For the last few months, I’ve been tinkering with building a personal AI assistant (think OpenClaw). One thing quickly became clear: agents get much more useful when they can run real commands like install packages, manipulate data, or browse the interweb. The problem is that letting an agent run arbitrary commands directly on it’s host is less than ideal, so I wanted a sandbox environment where they could run pretty much anything, while reducing the attack surface. ...