One problem with using containers as an isolation environment for a coding assistant is that it becomes challenging to have the agent work on a containerized project. You often need some janky "docker-in-docker" nonsense that hampers efforts.
I like using LXC containers, eg full persistent OS and you can do docker if you want etc. I started this and it works well for me to put on a server or VPS:
"language server" is probably not particularly obscure (or random) to the audience of people who know what "mecrisp-stellaris" is (i.e. the audience of the post).
i actually doubt "language server" is obscure to pretty much anyone who has done any programming recently.
Perhaps you're thinking of Bunnie Huang, who wrote a book about reversing the xbox. I love Bunnie because he seems to be in it for the joy and the sharing of information.
Geohot (IIUC) hacked the iphone because apple didn't allow devs to run their own code at launch, and the playstation because sony removed the ability to run linux on the console. I love geohot because he seems to be in it to stick it to the man.
This works great for naked code, but it kinda becomes a PITA if you want to develop a containerized application. As soon as you ask your agent to start hacking on a dockerfile or some compose files you start needing a bunch of cockeyed hacks to do containers-in-containers. I found it to be much less complicated to just stuff the agent in a full fledged VM with nerdctl and let it rip.
Just taking this opportunity to point out (in case you haven't read it) that your project is very reminiscent of a fantastic scene from the classic cyberpunk novel Count Zero, in which the main charater Bobby catches a lift from Lucas, some kind of cybervoodoo shaman, in an autonomous limo named "Ahmed" equipped with advanced electronic countersurveilance.
---
"Lucas," Bobby said, his mouth half full of cold fried chicken, "how come it's taking us an hour and a half to get to New York? We aren't exactly crawling.
"Because," Lucas said, pausing for another sip of cold white wine, "that's how long it's taking us. Ahmed has all the factory options, including a first-rate countersurveillance system. On the road, rolling, Ahmed provides a remarkable degree of privacy, more than I'm ordinarily willing to pay for in New York. Ahmed, you get the feeling anybody's trying to get to us, listen in or anything?"
"No, sir," the voice said. "Eight minutes ago our identification panel was infra-scanned by a Tactical helicopter. The helicopter's number was MH-dash-3-dash-848, piloted by Corporal Roberto
"Okay, okay," Lucas said. "Fine. Never mind You see? Ahmed got more on those Tacs than they got on us."
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overv...
reply