Not using FLAME in this case. The agent runs entirely separately from your apps/IDE/compute. It communicates with and drives your runtime over phoenix channels
Oh interesting. So how do messages come from the container? Is there a host elixir app that is running the agent env? How does that work?
Yes, elixir app deployed across the planet as a single elixir cluster. We spawn the agents (GenServer's), globally register them, and then the end-user LiveView chat communicates with the agent with regular elixir messages, and the IDE is a phoenix channels client that communicates with and is driven by the agent.
How do you protect the host Elixir app from the agent shell, runtime, etc