Ask HN: Secure Wrapper for Coding Agents

4 points · 2 visible top comments · 2026-06-30 13:40:11 UTC

news.ycombinator.com · Read Story HN original

I believe someone recently posted sort of a secure harness/wrapper for running coding agents in a secure sandbox. I can't find the project.

Of course I can make my own wrapper with systemd-nspawn, kata or bspawn, but I believe I saw a decently well-maintained project just a while back. Does anyone have a suggestion or link? It's become extremely hard to find things on GitHub with all the generated projects.

Comments

sanju3026 · 2026-06-30 14:38:36 UTC

I believe you're looking for Era. It uses libkrun for local microVM isolation and was built specifically to solve the "LLM hallucinated a destructive bash command" problem without the overhead of a massive VM.

Another one that handles this gracefully is Yolobox, which uses rootless Podman. Both are actively maintained and cut through the noise of the thousands of generic wrapper repos out there right now.

rjzzleep · 2026-06-30 14:59:59 UTC

Era is a bit of a generic name. Just found another podman one with https://github.com/thomaspeklak/agent-sandbox

just found era it's deprecated, so it wasn't that.

rohityin · 2026-06-30 15:42:28 UTC

Have you thought About docker?