A practical guide to sandboxing your development environment and LLM agents using BubbleWrap (bwrap). The setup uses a shell script called `isolate` that mounts only necessary parts of the filesystem, mostly read-only, to limit damage from malicious dependencies or runaway AI agents. Integration with Nix wraps Claude Code to always run isolated, while `auto-isolate` and tmux configuration automate entering the sandbox for any project containing a `.isolate` marker file. Project-specific sandbox extensions (e.g., Wayland/GPU access) are supported via the `.isolate` config file.
Sort: