Sandboxing #330
Description
To upvote this issue, give it a thumbs up. See this list for the most upvoted issues.
Thinking more about #324, especially for shell commands, I think preventing all unreasonable commands isn't really possible without manual review. Sandboxing would be much better. Claude has /sandbox, and it looks like people are using all sorts of different ways for sandboxing opencode and other harnesses (using incus, bubblewrap, docker, etc.). Most of them seem significantly more painful to setup than something builtin.
I don't know that it actually makes sense to have something directly part of eca, though I am wondering if anyone has any recommended method to use with eca. Is anyone here doing some sort of sandboxing with eca?