logoalt Hacker News

Borealidtoday at 7:34 AM7 repliesview on HN

I don't understand why I keep seeing posts like this, but nobody appears to know that DevContainers exist.

In a Jetbrains IDE, for example, you check a devcontainer.json file into your repository. This file describes how to build a Docker image (or points to a Dockerfile you already have). When you open up a project, the IDE builds the Docker image, automatically installs a language-server backend into it, and launches a remote frontend connected to that container (which may run on the same or a different machine from where the frontend runs).

If you do anything with an AI agent, that thing happens inside the remote container where the project code files are. If you compile anything, or run anything, that happens in the container too. The project directory itself is synced back to your local system but your home directory (and all its credentials) are off-limits to things inside the container.

It's actually easier to do this than to not, since it provides reusable developer tooling that can be shared among all team members, and gives you consistent dependency versions used for local compilation/profiling/debugging/whatever.

DevContainers are supported by a number of IDEs including VSCode.

You should be using them for non-vibe projects. You should DEFINITELY be using them for vibe projects.

Replies

hk1337today at 11:40 AM

I love JetBrains and they’ve gotten better with using devcontainers but they’re still kind of flaky at times. I love using devcontainer too, just wanted to note that.

I found cloning the repo when creating the devcontainer works best in JetBrains for some reason and I hard code the workspace directory so it’s consistent between JetBrains and vscode

AlexCoventrytoday at 7:45 AM

Yeah, it's easy to vibecode and review a docker sandbox, too. If you run containers with

   --runtime=runsc
   --cap-drop=ALL
   --security-opt no-new-privileges:true
it's pretty tight. That's how I use coding agents, FWIW.
amlutotoday at 4:51 PM

Keep in mind that VSCode’s own security story is beyond poor. Even if the container runtime perfectly contains the container, VSCode itself is a hole you could drive a truck through.

arcanemachinertoday at 8:09 AM

The main Claude Code GitHub repo even has a Devcontainer config:

https://github.com/anthropics/claude-code

It's a great starting point, and can be customized as needed. With the devcontainer CLI, you can even use it from a terminal, no GUI/IDE required.

show 1 reply
mr_mitmtoday at 8:41 AM

Has anyone figured out a good way to use (neo)vim with devcontainers?

show 4 replies
faangguyindiatoday at 12:31 PM

I used to use sealtbelts for sandbox, i found it consumes way more tokens when sandboxed.

Now, i run YOLO and haven't had any issue and my subscription lasts much longer with less token consumption!

show 1 reply