We all know bash sucks. Why make our agents suffer?

TL;DR

Bash is an insufficient execution layer for AI agents because it lacks standards for permissions, isolation, and typed environments — TypeScript-based sandboxes are the better future.

Key Points

• 1.Dumping entire codebases into context is the worst AI coding practice. Tools like Repo Mix create 100,000+ token prompts that make models slower, more expensive, and significantly dumber — costing the creator's company over $100,000 in wasted spend.
• 2.More tokens in context directly equals less deterministic, worse model output. Like a desk with 300 objects versus 3, models lose accuracy as context grows; a 7-token grep command fetching 30 tokens beats handing the model 100,000 tokens of codebase.
• 3.Bash became the first AI execution layer because it collapses many tools into one. Giving models a single bash tool avoids flooding context with dozens of specialized tools (edit, rename, move, etc.) that models like Gemini will use indiscriminately even when irrelevant.
• 4.Bash fundamentally lacks standards for safety, permissions, and destructive action detection. There is no way to know if a bash command is destructive, enforce wildcard approvals, share signed-in state across agents, or enable team-level access controls through bash alone.
• 5.Cloudflare's 'Code Mode' showed TypeScript beats bash for tool-calling. Converting MCP servers to TypeScript SDKs dropped average token usage from 43,500 to 27,000 (nearly 40% reduction), improved latency, and bumped benchmark accuracy from 25.6 to 28.5 by letting models filter data in code rather than in context.
• 6.Vercel's 'Just Bash' and Malte's 'Just JS' point toward virtualized, sandboxed execution. Just Bash provides a fake bash running in TypeScript/Node that never touches the real filesystem; Just JS extends this to TypeScript execution where each user's isolate lives entirely in RAM, preventing cross-user file access on shared servers.
• 7.TypeScript isolates (V8, Cloudflare Workers, Node) allow hundreds of agents to share one kernel safely. Unlike Docker VMs, JavaScript isolates are lightweight, portable, strongly typed, and enable creative approval rules — making them ideal portable environments configurable via a single TypeScript file shared across teams.
• 8.The agent execution layer is entirely unsolved and represents a massive open opportunity. Projects like Executor, Rivet, Daytona, and Dax's experiment removing bash from OpenCode entirely signal the industry is actively searching for the right environment — and the solution may come from an independent builder, not a big lab.