> - No death by tapping y. You work on an isolated copy of your code in a fairly safe environment always so it becomes easy to get out of the way and just let the agent do its thing without potentially compromising your machine. Agents spawned by agentspace run containerized in yolo mode by default.
> - Docker support inside the container via a docker-in-docker sidecar (Please note: `--docker` uses `--privileged` under the hood (required for DinD), so it's not a sandbox against actively hostile code. Use it for repos you'd trust on your machine anyway.)
These statements are pretty contradictory. If dind has privileged access, then that means the agent has essentially root access (or access of the host user if rootless)
Most work can be done without the --docker flag. I tried to use an unprivileged dind instance, but it is basically useless (at least how I used it). This is a work in progress so happy to take any suggestions to make it better. If you run it without docker support it is isolated.
> - No death by tapping y. You work on an isolated copy of your code in a fairly safe environment always so it becomes easy to get out of the way and just let the agent do its thing without potentially compromising your machine. Agents spawned by agentspace run containerized in yolo mode by default.
> - Docker support inside the container via a docker-in-docker sidecar (Please note: `--docker` uses `--privileged` under the hood (required for DinD), so it's not a sandbox against actively hostile code. Use it for repos you'd trust on your machine anyway.)
These statements are pretty contradictory. If dind has privileged access, then that means the agent has essentially root access (or access of the host user if rootless)
Most work can be done without the --docker flag. I tried to use an unprivileged dind instance, but it is basically useless (at least how I used it). This is a work in progress so happy to take any suggestions to make it better. If you run it without docker support it is isolated.