Standardized environment for creating an isolated workspace where agentic AI tools can be run safely and consistently across Wunder.io projects.
The ddev-agents add-on provides a pre-configured agents service and VS Code Dev Container settings. Key benefits include:
- Host Isolation: AI agents run in a dedicated, isolated container. This protects your host machine from potentially errant scripts or external packages executed by AI tools.
- Standardization: Every project uses the same high-quality, pre-configured environment.
- Maintainability: Improvements and security updates are pushed centrally through the add-on.
- Git Operations: All Git operations (
commit,push,pull) should be performed on your host machine. The container provides access to the code, but you should use your host's Git configuration and SSH keys for repository management. - Credential Safety:
⚠️ NEVER put any credentials, API keys, or secrets inside the devcontainer. Always use environment variables or DDEV's built-in secret management to pass necessary keys to the container without storing them in the image or container filesystem.
To install the add-on in your DDEV project, run:
ddev get wunderio/ddev-agents
ddev restartThis add-on is specifically designed and supported for:
- VS Code (Primary interface)
- Antigravity (AI Coding Assistant)
Always verify that your IDE is connected to the Dev Container before running any AI agents.
If you run agents while still on your host machine, you lose the safety of the isolated environment, and scripts will have direct access to your local system. Look for the "Dev Container: Agents" indicator in the bottom-left corner of VS Code (or your editor's equivalent) before proceeding.
Before opening the devcontainer, ensure your DDEV project is running:
ddev start- Open your project in VS Code.
- When prompted, click "Reopen in Container" (or use the Command Palette:
Dev Containers: Reopen in Container). - VS Code will connect to the
agentscontainer, providing a terminal with all necessary tools pre-installed.
- Isolated Python Environment: Based on
mcr.microsoft.com/devcontainers/python:3-bookworm. - Integrated Tools: Pre-installed Node.js, GH CLI, Git, and common utilities.
- GitHub Copilot (Agent Mode): Includes the
gh-copilotCLI extension and a conveniencecopilotalias. - Secure Authentication: Uses your host's
GH_TOKENautomatically, so you never have to type credentials inside the container.
To use GitHub Copilot (Agent Mode) or gh commands without repetitive logins, set up a Personal Access Token (PAT) on your host machine.
- Go to GitHub Fine-grained Tokens.
- Name & Expiration: Set a name (e.g., "Copilot CLI Local") and a reasonable expiration.
- Repository Access: Select Public Repositories (read-only) or Only select repositories (even if you select none). The CLI works on local files and doesn't need to see your remote repos.
- Account Permissions:
- Find the Copilot Requests dropdown.
- Select Access: Read-only.
- Generate and copy the token.
Add the token to your shell profile so it's always available when you start the devcontainer.
For macOS/Linux (Zsh or Bash):
- Open your shell profile (e.g.,
~/.zshrcor~/.profile):nano ~/.zshrc - Add this line at the end:
export GH_TOKEN=your_token_here - Save and restart your terminal (or run
source ~/.zshrc).
Important
Troubleshooting for macOS: If the token is not recognized after rebuilding, try launching VS Code directly from your terminal by running code . in your project folder. This ensures VS Code inherits your shell's environment variables.
- Zero-Interaction: The devcontainer automatically picks up
$GH_TOKENand configures thegh-copilotextension. - Security: No credentials are ever typed or stored inside the container's history/filesystem.
The purpose of this repository is to serve as the single source of truth for our agentic workflows. By using ddev get, projects can stay up-to-date with our latest agent configurations by simply running ddev get wunderio/ddev-agents again.