AGENTCONTAINER ARCHITECTURE (V3)

TARGET: Secure AI Execution Sandbox (Local, Offline)
WORKLOAD: Autonomous AI Coding Agents (Codex, Claude Code, Gemini CLI)
OBJECTIVE: Provide an Enterprise FHS environment, Host-Driven "Triple Enter" Tmux Multiplexing, Native API Session Resumption, and zero Host OS exploit vectors.

1. The Enterprise Sandbox (Microsoft Universal)

We leverage Microsoft's open-source devcontainers/universal image. It is pre-hardened for AI operations, packed with compilers, and includes safe Docker-from-Docker proxies. It keeps your code 100% local while providing a trillion-dollar company's standardized development environment.

# /home/palav/AgentContainer/docker-compose.yml
services:
  ai_sandbox:
    image: mcr.microsoft.com/devcontainers/universal:latest
    container_name: AgentContainer
    command: sleep infinity 
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/palav/Projects:/workspaces:rw
      - /home/palav/docker:/host-configs:ro
      - /home/palav/.gemini:/root/.gemini:rw
      - /home/palav/.claude:/root/.claude:rw
      - /home/palav/.codex:/root/.codex:rw

2. Local Git Protection: The Shadow Repo

THE THREAT: A rogue YOLO agent runs rm -rf .git, destroying version history permanently.

THE MITIGATION: A "Shadow Repo" on the Host OS continually fetches commits out of the container's reach.

# Host-Side Cron Sync (Runs every 1 minute)
#!/bin/bash
git fetch /home/palav/Projects/Chambers/.git +refs/heads/*:refs/heads/* --prune=false quiet

3. The "Triple Enter" GUI Workflow

We eliminate typing docker exec by modifying the Host's tm script. We implement a nested fzf workflow that behaves as a completely keyboard-driven launchpad.

Workflow Execution:

  1. Enter 1 (The Target): Select your project (e.g., Chambers) from the main `tm` menu.
  2. Enter 2 (The Agent): A second menu pops up. Select your AI agent (e.g., Claude Code).
  3. Enter 3 (The Memory): A final menu pops up. Select Resume Previous Chat or Start New Chat.

The Logic Implementation:

# Inside the tm script
"Claude Code")
    chat_type=$(echo -e "Resume Previous Chat\nStart New Chat" | fzf --prompt="Claude Memory> " --layout=reverse)

    if [ "$chat_type" = "Resume Previous Chat" ]; then
        # Hooks into the native API session state
        cmd="claude --dangerously-skip-permissions --resume"
    elif [ "$chat_type" = "Start New Chat" ]; then
        cmd="claude --dangerously-skip-permissions"
    else
        continue
    fi

    # Spawn a fresh, full-screen Tmux Window dropping instantly into the YOLO agent
    tmux new-window -t "$session_name" -n "Claude" \
        "docker exec -it AgentContainer bash -c 'cd /workspaces/$session_name && $cmd'"
    tmux attach-session -t "$session_name"
    exit 0
    ;;

4. Native API Session Memory

We do not rely on hacky text appending to resume chats. By passing flags like --resume, the CLI tool reaches into the .claude or .codex directories we mounted in the compose file.

It reads the cryptographically hashed session ID from the previous conversation, authenticates with the remote API, and reloads the exact token context window. This guarantees mathematical token continuity across container restarts and Tmux sessions.

5. Resource Monitoring & The Kill Switch

When running multiple autonomous agents, monitoring RAM and terminating rogue processes is critical.

Real-Time Dashboard

Split a thin pane at the bottom of your Host Tmux window to stream the container's footprint:

docker stats AgentContainer --format "table {{.MemUsage}}\t{{.CPUPerc}}\t{{.PIDs}}"

The YOLO Kill Switches

  • Soft Kill (Pane Closure): Press Ctrl-b + x on the Host Tmux window running the agent. This severs the TTY connection and sends SIGHUP to the agent process inside the container.
  • Hard Kill (Nuclear): docker exec AgentContainer pkill -9 node (Obliterates any runaway Claude/Gemini processes instantly).