I dont. I use this as my coding harness (replacement of gemini-cli/claudecode etc). I dont want to sandbox it because I expect it to be used only for coding on projects. I dont want to over complicate it.

I am building my own assistant as an AI harness - that is definitely getting sandboxed to run only as a VM on my Mac.