Skip to main content

AI - Tool/Agent isolation

Project description

AI-Container

Podman based container for isolating AI tooling for a individual project.

Context

In the past, I have repeatedly observed and experienced coding agents accessing or using files and content which they either weren't supposed to, or even technically "did not have access to."

On one occasion, for example, file access was explicitly restricted (e.g., the path was blocked). However, the agent exploited its ability to run bash commands, using them to traverse and scan the restricted paths instead of relying on standard read/write methods.

For this reason, I believe it is essential to implement clear restrictions or a contextual sandbox that is shared with the AI, and which it cannot as easily circumvent by simply invoking a different command.

Prerequisites

  • Podman (>= 5.0) - Container runtime. Install
  • Python (>= 3.13) - Required for the CLI. Install
  • uv - Used to install and run the CLI. Install

Image builds and volume creation are performed through the Podman Python SDK, which talks to the Podman service socket. Make sure the socket is running:

systemctl --user enable --now podman.socket

Installation

Install the ai-container package:

uv tool install ai-container

Or from source:

git clone https://github.com/yourusername/ai-container.git
cd ai-container
uv tool install .

The ai command will then be available.

Usage

Basic Commands

ai agent pi /path/to/project        # Run PI coding agent
ai agent opc /path/to/project       # Run OpenCode coding agent
ai agent claude /path/to/project    # Run Claude Code
ai agent aic /path/to/project       # Run aichat
ai agent llm /path/to/project       # Run llm
ai shell /path/to/project           # Interactive shell in container

ai agent <tool> <path> [args] is the single entry point for every tool. Valid tools: pi, opc, claude, aic, llm.

Pass additional arguments directly to the tool:

ai agent pi /path/to/project --verbose --model claude-3-sonnet

Rebuilding the Container Image

The container image is built automatically on first use via the Podman SDK. When you want to pull in the latest tool versions, force a rebuild with the image rebuild command:

ai image rebuild

Custom Environments

Need a specific toolchain (Rust, Go, an extra editor, ...)? Define a custom environment: a thin image built FROM aic:base that adds your tooling on top of everything the base image already provides.

Select an environment for any command with -e/--env:

ai -e rust shell .            # shell in the rust environment
ai -e rust agent pi .         # run pi in the rust environment
ai -e rust image rebuild      # (re)build the rust image (FROM aic:base)

Manage environment definitions with the env group:

ai env list                   # show environments and whether images are built
ai env new rust               # scaffold a Containerfile (FROM aic:base)
ai env new rust --edit        # scaffold and open it in $EDITOR
ai env edit rust              # edit the Containerfile
ai env path rust              # print the Containerfile path
ai env remove rust --purge    # delete the definition (and its image)

Definitions live under ~/.config/ai-container/environments/<name>/ (honoring XDG_CONFIG_HOME). The directory is also the build context, so you can COPY local files into your image. A scaffolded Containerfile looks like:

# rust environment -- extends the ai-container base image.
FROM aic:base

RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
    | sh -s -- -y --default-toolchain stable
ENV PATH="/root/.cargo/bin:${PATH}"

WORKDIR /workspace

Without -e, the default base environment is used. Persistence volumes (config, state, share, pi-config, claude) are shared across all environments, so credentials and config are entered once and work everywhere.

Config Files

Defaults for the global flags (-e/--env, --log-level, --dryrun) can be set in a TOML config file, so you don't have to repeat them on every invocation. Files are merged from several sources, highest precedence first:

  1. ./.ai-container.toml — project-local, in the current working directory
  2. ~/.config/ai-container/config.toml — user config (honors XDG_CONFIG_HOME)
  3. ~/.ai-container.toml — home dotfile
  4. Built-in defaults

Command-line flags always override config files. Each layer only needs to set the keys it cares about; the rest fall through to the next layer.

# .ai-container.toml
env = "rust"        # default environment
log_level = "DEBUG" # one of: DEBUG, INFO, WARNING, ERROR, CRITICAL
dryrun = false

Provided Tools

  • PI - Coding agent for generation, analysis, and refactoring
  • OpenCode - AI-powered coding assistant
  • Claude Code - Anthropic's official coding agent
  • aichat - Interactive AI chat interface
  • llm - Command-line tool for LLM interaction

Configuration & Persistence

First run: The container image is built (one-time, takes a few minutes).

Tools use their standard configuration methods (within the container):

  • aichat: ~/.config/aichat/config.toml
  • llm: ~/.config/llm/ + environment variables
  • PI: ~/.pi/
  • OpenCode: ~/.config/opencode/
  • Claude Code: ~/.claude/

Configuration persists automatically across all runs and containers through named Podman volumes (config, state, share, pi-config, claude). Configure once, use everywhere:

# First run: setup credentials
ai shell /path/to/project
# Inside container: aichat, llm keys set openai <key>, etc.

# Subsequent runs: credentials available automatically
ai agent pi /path/to/project

Other/Previous Work

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ai_container-0.15.0.tar.gz (29.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ai_container-0.15.0-py3-none-any.whl (17.8 kB view details)

Uploaded Python 3

File details

Details for the file ai_container-0.15.0.tar.gz.

File metadata

  • Download URL: ai_container-0.15.0.tar.gz
  • Upload date:
  • Size: 29.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ai_container-0.15.0.tar.gz
Algorithm Hash digest
SHA256 0ad27c20306f175a663452688e6b135e296f69e5a70131ba6c798798c31773e1
MD5 39208b9e2a3c0d13ae1893a47a933dbe
BLAKE2b-256 1cc6ffcb02dc7d1ac8d89ebba5673134b0b0b5fd2eb8ea93d2bdd61ab6845a31

See more details on using hashes here.

File details

Details for the file ai_container-0.15.0-py3-none-any.whl.

File metadata

  • Download URL: ai_container-0.15.0-py3-none-any.whl
  • Upload date:
  • Size: 17.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ai_container-0.15.0-py3-none-any.whl
Algorithm Hash digest
SHA256 895587786b4a88e9efe5c109fd0bff034bfad3213de834ed239a2bbb57e4f15e
MD5 9df193dd4e54df92e4ea491b45004efc
BLAKE2b-256 fe8e082fc04abf4b32fe366575f1de7a6d16c3db12a33ec44a665889db019fbf

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page