The Sandbox

Infrastructure and isolation: Nix for reproducible dev environments, bubblewrap for filesystem sandboxing, and config.toml as the single source of truth.

The Sandbox — Nix + bubblewrap + config.toml. Why isolation matters.

Bubblewrap — filesystem isolation via bwrap.

Nix for Dev Envs — reproducible tooling. No "works on my machine."

Config as Code — config.toml, single source of truth.