There's absolutely nothing special about any of these agents. They're regular processes that execute some subshells. They're trivially jailable.
replyThey absolutely can. I used to run Claude Code inside a firejail. Then I got paranoid to the point I developed my own virtual machine orchestration system just so I could run fully virtualized and isolated per-project Claude Code instances.
replyDo you have more information on this?
replyMore information on what exactly? The firejail, or my VM orchestration project?
replyThe latter is here:
https://github.com/matheusmoreira/virtdev
I've been using it every day. Just implemented easy backup and restore.
There are many useful tools for easily sandboxing agents. Visual Studio Code has devcontainers, which are trivially used.
reply