Skip to main content

AI - Tool/Agent isolation

Project description

AI-Container

Podman based container for isolating AI tooling for a individual project.

Context

In the past, I have repeatedly observed and experienced coding agents accessing or using files and content which they either weren't supposed to, or even technically "did not have access to."

On one occasion, for example, file access was explicitly restricted (e.g., the path was blocked). However, the agent exploited its ability to run bash commands, using them to traverse and scan the restricted paths instead of relying on standard read/write methods.

For this reason, I believe it is essential to implement clear restrictions or a contextual sandbox that is shared with the AI, and which it cannot as easily circumvent by simply invoking a different command.

Prerequisites

  • Podman (>= 4.0) - Container runtime. Install
  • Python (>= 3.13) - Required for the CLI. Install
  • uv - Used to install and run the CLI. Install

Image builds and volume creation are performed through the Podman Python SDK, which talks to the Podman service socket. Make sure the socket is running:

Installation

Install the ai-container package:

uv tool install ai-container

Or from source:

git clone https://github.com/yourusername/ai-container.git
cd ai-container
uv tool install .

The ai command will then be available.

Usage

Basic Commands

ai agent pi /path/to/project        # Run PI coding agent
ai agent opc /path/to/project       # Run OpenCode coding agent
ai agent aic /path/to/project       # Run aichat
ai agent llm /path/to/project       # Run llm
ai shell /path/to/project           # Interactive shell in container

ai agent <tool> <path> [args] is the single entry point for every tool. Valid tools: pi, opc, aic, llm.

Pass additional arguments directly to the tool:

ai agent pi /path/to/project --verbose --model claude-3-sonnet

Rebuilding the Container Image

The container image is built automatically on first use via the Podman SDK. When you want to pull in the latest tool versions, force a rebuild with the image rebuild command:

ai image rebuild

Provided Tools

  • PI - Coding agent for generation, analysis, and refactoring
  • OpenCode - AI-powered coding assistant
  • aichat - Interactive AI chat interface
  • llm - Command-line tool for LLM interaction

Configuration & Persistence

First run: The container image is built (one-time, takes a few minutes).

Tools use their standard configuration methods (within the container):

  • aichat: ~/.config/aichat/config.toml
  • llm: ~/.config/llm/ + environment variables
  • PI: ~/.pi/
  • OpenCode: ~/.config/opencode/

Configuration persists automatically across all runs and containers through named Podman volumes (config, state, share, pi-config). Configure once, use everywhere:

# First run: setup credentials
ai shell /path/to/project
# Inside container: aichat, llm keys set openai <key>, etc.

# Subsequent runs: credentials available automatically
ai agent pi /path/to/project

Other/Previous Work

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ai_container-0.11.0.tar.gz (22.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ai_container-0.11.0-py3-none-any.whl (7.8 kB view details)

Uploaded Python 3

File details

Details for the file ai_container-0.11.0.tar.gz.

File metadata

  • Download URL: ai_container-0.11.0.tar.gz
  • Upload date:
  • Size: 22.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ai_container-0.11.0.tar.gz
Algorithm Hash digest
SHA256 9cbb65d378be9295649d458e3ff4ca924e21d926e6c3630b37c8842d4c5b7f9c
MD5 277e19a9c3b0e51f9c88ed88c7c68e31
BLAKE2b-256 e26882d67e406e599b0d3d8deb3b1bb6f49ab36c2e1e49cc3b757862244938ab

See more details on using hashes here.

File details

Details for the file ai_container-0.11.0-py3-none-any.whl.

File metadata

  • Download URL: ai_container-0.11.0-py3-none-any.whl
  • Upload date:
  • Size: 7.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ai_container-0.11.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c89bef38e4e52c3efe7d5d0e83ab12f3052b5eb8cdb7c0db4cb0de089215eda6
MD5 9bc5ae4db5d88dc61132b08b9fe217d1
BLAKE2b-256 072586198f20c27e7b27b9df519c334549fb55c3aaf4d40fb616fd2892e20b35

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page