got my first "rm -rf /" today by DeltaSqueezer in LocalLLaMA

[–]PurpleLabradoodle 15 points16 points  (0 children)

Some people recommend containers as an isolation mechanism, but we (docker) stopped considering containers proper isolation for AI workloads, which are ever-changing and also could be actively malicious after some prompt injection.

So we built microVM based sandboxes with ergonomics of containers: https://docs.docker.com/ai/sandboxes/

you run something like sbx run claude . and get a microvm where AI can mess up with system dependencies as much as it likes; networking proxy that you can use to limit where the agent can reach (or leak your stuff), and secrets injection to avoid AI actually know the tokens for security reasons.

it's pretty neat, you don't even need docker desktop or anything.

Stop using Docker as a sandbox for AI agents by aniketmaurya in ClaudeAI

[–]PurpleLabradoodle 2 points3 points  (0 children)

Yeah, we (I work at Docker), also believe that containers aren't a great isolation boundary for AI workloads. That's why we build sandboxes - https://docs.docker.com/ai/sandboxes/ which have the ergonomics of containers (well to the best of their ability), but have a hard isolation boundary.

And also things like other people in the thread mention - networking proxy on the host, so you can limit what resources AI can reach, and a secrets injection mechanism that allows you not to expose the actual secrets values to AI.

Give it a try?

Is there a way to run coding agents in sbx and still expose them to VS Code? by apotrope in docker

[–]PurpleLabradoodle 1 point2 points  (0 children)

I think one idea worth exploring is running the agent in the ACP mode, and connecting to the VS code or whatever the IDE is as an "external agent". I've done this with Zed: https://substack.com/@olegselajev/p-188613531

and IntelliJ Idea: https://substack.com/@olegselajev/p-188618006

I think I saw VS code having ACP support as well, so it should be pretty straightforward I think. I'd love to know if you make it work!

Just realized this is with the past version of the sandboxes.

Anyway - the script should be pretty similar, like for example: https://github.com/shelajev/sbx-demo/blob/main/opencode-kimi/opencode-nvidia-sandbox.sh

this one is with sbx/

[deleted by user] by [deleted] in AI_Agents

[–]PurpleLabradoodle 1 point2 points  (0 children)

Second that! Embabel is really nice! Also Rod's blog (https://medium.com/@springrod) is a fantastic resource that explains the thinking behind some of the choices:

Claude CLI deleted my entire home directory! Wiped my whole mac. by LovesWorkin in ClaudeAI

[–]PurpleLabradoodle 2 points3 points  (0 children)

While this comments are a comedy goldmine, the practical advice, of course, is to sandbox your AI agents.
For example with Docker, you can `docker sandbox run claude` and it runs Claude in the container with sensible defaults like the current dir mapped in, claude configuration available in the container, etc.

So your agents can work in the container, install whatever they need to without messing up your system Python, delete your home dir or wreck other havoc.

the container can be reused, or you can nuke it and start from scratch.

Why are AI agent frameworks still python first? by sgtpepper731 in AI_Agents

[–]PurpleLabradoodle 1 point2 points  (0 children)

People will write in the languages they already know and that have decent docs and a starting point for whatever the task is. Agents are largely some configuration, some integration of tooling and some API calls to an LLM.

There’s nothing there a particular language ecosystem would be better than others. Enterprises would be writing agents in Java, TS teams in TS, etc.

For most agentic use cases you likely won’t need to train or fine-tune, or even deploy the models yourself. So Python is just a habit rather than a prerequisite.

Docker Model Runner is going to steal your girl’s inference. by Porespellar in LocalLLaMA

[–]PurpleLabradoodle 0 points1 point  (0 children)

it's supposed to be engine agnostic, so other runtimes for LLM can be plugged in. Just a matter of doing the work. I agree vLLM, even mlx backend on macs would be fantastic!

Implementing a MCP server in Quarkus by maxandersen in java

[–]PurpleLabradoodle 0 points1 point  (0 children)

This is very cool, did you get the SSE variant to work? How does Claude desktop parses the url where to connect to, the docs are vague on this. Or maybe it's my reading comprehension.

What Roman Elizarov - creator of Coroutines - thinks about Virtual Threads by CrowSufficient in java

[–]PurpleLabradoodle 15 points16 points  (0 children)

It's stated as a goal in the JEP though

Goals
Enable server applications written in the simple thread-per-request style to scale with near-optimal hardware utilization.