Ken Muse

Letting AI coding agent run autonomously with access to your network, your secrets, and your entire machine is risky. One rogue call is all it takes. One way to help protect yourself is to use microVM isolation to control the environment and what the agent can access. Docker Sandboxes is one such solution. I’ll walk you through setting it up and exploring some of its file system, network management, and monitoring capabilities.

Ever set up a Copilot skill that worked perfectly – except when the model decided not to load it? Skills are optional by design; the model picks them up or it doesn’t. When you need context present every single time without exception, that’s a gap skills simply can’t fill. And that’s what hooks are for. I’ll walk through how to wire up a hook that fires automatically on every single prompt, injecting exactly the right context before the model sees your request – and when a session-level hook makes more sense instead.

Ever written a Copilot skill that started clean – then became a sprawling mess of conditionals as you define how to work with different versions of some product? You’re not alone. I’ll show you how a tiny wrapper script can detect your environment and hand Copilot only the instructions that actually apply, keeping your skills small and your model focused. I’ll also unpack the supply-chain security question this technique forces you to take seriously.

Ever wondered exactly how much a single Copilot chat request actually costs? VS Code already logs the precise breakdown for every model call … if you know where to find it. In this post, I crack open one real log entry and walk through the math step by step so you can read your own usage data with confidence.

If you’ve ever reviewed a Git diff after regenerating an API client, you know the struggle – dozens of timestamp lines changing across every file, burying the actual work you care about. What if Git could quietly ignore those lines without ever touching the files themselves? There’s a built-in Git feature designed exactly for this, and it only takes two configuration steps to unlock. Let me show you how to keep your diffs clean and focused.

Ever spent time carefully documenting your project’s folder structure in a copilot-instructions.md file? You’re not alone – it’s one of the most common things developers add. But here’s the thing: VS Code’s Copilot extension already injects a workspace tree into every conversation automatically. And when that tree gets truncated, the LLM has tools to explore further on its own. In this post, I’ll show you what’s happening under the hood so you can spend those instruction tokens on things that genuinely matter.

Every conversation with AI starts from scratch – no memory of yesterday’s debugging session, your team’s naming conventions, or the architectural decision you patiently explained three times last week. Agentic memory changes that. It gives AI assistants the ability to accumulate knowledge over time, turning them from stateless tools into collaborators that genuinely improve. In this post, I’ll walk you through the different types of memory and show you how VS Code and GitHub Copilot put these ideas into practice today.

Have you ever tried to ask the AI to create multiple subagents? Or seen an agent that explicitly requests multiple subagents do the same task? The mechanics behind that pattern are more interesting than they appear. In this post, I’ll show you why this pattern works so well – from cleaner context and richer coverage to stronger critique loops – so you can decide when it is worth using in your own workflow.

When the axios npm library was compromised in March 2026, it reminded me that the dependencies we trust every day can turn on us without warning. That got me thinking – what about the extensions running in my IDE? They auto-update silently, they have access to my filesystem and credentials, and I never review the changes. If you’ve ever updated a tool without a second thought, this post is for you.

Rootless Docker sounds like the perfect answer to container security – no more root daemon, no more worry. If you look at how it actually works under the hood, the story is more nuanced than most teams realize. In this post, I walk through user namespaces and UID mapping, dig into why kernel developers have concerns about the attack surface, and explain what you’re actually giving up when you enable rootless and set seccomp=unconfined and apparmor=unconfined.