Show HN: Containerized security-focused terminal IDE - de aka l7-devenv

Hi HN,<p>l7-devenv, or `de` for short[0], is a containerized terminal-based IDE using rootless Podman, neovim and friends, and proxying of network requests and sockets.<p>IMO, the security story around most widely used code editors is not great today. Security, convenience, and productivity appear to be pick-any-2 when fundamentally I believe they don&#x27;t have to be in conflict.<p>`de` takes a critical look at the software and secrets used for day-to-day development and compartmentalizes them using containers. For example, you can connect seamlessly to authenticated GitHub endpoints without leaking your production token while LSPs and package scripts are run in separate ephemeral containers. It also provides features and integrations to make the developer experience more productive and joyful, with a current focus on Node.js development[1], GitHub, and web3.<p>The main and integrated editor is neovim. No plugin manager is used; instead plugins are installed natively from git submodules and bundled into the image.<p>This is currently in a prototype stage[2] and driven by internal needs. It derives heavily from existing community efforts (&lt;3).<p>You will find this relevant if you want:<p>- To be using neovim for Node.js development and collaborating on github.com<p>- Separate your developer credentials from your editor and code-under-test<p>- More control of your https requests[3]<p>- Something more secure than distrobox but more lightweight and seamless than QubesOS (&lt;3)<p>- More terminal joy and less waiting at requests to load for your routine code review workflows<p>- Some inspiration for your own setup<p>---<p>[0]: Names WIP<p>[1]: While current focus is catering to JS&#x2F;TS devs, it should be straightforward to add your own runtimes and buildtimes. There is an example for golang in there if you look around.<p>[2]: Provided as-is, currently no guarantees given regarding actual security, etc. In particular, the proxied container socket used to spawn side-containers could definitely use some tightening down.<p>[3]: The TLS MitM is already done and redirecting the current proxy to something like mitmproxy should be trivial for the motivated