I can't speak for other providers, but the way we handle state is by persisting to mounted volumes that are re-mounted on restart. I'd argue that there are a few different types of sandboxes, as there are sandboxes designed for pure code execution, such as in an LLM chat, and there are more longer-lived dev environments more like a standard development environment, etc (we are the latter). If it helps, we did a write up last year of our experiences with trying to build on top of ephemeral type architectures.
I don’t see how this is palatable by serious organizations? So you build this huge memory graph of preferences? But none of it is explicit? It’s all just magic? The attack vectors from a security angle seem insane. Also the absence of any explicitness in how you define standards seems completely not viable in a commercial context? I mean it’s crazy cool as a hobby project, but also seems not to have a serious commercial viability?
There are definitely potential security issues with memory for coding agents, which apply to not only Cursor but also Windsurf. Looking forward to more research in this area.
Yeah, exactly. Containers locally are a basic foundation. But usually those containers or services need to talk to one another, they need some form of auth and credentials, they need some networking setup. There's a lot of configuration in all of that. The more devs swap projects or the more complex the thing you're working on the more the challenge grows. Automating depedencies, secret access, ensuring projects have the right memory, cpu, gpu etc. Also security - moving source code off your laptop and devices and standardizing your setups helps if you need to do a lot of audit and compliance as you can automate it.
Yeah, that's fair. The blog was getting quite long, so we need to do some deeper dives in follow-ups.
Gitpod Flex is runner-based. The runner interface is intentionally generic so that we can support different clouds, on-prem or just Linux in future.
The first implemented runner is built around AWS primitives like EC2, EBS and ECS. But because of the more generic interface Gitpod now supports local / desktop environments on MacOS. And again, future OS support will come.
There’s a bit more information in the docs, but we will do some follow ups!
Awesome, looking forward to hearing more. I only recently began testing out Theia and OpenVSCodeServer, I really appreciate Gitpod's contributions to open source!
It's a compute resource you configure to offload compute jobs from a specific platform. You can have for instance Jenkins runners that will actually execute the pipelines and leave the main node free to do UI and admin tasks.
You also have github and gitlab VCS's that have their own hosted runners for pipelines, but also enable you to configure a runner to use private resources to offload jobs to.
I can't speak for other providers, but the way we handle state is by persisting to mounted volumes that are re-mounted on restart. I'd argue that there are a few different types of sandboxes, as there are sandboxes designed for pure code execution, such as in an LLM chat, and there are more longer-lived dev environments more like a standard development environment, etc (we are the latter). If it helps, we did a write up last year of our experiences with trying to build on top of ephemeral type architectures.
https://ona.com/stories/we-are-leaving-kubernetes