[digiown]

Imo I don't trust ANY of these tools to run in non-isolated environments.

All of these tools are either

- created by companies powered by VC money that never face consequences for mishandling your data

- community vibecoded with questionable security practices

These tools also need to have a substantial amount of access to be useful so it is really hard to secure even if you try. Constantly prompting for approval leads to alert fatigue and eventually a mistake leading to exfiltration.

I suggest just stick to LXC or VM. Desktop (including linux) userland security is just bad in general. I try to keep most random code I download for one off tasks to containers.

[indigodaddy]

I'm trying to put together an exe.dev-like self hosted solution using Incus/LXC. Early days but works as a proof of concept:

https://github.com/jgbrwn/shelley-lxc

[JeremyNT]

Incus is great for this use case, I did something similar. I volume mount specific stuff into the guests and let OpenCode loose with all tools enabled.

I used OpenCode to vibe code the shell script I use to manage it.

I actually use VMs rather than LXC, which makes it easier to run e.g. docker.

[indigodaddy]

Very cool. I think docker also runs fine inside of LXC, but haven't experimented too much with that specifically yet.

[JeremyNT]

I might go back and give it a try! It would certainly save some ram.

I immediately reached for VMs because I just didn't want any question about the full level of isolation, but the cool thing about incus is that it should be easy to switch between them.