February 4, 2026

Sandbox smackdown

Article URL →HN comments →

Coding Agent VMs on NixOS with Microvm.nix

Disposable dev sandboxes ignite a speed vs safety fight

TLDR: A dev shows how to run AI coding agents in disposable NixOS virtual machines to keep your files safe. Commenters clash over scale (containers vs micro-VMs), warn that sandboxing doesn’t prevent bad code from shipping, and debate DIY setups versus new paid services—why this matters for safe, reliable software.

This guide shows how to spin up throwaway virtual computers on NixOS with microvm.nix so coding AI agents can’t touch your files. It’s all about ephemeral VMs—nothing sticks unless you share it—like a quarantine box you can toss. The setup is detailed, but the comments turned it into a ringside match.

The loudest take: scale vs safety. One pro running “about ten thousand agents” said Google’s gVisor sandbox beats micro-VMs because packing more agents per machine matters; a full “mini-computer” per agent eats memory. Another blast: a skeptic mocked the whole trend as “costly autocomplete,” joking, “Sorry boss, I can’t write code because Cloudflare is down,” which instantly became the thread’s meme. A security-minded voice added a cold shower: even a perfect sandbox won’t stop an agent from generating buggy code that ships—think hidden data leaks or weak passwords sneaking into production.

Pragmatists asked if you could do this without NixOS (you can try QEMU), while a weekend tinkerer cheered the DIY safety angle. Meanwhile, the crowd wondered: why not just buy a sandbox? New services like exe.dev and Fly.io’s Sprites pitch “agent-friendly” hosting. TL;DR: the vibe is density vs safety, DIY vs pay-for-it, and plenty of jokes about bots doing the typing.

Key Points

  • The article presents setting up ephemeral, disposable VMs for coding agents on NixOS using microvm.nix.
  • It aims to isolate agents from private data, enabling safe execution without manual command review.
  • Network setup includes a systemd-managed bridge (“microbr”), a private subnet (example: 192.168.83.1/24), and NAT via “eno1,” with microvm* interfaces attached.
  • Configuration adds the microvm module in flake.nix, enables the host module, and defines all VMs in a separate microvm.nix file.
  • References provide context on AI agent threat models and sandboxing, and mention commercial alternatives like exe.dev and Fly.io’s Sprites.

Hottest takes

"we run ~10k agent pods on k3s and went with gvisor over microvms purely for density" — clawsyndicate
"That is quite an involved setup to get a costly autocomplete going" — rootnod3
"Even a perfectly sandboxed agent can still generate code with vulnerabilities" — the_harpia_io

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.