The sandbox degradation path (Firecracker, Linux namespaces, SafeFallback) is really pragmatic. Most projects in this space just skip the isolation story entirely. What's the latency overhead like for a typical tool call going through the Firecracker vsock path vs SafeFallback?

Just an update to this project:

It is now fully functional, thoroughly tested. Given the multitude of available applications that are probably more practical than Lula, I just wanted to show /share this and hope that it finds at least some application somewhere!

This is another project I'll take this opportunity to share:

https://github.com/christianmeurer/Samantha

Take a look and tell me what you think!

Christian