[ajb]

We definitely need a vendor-independent tool like this. Have been reviewing the Claude setup and, despite initially being hopeful since it uses bubblewrap, it's quite problematic:

* The definitions of security config in the documentation of settings.json are unclear. Since it's not open source, you can't check the ground truth.

* The built in constructs are insufficient to do fully whitelist based access control (It might be possible with a custom hook).

* Security related issues go unanswered in the repo, and are automatically closed.

Haven't looked into copilot as much but didn't look great either. Seems like the vendors don't have the incentives to do this properly.

So I'm on the lookout for a better way, and matchlock seems like a contender.

[CuriouslyC]

There are a lot of options in this space. Armin Ronacher is working on Gondolin (https://github.com/earendil-works/gondolin) for example. I built agentd as a layer in front of this stuff so you can expose secure shell capabilities over the network as a tool rather than baking it into the harness, or running the harness in that environment.

[arianvanp]

Claude sandbox practically useless IMO. It gives read access to everything by default so its not deny-default.