| ▲ | einhard 4 days ago |
| I am certainly no expert in this space so it is quite possible I'm missing something critical, but what seems to work for me is a Podman image I built on my computer with some basic things I need (using OpenCode, but I imagine any other agent could be used instead): FROM docker.io/archlinux:base
RUN pacman -Syu --noconfirm && \
pacman -S --noconfirm \
base-devel \
git \
curl \
uv \
opencode && \
pacman -Scc --noconfirm
RUN mkdir -p /etc/opencode
WORKDIR /workspace
From there I just run the Podman image from the command line (using a Fish function) that mounts the specific project I'm working on to /workspace. I guess there might be some vulnerabilities with shared kernels and such, but it seems like an easy way to have some isolation. |
|
| ▲ | petesergeant 4 days ago | parent | next [-] |
| This is how I started, and then I wanted to bring along creature comforts, not have to re-auth per box (for subscription models), had some skills I usually wanted to bring, wanted slightly different setups for different stacks, sensibly install multiple agents, import git identity (but not credentials), mount other code folders ro but only for certain projects, etc etc, and ended up with a full Docker wrapper. |
| |
| ▲ | einhard 4 days ago | parent [-] | | Ah, that makes sense. I've only recently started playing with this stuff, and I've been focusing a lot of just getting somewhat good at using LLMs for projects while developing my own intuition, so everything I do just uses the mounted project and uv directly. As soon as things get more complex, I imagine I'll end up with a full wrapper as well. Unrelated: I enjoyed your latest blog entry. I recently starting thinking about how to show the work that is done with AI, and how we talk about it. I haven't come to any major conclusions (I wish!), but your post about the prompting being distinct from the actual work resonates with me. Reminds me somewhat of discussions about the art of photography compared to the art of editing photos as a distinct skill. |
|
|
| ▲ | qznc 4 days ago | parent | prev [-] |
| As opencode is inside your container, credentials and API keys are also inside the container. Prompt injection when your agent fetches some web site could have your agent leak this credentials to someone. Also, do you restrict networking or does your container have full access to your internal network? |
| |
| ▲ | einhard 4 days ago | parent [-] | | I restrict networking via my pfSense router, using VLANs. I also don't include any credentials in the container; the agents there can't push, pull, or really access anything else beyond the standard tools without any authentication. I don't use Claude or any other paid agent at the moment, so if that were to change I'd probably modify the way I run this, but with this simple set up I'm not too worried about credentials leaking. |
|