| ▲ | manofmanysmiles 2 days ago | |
What I've been doing is running an agent inside a locked down k8s environment. Agents are spun up by operator, and have access to a single namespace. It's not perfect, as container escape is not entirely unlikely. I am working in a future version where all agents run inside firecracker VMs, log all actions logged externally. With Kubernetes it's like having a bunch of virtual employees making git commits, firing up name-spaced ephemeral resources and collaborating like "remote" employees. It's certainly fun, but I haven't quite polished it to the point where I recommend this architecture to anyone. | ||
| ▲ | throwaway6977 a day ago | parent [-] | |
I just spent a lot of yesterday tweaking a docker image with xfce and vs code so I can just let codex go full access mode without too much worry in a throwaway sandbox. The agent runs similarly-namespace-constrained and without sudo. I think it's a relatively safe middleground- do you really think container escape is still a big deal here? Finally getting this setup also allowed me to very quickly troubleshoot what was breaking my build in the codex cloud hosted container which obviously has even less risk attached. Now I'm juggling and strategizing branches like coding is an RTS game... and it feels like a super power. It's almost like unlocking an undiscovered tech tree. | ||