I've seen people rely on built-in sandboxes, use git worktrees (sometimes inside devcontainers), or run the whole agent inside a Linux VM with minimal host mounts. On Linux, I’ve also seen firejail/bubblewrap mentioned.
For folks actually using these tools day-to-day:
What’s your default setup?
Have you had any "learned the hard way" moments?
What tradeoff (safety vs convenience vs parallelism) has mattered most in practice?
I'm less interested in theoretical best practices than what's actually holding up under real use.
Comments URL: https://news.ycombinator.com/item?id=46400129
Points: 6
# Comments: 2
