Switching to Claude Code and VSCode Inside Docker

Original Article ↗ Hacker News Discussion ↗

Risk of letting AI agents control the host

  • Several commenters consider it entirely reasonable to fear tools like Claude Code with shell access, likening precautions to insurance or seatbelts.
  • Concrete failures are cited: an AI agent (in Cursor) deleting most of a user’s files after safeguards were disabled; another case where an agent rewrote git history and nearly destroyed a repo.
  • Others report running Claude/Cursor with full permissions for long periods without serious problems, arguing that anything has been fixable via git and that the tools usually ask for confirmation before destructive commands.
  • Critics of this relaxed approach note that “no issue yet” is not a safety argument and warn that jailbreaking or malicious payloads could lead to silent malware or worse than rm -rf.

Containers, VMs, and isolation strategies

  • Many see containers as a good default for agents: isolation, easier cleanup, reproducibility, and the ability to run multiple agents in parallel or with --dangerously-skip-permissions more safely.
  • Others stress that containers are not a perfect security boundary; container escape exploits exist, and if strong security is the goal, a VM (qemu/Proxmox/Hypervisor, Apple’s container framework) is preferred.
  • Alternatives mentioned: separate OS user accounts, sandboxing via bubblewrap, or remote dev servers.
  • Some note Anthropic already documents devcontainer usage; others point out the suggested container capabilities (NET_ADMIN, NET_RAW) weaken the security story.

Developer experience: devcontainers, VSCode-in-Docker, and tooling

  • Devcontainers are praised for consistent team environments and “works on my machine” reduction, and for keeping npm/pip/gradle off the host.
  • Downsides: graphical VSCode inside Docker is painful (Wayland/socket issues); devcontainers can feel less “local” (missing personal CLI tools), and Docker Desktop on macOS is disliked.
  • Suggested tools/workflows: devcontainers CLI, DevPod, remote development via JetBrains Gateway, SSH+tmux+Neovim, KASM workspaces, Apple container–based CodeRunner.
  • Practical tradeoffs on macOS: fewer tool-call failures inside Linux containers, but lost ergonomics (notifications, screenshots, browser sessions) and battery overhead.

Opinions on VSCode and ecosystem control

  • Some dislike VSCode as bloated, Electron-based, or “neither great editor nor great IDE,” preferring JetBrains, Neovim, nano, or VSCodium.
  • Concerns include Microsoft telemetry, proprietary extensions (e.g., devcontainers), Copilot pressure, and extension lock-in. Others are pragmatic: everything becomes a mess once heavily customized, so sticking with one “known mess” is acceptable.

Agent workflows and alternatives

  • Several describe spinning up short-lived containers or worktrees for Claude to generate plans, run tests, or open PRs, then discarding results.
  • Containers are also valued for easily running many agents concurrently.
  • Open-source alternatives and self-hosted agent frameworks are mentioned, but cost and quality tradeoffs vs. Claude are debated.