[benjamincburns]

I suspect the first case worked as intended, and VS Code is greasing the wheels. I'm sure there's a way to get it working in iTerm 2, though I wouldn't be surprised if the solution was some Goldbergian chain of forwarded unix sockets and a helper daemon living inside the sandbox.

Thanks for mentioning yoloAI, though. I started off sandboxing via devcontainers using kata & cloud hypervisor set up as a custom docker runtime. It worked well enough, but nested docker was super slow due to virtio-fs limitations. I recently moved to sysbox and it's a bit quicker. It's probably not as airtight as kata/chv, but good enough to keep Claude from writing a security test that deletes my whole filesystem [1].

1: https://github.com/anthropics/claude-code/issues/28521

[kstenerud]

Haha yup. yoloAI is to scratch my own itch. I'm getting close to taking it out of beta, but first I'm putting it through a significant architectural overhaul in a feature branch. Normally I'd balk at doing something so heavy, but AI makes it so damn easy to do major mechanical changes (provided you guide it properly and have good tests). So far, so good! And it feels nice to fix the architectural warts before I lock in the interface.