Comment by netcoyote

Comment by netcoyote 13 hours ago

I'm playing around with sandboxing techniques on Mac so I can isolate AI tools and prevent them from interacting with files they shouldn't have access to -- like all my dotfiles, AWS credentials, and such.

I've created two open-source solutions, one which uses a VM (https://github.com/webcoyote/clodpod) and another which creates a limited-user account with access to a shared directory (https://github.com/webcoyote/sandvault).

Along the way I rolled my own git-multi-hook solution (https://github.com/webcoyote/git-multi-hook) to use git hooks for shellcheck-ing, ending files with blank lines, and avoid committing things that shouldn't be in source control.

LaFolle 12 hours ago

Have you seen tart https://tart.run/ ?

Reply View 1 reply

netcoyote 10 hours ago

Yes; the ClodPod project uses tart to build & run the VM. My project is a lot of scripts to make the whole thing turnkey.

Reply View | 0 replies

thethimble 13 hours ago

Have you considered using docker? Seems possibly more lightweight than a VM with more isolation than a user account based method.

Reply View 3 replies

netcoyote 13 hours ago

Yes, I've used docker and podman. They're great. But I wanted to be able to run Xcode and IOS simulator, which requires macOS, so developed these solutions.

Reply View | 0 replies
itake 12 hours ago

My gripe with docker vs native code is docker is just slow to build. or maybe im just not using it right.

Reply View | 0 replies
asimovDev 12 hours ago

on macOS Docker is just a QEMU VM underneath, to my limited understanding, so not a big difference I think

Reply View | 0 replies