I see this as a way to build apps with agentic flows where the original files don't need manipulation; instead, you create something new. Whether it's summarizing, answering questions, or generating new documents, you can use a local/internal LLM and feel relatively safe when tool calling is also restricted.
I like the perspective used to approach this. Additionally, the fact that major browsers can accept a folder as input is new to me and opens up some exciting possibilities.
What I was also curious about is what is actually sent and received by the agent, so I included this feature and created a CLI to make integration easier in a developer workflow.
Since I started doing this for other agents as well, I considered the idea of using a VM with Vagrant. However, I want the setup to remain minimal, so I still believe there is room for improvement.
I found VM to be on-par with Docker. Sure, the initial provision takes time, but this is true to for initial Docker build as well. I know that worrying about sharing kernel with the Docker container, is probably light paranoia, but I really don't trust agents to not run malicious code.
The first rule covers it best: it is crucial that you know what you are doing in order to benefit from these tools.
Regarding the second and third rules, I like to work with two terminals. One is for my agent, isolated in a container, and the other one I use for `git`. This way, I can assess whether my changes are moving in the right direction.
The PLAN.md files have also proven to be a good approach. I'm still trying to figure out the best way to keep them aligned with the application without polluting the context, but they hold significant value for documentation purposes.
I think a properly hand tuned AGENTS.md with proper tooling instructions and a single PLAN.md goes a long way especially if you add directives in AGENTS.md to keep the PLAN.md always updated with journaling.
