{"slug": "show-hn-yolo-mode-not-on-your-laptop", "title": "Show HN: YOLO mode, not on your laptop", "summary": "Voidx, a new agent-and-git-first remote sandbox dev environment, launched to provide a secure, cross-device platform for running coding agents in cloud VMs. The tool integrates OpenAI's Codex and supports ephemeral workspaces booted from Git repos, enabling users to safely automate complex development tasks like rewriting legacy Python 2.7 systems to Python 3.14 and Django 6. Voidx addresses security risks highlighted by incidents where LLMs like Fable 5 ran commands with excessive privileges outside sandboxes.", "body_md": "# YOLO mode, not on your laptop\n\nIt’s 2026, and you have plenty of reasons to put your agents in a cloud sandbox VM. Take security. According to [this](https://simonwillison.net/2026/Jun/11/fable-is-relentlessly-proactive/) post, Fable 5, the most advanced LLM in the world, ran commands with alarming privileges (OS screenshots, among other things) to fix a bug that came down to two lines of CSS. As Simon Willison puts it, “Running coding agents outside of a sandbox has always been a bad idea.” Another reason: you don’t need this $199 Precision Claw.\n\nYou may have heard of exe.dev, Sprites, or shellbox.dev. Remote dev environments like these made the rounds a few months back. You manage Sprites through a CLI tool; the other two (exe.dev, shellbox.dev) picked SSH, which is cool. But as k9s is to kubectl and lazygit is to git, a proper TUI / UI makes you faster. That’s voidx: an agent-and-git-first remote sandbox dev environment across your devices.\n\nHere’s a quick example: spinning up an interesting Git project in a VM. (Prompt: Set up a demo for [https://github.com/henrygd/beszel](https://github.com/henrygd/beszel) on localhost:3000) Worth noting: the asciinema recording itself was also edited by gpt-5.5 in Voidx — done in a single prompt.\n\n### Codex, uncut\n\nIn a recent [post](https://openai.com/index/codex-for-every-role-tool-workflow/), OpenAI says Codex started as a tool for software development, but these days people in all kinds of roles use it to get their work done faster. No surprise there: an agent can always do more than a bare LLM. On top of that, Codex knows its way around Linux: many skills depend on purpose-built Python scripts or pdftotext.\n\nCodex is superb, as long as you don’t let it write your frontend. We built Codex into voidx: a Codex pane on the left, a terminal on the right, plus a HUD. That means your ChatGPT subscription works here as-is: with your consent, voidx injects your Codex credentials into your sandbox VM for that session. You can run your favorite vibe coding tools in the terminal too.\n\n### Git, Git, Git\n\nWe designed the voidx sandbox to be ephemeral from day one (you can’t keep a VM’s disk today; we’ll ship that soon). That’s fine. Modern software development can’t live without Git. We pull. We edit. We push. It’s second nature by now. So you can boot voidx from a git repo.\n\nWe can show this with a story.\n\nAt the daily 4:30 p.m. standup, your boss tells you he wants to revive a fifteen-year-old business system written in Python 2.7. Your vision goes dark for a second.\n\nBack at your desk, you stare at this museum piece of a repo, unsure where to start. The last commit is from 2011, and the message says “fix bug”. Ugh. You might as well let an agent take the first crack at it.\n\nYou run `voidx start git@laundry.inc:archived/old.git`\n\nto spin up a remote VM and clone the whole project. You don’t expect much, but you’ve been falling behind on the company token-burn leaderboard, so you write:\n\n```\n/goal Rewrite the whole repo to Python 3.14 & Django 6.\nInstall Python 2.7 and get the old system running first.\nWrite massive tests to ensure old and new behave exactly the same.\nRun the rewritten project on 0.0.0.0:1234\n```\n\nWhatever happens, happens. You close the MacBook, drop it in your bag, and head home.\n\nThe next morning, on a packed rush-hour subway, you remember the whole mess and open voidx mobile on your phone. The agent swears up and down that the work is done. `412 test cases, 409 passing, 3 skipped.`\n\nThe three skipped tests all touch `round()`\n\n: Python 2 rounds half away from zero, Python 3 uses banker’s rounding. The agent asks:\n\nI noticed the skipped tests touch the financial module — this is an important consideration! Would you like me to preserve the legacy rounding behavior to ensure full consistency with the original system? Just let me know how you’d like to proceed! 🚀\n\n“Keep it,” you tell the agent.\n\nYou step out of the station with all 412 tests passing.\n\nBack at your desk, you try `/expose http 1234 1d`\n\nand open the URL. It looks legit. You half-ass your way through a few features and each one works. Huh. You tag it rebirth, push, and toss the link into the business team’s Slack channel: “mind testing this?”\n\nFree QA. Beautiful.\n\n### Everything else\n\n- The classic case for a cloud dev environment: you’re on a weak connection, or somewhere a laptop is awkward, and inspiration strikes. Hand the task to an agent from the phone app, then pick the work back up at your desk. The sandbox stays in full sync between your phone and your computer.\n- Slash commands: handy shortcuts like\n`/commit`\n\n,`/push`\n\n,`/yeet`\n\n(`/commit`\n\n&`/push`\n\n),`/upload`\n\n,`/forward`\n\n,`/expose`\n\n, and`/unexpose`\n\nsmooth out the dev loop. - Speech recognition on mobile runs on the device, start to finish.\n- It runs on MicroVMs. 2026 is the year of LPE (Local Privilege Escalation). Bugs like DirtyClone, Copy Fail, Dirty Frag, and Fragnesia\n[threaten](https://github.com/avevad/copyfail-docker-escape)sandbox setups that share a kernel. A VM gives you stronger isolation. (You can verify it on voidx in seconds!)\n\n### Security\n\nA sandbox is not a magic incantation you chant to make every security problem disappear. You should know what happens under the hood.\n\nPicture the agent inside the sandbox: it runs as root. As a rule, even an agent gone rogue can’t break out of the sandbox, but it can read every file inside it. Assume the agent will read anything you pass in: the filesystem, process environment variables, and so on.\n\nThe sandbox needs to push and pull. If we uploaded your git SSH private key into it, the agent could read the key with one `cat`\n\n. `ssh-agent`\n\nbails us out with signature forwarding: the private key stays on your machine, and your local ssh-agent signs for the sandbox over the wire to authorize it. Compared with handing over the raw key, though, this has a downside: you have to stay connected to the sandbox to keep signing for it. That’s engineering. Much of the time you can’t have both security and convenience.\n\nWe upload one more secret into the sandbox: the key you use to call your model (for a ChatGPT subscription, that’s the access token in auth.json). Unfortunately, we haven’t found a good fix for this one.\n\n### Pricing\n\nvoidx and voids.run are commercial products.\n\nThe short version: you pay for the cloud resources you use, meaning the CPU time you burn ($0.045/vCPU/hr) plus the memory you reserve ($0.01/GB/hr). On a subscription ($20 or $200 a month) you get 2.5x the usage credit ($50 or $500 a month). One subscription works across the voids.run cloud platform, voidx included.\n\nIt even comes in under DigitalOcean. Take a light CPU load: a 1-core / 2 GB box averaging 10% CPU, with 2 GB reserved, costs $17.64 a month at API prices. On a subscription, that works out to $7.06 a month, under DigitalOcean’s $12.\n\n### Voids.run\n\nvoidx sits on top of voids.run. We want voids.run to make agent development simpler. We ship an API and an SDK (Rust for now, with Python, TypeScript, and Go coming).\n\nWe spent a long time on the design and polish, but both products are in their early days. We want your suggestions: come find us on [Discord](https://discord.gg/TGdRhDEDb) to talk things through or report problems.", "url": "https://wpnews.pro/news/show-hn-yolo-mode-not-on-your-laptop", "canonical_source": "http://docs.voids.run/blog/yolo-mode-not-on-your-laptop/", "published_at": "2026-07-07 17:50:35+00:00", "updated_at": "2026-07-07 17:59:40.624289+00:00", "lang": "en", "topics": ["ai-agents", "developer-tools", "ai-tools", "ai-safety", "ai-products"], "entities": ["Voidx", "OpenAI", "Codex", "Fable 5", "Simon Willison", "exe.dev", "Sprites", "shellbox.dev"], "alternates": {"html": "https://wpnews.pro/news/show-hn-yolo-mode-not-on-your-laptop", "markdown": "https://wpnews.pro/news/show-hn-yolo-mode-not-on-your-laptop.md", "text": "https://wpnews.pro/news/show-hn-yolo-mode-not-on-your-laptop.txt", "jsonld": "https://wpnews.pro/news/show-hn-yolo-mode-not-on-your-laptop.jsonld"}}