BubbleWrap your dev env and agents

Summary

OK, so the world is collapsing, everything is getting hacked, all dependencies are probably stealing keys and mining crypto, slop is everywhere, and I'm part of the problem. So what do I do? I'm going to isolate! I had this in mind for a long while, but only recently LLM agents became good enough that I actually find it really useful to let them go without babysitting every command they are trying to run. So the goals are: protect my systems from the slopus, protect my systems from malicious dependencies (at least somewhat), retain the usual UX. Because of the last point, I am not going to be doing separate user account, or a separate VM, or play with dockers. What I'm going to do is to use the BubbleWrap, to remount only parts of host system and home directory, and most of them in read-only mode. This way my tooling and general DX remains almost exactly the same, but if the Slopus has an episode of psychosis, or pulls in a cryptomining malware, there is only so much damage that it can do. So the core of this system is the isolate script: #!/usr/bin/env bash set -euo pipefail # Skip re-isolating if already inside an isolated environment if [[ -n "${ISOLATE_ENV:-}" ]]; then >&2 echo "warning: already isolated" exec "$@" fi tiocsti_path="/proc/sys/dev/tty/legacy_tiocsti" if [ ! -f "$tiocsti_path" ] || [ "$(cat "$tiocsti_path")" != "0" ]; then >&2 echo "warning: TIOCSTI not disabled" fi args=() args+=( --dev-bind /dev /dev \ --proc /proc \ --tmpfs /tmp \ --tmpfs /run \ --setenv PROMPT_ENV_INDICATOR "isolated" \ --setenv ISOLATE_ENV "$(pwd)" ) for p in \ /bin \ /usr/bin \ /etc \ /nix \ /run/current-system \ "$HOME/bin" \ "$HOME/.config" \ "$HOME/nix/dot" \ "$HOME/.gitconfig" \ "$HOME/.nix-profile" \ "$HOME/.local/share/direnv/allow/" \ ; do args+=(--ro-bind "$p" "$p") done for p in \ "$HOME/.cargo" \ "$HOME/.claude" \ "$HOME/.claude.json" \ "$HOME/nix/dot/.claude" \ "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent" \ "$(pwd)"\ ; do args+=(--bind "$p" "$p") done if [[ -n "${NIRI_SOCK...