Implementing a secure sandbox for local agents

Coding agents have become increasingly adept at executing terminal commands, raising concerns about security risks when users auto-approve their actions, potentially leading to errors such as data loss or code issues. To address these challenges, a sandboxing solution has been implemented across macOS, Linux, and Windows, allowing agents to operate within a controlled environment and only seek approval when necessary, particularly for internet access, which significantly reduces interruptions and approval fatigue. The sandboxing approach varies by platform, utilizing tools like Seatbelt on macOS, Landlock and seccomp on Linux, and WSL2 on Windows, with efforts underway to create better native support for Windows. Enhancements to the agent harness ensure agents can navigate sandbox constraints effectively, improving their ability to manage permissions and operate efficiently. The successful rollout of sandboxing has seen widespread adoption, including by major enterprise clients, highlighting the importance of execution boundaries for agents as they transition from code generation to production system operations.