| I'm building a robust sandboxing environment for AI agents. It supports multiple sandboxing backends such as docker, podman, kata, firecracker, and for Mac seatbelt and tart. Any agent is in theory supported, but it has specific support for Claude, Gemini, codex, aider, and opencode. Your workdir is never touched by the AI, nor is your system. It doesn't have access to your secrets (beyond what you've explicitly given), and you can restrict network access. You move changes back to your workdir using diff and apply, so you choose which changes to keep. I use it for all my agentic work, and couldn't go back to using Claude without it. https://github.com/kstenerud/yoloai |