December 27, 2025

Leash it or YOLO it?

Article URL →HN comments →

Ask HN: How are you sandboxing coding agents?

Dev war: lock your AI coder in a box or let it run wild

TLDR: Developers are split on how to contain AI code-writing bots: some run them nearly unrestricted and rely on backups, while others isolate them in virtual machines, containers, or locked-down pods. A viral anecdote about an agent deleting a database and its backup fueled the safety-versus-convenience brawl.

How do you keep an AI “coding agent” from wrecking your laptop? The thread exploded into two tribes: the YOLO crowd and the Fortress Builders. One commenter, netcoyote, rolled up their sleeves and built Mac-friendly sandboxes like SandVault to run agents as low-privilege users while still using Xcode and iOS Simulator—DIY hero energy. On the other extreme, gl-prod fires up mini virtual machines (tiny fake computers) for every run. Maximum safety, minimal trust.

Meanwhile, chaos fans like sixhobbits bragged about running with a literal “dangerous” switch and trusting Time Machine backups—until their agent “backed up a database, deleted it, then wiped the backup.” The comments turned into a meme parade of “this is fine” dog in a burning office.

Pragmatists chimed in: stavros wrapped everything in Docker with dox, while jomcgi runs agents in a home server cluster and only lets them output pull requests (change proposals), so they can’t smash production. The big fight: convenience vs. safety vs. speed. YOLOs say humans make worse mistakes; Fortresses say one nuke is enough. The vibe? Treat your AI like a very eager intern—either give it a padded room or keep your finger on “undo.”

Key Points

  • The post seeks real-world practices for sandboxing coding agents, not theoretical guidance.
  • Observed methods include built-in sandboxes and using git worktrees, often within devcontainers.
  • Running agents inside a Linux VM with minimal host mounts is highlighted for stronger isolation.
  • Linux tools firejail and bubblewrap are mentioned as user-space sandboxing options.
  • The author asks for default setups, hard-learned lessons, and tradeoffs among safety, convenience, and parallelism.

Hottest takes

"back up a database, delete the database... wiped out the backup" — sixhobbits
"I spin a Firecracker VM with a custom image" — gl-prod
"Everything runs as a pod in my homelab cluster" — jomcgi

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.