Comment by molson8472
17 hours ago
Once approval fatigue and ongoing permission management kicks in, the temptation is strong to run `--dangerously-skip-permissions`. I think that's what we all want - run agents in a locked-down sandbox where the blast radius of mistakes and/or prompt injection attacks is minimal/acceptable.
I started running Claude Code in a devcontainer with limited file access (repo only) and limited outbound network access (allowlist only) for that reason.
This weekend, I generalized this to work with docker compose. Next up is support for additional agents (Codex, OpenCode, etc). After that, I'd like to force all network access through a proxy running on the host for greater control and logging (currently it uses iptables rules).
This workflow has been working well for me so far.
Still fresh, so may be rough around the edges, but check it out: https://github.com/mattolson/agent-sandbox
Very nice!
I've been experimenting with a similar setup. And I'll probably implement some of the things you've been doing.
For the proxy part I've been running https://www.mitmproxy.org/ It's not fully working for all workflows yet. But it's getting close
I wanted to vibe code an app in an evening with some friends including setting up coolify for production and testing environments. Ended up with giving Claude root access to a cluster of servers. Vibe coded the entire application with 3 people. Did not touch a line of code. The only shell command given was claude. It spend couple hours to self configure the system. Result was remarkable good. Amazing how far we are already in the ai race.
[dead]