https://oligot.be/tags/gemini/Recent content in Gemini on Olivier Ligot - BlogHugoen-usSat, 11 Apr 2026 10:32:57 +0200https://oligot.be/posts/ai-sandbox/Sat, 11 Apr 2026 10:32:57 +0200https://oligot.be/posts/ai-sandbox/<h2 id="tldr">TL;DR</h2> <p>A small guide on how to run AI agents in a sandbox&hellip; natively!</p> <h2 id="context">Context</h2> <p>I first heard about running AI agents in a sandbox while reading the article <a href="https://blog.emilburzo.com/2026/01/running-claude-code-dangerously-safely/">Running Claude Code dangerously (safely)</a>. I then wanted to see if there were alternatives to using Vagrant, and the most interesting ones (<a href="https://www.docker.com/products/docker-sandboxes/">Docker Sandbox</a> and <a href="https://github.com/jingkaihe/matchlock">Matchlock</a>) are based on microVMs.</p> <p>The downside of these tools is that you have to somehow reproduce your development environment inside them. Why does the agent need access to our development environment? Once they start to change files, agents can also validate their work by running unit/integration/end-to-end tests. In a Python project, this means running <code>pytest</code>; in Go, <code>go test</code>; in Node.js, <code>npm test</code> (or whichever tool you use). In a DevOps project, this could mean running Docker, Terraform, or Kustomize. By the way, if you find it difficult to track those tools per project, and you find Nix too intimidating, I recommend you check out <a href="https://mise.jdx.dev/">Mise</a>, which is really great for this.</p>