top | item 46595657

(no title)

kaliszad | 1 month ago

Many people seem to be running OpenCode and similar tools on their laptop with basically no privilege separation, sandboxing, fine-grained permissions settings in the tool itself. This tendency is reflected also by how many plugins are designed, where the default assumption is the tool is running unrestricted on the computer next to some kind of IDE as many authentication callbacks go to some port on localhost and the fallback is to parse out the right parameter from the callback URL. Also for some reasons these tools tend to be relative resource hogs even when waiting for a reply from a remote provider. I mean, I am glad they exist, but it seems very rough around the edges compared to how much attention these tools get nowadays.

Please run at least a dev-container or a VM for the tools. You can use RDP/ VNC/ Spice or even just the terminal with tmux to work within the confines of the container/ machine. You can mirror some stuff into the container/ machine with SSHFS, Samba/ NFS, 9p. You can use all the traditional tools, filesystems and such for reliable snapshots. Push the results separately or don't give direct unrestricted git access to the agent.

It's not that hard. If you are super lazy, you can also pay for a VPS $5/month or something like that and run the workload there.

discuss

tomrod|1 month ago

Hi.

> Please run at least a dev-container or a VM for the tools.

I would like to know how to do this. Could you share your favorite how-to?

kaliszad|1 month ago

I have a pretty non-standard setup but with very standard tools. I didn't follow any specific guide. I have ZFS as the filesystem, for each VM a ZVOL or dataset + raw image and libvirt/ KVM on top. This can be done using e.g. Debian GNU/ Linux in a somewhat straight forward way. You can probably do something like it in WSL2 on Windows although that doesn't really sandbox stuff much or with Docker/ Podman or with VirtualBox.

If you want a dedicated virtual host, Proxmox seems to be pretty easy to install even for relative newcomers and it has a GUI that's decent for new people and seasoned admins as well.

For the remote connection I just use SSH and tmux, so I can comfortably detach and reattach without killing the tool that's running inside the terminal on the remote machine.

I hope this helps even though I didn't provide a step-by step guide.

ciberado|1 month ago

If you are using VSCode against WSL2 or Linux and you have installed Docker, managing devcontainers is very straightforward. What I usually do is to execute "Connect to host" or "Connect to WSL", then create the project directory and ask VSCode to "Add Dev Container Configuration File". Once the configuration file is created, VSCode itself will ask you if you want to start working inside the container. I'm impressed with the user experience of this feature, to be honest.

Working with devcontainers from CLI wasn't very difficult [0], but I must confess that I only tested it once.

[0] https://containers.dev/supporting

AdieuToLogic|1 month ago

>> Please run at least a dev-container or a VM for the tools.

> I would like to know how to do this. Could you share your favorite how-to?

See: https://www.docker.com/get-started/

EDIT:

Perhaps you are more interested in various sandboxing options. If so, the following may be of interest:

https://news.ycombinator.com/item?id=46595393

yawaramin|1 month ago

Hi. You are clearly an LLM user. Have you considered asking an LLM to explain how to do this? If not, why not?

indigodaddy|1 month ago

I've started a project [1] recently that tries to implement this sandbox idea. Very new and extremely alpha, but mostly works as a proof of concept (except haven't figured out how to get Shelley working yet), and I'm sure there's a ton of bugs and things to work through, but could be fun to test and experiment with in a vps and report back any issues.

[1] https://github.com/jgbrwn/shelley-lxc

unknown|1 month ago

[deleted]

_zoltan_|1 month ago

Claude asks you for permissions every time it wants to run something.

estsauver|1 month ago

Until you run --dangerously-skip-permissions

xmcqdpt2|1 month ago

That's why you run with "dangerously allow all." What's the point of LLMs if I have to manually approve everything? IME you only get half decent results if the agent can run tests, run builds and iterate. I'm not going to look at the wall of texts it produces on every iterations, they are mostly convincing bullshit. I'll review the code it wrote once the tests pass, but I don't want to be "in the loop".

Imustaskforhelp|1 month ago

I really like the product created by fly.io's https://sprites.dev/ for AI's sandboxes effectively. I feel like its really apt here (not sponsored lmao wish I was)

Oh btw if someone wants to run servers via qemu, I highly recommend quickemu. It provides default ssh access,sshfs, vnc,spice and all such ports to just your local device of course and also allows one to install debian or any distro (out of many many distros) using quickget.

Its really intuitive for what its worth, definitely worth a try https://github.com/quickemu-project/quickemu

I personally really like zed with ssh open remote. I can always open up terminals in it and use claude code or opencode or any and they provide AI as well (I dont use much AI this way, I make simple scripts for myself so I just copy paste for free from the websites) but I can recommend zed for what its worth as well.