| ▲ | senko 3 hours ago | |
I love using different users for separating services I run on the same box! For development, I want to be able to access/run/modify/delete the files alongside the AI agent. This can be done if groups and group permissions are set correctly (and the agent correctly chmods everything...), but that feels more fiddly than just isolating it with bubblewrap, systemd, or whatever, and preserving the uid/gid. Just my 2c - it's great that we have options! | ||
| ▲ | necovek an hour ago | parent [-] | |
Hey Senko, did you consider using ZFS or BTRFS snapshotting feature to simplify some of the things you need? For GH auth tokens, you could also pull that outside the sandbox, and have the agent push to a local clone exposed to the host, and local host with no agent automatically push on inotify inside the repo — eg. agent has access to your /agents/scratchpad/my-git-repo, and sync to actual git hosting service like GH (or Launchpad ;) happens with simple script outside it. | ||