Security
Sandboxed YOLO Probe
Let the agent run wild somewhere boring.
Use when
You want a coding agent to iterate freely, but the command surface, repo contents, or prompt-injection risk makes direct host execution unsafe.
Cadence
Before allowing autonomous shell-heavy agent runs
Verification
The agent can run needed commands inside the sandbox, cannot reach forbidden files/secrets, and produces a replayable diff or report before host-side changes.
Advanced specStructured loop spec
| Field | Value |
|---|---|
| Name | Sandboxed YOLO Probe |
| Category | Security |
| Trigger | Before allowing autonomous shell-heavy agent runs |
| Objective | Let the agent run wild somewhere boring. |
| Allowed inputs | Relevant files, source notes, logs, tests, screenshots, metrics, or task state for this loop |
| Allowed actions | Create a disposable container, codespace, VM, or worktree with only the files and secrets required for the task.; Disable or restrict network access unless specific hosts are required.; Run the agent's exploratory loop inside the sandbox with clear budget, scope, and forbidden actions.; Export only the patch, metrics, logs, and reproduction steps needed for review.; Apply to the real repo only after human or policy review of the diff and verification evidence. |
| Verification | The agent can run needed commands inside the sandbox, cannot reach forbidden files/secrets, and produces a replayable diff or report before host-side changes. |
| Stop condition | Stop when the verifier passes, the budget is exhausted, no progress is made, a blocker appears, or approval is required. |
| Budget | Set a time, turn, token, retry, file, or dollar cap before running the loop. |
| Approval boundary | Human approval required before publishing, sending, deleting, spending, changing accounts, touching production, or making reputational/legal/financial commitments. |
| Safe output | Draft, report, checklist, table, or approval-gated recommendation |
| Works with | Claude, ChatGPT, Gemini, any tool-using AI assistant |
RunbookSteps
- Create a disposable container, codespace, VM, or worktree with only the files and secrets required for the task.
- Disable or restrict network access unless specific hosts are required.
- Run the agent's exploratory loop inside the sandbox with clear budget, scope, and forbidden actions.
- Export only the patch, metrics, logs, and reproduction steps needed for review.
- Apply to the real repo only after human or policy review of the diff and verification evidence.
Copy promptPrompt
Run the Sandboxed YOLO Probe loop. Create a disposable sandbox with only required files and no unnecessary secrets. Restrict network access unless named hosts are required. Let the agent iterate inside that boundary with explicit budget, scope, and forbidden actions. Export a patch, metrics, logs, and reproduction steps. Do not apply host-side changes until the diff and verification evidence have been reviewed.