Hi there! I’d like to share my project with you all.
What is this? Vigil is a lightweight, self-hosted dashboard that watches your Docker images and tells you when updates are available. It’s a ready-to-run Docker setup with a simple install scripts. I know most people don’t like scripts, but since I’m a tech noob I find it pretty useful. For all the pros out there, you can check the script by yourself. This is my first “real world” project so it might not be as polished as other apps out there. It’s a hobby that I started cultivating a few months ago and I’m pretty excited with the results. However, it’d only mean something significant, if other people use it and give their own opinions about it.
If you have a few minutes, I’d really appreciate you trying it out and leaving a review or suggestions on the repo or even here. I’d do my best to answer most of the comments.
Edited because the link wasn’t showing up and giving more details about the project. https://github.com/kumucode/vigil.git
Looks like a cool project. Starred. I’m no tech expert either, so I’ll keep an eye on how the community reacts to it, in terms of security.
Keep up the good work!
Thanks brother, I appreciate it. Security is one of my main concerns too, that’s why I’ll rely on the experts around here to point out what could be improved.
Yikes. That doesn’t give me confidence for something that needs root access to the Docker UNIX socket. Was this vibe coded? Do you understand the code and architecture of the application? You wrote you only started a few months ago. I don’t mean to be hard on you, but this kind of application has no business being insecure.
Please stop trying to build infrastructure software if you don’t know what you’re doing. Anyone using this probably puts their server at risk.
I won’t stop just because you’re saying it. You can only “know what you’re doing by doing it”. That’s why I made this project public available so anyone interested in looking at it, modifying it, improving it is more than welcome. I’m not selling it or claiming that I’m an expert. Quite the opposite, I’m looking for people who are genuinely interested in exploring new things and helping people out. I’ll rely on the experience and good will of experts of this community.
An issue with your statement “know what you’re doing by doing it” is that without an actually educated teacher to provide trustworthy feedback, you are going to struggle the learn from your mistakes. The LLMs can only provide so much, and they will lie out their ass to you. Unless explicitly prompted to provide critical feedback, they will find any way to provide positive feedback even to your actual detriment. They will happily skirt their sandboxes, and fight your every attempt to make them actually safe.
At a quick glance, nothing in the project indicates that you are not an expert and that an AI Agent provided the code. The quality of the code is also quite poor, even by Claude standards. I’m actually kinda mind blown you got it to built this without any tests… Something we’ve recently been talking about at my job in terms of AI agents is “cognitive debt” that is incurred in the project. LLMs are fundamentally a statistical next-word generator. If they are given something of poor quality, they will tend to produce more and more poor quality work. And without intervention, it just snowballs.
I’ll never tell someone to stop trying to learn. But, your hubris is going to negatively impact your learning outcomes. And to be clear, YOU are not writing the code and the code is what runs on the server and people interact with. What you are doing is using an AI Agent. If you want to get feedback on that, then be honest about it.