There has been a lot of examples of how to sandbox Claude Code and other agentic tools on HN lately. I decided to look into the options and realized Claude Caude already has a sandbox feature that I never saw mentioned among the suggestions. It uses bubblewrap/sandbox-exec[0] and is baked into Claude Code itself. Does anyone have experience with it compared to more DIY options? The obvious downside I can see is I need to put all my trust in Claude Code as compared to running it completely inside some environment..
There has been a lot of examples of how to sandbox Claude Code and other agentic tools on HN lately. I decided to look into the options and realized Claude Caude already has a sandbox feature that I never saw mentioned among the suggestions. It uses bubblewrap/sandbox-exec[0] and is baked into Claude Code itself. Does anyone have experience with it compared to more DIY options? The obvious downside I can see is I need to put all my trust in Claude Code as compared to running it completely inside some environment..
[0] https://github.com/anthropic-experimental/sandbox-runtime