alt Hacker NewsI just gave it its own user and dir. So I can read and write /agent, but agents can't read or write my homedir.
So I just run agents as the agent user.
I don't need it to have root though. It just installs everything locally.
If I did need root I'd probably just buy a used NUC for $100, and let Claude have the whole box.
I did something similar by just renting a $3 VPS, and getting Claude root there. It sounds bad but I couldn't see any downside. If it blows it up, I can just reset it. And it's really nice having "my own sysadmin." :)
I do the same. Somehow it feels safer than running a sandbox with my own user, despite the only security boundary being Unix permissions.
Claude gets all the packages it needs through Guix.