Seeing a lot of people running coding agents (Claude Code, etc.) in custom sandboxes Docker/VMs, firejail/bubblewrap, scripts that gate file or network access.

Curious to know what's missing that makes people DIY this? And what would a "good enough" standard look like?