I use a bunch of different coding agents but they always have annoying permission pop-ups or not the right kind of sandboxing. I wanted something simple and flexible so I made it over the weekend.
You use it like so:
- Get the binary in whichever way you like (you can use Nix, Mise or just get it through the releases page).
- Configure via `.agent-run/config.toml` to make the folders you care about read-write, and add any environment variables.
- Run your agent like so: `agent-run <pi|claude|codex|opencode>`.
It's very generic so technically you can use this for any command.
Currently only supports Linux because I don't have access to a macOS machine and sandbox-exec looks daunting.
The folder read-write config is the right primitive — that's what actually contains an agent when it goes off-script. And +1 on sandbox-exec being the daunting part; the macOS story is the hard bit.
3 comments
[ 346 ms ] story [ 844 ms ] threadYou use it like so:
- Get the binary in whichever way you like (you can use Nix, Mise or just get it through the releases page).
- Configure via `.agent-run/config.toml` to make the folders you care about read-write, and add any environment variables.
- Run your agent like so: `agent-run <pi|claude|codex|opencode>`.
It's very generic so technically you can use this for any command.
Currently only supports Linux because I don't have access to a macOS machine and sandbox-exec looks daunting.
https://github.com/smol-machines/smolvm
SDKs available https://github.com/smol-machines/smol