<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: e1g</title><link>https://news.ycombinator.com/user?id=e1g</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 03 Jul 2026 07:19:53 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=e1g" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by e1g in "Ask HN: Secure wrapper for coding agents?"]]></title><description><![CDATA[
<p>Unfortunately, no, MacOS sandboxing does not allow that type of blocking. Only broad categories like "local" vs "remote", but no selective targeting based on domain names or IPs.</p>
]]></description><pubDate>Thu, 02 Jul 2026 17:02:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=48764305</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=48764305</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48764305</guid></item><item><title><![CDATA[New comment by e1g in "Ask HN: Secure wrapper for coding agents?"]]></title><description><![CDATA[
<p>Safehouse author here - glad you found it helpful. It didn't even occur to me to add --offline mode because my mental model is anchored in agents which often require network access. Until we add this, the easiest option is to create a custom policy and then reference it with Safehouse (I usually setup shell aliases/funciton for this)<p><pre><code>  ;; in ~/.config/agent-safehouse/no-network.sb
  (deny network*)

  safehouse --append-profile="$HOME/.config/agent-safehouse/no-network.sb" -- <command></code></pre></p>
]]></description><pubDate>Thu, 02 Jul 2026 11:08:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=48759541</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=48759541</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48759541</guid></item><item><title><![CDATA[New comment by e1g in "How to make SSE token streams resumable, cancellable, and multi-device"]]></title><description><![CDATA[
<p>In JS land, this problem (streaming, resuming, recovering, multi-client, etc) has been fully solved by <a href="https://durablestreams.com" rel="nofollow">https://durablestreams.com</a> - and it can be self-hosted, or managed via Cloudflare DO.</p>
]]></description><pubDate>Fri, 08 May 2026 10:38:18 +0000</pubDate><link>https://news.ycombinator.com/item?id=48061229</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=48061229</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48061229</guid></item><item><title><![CDATA[New comment by e1g in "Spain's parliament will act against massive IP blockages by LaLiga"]]></title><description><![CDATA[
<p>We actually had to revert our rollout of CF Workers because enough of our users were in Spain and couldn’t access endpoints at seemingly arbitrary times (due to the matches)</p>
]]></description><pubDate>Thu, 30 Apr 2026 16:31:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=47964932</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47964932</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47964932</guid></item><item><title><![CDATA[New comment by e1g in "Don't YOLO your file system"]]></title><description><![CDATA[
<p>For jailing local
agents on a Mac, I made Agent Safehouse - it works for any agent and has many sane default for developers <a href="https://agent-safehouse.dev" rel="nofollow">https://agent-safehouse.dev</a></p>
]]></description><pubDate>Sat, 28 Mar 2026 02:57:09 +0000</pubDate><link>https://news.ycombinator.com/item?id=47551119</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47551119</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47551119</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Yes, you're correct about 'no nested sandboxing'.<p>This also applies to sandboxing an Electron app: Electron has its own built-in sandboxing via sandbox-exec, so if you're wrapping an Electron app in your own sandboxing, you have to disable that inner sandbox (with Electron's --no-sandbox or ELECTRON_DISABLE_SANDBOX=1). In the repo, I have examples for minimal sandbox-exec rules required to run Claude Code[1] and VSCode[2] (so you can do --dangerously-skip-permission in their destop app and VSCode extension)<p>[1] <a href="https://github.com/eugene1g/agent-safehouse/blob/a7377924efadf5e3b9eac6924dcf979f1dec0f8e/profiles/65-apps/claude-app.sb" rel="nofollow">https://github.com/eugene1g/agent-safehouse/blob/a7377924efa...</a><p>[2] <a href="https://github.com/eugene1g/agent-safehouse/blob/a7377924efadf5e3b9eac6924dcf979f1dec0f8e/profiles/65-apps/vscode-app.sb" rel="nofollow">https://github.com/eugene1g/agent-safehouse/blob/a7377924efa...</a></p>
]]></description><pubDate>Tue, 10 Mar 2026 06:57:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=47319883</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47319883</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47319883</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Claude Code and Codex quickly figure out they are inside sandbox-exec environment. Maybe because they know it internally. Other agents often realize they are being blocked, and I haven't seen them go haywire yet.<p>Big love for Pi - it was the first integration I added to Safehouse. I wanted something that offers strong guarantees across all agents (I test and write them nonstop), has no dependencies (e.g., the Node runtime), and is easy to customize, so I didn't use the Anthropic sandbox-runtime.</p>
]]></description><pubDate>Mon, 09 Mar 2026 08:32:00 +0000</pubDate><link>https://news.ycombinator.com/item?id=47306251</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47306251</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47306251</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>SBPL is great for filesystem controls and I haven’t hit roadblocks yet. I wish it offered more controls of outbound network requests (ie filtering by domain), but I understand why not.<p>Yes, Safehouse should work for xcodebuild workloads in the way you described - try to run it, watch for failures, extend the profile, try again. Your agent can do this in a loop by itself - just feed it the repo as there are many integrations that are not enabled by default that will help it.</p>
]]></description><pubDate>Mon, 09 Mar 2026 07:35:18 +0000</pubDate><link>https://news.ycombinator.com/item?id=47305884</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47305884</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47305884</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Thanks, Codex helped to put that together in like 20 minutes. Try feeding your agent the idea about an interactive config builder, give it the upstream URL with your condos, and see if it can whip up something for you.</p>
]]></description><pubDate>Mon, 09 Mar 2026 07:30:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=47305846</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47305846</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47305846</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>That’s a great idea. I think I’ll restructure the entire project to be based around a collection of community managed rules, a UI generator to build a  custom text file from those rules, and an LLM skill so people can evolve their policies themselves. The Bash script will remain in the background as one implementation, but shouldn’t be the only way.</p>
]]></description><pubDate>Mon, 09 Mar 2026 07:28:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=47305830</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47305830</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47305830</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Let’s make something so popular and useful that they can’t drop it.</p>
]]></description><pubDate>Mon, 09 Mar 2026 02:29:08 +0000</pubDate><link>https://news.ycombinator.com/item?id=47304193</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47304193</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47304193</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>IYKYK, it’s the new Bootstrap!<p>The alternative would be “no site”, which is still somehow worse.</p>
]]></description><pubDate>Mon, 09 Mar 2026 02:08:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=47304053</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47304053</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47304053</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Yes, for about a decade. But it’s available everywhere, and still works - and protects us - like brand new!</p>
]]></description><pubDate>Mon, 09 Mar 2026 01:56:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=47303965</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47303965</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47303965</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Fair! You don’t actually need to install anything and can just generate a text file with the security profile for sandbox-exec. You can do that online at <a href="https://agent-safehouse.dev/policy-builder.html" rel="nofollow">https://agent-safehouse.dev/policy-builder.html</a><p>Alternatively, you can feed these instructions to your LLM and have it generate you a minimal policy file and a shell wrapper <a href="https://agent-safehouse.dev/llm-instructions.txt" rel="nofollow">https://agent-safehouse.dev/llm-instructions.txt</a></p>
]]></description><pubDate>Mon, 09 Mar 2026 01:48:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=47303906</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47303906</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47303906</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Testing in prod! Thank you, just fixed that typo.</p>
]]></description><pubDate>Mon, 09 Mar 2026 01:17:42 +0000</pubDate><link>https://news.ycombinator.com/item?id=47303672</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47303672</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47303672</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>playwright-cli works out of the box, and I just merged support for agent-browser. If you end up testing out Safehouse, and have any issues, just create an issue on GitHub, and I'll check it out. Browser usage is definitely among my use cases.</p>
]]></description><pubDate>Mon, 09 Mar 2026 00:41:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=47303385</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47303385</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47303385</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Thank you for your work - I have sent many of your links to my people.<p>Your point is totally fair for evaluating security tooling. A few notes -<p>1. I implemented this in Bash to avoid having an opaque binary in the way.<p>2. All sandbox-exec profiles are split up into individual files by specific agent/integration, and are easily auditable (<a href="https://github.com/eugene1g/agent-safehouse/tree/main/profiles" rel="nofollow">https://github.com/eugene1g/agent-safehouse/tree/main/profil...</a>)<p>3. There are E2E tests validating sandboxing behavior under real agents<p>4. You don't even need the Safehouse Bash wrapper, and can use the Policy Builder to generate a static policy file with minimal permissions that you can feed to sandbox-exec directly (<a href="https://agent-safehouse.dev/policy-builder" rel="nofollow">https://agent-safehouse.dev/policy-builder</a>). Or feed the repo to your LLMs and have them write your own policy from the many examples.<p>5. This whole repo should be a StrongDM-style readme to copy&paste to your clanker. I might just do that "refactor", but for now added LLM instructions to create your own sandbox-exec profiles <a href="https://agent-safehouse.dev/llm-instructions.txt" rel="nofollow">https://agent-safehouse.dev/llm-instructions.txt</a></p>
]]></description><pubDate>Mon, 09 Mar 2026 00:40:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=47303384</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47303384</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47303384</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>> An agent inside sandbox-exec still has your AWS keys, GitHub token, whatever's in the environment.<p>That's not the case with Agent Safehouse - you <i>can</i> give your agent access to select ~/.dotfiles and env, but by default it gets nothing (outside of CWD)</p>
]]></description><pubDate>Sun, 08 Mar 2026 23:51:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=47302978</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47302978</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47302978</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Love the feedback -<p>For handling global rules (like ~/.gitconfig and ~/.gitignore), I keep a local policy file that whitelists my "shared globals" paths, and I tell Safehouse to include that policy by default. I just updated the README with an example that might be useful[1]. I also enabled access to ~/.gitignore by default as it's a common enough default.<p>For process management, there is a blurry line about how much to allow without undermining the sandboxing concept. I just added new integrations[2] to allow more process control and lldb, but I don't know this area well. You can try cloning the repo, asking your agents to tweak the rules in the repo until your use-case works, and send a PR - I'll merge it!<p>Alternatively, using the "custom policy" feature above, you can selectively grant broad access to your tools (you can use log monitoring to see rejections, and then add more permisions into the policy file)<p>[1] <a href="https://github.com/eugene1g/agent-safehouse?tab=readme-ov-file#machine-specific-defaults" rel="nofollow">https://github.com/eugene1g/agent-safehouse?tab=readme-ov-fi...</a><p>[2] <a href="https://github.com/eugene1g/agent-safehouse/pull/7" rel="nofollow">https://github.com/eugene1g/agent-safehouse/pull/7</a></p>
]]></description><pubDate>Sun, 08 Mar 2026 22:54:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=47302500</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47302500</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47302500</guid></item><item><title><![CDATA[New comment by e1g in "Agent Safehouse – macOS-native sandboxing for local agents"]]></title><description><![CDATA[
<p>Claude: can escape its sandbox (there are GitHub issues about this) and, when sandboxed, still has full read access to everything on your machine (SSH keys, API keys, files, etc.)<p>Codex: IIRC, only shell commands are sandboxed; the actual agent runtime is not.</p>
]]></description><pubDate>Sun, 08 Mar 2026 22:23:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=47302251</link><dc:creator>e1g</dc:creator><comments>https://news.ycombinator.com/item?id=47302251</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47302251</guid></item></channel></rss>