New ask Hacker News story: Ask HN: AI Agent and harness containerization/security recommendations

Ask HN: AI Agent and harness containerization/security recommendations
2 by dv35z | 0 comments on Hacker News.
Hello HN crew - I am seeing the tendency for people to allow AI agents to access local project & user folders, and beyond (operating system files). I thought to ask the question: How can we best use AI tools safely - where the workflow often runs local system commands and network commands - to protect the integrity of our systems & data AND be easy enough to use productively? Comment structure idea: Operating system / Agent harness / Agent / Security strategy & tool stack / Workflow To give some examples: I am currently using OpenCode (+DeepSeek) on Linux Mint Debian Edition (LMDE), and I notice that the Agent & harness is frequently asking to create files in /tmp/ - I usually forbid this, and instruct it to only use files in the current folder. I would rather that the tool ONLY have access to a given project folder (~/Projects/PROJECT-NAME) in a system-enforced way. However, I see that the agent often wants to run system commands (like `ps` to debug a local dev server, `pandoc` or `ffmpeg` for file conversion, etc). This starts blurring the line - so I'm thinking that in order for the AI agent to be useful, I can consider giving it access to an isolated operating system - leading me to think about Virtual Machines, Docker containers, and so on. That introduces complexity like, "Should I be using shared folders between my system/VM?" etc. Would love to hear what's been working for you, the "ideal" state, and practically how we can implement it. I ought to mention that I'm frequently teaching technology (including AI) to somewhat newbies - so I am trying to find that balance, that lets them get easily something done effectively, but gives them security/integrity practices by default starting off, so they don't get into an awful jam ("The AI deleted my project/computer!"). Thanks!

Comments

Popular posts from this blog

New ask Hacker News story: EVM-UI – visual tool to interact with EVM-based smart contracts

How can Utilize Call Center Outsourcing for Increase your Business Income well?