ARC Loop is not a sandbox.

It checks cooperative agent behavior through contracts, hooks, and validation. It does not isolate untrusted code.

Do not use it as a replacement for containers, VMs, OS sandboxing, CI permissions, or code review.

ARC helps with:

• agents editing files outside the agreed scope
• agents running blocked shell commands through normal tool paths
• agents changing Done criteria after launch
• agents claiming completion without verified evidence
• repeated failed attempts that should pause

ARC does not protect against:

• malicious code executed outside the host hook system
• compromised dependencies
• shell commands that hide harmful behavior inside allowed wrappers
• weak verifier commands
• a human accepting a bad amendment

Open a GitHub issue with:

• the ARC version
• the host agent, Codex or Claude
• the relevant arc.toml
• the hook input if the bug is hook-related
• the command you ran
• expected and actual behavior

Do not include secrets from .env, logs, prompts, or agent transcripts.