logoalt Hacker News

SwellJoeyesterday at 8:08 PM9 repliesview on HN

I don't even know what I would do with a desktop app. I'm running these things in headless VMs, so I can run them with `--dangerously-skip-permissions` or whatever. I don't trust them, even without that flag, on my desktop/laptop.


Replies

Scroungertoday at 7:39 AM

> I'm running these things in headless VMs

What's your setup like and what do you use it for?

I have a M2 Max MBP with plenty of ram and I use VSCode + Zoo Code plugin with Qwen3-Coder-Next-GGUF:UD-Q4_K_XL to run local agentic coding sessions, but I'm intrigued by being able to run headless as I could probably run multiple instances in parallel to do stuff?

Like are you using UTM with some pre-built VM and a local LLM?

Curious.

nicotytoday at 6:32 AM

I've contributed to https://github.com/0xferrous/agent-box which allows you to bind-mount git repositories into containers that agents operate in, preventing the agents from accessing files that aren't bind-mounted. Your usual .gitignore can then be used to also ignore files within the repo to be bind-mounted, which prevents agents from accessing them at all, essentially working as a sandbox.

I also maintain https://github.com/nothingnesses/agent-images which allows you to use Nix to reproducibly spin up OCI container images containing agents and any other tools you need for development and use these with agent-box.

I use both at the moment to work on some personal projects with agents, where I set up multiple separate git worktrees for the agents to work in, preventing them from accessing anything outside of the worktrees and from trampling over each other's work.

show 1 reply
LuD1161today at 7:05 AM

Might wanna check out https://github.com/LuD1161/agentjail - policy guardrails for coding agents.

shameless self-plug. I've been dogfooding it for the last 3 weeks now.

teaspoonyesterday at 8:52 PM

Good desktop apps in this category can manage agents across any number of remote SSH hosts.

show 5 replies
knoctetoday at 6:01 AM

I shared your fear some weeks/months ago so I was always using my harness in the cloud. However, latency started to become an issue when I traveled to other countries where I needed a VPN... so I ended up cooking skynot to be able to trust running my harness in my own computer: https://github.com/tarsgate/skynot (PRs welcome if you want to add support for another harness different than Pi)

ahmadyanyesterday at 10:56 PM

a well-design IDE should abstract that away, i.e. run the agent in the headless VMs while give you an abstraction that you would feel like you are running the agent locally with all the benefits (editor, browser, diffs, debugger, etc)

InsideOutSantayesterday at 8:49 PM

Zcode allows you to connect to a Docker container, or to a VM using ssh.

FergusArgyllyesterday at 10:02 PM

I finally repurposed an old server just for that and for anyone reading who has not had a chance to use --dangerously-etc. it's awesome, do it :)

aussieguy1234today at 2:20 AM

I just back up my entire home folder to another device, then let it rip