Lately, I've been working with Dev Containers and opencode.
Dev Containers utilize containers to create consistent development environments across different machines.
opencode is an open source coding agent that runs in the terminal and is comparable to Claude Code.
Coding agents such as opencode often need to execute commands in order to achieve a coding task.
The problem is that the host is usually bloated with different executables that may not be desired for your specific project.
A simple example of that is using pnpm vs npm.
Moreover, coding agents are based on LLMs and are unpredictable at times. They may be prone to prompt injections that lead to harmful behavior. Combined with access to the host, even personal data such as the developer's credit card details are at risk.
Limiting the agent's access to what is available inside a Dev Container aligns it's terminal use with the project and reduces the attack surface.
With this motivation in mind, I manually added opencode's installation to multiple Dev Containers based projects of mine.
The Dev Containers spec includes the concept of a "feature" - a generic script that is added to the Dev Container's build process. Features are useful for common development installations such as opencode.
For the benefit of both the public and myself, I published a Dev Containers feature that installs and configures opencode.
Visit the GitHub repository for installation instructions and documentation.