c/research.ai-dev-principles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: principle #36 — ephemeral execution environments

Browse Source
This commit is contained in:
Christian Nennemann
2026-03-31 22:29:04 +00:00
parent a2d143869e
commit 325935226d
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -413,6 +413,19 @@ Agents should be able to dispatch sub-jobs to other agents/workers. Not just top
---
### 36. Ephemeral Execution Environments
Code execution should be disposable. Run in a fresh environment, extract results, throw away the environment.
- Containers (Claudine): self-hosted, free, full control
- Cloud microVMs (Vercel Sandbox): managed, instant snapshots, network firewall
- The job shouldn't care WHERE it runs — same interface, different backends
- Dispatch should abstract over execution backends: local worker, container, cloud sandbox
**Origin:** Comparing Claudine (self-hosted containers) with Vercel Sandbox (managed microVMs) — same concept, different trade-offs.
---
## (inbox — unsorted ideas)
- **Least-privilege agent access**: Agents should SSH as a dedicated non-root user (e.g. `deploy@`) with scoped sudo for only what they need (systemctl, caddy reload). No root SSH long-term.