VCN #42: The Sandbox

the vibe

Your agent wrote code. Where does it run? Not on your machine. The fastest way to get burned by a coding agent is to let it execute what it writes straight on your host. One bad rm, one curl-to-shell, one dependency that phones home, and the agent now owns your laptop. The fix is old and boring and it works: give the agent a disposable, isolated sandbox. It runs the code in a box. You nuke the box. VCN #42: The Sandbox is a Saturday-morning build sprint where you wire one up. Format: The threat. Five minutes on why untrusted agent-written code is its own threat class, and why "I read it first" does not scale. The options. Docker containers, e2b, Daytona, gVisor. What each isolates, what it costs, when you reach for which. Sandbox-per-task vs one long-lived box. Build your sandbox. Hands-on hour. Stand up an isolated code-exec sandbox, point your agent at it, watch it write and run code it can never run on your host. Snapshot a clean state, let the agent trash the box, restore. Teardown by default. Make the box ephemeral. One task, one sandbox, gone when the task ends. The security case made concrete. By 1pm your agent writes code and runs it inside a sandbox you can nuke on demand. You leave with the pattern in your stack. Builders only. Bring a laptop and an agent you want to take off the leash safely. Doors 10am. Sprint 10:15. Frontier Tower Floor 9. Hosted by Vibe Coding Nights: Rayyan Zahid (Immersive Commons), Michalis Vasileiadis (Hacker Bob), Eric Mockler (AI…