I run mine inside https://github.com/rcarmo/agentbox (with https://github.com/rcarmo/webterm)

Yeah I wrote a small landlock wrapper using go-landlock to sandbox pi that works well (not public, similar projects are landrun and nono).

Note that if you sandbox to literally just the working directly, pi itself wont run since pretty much every linux application needs to be able to read from /usr and /etc

I’ve been tinkering with Gondolin, a micro-vm agent sandbox.

Here’s an example config: https://github.com/earendil-works/gondolin/blob/main/host/ex...

I do this with an extension. I run all bash tools with bwrap and ACLs for the write and edit tools. Serves my purposes. Opens up access to other required directories, at least for git and rust.

I think I published it. Check the pi package page.