Add limactl shell --sync-host-workdir (prevents AI agents from breaking the host files) #3711
Description
limactl shell --sync-host-workdir INSTANCE COMMAND... will do:
- copy the host workdir to the VM, and set the copied dir as the guest workdir
- run the commands
- sync back the changed content of the workdir (if the user accepts the changes)
This is quite similar to how https://github.com/AkihiroSuda/alcless works:
$ alcless bash -euxc "echo foo > foo"
5:56PM INF ➡️ Syncing the files src=/Users/suda/foo/ dst=default:/Users/alcless_suda_default/Users/suda/foo
+ echo foo
5:56PM INF ⬅️ Syncing the files back (dry run) src=default:/Users/alcless_suda_default/Users/suda/foo/ dst=/Users/suda/foo
>f..t.... foo
5:56PM INF ⬅️ Syncing the files back src=default:/Users/alcless_suda_default/Users/suda/foo/ dst=/Users/suda/foo
⚠️ The following commands will be executed:
rsync -rai --delete -e '/Users/suda/.local/bin/alclessctl shell --workdir=/ --plain' default:/Users/alcless_suda_default/Users/suda/foo/ /Users/suda/foo
❓ Press return to continue, or Ctrl-C to abort
CONTINUE
>f..t.... fooImplementation
As in https://github.com/AkihiroSuda/alcless, rsync can be used.
The workdir must not be a large directory such as the home directory.
Use case
The expected use case is to run AI agents such as codex, gemini, and claude inside the VM so as to avoid breaking the host files.
$ limactl start --mount-none template://claude
$ cd ~/some-project
$ limactl shell --sync-host-workdir claude claude
Changed files:
- foo.go
- Makefile
⚠️Accept the changes?
→ Yes
No
View the changed contents