Skip to main content

AI - Tool/Agent isolation

Project description

AI-Container

Podman based container for isolating AI tooling for a individual project.

Context

In the past, I have repeatedly observed and experienced coding agents accessing or using files and content which they either weren't supposed to, or even technically "did not have access to."

On one occasion, for example, file access was explicitly restricted (e.g., the path was blocked). However, the agent exploited its ability to run bash commands, using them to traverse and scan the restricted paths instead of relying on standard read/write methods.

For this reason, I believe it is essential to implement clear restrictions or a contextual sandbox that is shared with the AI, and which it cannot as easily circumvent by simply invoking a different command.

Prerequisites

  • Podman (>= 4.0) - Container runtime. Install
  • Python (>= 3.13) - Required for the CLI. Install
  • uv - Used to install and run the CLI. Install

Image builds and volume creation are performed through the Podman Python SDK, which talks to the Podman service socket. Make sure the socket is running:

Installation

Install the ai-container package:

uv tool install ai-container

Or from source:

git clone https://github.com/yourusername/ai-container.git
cd ai-container
uv tool install .

The ai command will then be available.

Usage

Basic Commands

ai agent pi /path/to/project        # Run PI coding agent
ai agent opc /path/to/project       # Run OpenCode coding agent
ai agent aic /path/to/project       # Run aichat
ai agent llm /path/to/project       # Run llm
ai shell /path/to/project           # Interactive shell in container

ai agent <tool> <path> [args] is the single entry point for every tool. Valid tools: pi, opc, aic, llm.

Pass additional arguments directly to the tool:

ai agent pi /path/to/project --verbose --model claude-3-sonnet

Rebuilding the Container Image

The container image is built automatically on first use via the Podman SDK. When you want to pull in the latest tool versions, force a rebuild with the image rebuild command:

ai image rebuild

Custom Environments

Need a specific toolchain (Rust, Go, an extra editor, ...)? Define a custom environment: a thin image built FROM aic:base that adds your tooling on top of everything the base image already provides.

Select an environment for any command with -e/--env:

ai -e rust shell .            # shell in the rust environment
ai -e rust agent pi .         # run pi in the rust environment
ai -e rust image rebuild      # (re)build the rust image (FROM aic:base)

Manage environment definitions with the env group:

ai env list                   # show environments and whether images are built
ai env new rust               # scaffold a Containerfile (FROM aic:base)
ai env new rust --edit        # scaffold and open it in $EDITOR
ai env edit rust              # edit the Containerfile
ai env path rust              # print the Containerfile path
ai env remove rust --purge    # delete the definition (and its image)

Definitions live under ~/.config/ai-container/environments/<name>/ (honoring XDG_CONFIG_HOME). The directory is also the build context, so you can COPY local files into your image. A scaffolded Containerfile looks like:

# rust environment -- extends the ai-container base image.
FROM aic:base

RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
    | sh -s -- -y --default-toolchain stable
ENV PATH="/root/.cargo/bin:${PATH}"

WORKDIR /workspace

Without -e, the default base environment is used. Persistence volumes (config, state, share, pi-config, claude) are shared across all environments, so credentials and config are entered once and work everywhere.

Config Files

Defaults for the global flags (-e/--env, --log-level, --dryrun) can be set in a TOML config file, so you don't have to repeat them on every invocation. Files are merged from several sources, highest precedence first:

  1. ./.ai-container.toml — project-local, in the current working directory
  2. ~/.config/ai-container/config.toml — user config (honors XDG_CONFIG_HOME)
  3. ~/.ai-container.toml — home dotfile
  4. Built-in defaults

Command-line flags always override config files. Each layer only needs to set the keys it cares about; the rest fall through to the next layer.

# .ai-container.toml
env = "rust"        # default environment
log_level = "DEBUG" # one of: DEBUG, INFO, WARNING, ERROR, CRITICAL
dryrun = false

Provided Tools

  • PI - Coding agent for generation, analysis, and refactoring
  • OpenCode - AI-powered coding assistant
  • aichat - Interactive AI chat interface
  • llm - Command-line tool for LLM interaction

Configuration & Persistence

First run: The container image is built (one-time, takes a few minutes).

Tools use their standard configuration methods (within the container):

  • aichat: ~/.config/aichat/config.toml
  • llm: ~/.config/llm/ + environment variables
  • PI: ~/.pi/
  • OpenCode: ~/.config/opencode/

Configuration persists automatically across all runs and containers through named Podman volumes (config, state, share, pi-config). Configure once, use everywhere:

# First run: setup credentials
ai shell /path/to/project
# Inside container: aichat, llm keys set openai <key>, etc.

# Subsequent runs: credentials available automatically
ai agent pi /path/to/project

Other/Previous Work

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ai_container-0.14.0.tar.gz (27.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ai_container-0.14.0-py3-none-any.whl (13.6 kB view details)

Uploaded Python 3

File details

Details for the file ai_container-0.14.0.tar.gz.

File metadata

  • Download URL: ai_container-0.14.0.tar.gz
  • Upload date:
  • Size: 27.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ai_container-0.14.0.tar.gz
Algorithm Hash digest
SHA256 4de4a68813e7a50de54a0c305477338b7d3fa4b64a10391ef2c69586ad551bb2
MD5 b1e256d45df59bbd0599031d8440639f
BLAKE2b-256 07b43f7abf59551c8a53e8fe3670d0d70dc9cf358f9979740316ba4456a86022

See more details on using hashes here.

File details

Details for the file ai_container-0.14.0-py3-none-any.whl.

File metadata

  • Download URL: ai_container-0.14.0-py3-none-any.whl
  • Upload date:
  • Size: 13.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ai_container-0.14.0-py3-none-any.whl
Algorithm Hash digest
SHA256 08ed7102089c7eb0cc983ef5599f78fa25e65598fb4fde3c23dc16ea23fe1f9f
MD5 2525dff03eaaef46fd3cab85987ed7eb
BLAKE2b-256 f15f7fbebe7bdda56f4ed09fa80aec3a681609954486b6832b557520e1dd80bf

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page