cupcake looks well thought out!

You are right that bash is turing complete and I agree with you that a sandbox is the real answer for full protection - ain't no substitute for that.

My thinking is that there's a ton of space between full protection and no guardrails at all, and not enough options in between.

A lot of people out there download the coding CLI, bypass permissions and go. If we can catch 95% of the accidental damage with 'pip install nah && nah install' that's an alright outcome :)

I personally enjoy having Claude Code help me navigate and organize my computer files. I feel better doing that more autonomously with nah as a safety net