logoalt Hacker News

jrvarela56yesterday at 2:28 PM2 repliesview on HN

Sandboxing is a solved problem, there are dozens of providers of firecracker instances to run your agent in.

The problem to be solved is how do you define task-specific least privilege versions of your coding agent.

Replies

niyikizayesterday at 10:45 PM

We've been using Tenuo which for task-scoped authorization.

Its integration for Claude Code: https://github.com/tenuo-ai/claude-governance

sheremetyevyesterday at 4:22 PM

I'm running Codex/Claude in native macOS sandbox with access just to the project folder (plus read-only access to Git repo), and expand to other folders if necessary - https://github.com/sheremetyev/sandfence

show 1 reply