Mastodawn

mazieres 1d ago

Don't YOLO your file system

https://jai.scs.stanford.edu/

jai - easy containment for AI agents

Super-lightweight Linux sandbox for AI agents

Show thread

AnotherGoodName 1d ago

Add this to .claude/settings.json:

  {                                                                                                                                                              
    "sandbox": {                                                                                                                                               
      "enabled": true,
      "filesystem": {
        "allowRead": ["."],
        "denyRead": ["~/"],
        "allowWrite": ["."],
        "denyWrite": ["/"]
      }                                                                                                                                                          
    }
  }

You can change the read part if you're ok with it reading outside. This feature was only added 10 days ago fwiw but it's great and pretty much this.

Show thread

cozzyd 1d ago

Is this a real sandbox or just a pretty please?

Show thread

AnotherGoodName

https://code.claude.com/docs/en/sandboxing says they integrated bubblewrap (linux/windows), seatbelt (macos) and give an error if sandbox can't be supported so appears to be real.

Sandboxing - Claude Code Docs

Learn how Claude Code's sandboxed bash tool provides filesystem and network isolation for safer, more autonomous agent execution.

Claude Code Docs

Show thread

throwaway6734 1d ago

https://docs.docker.com/ai/sandboxes/ Any idea on how that compares to this docker feature in development?

Docker Sandboxes

Run AI coding agents in isolated environments

Docker Documentation