A High-Isolation AI Agent CI Sandbox with Cloudflare Tunnel and Docker

Why This Setup Exists 最近诸如 OpenCode、Claude Code 等基于终端(TUI/CLI)的 AI 编码智能体热度极高。相比传统的 Copilot 插件,这类 Agent 拥有真正的 Shell 执行权限、自主工具调用能力以及直接重写本地文件的能力。它们不再只是提供代码建议,而是能像一个真正的初级程序员一样,替你完成“理解需求 -> 修改代码 -> 运行单测 -> 修复 Bug”的完整闭环,也就是现在大家常说的 Vibe Coding。 然而,巨大的生产力背后也潜藏着非常现实的安全隐患: 系统权限暴露:AI 在执行复杂指令时可能误删宿主机文件,或者执行了错误的系统命令。 供应链攻击风险:AI 可能为了修复 Bug 而从网络下载、安装未经审核的第三方依赖包。如果依赖包里含有恶意后门,宿主机的 SSH Key、浏览器 Cookie、钥匙串及隐私文件都可能受到影响。 远程入口风险:为了随时随地调用本地算力和本地开发环境,很多人会暴露 SSH、Web IDE 或代理服务。一旦鉴权和网络边界没做好,就等于把开发机挂在了互联网上。 所以我想解决的是一个很明确的问题:既要随时随地远程调用 AI 帮我写代码,又要尽可能保证宿主机安全。 本文记录的方案,是将 WebSSH + Cloudflare Tunnel + Docker 沙箱 + AI Agent CI 融合起来的一套本地自动化编程环境。它的目标不是宣称“永远不可能被攻破”,而是在工程上把风险压缩到一个可控的容器边界内。 Architecture 整体架构遵循两个原则: 最小权限原则:AI Agent 只拿到完成任务所需的目录、网络、令牌和系统能力。 数字侧隔离:所有高风险命令、依赖安装、测试运行和代码修改,都发生在 Docker 容器内部,而不是宿主机。 可以把整个系统理解成四层: Browser | | Cloudflare Access / WebSSH v Cloudflare Tunnel | v Local Docker Host | v AI Agent Sandbox Container | v Mounted Project Workspace 其中: ...

June 16, 2026 · 3 min

Frequent Mac WindowServer Crashes: A Complete Troubleshooting Record of an Intel Built-in Display Anomaly

The Symptom Recently this Intel MacBook Pro has been randomly black-screening and kicking me back to the login screen. The apps and windows I had open get closed, looking very much like a logout or a desktop crash. Machine info: Model: Intel MacBook Pro with a T2 chip OS: macOS 26.x GPU: Intel Iris Plus Graphics External devices: no external display or Thunderbolt devices connected during troubleshooting After the incidents, the system diagnostic directory contained multiple WindowServer reports: ...

June 5, 2026 · 6 min

Configuring GitHub MCP in OpenCode

Configuration Add the following snippet to your OpenCode config file: "mcp": { "github": { "type": "local", "command": [ "docker", "run", "-i", "--rm", "-e", "GITHUB_PERSONAL_ACCESS_TOKEN", "ghcr.io/github/github-mcp-server" ], "environment": { "GITHUB_PERSONAL_ACCESS_TOKEN": "your GitHub token" } } } Two things to note: Docker must be installed and running on your machine The field name is environment, not env Verifying the connection First, run: opencode mcp list A healthy result should include: github connected To make an actual call, drop into opencode and try: ...

May 23, 2026 · 1 min

Traps I Fell Into: The Full Playbook for Deploying a Hugo Static Blog on Cloudflare Pages in 2026

🚀 Introduction In 2026, hosting a Hugo-compiled Markdown static blog on Cloudflare Pages (a.k.a. CF Pages) is still the ultimate “free lunch” combo on the planet. You get global edge delivery with sub-second loads, fully free usage, and unlimited requests/traffic. However, as Cloudflare pushes forward with a major dashboard redesign and Hugo keeps iterating, plenty of older tutorials have turned into a field of buried landmines. This post is a real, unfiltered account of the full trap-clearing, course-correcting journey. ...

May 21, 2026 · 4 min

Hello World: My Hugo Blog Goes Live

Welcome to my new blog This is a blog built with Hugo + Cloudflare Pages. First Markdown test post! package main import "fmt" func main() { fmt.Println("Hello, Cloudflare!") }

May 21, 2026 · 1 min