You can't avoid merge conflicts from happening, but you can definitely empower the agents to self-resolve them.

The workflow is like this:

1. an agent works in its own worktree

2. its changes are green in isolation

3. it submits that work to the local merge queue

4. the queue replays the change on top of the latest target branch and runs verification

5. if it conflicts or fails after replay, the merge is rejected

6. the agent can then pull in the new upstream state, resolve the conflict or test failure, and resubmit

We've found that agent-driven conflict resolution via a merge queue works really well in practice. It's almost necessary because of the increase in velocity of changes.

Regarding sandboxing approach, containers are primary right now. We do this natively on Linux and with Apple Virtualization Framework (AVF) on Mac. So yes, there is a VM involved on Mac, but it’s not exposed as a separate top-level mode.