I don't think there's any reliable way to tell.

To me, it often feels like the text version of the uncanny valley.

But again, that's just "feels", I don't have proof or anything.

My eyebrows raised at "C++ is a purely functional language", but I thought it was just a typo.

The rest is fantastic, and I'm glad it wasn't a typo.

What if the program doesn’t respect those env vars? Can Zerobox still block network calls in that case?

Great question! On Linux, yes, network namespaces enforce that and all net traffic goes through the proxy. Direct connections are blocked at the kernel level even if the program ignores proxy env vars, but I will test this case a bit more (unsure how to though, most network calls would respect HTTPS_PROXY and other similar env vars).

That being said, the default behaviour is no network, so nothing will be routed if it's not allowed regardless of whether the sandboxed process respects env vars or not.

Does this work inside of Podman containers?

How about on macOS?

On macOS, the proxy is best effort. Programs that ignore HTTPS_PROXY/HTTP_PROXY can connect directly. This is a platform limitation (macOS Seatbelt doesn't support forced proxy routing).

BUT, the default behaviour (no net) is fully enforced at the kernel level. Domain filtering relies on the program respecting proxy env vars.

I thought seatbelt-exec had mechanisms for that?

  (allow network-outbound
    (remote tcp "127.0.0.1:8080"))

It does but because I'm inheriting the seatbelt settings from Codex, I'm not resetting it in Zerobox (I thought it's a safer option). Let me look into this, there should be a way to take Codex' profile and safely combine/modify it.

Doesn't this contradict the popular wisdom that "what's good for a human engineer is good for an LLM"? e.g. documentation, separation of concerns, organized files, DRY.

I find LLMs very useful and capable, but in my experience they definitely perform worse when things are unorganized. Maintenance isn't just aesthetics, it's a direct input to correctness.

Maybe a little. I don't hold fast to that popular wisdom, e.g. I think comments are not always a net positive for LLMs. With respect to technical debt, how much debt is too much debt before it gums up the works and arrests forward progress on the software? It probably depends on the individual programmer. LLMs do seem to have a higher tolerance for technical debt than myself personally at least.

Good points, I've also found that comments are really hit or miss. Especially because the agents tend not to update them (sounds familiar!).

I’m aware I’m about to be “that guy”, but I really like how Rich Hickey’s “Simple Made Easy” clarifies simplicity here. In that model, what you’re describing is easy, not simple.

Please stop posting AI-generated comments. Your post history is full of them.

Just a dev who's built the stuff I talk about. Pretty sure you already know that though, buddy.

What?