Ask HN: AI Agent and harness containerization/security recommendations

dv35z1 pts0 comments

Hello HN crew -I am seeing the tendency for people to allow AI agents to access local project user folders, and beyond (operating system files).I thought to ask the question: How can we best use AI tools safely - where the workflow often runs local system commands and network commands - to protect the integrity of our systems data AND be easy enough to use productively?Comment structure idea:Operating system / Agent harness / Agent / Security strategy tool stack / WorkflowTo give some examples: I am currently using OpenCode (+DeepSeek) on Linux Mint Debian Edition (LMDE), and I notice that the Agent harness is frequently asking to create files in /tmp/ - I usually forbid this, and instruct it to only use files in the current folder. I would rather that the tool ONLY have access to a given project folder (~/Projects/PROJECT-NAME) in a system-enforced way. However, I see that the agent often wants to run system commands (like `ps` to debug a local dev server, `pandoc` or `ffmpeg` for file conversion, etc). This starts blurring the line - so I m thinking that in order for the AI agent to be useful, I can consider giving it access to an isolated operating system - leading me to think about Virtual Machines, Docker containers, and so on. That introduces complexity like, Should I be using shared folders between my system/VM? etc.Would love to hear what s been working for you, the ideal state, and practically how we can implement it.I ought to mention that I m frequently teaching technology (including AI) to somewhat newbies - so I am trying to find that balance, that lets them get easily something done effectively, but gives them security/integrity practices by default starting off, so they don t get into an awful jam ( The AI deleted my project/computer! ).Thanks!

system agent quot project harness security

Related Articles