This is what I was going for with Treebeard[0]. It is sandbox-exec, worktrees, and COW/overlay filesystem. The overlay filesystem is nice, in that you have access to git-ignored files in the original directory without having to worry about those files being modified in the original (due to the COW semantics). Though, truthfully, I haven’t found myself using it much since getting it all working.
This approach is too complex for what is provided. You're better off just making a copy of the tree and simply using sandbox-exec. macFUSE is a shitshow.
The main issue I want to solve is unexpected writes to arbitrary paths should be allowed but ultimately discarded. macOS simply doesn't offer a way to namespace the filesystem in that way.
Completely agree; my approach was not the most practical. I mostly wanted to know how hard it would be and, as I said, haven’t used it much since. Yes, macFUSE is messy to rely upon.
I feel as though the right abstraction is simply unavailable on macOS. Something akin to chroot jails — I don’t feel like I need a particularly hardened sandbox for agentic coding. I just need something that will prevent the stupid mistakes that are particularly damaging.
pnpm’s minimumReleaseAge can help a ton with this. There’s a tricky balance, because allowing your dependencies to get stale makes you inherently more vulnerable to vulnerabilities in your packages. And, critically, fixing a vulnerability in an urgent situation (i.e. you were compromised) gets increasingly harder to address the more stale your dependencies are.
minimumReleaseAge strikes a good balance between protecting yourself against emerging threats like Shai-Hulud and keeping your dependencies up-to-date.
Because you asked: you can get another layer of protection through Socket Firewall Free (sfw), which prevents dependencies known to be malicious from being installed. Socket typically identifies malware very soon after its is published. Disclaimer: I’m the lead dev on the project, so obviously biased — YMMV.
I have been an AI-coding skeptic for some time. I always acknowledged LLMs as useful for solving specific problems and making certain things possible that weren't possible before. But I've not been surprised to see AI fail to live up to the hype. And I never had a personally magical moment - an experience that shifted my perspective à la the peak end rule.
I've been using GLM 4.6 on Cerebras for the last week or so, since they began the transition, and I've been blown away.
I'm not a vibe coder; when I use AI coding tools, they're in the hot path. They save me time when whipping up a bash script and I can't remember the exact syntax, or for finding easily falsifiable answers that would otherwise take me a few minutes of reading. But, even though GLM 4.6 is not as smart as Sonnet 4.5, it is smart enough. And because it is so fast on Cerebras, I genuinely feel that it augments my own ability and productivity; the raw speed has considerably shifted the tipping point of time-savings for me.
YMMV, of course. I'm very precise with the instructions I provide. And I'm constantly interleaving my own design choices into the process - I usually have a very clear idea in my mind of what the end result should look like - so, in the end, the code ends up how I would have written it without AI. But building happens much faster.
No affiliation with Cerebras, just a happy customer. Just upgraded to the $200/mo plan - and I'll admit that I was one that scoffed when folks jumped on the original $200/mo Claude plan. I think this particular way of working with LLMs just fits well with how I think and work.
I was AI skeptic too a year ago , but recently i wanted a windows exe program to do the same as a complicated bash script on linux.
i gave the bash script to claude code, which immediately started implementing something in the zig language. after a few iterations, i had zig source code that compiled in linux , produced a windows exe and perfectly mimicked the bash script.
Your post has inspired me to check them out. How do you use it, with their UI oe to power some other open source tool?
Do you suggest that this thing is so fast its simpler now to quickly work on one thing at a time instead of the 5 background tools running in parallel which might have been a pattern we invented because these things are so slow?
I’ve been using the crush TUI primarily. I like that I have the flexibility to switch to a smarter model on occasion - for awhile I hesitated to pick up AI coding at all, simply because I didn’t want to be locked into a model that could be immediately surpassed. It’s also customizable enough with sane defaults.
For anyone considering: I applied, didn’t get an offer, but had a fantastic experience. Authentic people, with the right mix of ambition and work-life balance. They respected the time required for me to engage in their hiring interviewing process, which was refreshing.
It is a bit above your price point, but I have been using Kagi.com (not affiliated, just impressed). They're in beta, but will charge ~$10 once they go GA. Like you, I tried DuckDuckGo for awhile, but resorted to g! so often that I started using it for everything out of habit.
In contrast, Kagi provides Google-quality results mosts of the time, better-than-Google semi-often, and worse-than-google rarely. They support g!, but I only use it a couple of times a week, usually for site-specific searches.
Additionally, I really like that I am their customer and not their product - incentives are aligned for them to continue respecting my privacy and preferences.
One only uses Google services if one absolutely needs to. Google on the other hand never needs you. You are absolutely unnecessary and super easy to replace. Whichever you chose, the next search engine really needs our queries. If we give them enough they might be able to create a competitive product. If they do google will dramatically improve. I'm sure they have plenty of ideas, the incentive is just not there.
After having used DuckDuckGo for a couple of years and habitually using g!, I switched to Kagi recently. Much better experience, I like that I’m a customer and not the product, great search results. I have been surprised and impressed.
I attended Code Fellows in October-December of 2013. I had held a handful of tech-heavy positions prior to that time, but had never worked as a software engineer/developer.
I originally saw three primary benefits to attending bootcamp, and I think they're still relevant:
1. It gave me some credibility. Before bootcamp, I had worked with children overseas for a couple of years, and as a care provider the year before that. I had considerable tech experience further back, but nothing related to software development. My resume would have been easy to discard without some way to get connected with employers.
2. It enhanced my motivation. I was paying a lot of money out of pocket, so it placed pressure on me to follow through. I also enjoy working with people, and the classroom setting exceeded self-study in a number of ways.
3. It provided people I could go to when I was stuck. This only happened a half dozen times over the course of the program, but any one of these times might've derailed my interest or motivation.
Overall, my experience was very positive and I was offered a position at Formidable Labs (now just Formidable) before graduating.
It has gone rather well since then. I started as a junior engineer on their Walmart project and progressed to a senior position on my team within the year. A few months in, I received a ~30% raise.
From there, I joined the Walmart Core Web team. That involved building foundational libraries, components, and patterns for the rest of the web teams, as well as a lot of broad architectural work. After a couple of months on that team and some significant successes, I took on additional responsibility, which coincided with another ~35% raise.
Since then, I've worked on Formidable projects for Microsoft and Starbucks, in senior and lead roles. Starting Monday, I'm joining the Edge browser team at Microsoft as a program manager.
Its hard to know what I should attribute my success to - I definitely went into bootcamp with the intention to make the most of every opportunity that came my way, and I continued in that mindset afterwards. I jumped at every chance to learn something new, and spent considerable amounts of time outside of work learning and doing OSS. A few of my projects [0][1][2] got relatively popular (others, not so much [3][4]). All of these were side projects that I pursued independantly, and I think that increased my desireability as a team member. A lot of it was probably timing and luck too!
It's worth noting, however, that my experience was atypical and not in line with the rest of my cohort. I know at least a handful that struggled to find positions.
[0] https://github.com/divmain/treebeard
reply