[boratanrikulu]

Do you have any sandbox-like restrictions in place to ensure that commands are limited to only touching the project folder not any other places in the system?

[imiric]

You can use pledge[1] to restrict the tool to read/write only in specific directories, or only use certain system calls. This is easier to run than from a container or VM, but can be a bit fiddly to setup at first.

Assuming you trust it with the files in your codebase, and them being shared with third parties. Which is a hard pill to swallow for a proprietary program.

[1]: https://justine.lol/pledge/

[jahooma]

We always reset the directory back to the project directory on each command, so that helps.

But we're open to adding more restrictions so that it can't for example run `cd /usr && rm -rf .`

[ATechGuy]

How about executing commands in a VM (perhaps Firecracker)?