[OriginalPenguin]

My experience with any built in sandboxing for these command line tools has been awful.

What I've done instead is built a script to create a disposable virtual machine (using incus to manage it).

And then I just run the CLI inside the virtual machine and delete the vm at the end of each day.

[shengpuerh]

Same, this has been a challenge since my development machine also has access to banking/personal sensitive data. I would really like to run with `--dangerously-skip-permissions` (or equivalents) without too much worry.

Local VMs are heavyweight but useful if you are sandboxing an entire IDE/GUI app like Cursor. With containers it's somewhat annoying to share local files - Distrobox helps with GUI apps and mounting the home directory but loses sandboxing. I have been curious about Flatpak/bubblewrap, but haven't had time to try it.

For now I've settled on containers, but I would like to shift to a remote VM like I have at work.

[mijoharas]

I built a pi extension. Pi repo has an example extension that uses anthropics sandbox which is a total buggy mess. (To be clear, that's anthropics sandbox itself, not the pi extension wrapper which is fine)

I dug into it a little bit to see about improving things there, but decided to write a minimal version that better suited my needs instead.

[VHRanger]

I'm curious why seemingly none of those projects tried using browsers JS/wasm execution as a sandbox instead