For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | more nezhar's commentsregister

The first rule covers it best: it is crucial that you know what you are doing in order to benefit from these tools.

Regarding the second and third rules, I like to work with two terminals. One is for my agent, isolated in a container, and the other one I use for `git`. This way, I can assess whether my changes are moving in the right direction.

The PLAN.md files have also proven to be a good approach. I'm still trying to figure out the best way to keep them aligned with the application without polluting the context, but they hold significant value for documentation purposes.


I think a properly hand tuned AGENTS.md with proper tooling instructions and a single PLAN.md goes a long way especially if you add directives in AGENTS.md to keep the PLAN.md always updated with journaling.


It's really hard to follow them; it feels like the Spider-Man meme.


https://nezhar.com/


This is a great example of why network restrictions on an application are not sufficient.


In my opinion, having a container is currently the best trade-off in terms of performance and maintainability of the setup.


Looks interesting. How does this compare to a container?


Containers aren't a sandbox:

https://news.ycombinator.com/item?id=46405993


It uses Linux kernel namespaces instead of chroot (containers are just fancy Liunx chroot)


Ackually, “containers” on linux are usually implemented using linux namespaces instead of chroot.


The isolation pattern is a good starting point.


I believe the detection pattern may not be the best choice in this situation, as a single miss could result in significant damage.


I built https://github.com/nezhar/claude-container for exactly this reason - it's easy to make mistakes with these agents even for technical users, especially in yolo mode.


Related: https://news.ycombinator.com/item?id=46594059


Author here. This release adds two features I've found useful for understanding Claude Code behavior:

1. API Proxy - Transparently logs all interactions with the Anthropic API. Every request/response is captured without modifying Claude Code itself.

2. Datasette Integration - Lets you query and visualize the captured API data with SQL. Useful for tracking token usage, analyzing prompt patterns, or debugging unexpected behavior.

The container itself provides isolation from the host system while maintaining persistent credentials and workspace access via bind mounts.

Happy to answer questions about the implementation or use cases.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You