Ask HN: Secure wrapper for coding agents?
I believe someone recently posted sort of a secure harness/wrapper for running coding agents in a secure sandbox. I can't find the project.
Of course I can make my own wrapper with systemd-nspawn, kata or bspawn, but I believe I saw a decently well-maintained project just a while back. Does anyone have a suggestion or link? It's become extremely hard to find things on GitHub with all the generated projects.
17 comments
[ 4.9 ms ] story [ 40.8 ms ] threadAnother one that handles this gracefully is Yolobox, which uses rootless Podman. Both are actively maintained and cut through the noise of the thousands of generic wrapper repos out there right now.
https://github.com/eugene1g/agent-safehouse/ https://agent-safehouse.dev/
Originally posted on HN https://news.ycombinator.com/item?id=47301085
(Lookup the browser too: https://bromure.io/en/secure-web)
Everything you see is made by Claude (and Renaud Deraison :-)) and working quite well jugding from the demos)
See here for more details (in french but English subs available (and more)): https://www.sstic.org/2026/presentation/cloture_2026/
My projects are usually very limited with respect to external dependencies and that is part of prompts or markdown files describing various project goals, plans, and current state.
My operating theory is that this probably won't get my systems borked. I wasn't patient enough to dig deeper.
https://docs.celesto.ai/smolvm
That is, to build a state wrapper and separate agent from making runtime decision, a dangerous design is letting the same agent both decide and record the state of the system. If it hallucinates, you can hardly find the error.