https://beautifulruby.com/code/enclave is an mruby sandbox that runs inside Ruby. Why? Because maybe you want to expose tools inside the sandbox, like access to user data, but contain it so your agent can’t go crazy and do whatever it wants.