Please explain the motivation behind the feature request.
I would very much like to give the agent more independence with command execution, but cannot do so without more restrictions to what it can do.
Sandboxing the agent is a way forward that would allow this, bubblewrap (linux) and seatbelt (darwin) can support this and do not require to run inside a docker container (which still cannot sandbox network access, which is a big problem).
Would you be up for that?
Describe the solution you'd like
If you want to go down that implementation route, I really like https://github.com/anthropic-experimental/sandbox-runtime to unify sandboxing on linux and darwin, which could greatly help getting this up and running much faster.
Describe alternatives you've considered
Docker Containers: Lots of setup, when coding on mac, switch to linux inside, hard to use and debug for inexperienced developers, bad developer UX, no network sandboxing out of the box.
Please explain the motivation behind the feature request.
I would very much like to give the agent more independence with command execution, but cannot do so without more restrictions to what it can do.
Sandboxing the agent is a way forward that would allow this, bubblewrap (linux) and seatbelt (darwin) can support this and do not require to run inside a docker container (which still cannot sandbox network access, which is a big problem).
Would you be up for that?
Describe the solution you'd like
If you want to go down that implementation route, I really like https://github.com/anthropic-experimental/sandbox-runtime to unify sandboxing on linux and darwin, which could greatly help getting this up and running much faster.
Describe alternatives you've considered
Docker Containers: Lots of setup, when coding on mac, switch to linux inside, hard to use and debug for inexperienced developers, bad developer UX, no network sandboxing out of the box.