How I Run LLM Agents in a Secure Nix Sandbox

The author was concerned about the potential risks of AI coders accessing their machine and sought a secure way to limit their actions. They aimed for a "zero trust" environment, only allowing approved tools and access to the current project directory. Docker and Bubblewrap were considered but deemed insufficient; jail.nix, a Nix-native library, emerged as the solution. The core of the solution is a Nix flake which defines sandboxed environments for AI agents, using jail.nix to restrict their access and specify permitted tools like git and curl. The result is a secure and controlled environment, enabling "YOLO mode" for AI agent tasks without fear of data loss or system compromise, allowing the author to focus on their own work. The author highlights the ease of implementation using existing tools and shares the solution with colleagues. The author ultimately presents a simple solution that addresses a significant security concern surrounding AI agents. This approach provides security and allows for a "YOLO" approach to agent interaction. The author encourages others to share their security practices regarding AI agents.