Changes the AI makes to the "workdir" are extracted via diffs or git commits, so you can see what the AI did before deciding if you want it or not.
It has no access to your home dir, no access to your env, and you can restrict its network access.
Containment can be container or VM level, with a Linux or MacOS contained environment.
Here's my data and search engine with all the HN data:
There are some examples I did with opus, sonet and deepseek models: https://onvibe.run/forkable
It has pg, file uploads, emails, etc. The mcp provides tools to run migrations, snapshots, drafts, etc.
I started It to allow my wifi and daughter create their custom tools.