-
Notifications
You must be signed in to change notification settings - Fork 43
Best Practices
Maciej Mensfeld edited this page May 26, 2026
·
1 revision
Recommended patterns for getting the most out of COI safely and efficiently, drawn from common workflows and operational experience.
| Use case | Recommended mode |
|---|---|
| Code review, refactoring, writing tests | Ephemeral (default) |
| Installing language runtimes or build tools | Persistent (--persistent) |
| Long-running overnight tasks | Persistent |
| Untrusted or unfamiliar codebase | Ephemeral — malicious container state is discarded on exit |
| Parallel feature work | Ephemeral multi-slot (each slot isolated, same workspace) |
Default to ephemeral. Ephemeral sessions are cleaner: any tool the AI installs, any temp file it creates, any system state it modifies is gone when the session ends. The conversation history and your workspace files are always preserved regardless of mode.
Switch to persistent only when you have invested setup time in the container (installing compiled tools, building caches) that would be expensive to repeat.
Use coi snapshot create when:
- You are about to let the AI make sweeping changes and want a rollback point
- You want to branch — try two different approaches from the same starting state
- You have spent significant time building up container state (compiled deps, mise installs) and don't want to lose it
Use coi shell --resume when:
- You simply want to continue an interrupted conversation
- The container state doesn't matter — only the AI context does
Snapshots persist the full container disk state. --resume restores only the AI tool's conversation history in a fresh container.
Match the network mode to your threat model:
| Project type | Recommended mode | Rationale |
|---|---|---|
| Your own trusted project |
restricted (default) |
Internet for packages; no internal network access |
| Third-party or unfamiliar repo | allowlist |
Constrain egress to only the services the project needs |
| Internal tooling that needs local services |
restricted + allow_local_network_access = true
|
Only if you genuinely need cross-machine access |
| Fully offline work or testing |
open with monitoring |
No egress filtering; rely on monitoring instead |
When in doubt, start with restricted. If package managers fail, add the required registries to an allowlist config rather than switching to open.
-
Enable monitoring for any project you did not write — Set
[monitoring] enabled = truein your global~/.coi/config.tomlso it applies everywhere, then disable per-project only if you have a specific reason. -
Review the audit log after suspicious sessions —
cat ~/.coi/audit/<container-name>.jsonlbefore deleting the container. Once the container is gone, the audit log is the only record. -
Tune thresholds for large codebases — Projects with many large files (ML datasets, compiled artifacts) may trigger the default 50MB read threshold legitimately. Increase
file_read_threshold_mbto reduce false positives. -
Don't disable
auto_pause_on_high— A paused container is recoverable (coi unfreeze). A killed process isn't. Leave auto-pause enabled and investigate before resuming.
- Use
--persistentso the container survives if the session disconnects - Use
coi attachto reconnect to a running session from a different terminal - Set a
max_durationlimit in your profile to prevent runaway tasks from consuming resources indefinitely:
[limits.runtime]
max_duration = "8h"- Check
coi liston return to see whether the container is still running or was killed by the security monitor
-
Check in profile configs —
.coi/profiles/belongs in your repo alongside your code. New team members get a working environment without manual setup. -
Use pinned image versions — Reference
coi-myproject-v1.2notcoi-myprojectin shared profiles. Mutable image names cause drift between team members' environments. -
Document profiles in the README — List available profiles and their intended use (e.g., "use
--profile researchfor untrusted dependencies"). Contributors shouldn't have to readconfig.tomlto understand the workflow. - Set resource limits in shared profiles — Prevent runaway AI sessions from consuming all disk or CPU on shared machines:
[limits.memory]
limit = "8GiB"
[limits.disk]
max = "20GiB"- Commit with hooks disabled — AI-generated changes may break git hooks or trigger unexpected linters. Review and commit manually:
git -c core.hooksPath=/dev/null commit --no-verify -m "ai: your message"-
Review before committing —
git diffis your friend. COI limits what the AI can do outside your workspace, but it cannot review code quality. -
Use
allowlistmode for commit-triggering workflows — If your git hooks push to external services, allowlist mode limits which services they can reach.
- Run
coi cleanperiodically to remove stopped containers that were not cleanly deleted - Run
coi clean --orphansif you notice firewalld rule accumulation (especially if Docker is also running on the host) - Run
coi image cleanup myproject- --keep 3to prune old custom image versions - Check storage pool health with
coi health— it reports per-pool free space and warns at 80% usage
- Configuration - Full configuration reference
- Security Best Practices - Security-specific recommendations
- Network Isolation - Network mode configuration
- Profiles - Reusable configuration bundles for different workloads
- Snapshot Management - When and how to use snapshots
Getting Started
Setup
Configuration & Usage
- Best Practices
- Configuration
- Profiles
- Supported Tools
- Container Lifecycle & Sessions
- Container Operations
- Snapshot Management
- File Transfer
- Tmux Automation
- Image Management
- Resource & Time Limits
Security
Maintenance
Help & Reference