|
|
|
|
|
|
by kevin11111
84 days ago
|
|
|
Spawn and manage isolated agent workspaces in the terminal. Like Docker, but pure shell — no daemon, no container runtime. Each agent gets its own isolated workspace directory and a dedicated tmux session. macOS — sandbox-exec (Seatbelt): deny-by-default filesystem policy; agents can only write to their workspace and /tmp
Linux — bwrap (bubblewrap): unshared PID/IPC/UTS namespaces; workspace bind-mounted to /workspace
Fallback — unrestricted shell in workspace directory (with a warning) |
|
|