Maximum isolated cli for Docker

[gwpl]

Could you provide commandline (in some e.g. bash script file or some README), that runs things in docker with maxium isolation! What does it mean?

Topic of isolating programs running in Docker for security purposes, is explored here:

• https://github.com/jessfraz/dotfiles/blob/master/.dockerfunc - bash functions wrapping calls
• https://github.com/jessfraz/dockerfiles - docker files for above file
• https://youtu.be/cYsVvV1aVss - lecture by Jess Fraz about using "Docker as a Desktop" to run everything in Dockers with increased isolation.

It basically means to set all isolation parameters as strict as possible, and allow only the most necessary minium.

[ATheorell]

The docker part of gpt-engineer is not-well maintained currently, partly because of a lack of deep expertise on the topic. How much work is this? Do you think you could pick this up in a PR @gwpl ?

[bkutasi]

It's a good idea, but the main target model for this is GPT-4 isn't it? It makes sense to run it in docker but in the end the processing will be done in the cloud not on the local machine. If we could integrate it with a local model running also in a container, that would be max isolation. exllama (v1) supports docker, but I haven't tested it yet: https://github.com/turboderp/exllama

[gwpl]

Let me provide some thoughts to point touched:

It's a good idea, but the main target model for this is GPT-4 isn't it? It makes sense to run it in docker but in the end the processing will be done in the cloud not on the local machine.

Yes and no.

Isn't GPT engineer executing commands (i.e. compiling and running code, tests) based on what GPT tells it to do?

That way if GPT-4 would get weird, program with a bug may accidentally, e.g. overwrite files in your home directory or do literally whatever... (in some languages like Rust you can execute arbitrary code via macros during compilation process...) not mentioning that it maybe not code returned by GPT, but e.g. GPT finding and adding fishy dependencies during "development process".

Therefore I assume that it's very wise to do all gpt-engineer computations isolated (even making calls to gpt-4) and later audit result and trash enviornment.

Also... do I understand corerctly that there are projects that act like "drop-in OpenAI REST API " replacement? ( https://localai.io/ ) ? That way one could point isolated environment (just change their DNS or whatever) so when they try to call open ai , they actually call LocalAI, and via it one can use local models (if data safety is a concern). Or (!) maybe it's even possible to repackage and use other providers (Also I bet there are projects, otherwise , should be not hard to do, that can be adapters, to allow tools targeting OpenAI API to use other providers (e.g. Falcon , Claude, replicate.com , runpod.io or local instances).

[gwpl]

@ATheorell

How much work is this? Do you think you could pick this up in a PR @gwpl ?

For someone experienced in the process, probably not too hard but a bit time consuming (probably possible to automat). It's :

• "start with least restricted environment"
• iterate over array of restricting flags, and keep trying which can be added and thing still works

One can make inspiration of list of such flags from attached repositories. (probably also GPT can help to look for more restricted versions ;) , it would be super cool to see a GPT-4 based agent that is looking for most restricting rest of flags/configs for Dockerfile execution , while still passing some functionality tests!).

So, as you see depending on experience it is "some work" or "a lot of work".

Time invested to do this once, returns, as later each time one does it will is very simliar process. (So person can with such skill help many other repositories and projects).

I am personally not sure when I may find time to sit on it. 🤞🏻

[gwpl]

If we could integrate it with a local model running also in a container, that would be max isolation. exllama (v1) supports docker, but I haven't tested it yet: https://github.com/turboderp/exllama

Also if we try AI model executor/evaluator ( whatever exllama or llama.cpp or whatever else...) than it can run for performance outside of container, as it maybe trusted to just computer "input-> AI model -> output".

While if we have later agent that takes that "output -> agent -> perform changes in code, compiles, " then it may lead to executing whatever changes accidentaly in environment (as I descibed), therefore should be sandboxed and isolated (or just in VM e.g. with Vagrantfile https://www.vagrantup.com/ ).