New ask Hacker News story: Ask HN: AI Agent and harness containerization/security recommendations
Ask HN: AI Agent and harness containerization/security recommendations 2 by dv35z | 0 comments on Hacker News. Hello HN crew - I am seeing the tendency for people to allow AI agents to access local project & user folders, and beyond (operating system files). I thought to ask the question: How can we best use AI tools safely - where the workflow often runs local system commands and network commands - to protect the integrity of our systems & data AND be easy enough to use productively? Comment structure idea: Operating system / Agent harness / Agent / Security strategy & tool stack / Workflow To give some examples: I am currently using OpenCode (+DeepSeek) on Linux Mint Debian Edition (LMDE), and I notice that the Agent & harness is frequently asking to create files in /tmp/ - I usually forbid this, and instruct it to only use files in the current folder. I would rather that the tool ONLY have access to a given project folder (~/Projects/PROJECT-NAME) in a system-enf...