Comment by LayeredDelay

I'm one of the creators of shai. Thanks for the callout!

Interesting to see the work on Yolobox and in this space generally.

The pattern we've seen as agent use grows is being thoughtful about what different agents get access to. One needs to start setting guardrails. Agents will break all kind of normal boundaries to try to satisfy the user. Sometimes that is useful. Sometimes it's problematic. (For example, most devs have a bunch of credentials in their local env. One wants to be careful of which of those agents can use to do things).

For rw of current directory, shai allows that via `shai -rw .` For starting as an alternative user, `shai -u root`.

Shai definitely does have the attitude that you have to opt into access as opposed to allowing by default. One of the things we try to focus on is composability: different contexts likely need different resources and shai's config. The expectation is .shai/config.yaml is something committed to the repo and shared across developers.

Interesting to learn about other related tools. I built a similar variant called ctenv (https://github.com/osks/ctenv). Focused more general containers and not specific to agents, but I'm using it for that via its configurability.

One thing I wanted was to use any image in the container, which shai also seem to support in the same way (mounting a custom entrypoint script). And same reason for not using devcontainers - make it easy to start a new container.

Neat project! Sounds like it has a very different ethos to mine though:

> This container mounts a read-only copy of your current path at /src as a non-root user and restricts network access to a select list of http and https destinations. All other network traffic is blocked.

Yolobox mounts the current directory in read-write, the default user has sudo, and there's full network access by default. You can disable network access with `yolobox --no-network` if you want.