How Google Antigravity’s New Terminal Sandbox Stops AI Agents from Deleting Files

Google Antigravity has introduced a terminal sandbox that confines AI agents to the project working directory, preventing accidental modification or deletion of system files.

How the sandbox works

The sandbox uses kernel‑level isolation; on macOS it leverages Apple’s Seatbelt mechanism, while Linux support is announced for the future. Users can enable or disable the sandbox and optionally control network access.

Why it is needed

Users reported scenarios where an AI assistant that manages codebases also cleans up personal files, creating a risk of unintended deletions or configuration changes. Because current AI models lack perfect awareness of execution context, the sandbox acts as a safety net.

Actual usage experience

According to official documentation, any out‑of‑bounds command—such as attempts to delete system files or reach external networks—is intercepted with a clear rejection message. In “request‑review” mode, users may whitelist individual commands.

User feedback

Reactions are split: some praise the feature as a valuable addition, while others joke about preferring unrestricted modes. Some users have encountered errors that cause the agent to terminate, suggesting that added security constraints may affect stability.

Technical details

When security mode is enabled, the sandbox automatically disables network access by default, a design choice aimed at enterprise security requirements. The feature is off by default but can be manually turned on.