If you're scared about crush or other agents accessing too much of your files -> isolate them in a docker container
So look I'm a complete beginner in docker, only know it because lemmy's own documentation says to use it to deploy a lemmy server. I'm hoping people in the comments will be able to provide more information and perhaps a better way to do this than the way I did it.
But if you're on linux (which is where docker is native, getting it to run on windows is kind of a whole thing), you can easily install docker with apt or similar, then create an image and container -> ask deepseek to provide instructions for it, and just copy paste the commands. Absolutely stressless and takes 30 seconds.
Give it your OS, tell it what you want to do 'from scratch' (i.e. "I want to install a docker container of ubuntu/debian/whichever from scratch, I am on Linux Mint i.e. Ubuntu 24.04") and let it print out the instructions.
What I did was install a small linux image in my docker container (most of them are available simply via 'docker pull distro-name', and also mount a shared folder in the container. It shows up as mnt/share in the docker container, and on my local machine it's in my Documents folder. This means I can communicate between the docker container and my own OS through this one specific folder.
You can and should also tell deepseek what you want that mounted shared folder to be, what you want to call your container, what your terminal username is (I just copy an output from the terminal after the first command in the guide so it knows) etc. so that it knows this info later in the conversation. Otherwise you're gonna have to rewrite every command it gives with the actual names you're using.
(More info that's not necessary for this guide but might be interesting)
I found out that crush installs with root access. It kinda needs it so that's to be expected, but it also means it can act on your system files if it decides to do that.
As far as I'm aware, the container ensures the AI will not have access to anything on your actual machine, except through this one folder where all your projects you want to submit to agentic AI will live. And you can move them out of that folder at any time. Not sure if you need a whole linux in it to make this work but the basic images are only a few hundred megabytes or so.
All in all it's like 5-6 commands to get docker and a container running, and deepseek will walk you through it every step of the way. I could print them out here but because it also depends a bit on your distro and what you want, it's just so much easier to give deepseek the prompt and let it make you a custom guide.
When you want to access crush later, you simply spin up the docker container in the terminal -- it's instantaneous as long as the docker service is running, which deepseek will also show you how to do -- navigate to the mnt/share/subdirectory of your choice, and type 'crush' in the command-line, just like you would in your own terminal.
Because you can also commit containers and images, this means you should also be able to revert to a prior docker environment if the AI somehow breaks something, I think. But you need to make these copies yourself. Someone might want to chime in.
You will have to install the LSPs you want as well as other packages in that container though if you want crush to use them, so you might duplicate some stuff. But that's about the only downside I can think of.
With that system + letting it know to use git commits in the directory, you can probably put crush in yolo mode, which bypasses all permission requests. I wouldn't necessarily do it though, but it should be safe.
CriticalResist8 in crushagent
If you're scared about crush or other agents accessing too much of your files -> isolate them in a docker container
So look I'm a complete beginner in docker, only know it because lemmy's own documentation says to use it to deploy a lemmy server. I'm hoping people in the comments will be able to provide more information and perhaps a better way to do this than the way I did it.
But if you're on linux (which is where docker is native, getting it to run on windows is kind of a whole thing), you can easily install docker with apt or similar, then create an image and container -> ask deepseek to provide instructions for it, and just copy paste the commands. Absolutely stressless and takes 30 seconds.
Give it your OS, tell it what you want to do 'from scratch' (i.e. "I want to install a docker container of ubuntu/debian/whichever from scratch, I am on Linux Mint i.e. Ubuntu 24.04") and let it print out the instructions.
What I did was install a small linux image in my docker container (most of them are available simply via 'docker pull distro-name', and also mount a shared folder in the container. It shows up as mnt/share in the docker container, and on my local machine it's in my Documents folder. This means I can communicate between the docker container and my own OS through this one specific folder.
You can and should also tell deepseek what you want that mounted shared folder to be, what you want to call your container, what your terminal username is (I just copy an output from the terminal after the first command in the guide so it knows) etc. so that it knows this info later in the conversation. Otherwise you're gonna have to rewrite every command it gives with the actual names you're using.
(More info that's not necessary for this guide but might be interesting)
I found out that crush installs with root access. It kinda needs it so that's to be expected, but it also means it can act on your system files if it decides to do that.
As far as I'm aware, the container ensures the AI will not have access to anything on your actual machine, except through this one folder where all your projects you want to submit to agentic AI will live. And you can move them out of that folder at any time. Not sure if you need a whole linux in it to make this work but the basic images are only a few hundred megabytes or so.
All in all it's like 5-6 commands to get docker and a container running, and deepseek will walk you through it every step of the way. I could print them out here but because it also depends a bit on your distro and what you want, it's just so much easier to give deepseek the prompt and let it make you a custom guide.
When you want to access crush later, you simply spin up the docker container in the terminal -- it's instantaneous as long as the docker service is running, which deepseek will also show you how to do -- navigate to the mnt/share/subdirectory of your choice, and type 'crush' in the command-line, just like you would in your own terminal.
Because you can also commit containers and images, this means you should also be able to revert to a prior docker environment if the AI somehow breaks something, I think. But you need to make these copies yourself. Someone might want to chime in.
You will have to install the LSPs you want as well as other packages in that container though if you want crush to use them, so you might duplicate some stuff. But that's about the only downside I can think of.
With that system + letting it know to use git commits in the directory, you can probably put crush in yolo mode, which bypasses all permission requests. I wouldn't necessarily do it though, but it should be safe.