatGPT recommended a scam and I spent $300