Jump to content

Opencode isolation and burner workflow 260216: Difference between revisions

From Game in the Brain Wiki
← Older editNewer edit →
VisualWikitext
Update to match Claude Code isolation workflow: add opencode_isolation.sh, naming convention, daily workflow procedures, isolation table
No edit summary
Line 1: Line 1:
== OpenCode Isolation and Burner Workflow ==
= Beginner's Guide to OpenCode Isolation and Burner Workflows =
Welcome! If you are using OpenCode (or similar AI coding agents), you are giving an AI the ability to run commands on your computer. While incredibly powerful, this comes with risks. A confused AI—or a malicious hidden instruction (prompt injection) in a downloaded file—could accidentally delete your personal files or mess up your system.


This workflow uses Distrobox containers to run OpenCode in isolated environments. Key concepts:
This guide teaches you how to use '''Distrobox''' to create "sandboxes" (isolated containers). By putting the AI in a sandbox, any damage it causes stays locked inside that box, keeping your real computer completely safe.


* Each project runs in its own persistent container
== Key Concepts (Think of it like a Video Game) ==
* Save points capture container state as images
* A "golden image" serves as a template for new containers
* Containers are deleted on your schedule


'''Protection mechanism:''' Malicious prompt injection damage remains confined to the container, not affecting the host system.
* '''Containers (The Sandbox):''' A mini, isolated operating system running inside your real computer.
* '''Golden Image (The Master Save File):''' A perfectly set-up container with all the tools installed. We copy this every time we start a new project so we don't have to install things twice.
* '''Save Points (Checkpoints):''' Just like saving your game before a boss fight, we can "commit" our container's state. If the AI breaks the code later, we can reload the save!
* '''Burner Home:''' A special, restricted folder we give to the AI instead of letting it see your real <code>Documents</code> or <code>Desktop</code> folders.


== Hardware Reality ==
== 1. Hardware Reality Check ==
 
Before we begin, AI agents need to "read" your code to understand it. The amount of code they can remember at once is called the '''Context Window'''. To process large context windows, your graphics card (GPU) needs memory, called '''VRAM'''.
You need at least '''32k Context''' for a usable agent.


Here is what you can expect based on your hardware:
{| class="wikitable"
{| class="wikitable"
! VRAM !! GPU Example !! Context Window
!Your GPU VRAM
!Example Graphics Card
!Context Window (Memory)
!What this means for you
|-
|-
| 8GB || RX 7600 || 8k–16k (unstable at 32k)
|'''8GB'''
|Radeon RX 7600
|8k–16k
|Good for small scripts, but might crash on large projects.
|-
|-
| 16GB || RX 9070 XT || Tight; requires custom config
|'''16GB'''
|Radeon RX 9070 XT
|~32k
|The minimum recommended for a smooth AI agent experience.
|-
|-
| 20GB || RX 7900 XT || Sweet spot; 64k–80k
|'''20GB'''
|Radeon RX 7900 XT
|64k–80k
|The "Sweet Spot." Handles multiple large files easily.
|-
|-
| 32GB+ || — || 128k+
|'''32GB+'''
|Mac Studio / Pro GPUs
|128k+
|Can read entire massive codebases at once.
|}
|}
''(Note: If you have a computer with "Unified Memory" like an Apple Silicon Mac or a Ryzen AI Max+, you can use system RAM for AI, which allows for huge memory but runs a bit slower).''


Workstation unified memory (Ryzen AI Max+, Mac Studio) supports large models but at slower inference speeds.
== 2. Setting up the "Golden Image" (One-Time Setup) ==
 
You only need to do this section once! We are going to build our "Master Save File" that has all the programming tools the AI needs.
'''Recommended models:''' Qwen2.5-Coder-7B through Qwen2.5-Coder-14B; alternative: DeepSeek V3 API (~₱7.80/million tokens).
 
== Core Naming Convention ==
 
{| class="wikitable"
! Type !! Format !! Example
|-
| Working container || <code>PREFIX-YYMMDD</code> || <code>oc-260216</code>
|-
| Saved image || <code>localhost/PREFIX-YYMMDD:latest</code> || <code>localhost/oc-260216:latest</code>
|-
| Golden image || <code>localhost/PREFIX-base:latest</code> || <code>localhost/oc-base:latest</code>
|-
| Burner home || <code>~/sandbox-homes/PREFIX-YYMMDD</code> || <code>~/sandbox-homes/oc-260216</code>
|}
 
== One-Time Setup: Golden Image Creation ==
 
'''Step 1: Install Distrobox''' (on host)
<pre>
sudo apt install distrobox    # Debian/Ubuntu
sudo dnf install distrobox    # Fedora
yay -S distrobox              # Arch
</pre>
 
'''Step 2: Create and enter base container'''
<pre>
mkdir -p ~/sandbox-homes/oc-base
distrobox create --name oc-base --image ubuntu:24.04 --home ~/sandbox-homes/oc-base
distrobox enter oc-base
</pre>
 
'''Step 3: Install dependencies''' (inside container)
<pre>
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt install -y nodejs git python3
npm install -g opencode-ai
opencode  # Complete authentication / API key setup
</pre>
 
'''Step 4: Add launcher script''' (inside container)
 
Create <code>~/project/opencode_isolation.sh</code>:
<pre>
#!/bin/bash
# Launcher for OpenCode inside Distrobox container


WORK_DIR="$(cd "$(dirname "$0")" && pwd)"
=== Step 2.1: Install Distrobox on your Host Computer ===
# WORK_DIR="/home/USER/your-project-directory"  # uncomment for hardcoded path
First, we need the software that makes the sandboxes. Run the command for your computer's operating system:
<code># If you use Debian or Ubuntu:
sudo apt install distrobox   
# If you use Fedora:
sudo dnf install distrobox   
# If you use Arch Linux:
yay -S distrobox</code>             


cd "$WORK_DIR"
=== Step 2.2: Create the Base Sandbox ===
Now we create a brand new, empty sandbox named <code>oc-base</code>. We also tell it to use a fake home directory (<code>~/sandbox-homes/oc-base</code>) so it can't see your real personal files.
<code># 1. Create the folder that will act as the fake home
mkdir -p ~/sandbox-homes/oc-base
# 2. Build the sandbox using Ubuntu as the base system
distrobox create --name oc-base --image ubuntu:24.04 --home ~/sandbox-homes/oc-base
# 3. Step inside the sandbox!
distrobox enter oc-base</code>


echo "Starting OpenCode..."
=== Step 2.3: Equip the Sandbox with Tools ===
echo " Working directory: $WORK_DIR"
Now that you are ''inside'' the sandbox, let's install the tools the AI needs to write and test code (like Node.js, Python, and Git).
echo ""
<code># Download and install Node.js, Git, and Python
  curl -fsSL <nowiki>[https://deb.nodesource.com/setup_lts.x]</nowiki>(<nowiki>https://deb.nodesource.com/setup_lts.x</nowiki>) | sudo -E bash -
sudo apt install -y nodejs git python3
# Install the OpenCode AI software globally
npm install -g opencode-ai
# Run OpenCode once to set up your API keys and authenticate
opencode</code> 


exec opencode "$@"
=== Step 2.4: Create a Helper Script ===
</pre>
To make starting projects easier later, we'll create a shortcut script. Still inside the sandbox, run these commands to create a file called <code>opencode_isolation.sh</code>:
<code># Create the script
cat << 'EOF' > ~/project/opencode_isolation.sh
#!/bin/bash
# This script starts OpenCode safely inside our current folder.
WORK_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$WORK_DIR"
echo "Starting OpenCode..."
echo "Working directory: $WORK_DIR"
echo ""
exec opencode "$@"
EOF
# Make the script executable (runnable)
chmod +x ~/project/opencode_isolation.sh</code>


Make executable: <code>chmod +x ~/project/opencode_isolation.sh</code>
=== Step 2.5: Save the Master Sandbox ===
Now we step out of the sandbox and save it as our "Golden Image" template.
<code># 1. Leave the sandbox and return to your real computer
exit 
# 2. Turn off the sandbox
distrobox stop oc-base
# 3. Save it as a reusable template (image) named "oc-base:latest"
podman container commit oc-base localhost/oc-base:latest
# 4. Verify it was saved successfully
podman image ls</code>


'''Step 5: Commit golden image''' (on host)
== 3. Protect Your Identity: The GitHub "Burner" Account ==
<pre>
'''Important:''' Do NOT give the AI access to your personal GitHub account! If the AI gets confused, it might delete your repositories or leak your private code.
exit  # Leave container
distrobox stop oc-base
podman container commit oc-base localhost/oc-base:latest
podman image ls  # Verify
</pre>


== GitHub Burner Identity ==
# Go to GitHub and create a completely new, separate account (a "burner" account).
# Generate a '''Personal Access Token''' for this new account.
# Set the token to expire in 90 days.
# Only give the token <code>repo</code> and <code>workflow</code> permissions.
# Use ''this'' account and token when setting up git inside your sandboxes.


Create a separate GitHub account exclusively for agent work. Generate Personal Access Tokens (90-day expiration) scoped to <code>repo</code> and <code>workflow</code> permissions rather than sharing primary credentials.
== 4. Daily Workflow: How to Use Your Sandboxes ==
Now that your Golden Image is ready, here is how you will actually work day-to-day. We use a naming convention with the date to keep things organized (e.g., <code>oc-260216</code> means OpenCode project from Feb 16, 2026).


== Daily Workflow Procedures ==
=== Scenario A: Starting a Brand New Project ===
We will copy the master save file to create a fresh workspace.
<code># On your main computer:
# 1. Make a folder for today's project
mkdir -p ~/sandbox-homes/oc-260216
# 2. Create a new sandbox cloned from your Golden Image
distrobox create --name oc-260216 --image localhost/oc-base:latest --home ~/sandbox-homes/oc-260216
# 3. Enter the new sandbox
distrobox enter oc-260216
# Inside the sandbox:
# 4. Navigate to the project folder and start the AI!
cd ~/project && ./opencode_isolation.sh</code>


=== Starting a New Container ===
=== Scenario B: Saving Your Progress (Checkpoint) ===
<pre>
Before you ask the AI to do a massive, complicated refactor, save your container! If the AI ruins the code, you can easily go back.
[HOST]      mkdir -p ~/sandbox-homes/oc-260216
<code># On your main computer:
[HOST]      distrobox create --name oc-260216 --image localhost/oc-base:latest --home ~/sandbox-homes/oc-260216
distrobox stop oc-260216
[HOST]      distrobox enter oc-260216
podman container commit oc-260216 localhost/oc-260216:latest
[DISTROBOX] cd ~/project && ./opencode_isolation.sh
</pre>
# Now you can enter again and safely let the AI work
distrobox enter oc-260216</code>


=== Continuing an Existing Container ===
=== Scenario C: Oh no! The AI broke everything! (Restoring a Checkpoint) ===
<pre>
If you saved a checkpoint (like in Scenario B) and want to go back to it:
[HOST]      distrobox enter oc-260216
<code># On your main computer:
[DISTROBOX] cd ~/project && ./opencode_isolation.sh
# 1. Delete the ruined sandbox
</pre>
distrobox rm oc-260217 && rm -rf ~/sandbox-homes/oc-260217
# 2. Recreate it from your last good save point!
mkdir -p ~/sandbox-homes/oc-260217
distrobox create --name oc-260217 --image localhost/oc-260216:latest --home ~/sandbox-homes/oc-260217</code>


=== Saving a Checkpoint ===
== 5. Cleaning Up ==
<pre>
Over time, these sandboxes will take up hard drive space. Here is how to clean them up when you are done with a project.
[HOST] distrobox stop oc-260216
  <code># See all your saved templates/images
[HOST] podman container commit oc-260216 localhost/oc-260216:latest
podman image ls             
[HOST] distrobox enter oc-260216 # Resume work
</pre>
# Delete a specific saved image
 
podman image rm localhost/oc-260216:latest
=== Branching from a Save Point ===
<pre>
# Delete a working sandbox and its fake home folder
mkdir -p ~/sandbox-homes/oc-260217
distrobox rm oc-260216 && rm -rf ~/sandbox-homes/oc-260216</code>
distrobox create --name oc-260217 --image localhost/oc-260216:latest --home ~/sandbox-homes/oc-260217
distrobox enter oc-260217
</pre>
 
=== Restoring from a Checkpoint ===
<pre>
[HOST] distrobox rm oc-260217 && rm -rf ~/sandbox-homes/oc-260217
[HOST] mkdir -p ~/sandbox-homes/oc-260217
[HOST] distrobox create --name oc-260217 --image localhost/oc-260216:latest --home ~/sandbox-homes/oc-260217
</pre>
 
=== Promoting a Container to Golden Image ===
<pre>
[HOST] distrobox stop oc-260216
[HOST] podman container commit oc-260216 localhost/oc-base:latest
</pre>
 
=== Cleanup Commands ===
<pre>
podman image ls              # List all images
podman image rm localhost/oc-260216:latest
podman ps -a                 # List containers
distrobox rm oc-260216 && rm -rf ~/sandbox-homes/oc-260216
</pre>
 
== Parallel Sessions ==
 
Clone the golden image into multiple independent containers simultaneously:
<pre>
distrobox create --name oc-A --image localhost/oc-base:latest --home ~/sandbox-homes/oc-A
distrobox create --name oc-B --image localhost/oc-base:latest --home ~/sandbox-homes/oc-B
distrobox create --name oc-C --image localhost/oc-base:latest --home ~/sandbox-homes/oc-C
</pre>
 
== Isolation Coverage ==


== 6. What is actually protected? (Isolation Coverage) ==
For transparency, here is exactly what this setup protects against:
{| class="wikitable"
{| class="wikitable"
! Surface !! Isolated? !! Notes
!System Area
|-
!Is it Protected?
| Host home || ✅ Yes || Burner home via <code>--home</code>
!Explanation
|-
|-
| Host filesystem || ⚠️ Partial || Read-write by default; add <code>--additional-flags</code> for read-only mounts
|'''Your Personal Files'''
|✅ Yes
|The AI uses the fake <code>--home</code> folder and cannot see your real Documents or Desktop.
|-
|-
| System packages || ✅ Yes || Overlay filesystem isolation
|'''System Apps/Packages'''
|✅ Yes
|If the AI tries to install a virus via <code>apt-get</code>, it only installs inside the disposable sandbox.
|-
|-
| Network || ❌ No || Shares host network (API access required)
|'''Host Filesystem'''
|⚠️ Partial
|By default, the rest of your hard drive is readable. Advanced users can add <code>--additional-flags</code> to lock this down further.
|-
|-
| Kernel || ❌ No || Rootless containers share kernel
|'''Network/Internet'''
|-
|❌ No
| Display || ❌ No || GUI renders on host
|The AI shares your computer's internet connection (it needs this to access the OpenCode API).
|}
|}


== Troubleshooting ==
== 7. Common Beginner Issues (Troubleshooting) ==
 
* '''Mount failures:''' Use <code>--home</code> custom directory; avoid nested Firejail
* '''cgroup warnings:''' Expected in rootless containers; operation succeeds despite messages
* '''Command separation required:''' Run <code>mkdir</code> and <code>distrobox create</code> as separate commands; combining them can fail silently
* '''$HOME path issue:''' Inside <code>--home</code> containers, <code>$HOME</code> resolves to the burner directory; use absolute paths in scripts
* '''Firejail incompatibility:''' Fails with <code>--home</code> due to whitelist mode blocking Node.js dependencies; use Distrobox isolation alone


== Prerequisites ==
* '''"I get cgroup warnings when starting a container!"'''
** ''Fix:'' Ignore it! This is perfectly normal for sandboxes running without administrator privileges. The container will still work fine.
* '''"My <code>distrobox create</code> command failed silently."'''
** ''Fix:'' Make sure you run the <code>mkdir</code> command to create the fake home folder ''before'' running <code>distrobox create</code>. If the folder doesn't exist, the creation will fail.
* '''"Inside the container, where is my script?"'''
** ''Fix:'' Because we use a fake home, the <code>$HOME</code> variable points to <code>~/sandbox-homes/oc-base</code>. Always use exact, absolute paths if your scripts seem to be getting lost.


* Linux host (Fedora, Ubuntu, Arch, etc.)
*
* Distrobox installed
* Podman installed
* OpenCode account / API key configured

Revision as of 17:11, 23 February 2026

Beginner's Guide to OpenCode Isolation and Burner Workflows

Welcome! If you are using OpenCode (or similar AI coding agents), you are giving an AI the ability to run commands on your computer. While incredibly powerful, this comes with risks. A confused AI—or a malicious hidden instruction (prompt injection) in a downloaded file—could accidentally delete your personal files or mess up your system.

This guide teaches you how to use Distrobox to create "sandboxes" (isolated containers). By putting the AI in a sandbox, any damage it causes stays locked inside that box, keeping your real computer completely safe.

Key Concepts (Think of it like a Video Game)

  • Containers (The Sandbox): A mini, isolated operating system running inside your real computer.
  • Golden Image (The Master Save File): A perfectly set-up container with all the tools installed. We copy this every time we start a new project so we don't have to install things twice.
  • Save Points (Checkpoints): Just like saving your game before a boss fight, we can "commit" our container's state. If the AI breaks the code later, we can reload the save!
  • Burner Home: A special, restricted folder we give to the AI instead of letting it see your real Documents or Desktop folders.

1. Hardware Reality Check

Before we begin, AI agents need to "read" your code to understand it. The amount of code they can remember at once is called the Context Window. To process large context windows, your graphics card (GPU) needs memory, called VRAM.

Here is what you can expect based on your hardware:

Your GPU VRAM Example Graphics Card Context Window (Memory) What this means for you
8GB Radeon RX 7600 8k–16k Good for small scripts, but might crash on large projects.
16GB Radeon RX 9070 XT ~32k The minimum recommended for a smooth AI agent experience.
20GB Radeon RX 7900 XT 64k–80k The "Sweet Spot." Handles multiple large files easily.
32GB+ Mac Studio / Pro GPUs 128k+ Can read entire massive codebases at once.

(Note: If you have a computer with "Unified Memory" like an Apple Silicon Mac or a Ryzen AI Max+, you can use system RAM for AI, which allows for huge memory but runs a bit slower).

2. Setting up the "Golden Image" (One-Time Setup)

You only need to do this section once! We are going to build our "Master Save File" that has all the programming tools the AI needs.

Step 2.1: Install Distrobox on your Host Computer

First, we need the software that makes the sandboxes. Run the command for your computer's operating system: 

# If you use Debian or Ubuntu:
sudo apt install distrobox    

# If you use Fedora:
sudo dnf install distrobox    

# If you use Arch Linux:
yay -S distrobox

Step 2.2: Create the Base Sandbox

Now we create a brand new, empty sandbox named oc-base. We also tell it to use a fake home directory (~/sandbox-homes/oc-base) so it can't see your real personal files. 

# 1. Create the folder that will act as the fake home
mkdir -p ~/sandbox-homes/oc-base

# 2. Build the sandbox using Ubuntu as the base system
distrobox create --name oc-base --image ubuntu:24.04 --home ~/sandbox-homes/oc-base

# 3. Step inside the sandbox!
distrobox enter oc-base

Step 2.3: Equip the Sandbox with Tools

Now that you are inside the sandbox, let's install the tools the AI needs to write and test code (like Node.js, Python, and Git). 

# Download and install Node.js, Git, and Python
curl -fsSL [https://deb.nodesource.com/setup_lts.x](https://deb.nodesource.com/setup_lts.x) | sudo -E bash -
sudo apt install -y nodejs git python3

# Install the OpenCode AI software globally
npm install -g opencode-ai

# Run OpenCode once to set up your API keys and authenticate
opencode

Step 2.4: Create a Helper Script

To make starting projects easier later, we'll create a shortcut script. Still inside the sandbox, run these commands to create a file called opencode_isolation.sh: 

# Create the script
cat << 'EOF' > ~/project/opencode_isolation.sh
#!/bin/bash
# This script starts OpenCode safely inside our current folder.
WORK_DIR="$(cd "$(dirname "$0")" && pwd)"

cd "$WORK_DIR"
echo "Starting OpenCode..."
echo "Working directory: $WORK_DIR"
echo ""

exec opencode "$@"
EOF

# Make the script executable (runnable)
chmod +x ~/project/opencode_isolation.sh

Step 2.5: Save the Master Sandbox

Now we step out of the sandbox and save it as our "Golden Image" template. 

# 1. Leave the sandbox and return to your real computer
exit  

# 2. Turn off the sandbox
distrobox stop oc-base

# 3. Save it as a reusable template (image) named "oc-base:latest"
podman container commit oc-base localhost/oc-base:latest

# 4. Verify it was saved successfully
podman image ls

3. Protect Your Identity: The GitHub "Burner" Account

Important: Do NOT give the AI access to your personal GitHub account! If the AI gets confused, it might delete your repositories or leak your private code.

  1. Go to GitHub and create a completely new, separate account (a "burner" account).
  2. Generate a Personal Access Token for this new account.
  3. Set the token to expire in 90 days.
  4. Only give the token repo and workflow permissions.
  5. Use this account and token when setting up git inside your sandboxes.

4. Daily Workflow: How to Use Your Sandboxes

Now that your Golden Image is ready, here is how you will actually work day-to-day. We use a naming convention with the date to keep things organized (e.g., oc-260216 means OpenCode project from Feb 16, 2026).

Scenario A: Starting a Brand New Project

We will copy the master save file to create a fresh workspace. 

# On your main computer:
# 1. Make a folder for today's project
mkdir -p ~/sandbox-homes/oc-260216

# 2. Create a new sandbox cloned from your Golden Image
distrobox create --name oc-260216 --image localhost/oc-base:latest --home ~/sandbox-homes/oc-260216

# 3. Enter the new sandbox
distrobox enter oc-260216

# Inside the sandbox:
# 4. Navigate to the project folder and start the AI!
cd ~/project && ./opencode_isolation.sh

Scenario B: Saving Your Progress (Checkpoint)

Before you ask the AI to do a massive, complicated refactor, save your container! If the AI ruins the code, you can easily go back. 

# On your main computer:
distrobox stop oc-260216
podman container commit oc-260216 localhost/oc-260216:latest

# Now you can enter again and safely let the AI work
distrobox enter oc-260216

Scenario C: Oh no! The AI broke everything! (Restoring a Checkpoint)

If you saved a checkpoint (like in Scenario B) and want to go back to it: 

# On your main computer:
# 1. Delete the ruined sandbox
distrobox rm oc-260217 && rm -rf ~/sandbox-homes/oc-260217

# 2. Recreate it from your last good save point!
mkdir -p ~/sandbox-homes/oc-260217
distrobox create --name oc-260217 --image localhost/oc-260216:latest --home ~/sandbox-homes/oc-260217

5. Cleaning Up

Over time, these sandboxes will take up hard drive space. Here is how to clean them up when you are done with a project. 

# See all your saved templates/images
podman image ls              

# Delete a specific saved image
podman image rm localhost/oc-260216:latest

# Delete a working sandbox and its fake home folder
distrobox rm oc-260216 && rm -rf ~/sandbox-homes/oc-260216

6. What is actually protected? (Isolation Coverage)

For transparency, here is exactly what this setup protects against:

System Area Is it Protected? Explanation
Your Personal Files ✅ Yes The AI uses the fake --home folder and cannot see your real Documents or Desktop.
System Apps/Packages ✅ Yes If the AI tries to install a virus via apt-get, it only installs inside the disposable sandbox.
Host Filesystem ⚠️ Partial By default, the rest of your hard drive is readable. Advanced users can add --additional-flags to lock this down further.
Network/Internet ❌ No The AI shares your computer's internet connection (it needs this to access the OpenCode API).

7. Common Beginner Issues (Troubleshooting)

  • "I get cgroup warnings when starting a container!"
    • Fix: Ignore it! This is perfectly normal for sandboxes running without administrator privileges. The container will still work fine.
  • "My distrobox create command failed silently."
    • Fix: Make sure you run the mkdir command to create the fake home folder before running distrobox create. If the folder doesn't exist, the creation will fail.
  • "Inside the container, where is my script?"
    • Fix: Because we use a fake home, the $HOME variable points to ~/sandbox-homes/oc-base. Always use exact, absolute paths if your scripts seem to be getting lost.
Retrieved from "http://wiki.gi7b.org/index.php?title=Opencode_isolation_and_burner_workflow_260216&oldid=195"