Michael Stapelberg 🐧🐹😺

New blog post published: Coding Agent VMs on #NixOS with microvm.nix 🥳

I have come to appreciate coding agents to be valuable tools for working with computer program code in any capacity, such as learning about any program’s architecture, diagnosing bugs or developing proofs of concept. […] To safely run a coding agent without review, I wanted a Virtual Machine (VM) solution where the agent has no access to my personal files…

→ Read more at https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-microvm-nix/

Feb 1 at 8:04amWeb
Show threadMichael LynchFeb 1
@zekjur nice write up! If Claude can create VMs, does that means Claude is also running on your host? Do you just keep that one more restricted?
Show threadMichael Stapelberg 🐧🐹😺Feb 1
@michael Exactly! In practice, I start with the more-restricted Claude, let it suggest and create a VM (= one approval), then start a less-restricted Claude inside the VM (= no approvals).
Show threadTyberiusPrimeFeb 1
@zekjur I bubblewrap mine. Recently had an episode where I gave the agent just access to a rust crate, but it needed a (uncomplicated) macro crate that was missing from the sandbox. Kimi 2.5 just hallucinated it into existence  ...
Show threadAlex WilsonFeb 1
@zekjur If you don't want to understand your system config lots of traditional package managers will just do that for free. You don't have to pay anthropic for the privilege.