A better way to limit Claude Code (and other coding agents!) access to Secrets

PATRICKMCCANNA.NET

Coding agents are truly powerful tools, able to bash out large quantities of code which hopefully does what you want it to. Towards the end of last year many people were sharing just how successful these agents can be if you just let them run unchecked. Terms like Yolo Mode, where you allow the agent to run any command it wants unchecked; and Ralph Wiggum loop, where you don’t send too much time questioning a agents approach, you just let it keep bashing away at a problem until it is done, were all over the ‘socials’.

There is undeniable value in just letting an agent run free, but it is risk. The Claude Code setting for Yolo mode is called --dangerously-skip-permissions for good reason. It is well known that the security of these tools is weak, even without Yolo mode it might exfiltrate your secrets, or with the mode enabled it might format your hard drive.

This post explores how to employ a standard security approach - sandboxing. You could of course run your agent in a VM or a container, however, this is a relatively complex set up. Also, sometimes there is a genuine need to run locally, but safely.

Bubblewrap is a lightweight sandbox that you can set up locally. This blog post provides instructions on how to run Claude Code within this sandbox and Yolo safely.

Yolobox - Let your AI go full send

GITHUB.COM

And here is a different solution to the same problem, a lightweight CLI tool that allows you to run Claude Code within Docker or Podman.

Yolobox

Why We Built Our Own Background Agent

RAMP.COM

A background coding agent typically runs within its own environment, often on a virtual machine, allowing it to iteratively work away on tasks, while you do something else instead (write code, drink coffee, stare out of the window …).

In this post the Ramp team describe how they built their own agent. They want their agent to have the same window into their SDLC as a human developer, which means adding platform integration such as GitHub, SSlack, Datadog. But I think the most important point they make here is their goal of ‘closing the loop’, by giving the agent access to a working front-end, the ability to screenshot and automate. This allows the agent to perform the same ad-hoc verification process that human developers rely on as they iterate.

Much of this functionality does exist in other tool, Devin being a prime example, regardless, this post does a good job of describing a highly sophisticated approach to agentic development.

The Influentists

CARETTE.XYZ

This post highlights the growing trend of “hype first and context later”.

Recent examples include; Jaana Dogan (Google) building something in an hour that previously took months. The context that followed revealed weeks of foundational thinking, and that the output was a proof-of-concept and Galen Hunt (Microsoft) stating a goal to eliminate C/C++ from Microsoft, rewriting it all in Rust, by 2030. Later context revealed this was very much an R&D project.

The post closes with the statement that:

The tech community must shift its admiration back toward reproducible results and away from this “trust-me-bro” culture.

I very much agree.