I use a sandbox example extension with comes with Pi, it uses the anthropic sandbox runtime (bubblewrap on linux). The runtime has one bug and needs one improvement (I've made PRs, no response yet). Pi's sandbox example extension does not block internal tools (read/write) according to rules, I've created a PR but can't submit because of Pi's OSS vacation BS... https://github.com/badlogic/pi-mono/compare/main...k3a:pi-mo... I am quite happy with my patched forks for now

I dont. I use this as my coding harness (replacement of gemini-cli/claudecode etc). I dont want to sandbox it because I expect it to be used only for coding on projects. I dont want to over complicate it.

I am building my own assistant as an AI harness - that is definitely getting sandboxed to run only as a VM on my Mac.