The linked fly.io article discusses why containers aren't a good fit for sandboxes that need persistent state and how sprites.dev addresses the challenges.
I think there are tradeoffs here. Maybe your one person vibe coded app doesn't need any change management, IaC, any of that. No docker file, start with whatever docker file fly wrote for you, beat it with an agent until it works enough. And it's pretty cool that you can then just serve it directly. Is it dev or prod? Yes.
On the other hand, I really don't think editing php files over ftp in prod was ahead of it's time -- I was there, man, and it sucked. I just know I'll be really confused about why something doesn't work eventually and wish I had some tracking of what changed over time. I want my IDE. I want VCS!
> I want to be direct: containers are not a sufficient security boundary for hostile code. They can be hardened, and that matters. But they still share the host kernel. The failure modes I see most often are misconfiguration and kernel/runtime bugs — plus a third one that shows up in AI systems: policy leakage.
simonw•4w ago
I wrote about this because it hits two of my current obsessions at once - developer environment sandboxes (for safely running Claude Code etc in YOLO mode) and APIs for executing untrusted code.
indigodaddy•4w ago
^^ So is Claude Code baked into a default sprite? If so, how/who/what API key is paying for CC? (I'm assuming this gets configured some way? Perhaps in just the normal CC CLI way?)
simonw•4w ago
aszen•3w ago
Is there a similar service that runs locally?
onenite•3w ago
onenite•3w ago
skybrian•3w ago
Since I anticipate using coding agents a lot, that means my dev environment is going to live in a VM in the cloud from now on.
ichiichisan•3w ago
skybrian•3w ago
ichiichisan•3w ago