Remix.run Logo
seizethecheese 5 hours ago

I'm somewhat surprised that this is not open source (from what I can tell). Compare to Mimo Code https://github.com/XiaomiMiMo/MiMo-Code (which is a CLI, while this is a desktop app).

SwellJoe 4 hours ago | parent | next [-]

I don't even know what I would do with a desktop app. I'm running these things in headless VMs, so I can run them with `--dangerously-skip-permissions` or whatever. I don't trust them, even without that flag, on my desktop/laptop.

ahmadyan an hour ago | parent | next [-]

a well-design IDE should abstract that away, i.e. run the agent in the headless VMs while give you an abstraction that you would feel like you are running the agent locally with all the benefits (editor, browser, diffs, debugger, etc)

teaspoon 3 hours ago | parent | prev | next [-]

Good desktop apps in this category can manage agents across any number of remote SSH hosts.

SwellJoe 3 hours ago | parent | next [-]

But, it's still running on my desktop/laptop. I don't trust them to run on my machine. But, I guess I could run one VM with a desktop to contain the desktop app. Or, just keep using CLI agents.

ghm2199 an hour ago | parent | next [-]

For local tasks you can only give agents delegated that execute your deterministic read or write on an allowed set of files(e.g pi does this) and execute rights only on containers with no network access. That should get you 95% unblocked for most tasks you want to do with an LLM pretty safely.

You can do a brainstorming with web on a remote container prototyping based on that brainstorm on another container with no network access.

The one thing that is less trustworthy is using local agents for service management, you definitely want to have them scoped to dev/testing. I would never trust an agent to execute any command in production or sensitive data at all

scorpioxy 2 hours ago | parent | prev [-]

Is the trust concern for the agent running in any form on your machine? Like in a VM on your machine as well or do you mean on the host itself?

I have read about people giving an agent full access to their main system saying they have nothing of value. To me, that's a strange opinion to have with the distinction between what's private and what's secret.

SwellJoe an hour ago | parent [-]

I don't run agents directly on my desktop/laptop machine. I run them in VMs or containers (sometimes in containers on VMs). There have been too many credentials stealing exploits via prompt injection and the like for me to be willing to let an agent roam around on my personal system.

I've also started creating new github deploy keys for each repo in use on a VM, so the blast area for any given agent disaster is "a couple/few github repos and whatever credentials were needed for the agent/model".

I wouldn't let a coworker, even one I know pretty well, log into my personal account on my machines...why would I let an agent that can be tricked into uploading all my credentials to an attackers web server?

The agents have sandboxes, but those are loose. Not enforced by anything outside of the agent harness itself.

scorpioxy 30 minutes ago | parent | next [-]

Oh yeah, that sounds wise to me. Some people don't run the agents on a VM on their own machine and opt for a VPS somewhere. And I was wondering if privacy and security had anything to do with their decision.

notshore an hour ago | parent | prev [-]

I'm working on a credential broker that would keep credentials vaulted and parcel out access on a per-grant basis. Is that something you'd find useful or is your setup comprehensive enough? We would be allowing people to draft access policies with natural language, I figured it would be useful for things like vercel, stripe access etc.

nutjob2 3 hours ago | parent | prev [-]

What's stopping a CLI from doing the same?

I've never used IDEs and never will, why are these things being constantly shoved down our throats?

InsideOutSanta 3 hours ago | parent | prev | next [-]

Zcode allows you to connect to a Docker container, or to a VM using ssh.

FergusArgyll 2 hours ago | parent | prev [-]

I finally repurposed an old server just for that and for anyone reading who has not had a chance to use --dangerously-etc. it's awesome, do it :)

39 minutes ago | parent | prev | next [-]
[deleted]
LaurensBER 4 hours ago | parent | prev | next [-]

They might be sending some user requests to Anthropic to gather trading data for their own models. If they do so, perhaps they need to add some tracer to request that they prefer to hide.

fwip 3 hours ago | parent | next [-]

Wireshark would catch that easy-peasy.

benatkin 2 hours ago | parent [-]

The request would need to be done from their service, so as not to expose the API key, and because it just makes sense. They could probably directly proxy it and Wireshark couldn't catch it, due to everything being HTTPS. But people could probably catch it by decompiling, so it would make more sense to have the server make the request as part of a GLM request. Not that I think this is plausible - I'm not sure.

bogdan 4 hours ago | parent | prev [-]

Source? Or is it "trust me bro"?

DonsDiscountGas 3 hours ago | parent | next [-]

"might" means pure speculation

embedding-shape 3 hours ago | parent | prev [-]

Literally just FUD unless someone has code to point at.

anakaine 3 hours ago | parent [-]

Verbally minimising potential threats is not a valid approach to managing risk. We have seen mass misuse of tokens acquired through nefarious means to distill models and enhance training as a way of catching up recently, among other related issues. It is quite appropriate to wonder what else might be going on.

_aavaa_ 2 hours ago | parent [-]

Those nefarious distillers, only we are allowed to freely distill the world’s knowledge into our paid products

dizhn 4 hours ago | parent | prev | next [-]

It's only a cli because they yanked out the opencode desktop code. (As well as the opencode go/zen model provider)

Edit: my theory is they wanted to mimic being the primary provider in a quick way with a lot of string replace. Though they could have added opencode back as a regular provider.

versteegen 24 minutes ago | parent [-]

MiMo Code adds a lot of cool orchestration features to OpenCode! It definitely is NOT a quick find-replace job, it's genuinely someone's research project to create a better agent harness building on top of free software, and that's awesome. See https://mimo.xiaomi.com/blog/mimo-code-long-horizon

saghm 4 hours ago | parent | prev | next [-]

Given that there's such severe concern being expressed by Anthropic about Claude being distilled, and the idea that the harness is part of the the moat, it doesn't seem super surprising that the other side of that would try to also make it harder for them to tell how well they're doing and what their approach is.

JSR_FDED 2 hours ago | parent [-]

Unlikely considering they’re publishing the Crown Jewels (GLM 5.2) as open weights.

cco 3 hours ago | parent | prev | next [-]

You're surprised? I think harnesses are almost as important as the underlying model. Folks have been able to improve benchmark results by nearly 2x based on harness alone.

Harnesses are quickly becoming critical components of the "model" itself imo. Not shocking to me at all that a company that spots a revenue opportunity is keeping its harness closed source.

anderber 40 minutes ago | parent | prev | next [-]

That looks to be a copy of OpenCode

russelg 22 minutes ago | parent [-]

A fork, yes.

_pdp_ 2 hours ago | parent | prev | next [-]

I am not surprised it is not open source. These harnesses are hard to build - they are not just wrappers - and often they contain business logic that is not suitable for public distribution for all kinds of reasons.

NamlchakKhandro 2 hours ago | parent [-]

hard? wut lol....

no. they. are. not.

Some people are just terrible at it.

maxloh 4 hours ago | parent | prev [-]

[flagged]

sabedevops 4 hours ago | parent [-]

You shouldn’t find American ones trustworthy either.