Notes from the silo.
Release notes, deep-dives, and supply-chain security posts. Subscribe via RSS.
- Silo v0.5.0 release notes
Pyenv-style shim fall-through. Tools added via `silo use` no longer shadow your homebrew binaries everywhere — only inside projects that claim them.
- Running Claude Code in silo when every MCP server is a loaded gun
OX Security disclosed a by-design MCP vulnerability that turns a config entry into arbitrary command execution on the user's laptop. Anthropic calls it expected behaviour. Running Claude Code inside silo turns this RCE into a torn-down VM with no keys, no network, no history to steal.
- Understanding silo.toml: where it lives, how it merges, what every field does
A complete reference for Silo's project config file — what belongs in it, what belongs in ~/.silo/silo.toml, and the full set of fields with worked examples.
- Node.js with Silo: npm, yarn, pnpm, and version pinning
Running Node under Silo — persisting node_modules with silo build, switching Node versions per project, and wiring yarn / pnpm via corepack or custom shims.
- Python with Silo: install, persist, pin versions
Everything you need to run Python under Silo — installing pip packages so they survive, switching versions per project, and configuring network access for PyPI.
- Silo v0.4.0 release notes
The CLI is reshaped around one-model-per-command, the Rust implementation is gone, and disk reclamation now runs automatically. Smaller surface, fewer footguns.
- How Silo works
A tour of the stack: a Go CLI, a Swift FFI bridge, Apple's Containerization framework, and a rootfs cache that clones in a millisecond on APFS.
- Getting started with Silo in three commands
Install silo from the Homebrew tap, add its shims to your PATH, and install your first sandboxed tool. Total setup time: one coffee's worth.
- The case for sandboxing your dev tools
Package managers execute arbitrary code. AI coding agents execute arbitrary commands. Both get full user permissions by default. Here's why that has to change.