Developers now benefit from consistency and repeatability for cutting-edge workflows, including agentic AI.
Today, Canonical announced the release of Workshop, a solution for launching development environments with a single command. These environments are configured once, and can be reproduced on different machines. This means consistent workflows across development machines and deployment pipelines, and less time managing dependencies.
“Developers operating at the cutting edge want to focus on what they’re building, not on dependencies or workstation configuration,” said Jon Seager, VP of Engineering at Canonical. “Workshop enables developers to achieve that elegantly with a single YAML file that defines their environment, and pulls the exact dependencies and components they need. Workshops also serve to standardize and sandbox agentic tooling consistently across teams.”
Composable and repeatable development environments
The time window between “cutting edge” and “mainstream” continues to shrink, meaning developers don’t have time to wait. However, this typically means extensive manual effort: both in configuring all the software you require, and ensuring it can harmlessly and effectively run on your machine. The problem scales when team members need to collaborate, often on different hardware.
Workshop brings composability and repeatability to developer environments. Individuals can pull SDKs such as Ollama, OpenCode, NVIDIA CUDA, and AMD ROCm by including them in their Workshop configuration files. Once an environment is specified, creating, upgrading, or winding down an environment can be done with a few keystrokes.
Workshop environments are defined in simple YAML documents, and can therefore be version controlled and shared among project contributors. Workshops can be trivially reproduced with a single command, and feature an interface system, inspired by snapd, that simplifies host resource allocation.
Agent-ready sandboxing
In the fast-paced world of agentic AI, teams need resilient confinement to ensure they can develop at speed, without risking harm to the host system. Workshop’s development environments run in unprivileged system containers to minimize the attack surface available to workloads running within them.
Repeatability applies to security, too. In Workshop, SDKs are limited to a uniform means of requesting access to resources, such as access to the desktop to display a GUI app, or access to the SSH agent from the host machine. Security doesn’t depend on knowing the individual protocols of a container, and strict access controls can be enforced for AI agents.
“Ease of use for developers shouldn’t mean ease of access for AI agents. There’s naturally a tension between these two ‘user’ groups, but Workshop resolves it through strict enforcement of access controls,” said Dmitry Lyfar, Engineering Manager at Canonical. “Resource allocation remains simple and consistent across all environments to minimize human error, while non-privileged defaults effectively constrain workload capabilities.”
Access your host’s resources in the simplest way possible
Workshop’s isolation doesn’t mean you’re cut off from the specific capabilities your hardware has to offer. Workshop dispenses with complex mapping scripts and filesystem paths, offering instead a standardized way to access mounts, devices, and network services from the contained environment.
If a pre-designed SDK already exists to access a specific piece of hardware, you can choose to incorporate it into your YAML to optimize the resulting toolchain for your machine; if it doesn’t, you can create a custom one just for yourself.
Get started with Workshop
Ensure you’re running LXD 6.8 or newer before installing Workshop.
sudo snap install --channel=6/stable lxd
sudo snap install --classic workshop
To learn more about managing modular workspaces, exploring the SDK store, or building SDKs, read the Workshop documentation here.