I'm shocked they don't come with a way to run them in a sandbox.
Shouldn't this be relatively easy for a $1T company to set up?
Isn't this trivial compared to the entire harness?
I'm shocked they don't come with a way to run them in a sandbox.
Shouldn't this be relatively easy for a $1T company to set up?
Isn't this trivial compared to the entire harness?
There is a builtin sandbox and various third-party options https://code.claude.com/docs/en/sandbox-environments
That's more or less what Claude Cowork is.
Every serious engineer I've seen try to use it ran away screaming, because of limitations in the sandbox.
I've also seen people set their coding agents up entirely within containers -- that may be the better way going forward, but it's an extra stop and a lot of extra plumbing to maintain.
Doing so would be an effective admission that LLM guardrails are inherently probabilistic, unpredictable, and insecure. Plus the only truly robust sandbox approach would be clunky setup of a local VM.
That clunky VM setup is a what Claude Cowork does, which is Claude Code with extra safety features for non-programmers.
There was a big thread about that here the other day: https://news.ycombinator.com/item?id=48479452
[flagged]