alt Hacker NewsOut of curiosity, what would be an ideal UX for you? I'm working on a Rust library for this exact problem (CLI and language bindings should be easy to add).
It uses KVM directly on Linux and Virtualization.framework on macOS, with a builder API for VM configuration. For AI sandboxing specifically, it has a higher-level "sandbox" mode with a guest agent for structured command execution and file I/O over vsock. You get proper exit codes and stdout/stderr without console scraping.
Also supports pre-warmed VM pools for fast startup and shared directories via virtio-fs.
I'm planning to support OCI images, but not sure if that's important to people. I typically just build my own root disks with Nix.
Replies
Awesome, this sounds cool.
In terms of UX, I kinda want something to paper over the inconsistencies of the different tools I need to use to set up the network etc. (Kinda like the `docker` CLI tool).
When I looked at it the first thing I thought was "the tun/tap setup seems fiddly, and I bet I won't leave things in a consistent state (note, I just glanced at this blog[0]). The copy on write filesystem stuff looks cool too, but also fiddly.
The more I think about it the more I just come up with "just docker but VMs".
[0] https://harryhodge.co.uk/posts/2024/01/getting-started-with-...
If you have a link to your project that you could share I'd be interested in following it - this sounds like something I might want to use one day.
I'm after this too.
I want to have a "container" (used in the conceptual sense here - I'm aware of the differences between container and other solutions) that I can let an AI agent run commands in but is safely sandboxed from the rest of my computer.
For me this is primarily file access. I don't want it inadvertently deleting the wrong things or reading my SSH keys.
But the way the agent uses it is important too. They generally issue the commands they want to run as strings, eg:
I need a way to run these in the "container". I can `ssh command` but open to other options too.