Co-builder of proj here:
You absolutely can spin up a container or a vm and run your agents in it - but you make trade offs. Containers are easy and fast. Vm's use more resources but are more secure. Most people in production run containers in vm's to get benefits of both!
This is a product that tries to get the best parts of both containers (devX + speed) and vm's (security). The innovation here is using micro-vm's which are really really lightweight and fast to start compared to traditional vm's. Props to libkrun team for creating that: https://github.com/containers/libkrun
Alright, but why couldn't I use `krunvm` directly then? What does your wrapper provide that I can't easily do already? Is it essentially a set of "recipes" and "skills"?
Krunvm has some breaking issues that I'm trying to upstream fixes to: https://github.com/containers/krunvm/pull/74. Amazing project and maintainer btw.
This product is effectively wrapper that has some fixes + devX glue that makes the experience hopefully faster. I try to improve the cleanup, logging, resources monitoring as an example: https://github.com/BinSquare/ERA/blob/main/era-agent/vm_serv...
The recipes and skills stuff is pretty experimental, we're trying to see if we can make this a full environment where agents can just have all the tools they need to build along with full privilege (sudo) because it's inside a microvm!
That's fair. Thanks for your work!
I don't think I'll use your project, but it's great that you're thinking about these things. We need more security initiatives in the "AI" space.