TechPulseTechPulse
Back to News
Advertisement

Ask HN: Secure wrapper for coding agents?

rrjzzleep about 8 hours ago 8 comments
I believe someone recently posted sort of a secure harness/wrapper for running coding agents in a secure sandbox. I can't find the project.

Of course I can make my own wrapper with systemd-nspawn, kata or bspawn, but I believe I saw a decently well-maintained project just a while back. Does anyone have a suggestion or link? It's become extremely hard to find things on GitHub with all the generated projects.

Advertisement

⚑ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 231 words in the discussion.

Trending Topics

#https#era#com#agent#safehouse#github#sandbox#lookup#bromure#more

Discussion (8 Comments)Read Original on HackerNews

pixdamixβ€’about 2 hours ago
If you're on a mac, lookup https://bromure.io/en/agentic-coding

(Lookup the browser too: https://bromure.io/en/secure-web)

Everything you see is made by Claude (and Renaud Deraison :-)) and working quite well jugding from the demos)

See here for more details (in french but English subs available (and more)): https://www.sstic.org/2026/presentation/cloture_2026/

sanju3026β€’about 7 hours ago
I believe you're looking for Era. It uses libkrun for local microVM isolation and was built specifically to solve the "LLM hallucinated a destructive bash command" problem without the overhead of a massive VM.

Another one that handles this gracefully is Yolobox, which uses rootless Podman. Both are actively maintained and cut through the noise of the thousands of generic wrapper repos out there right now.

rjzzleepβ€’about 7 hours ago
Era is a bit of a generic name. Just found another podman one with https://github.com/thomaspeklak/agent-sandbox

just found era it's deprecated, so it wasn't that.

femboyvtuberβ€’about 6 hours ago
Era links to https://github.com/smol-machines/smolvm now
ca_techβ€’about 3 hours ago
If you are running MacOS, I would recommend Agent Safehouse. Well maintained and is built on existing sandbox-exec so you are not locked in and can always build your own rules independent of the CLI tool.

https://github.com/eugene1g/agent-safehouse/ https://agent-safehouse.dev/

Originally posted on HN https://news.ycombinator.com/item?id=47301085

atombenderβ€’about 3 hours ago
Seconding this. I've been running Safehouse for months and love that it can wrap any process (it's just a wrapper around the native macOS sandbox API, after all). The only thing I miss is the ability to limit network access, which isn't supported by the API.
aborsyβ€’about 3 hours ago
Docker has introduced sandboxes for this purpose.
rohityinβ€’about 6 hours ago
Have you thought About docker?