DEV Community

agent-workspace-linux Is Not Computer Use: Verify the Workspace Boundary First

Most computer-use failures start before the model acts: the agent is operating inside the user's real browser, clipboard, focus, or files. agent-workspace-linux takes the opposite route. It creates an agent-owned Linux desktop backed by Xvfb and openbox, with a separate browser and clipboard.

The first run should be boring and observable. Install the Linux dependencies from the upstream README, then run agent-workspace-linux doctor. Use workspace start --dry-run before workspace start --ack-hidden-workspace --purpose "QA run".

Open the viewer, launch one test app, save workspace observe --screenshot --output /tmp/ws.png, and finish with workspace stop.

Security Boundaries

Do not call the viewer a security boundary. --permissions or AGENT_WORKSPACE_PERMISSIONS is the hard ceiling for networks, mounts, and apps; without bubblewrap, those policies may only be declared.

Current Status

The project is pre-1.0, and issues #21 and #22 cover live-control and clipboard risks. I would use it first for GUI QA or disposable browser profiles, not production credentials.

Resources

Independent Doramagic resource pack; not an official upstream release or endorsement.

Comments

No comments yet. Start the discussion.