This runbook will define practical sandbox profiles for AI-native engineering. It covers writable roots, denied paths, lock scopes, secrets isolation, admission control, recoverable state, and clean-context review.
Engineer AI Playbook · PART 04 · PLANNED
Sandboxes Without Tears: Profiles, Locks, Roots
Execution boundaries that survive parallel and unattended runs.