Skip to content

Sandboxing #330

@noctuid

Description

@noctuid

To upvote this issue, give it a thumbs up. See this list for the most upvoted issues.

Thinking more about #324, especially for shell commands, I think preventing all unreasonable commands isn't really possible without manual review. Sandboxing would be much better. Claude has /sandbox, and it looks like people are using all sorts of different ways for sandboxing opencode and other harnesses (using incus, bubblewrap, docker, etc.). Most of them seem significantly more painful to setup than something builtin.

I don't know that it actually makes sense to have something directly part of eca, though I am wondering if anyone has any recommended method to use with eca. Is anyone here doing some sort of sandboxing with eca?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions