Skip to content

Instantly share code, notes, and snippets.

View wincent's full-sized avatar

Greg Hurrell wincent

1.7k followers · 0 following
View GitHub Profile
@wincent
wincent / agent-sandboxen.md
Created May 3, 2026 11:20
List of coding agent sandboxes 2026-05

Coding Agent Sandboxes — Comprehensive List

Compiled from awesome-lists (restyler/awesome-sandbox, webcoyote/awesome-AI-sandbox, bureado/awesome-agent-runtime-security) and a survey of vendor blogs / field guides published through 2026. Grouped by isolation primitive and then by deployment model.

1. OS-level primitives (no container, no VM)

These rely on kernel/userland features to constrain a normal host process. Lowest overhead, weakest boundary.

  • macOS Seatbelt / sandbox-exec — Apple's TrustedBSD-based MAC framework. Used directly by Codex CLI, Gemini CLI, and underneath Anthropic's srt.
  • Linux Landlock — Unprivileged filesystem/network LSM; default backend for Codex CLI on Linux.
@wincent
wincent / Lua benchmarks.txt
Created July 24, 2022 21:39
Summary of cpu time and (wall time):
best avg sd +/- p (best) (avg) (sd) +/- p
pathological 0.26738 0.28269 0.08515 (0.26749) (0.28281) (0.08519)
command-t 0.20451 0.21637 0.06859 (0.20461) (0.21646) (0.06867)
chromium (subset) 1.71486 1.75230 0.21584 (0.40147) (0.41930) (0.14807)
chromium (whole) 1.37038 1.39803 0.08073 (0.11796) (0.12217) (0.01434)
big (400k) 2.38035 2.41639 0.08146 (0.19071) (0.19640) (0.01850)
@wincent
wincent / v8.log
Created March 12, 2022 13:40
This file has been truncated, but you can view the full file.
v8-version,9,4,146,24,-node.14,0
v8-platform,linux,linux
new,CodeRange,0x7fe6cc000000,0
new,MemoryChunk,0x268a435c0000,262144
new,MemoryChunk,0x1e9ac2880000,262144
new,MemoryChunk,0x14bb92d00000,262144
new,MemoryChunk,0xbf511c40000,262144
new,MemoryChunk,0x9a24af80000,262144
heap-capacity,1031072
heap-available,4346136384
@wincent
wincent / v8.log
Created March 12, 2022 13:28
This file has been truncated, but you can view the full file.
v8-version,9,4,146,24,-node.14,0
v8-platform,linux,linux
shared-library,/home/wincent/n/bin/node,0x400000,0x465e000,0
shared-library,/usr/lib/libc.so.6,0x7fdcebf2c000,0x7fdcec0ce000,0
shared-library,/usr/lib/libpthread.so.0,0x7fdcec136000,0x7fdcec138000,0
shared-library,/usr/lib/libgcc_s.so.1,0x7fdcec13b000,0x7fdcec150000,0
shared-library,/usr/lib/libm.so.6,0x7fdcec156000,0x7fdcec1e0000,0
shared-library,/usr/lib/libstdc++.so.6.0.29,0x7fdcec23e000,0x7fdcec3e0000,0
shared-library,/usr/lib/libdl.so.2,0x7fdcec464000,0x7fdcec466000,0
shared-library,/usr/lib/ld-linux-x86-64.so.2,0x7fdcec487000,0x7fdcec4b0000,0
@wincent
wincent / deleted lines
Created December 9, 2021 09:02
6245 text files.
5565 unique files.
1980 files ignored.
github.com/AlDanial/cloc v 1.90 T=2.51 s (1696.8 files/s, 112908.0 lines/s)
--------------------------------------------------------------------------------
Language files blank comment code
--------------------------------------------------------------------------------
JavaScript 2804 18737 26204 149944
Markdown 243 10831 0 27165
@wincent
wincent / removing gulp, diffstat
Created December 8, 2021 23:29
README.md | 2 +-
build.js | 139 ++
gulpfile.babel.js | 182 ---
package.json | 9 +-
scripts/pretty.js | 2 +-
vendor/yarn-cache/acorn-jsx-5.0.2.tgz | Bin 7259 -> 0 bytes
vendor/yarn-cache/ansi-colors-1.1.0.tgz | Bin 4454 -> 0 bytes
vendor/yarn-cache/ansi-colors-4.1.1.tgz | Bin 8180 -> 0 bytes
vendor/yarn-cache/ansi-escapes-3.2.0.tgz | Bin 3518 -> 0 bytes
vendor/yarn-cache/ansi-gray-0.1.1.tgz | Bin 1959 -> 0 bytes
@wincent
wincent / a.diff
Created July 18, 2021 01:32
This file has been truncated, but you can view the full file.
diff --git a/aspects/nvim/files/.vim/colors/base16-apprentice.vim b/aspects/nvim/files/.vim/colors/base16-apprentice.vim
new file mode 100644
index 00000000..be5a96d9
--- /dev/null
+++ b/aspects/nvim/files/.vim/colors/base16-apprentice.vim
@@ -0,0 +1,413 @@
+" vi:syntax=vim
+
+" base16-vim (https://github.com/chriskempson/base16-vim)
+" by Chris Kempson (http://chriskempson.com)
@wincent
wincent / a.diff
Created July 18, 2021 01:25
diff --git a/aspects/dotfiles/files/.zsh/colors/base16-apprentice.sh b/aspects/dotfiles/files/.zsh/colors/base16-apprentice.sh
new file mode 100644
index 00000000..c9b31c23
--- /dev/null
+++ b/aspects/dotfiles/files/.zsh/colors/base16-apprentice.sh
@@ -0,0 +1,126 @@
+#!/bin/sh
+# base16-shell (https://github.com/chriskempson/base16-shell)
+# Base16 Shell template by Chris Kempson (http://chriskempson.com)
+# Apprentice scheme by romainl
@wincent
wincent / test
Created September 19, 2020 17:57
test
@wincent
wincent / gist:38095c1afdf1c2fc673a0669f0969a35
Created May 29, 2020 18:10
This file has been truncated, but you can view the full file.
(function() {
var O="/o/js/resolved-module/";
Liferay.PATHS = {
"porygon-theme@2.0.19": "/o/porygon-theme",
"porygon-theme": "/o/porygon-theme",
"portal-template-react-renderer-impl$ua-parser-js@0.7.20":O+"portal-template-react-renderer-impl$ua-parser-js@0.7.20",
"commerce-organization-web$iconv-lite@0.4.24":O+"commerce-organization-web$iconv-lite@0.4.24",
"frontend-taglib-clay$d3-ease@1.0.6":O+"frontend-taglib-clay$d3-ease@1.0.6",
"commerce-dashboard-web$loose-envify@1.4.0":O+"commerce-dashboard-web$loose-envify@1.4.0",
"commerce-dashboard-web$scheduler@0.13.6":O+"commerce-dashboard-web$scheduler@0.13.6",