Blindsight (and the excellent sequel, Echopraxia) is indeed great.

Solaris by Lem is perhaps the one above all. Lem wrote several of these "inscrutable alien first contact" novels: His Master's Voice, The Invincible, Fiasco, and Eden are basically all variations on this theme, each one unique and highlighting a different aspect of humans' inability to understand the universe. The last three are a little dated now, but still enjoyable to read. HMV is rather dry, a Borgesian essay on an investigation into an alien signal, with lots of references to fictional scientific papers. (Len also wrote two collections of very Borgesian essays that are basically reviews of fictional books: A Perfect Vacuum and Imaginary Magnitude. They're interesting and funny, but I wouldn't put them among his most entertaining work.)

Roadside Picnic by Arkady and Boris Strugatsky is also a masterpiece. They also have a few stories about unseen aliens manipulating the history of humanity by placing traps or transforming humans into infiltrators. The Max Kammerer books (e.g. Beetle in the Anthill) involve this storyline and are very good, probably not well known today.

I tried Tchaikovsky (both Children of Time and Shroud) and found him to be completely unengaging as a writer. Just really dull writing and flat characters. Watts and Reynolds are much better writers. Watts in particular can really pack a punch.

This would be slash commands that the agent itself wouldn't be able to do, and which would communicate with the plugin via a side channel the agent wouldn't know about. Admittedly I don't know much about the plugin interface in Claude Code, though.

That is very useful. I wasn't sure if I could supply my own override list or how I would even format one, but this solves that problem!

The process control policy, that's kind of niche and should definitely not be something agents are always allowed to do, so having a shorthand flag like you added in that pull request is the right choice.

I'm sure Anthropic and the other major players will catch up and add better sandboxing eventually, but for now, this tool has been exactly what I needed — many thanks!

I also wonder if this could have be a plugin or MCP server? I was using this plugin [1] for a bit, and it appears to use a "PreToolUse" that modifies every tool invocation. The benefit here would be that you could even change the Safehouse settings inside a session, e.g. turn process control on or off.

[1] https://mksg.lu/blog/context-mode

OP here. Sorry if this was premature. I came across it through your earlier comment on HN, started using it (as did a colleague), and we've been impressed enough with how efficient it is that I decided it deserved a post!

I've seen sandbox policy documents for agents before, but this is the first ready-to-use app I've come across.

I've only had a couple of points of friction so far:

- Files like .gitconfig and .gitignore in the home folder aren't accessible, and can't be made accessible without granting read only access to the home folder, I think?

- Process access is limited, so I can't ask Claude to run lldb or pkill or other commands that can help me debug local processes.

More fine-grained control would be really nice.