I prefer CLI
I prefer CLI

I prefer CLI

Why? Multi-tenant environments. First, we need to understand a few differences between environments:

  • End-user UI
  • Agent Runtime Environment
  • LLM Server

So

  • When you run Claude Code on your local MacBook, the first two are always local. The third is usually the Claude.ai server.
  • When you ssh to a virtual private server (VPS) and install Claude Code there, the first two are your remote server. The third is still the Claude.ai server.
  • When you run Claude RC on your virtual private server and code from your iPad using the Claude app, the end-user UI is on your iPad, the agent runtime environment is on your VPS, and the server is still Claude.ai.

Most people physically separate their tenancy, such as Claude Code, from their personal vs. work laptops. So in most cases, it's not a big deal.

But when you need multi-tenancy, it becomes super stressful. For example, say you have two different toolkits:

  • personal toolkits (personal Notion, personal Sentry, personal Linear)
  • workplace toolkits (company Notion, company Sentry, company Linear)

Most MCP auth states or code harnesses don't support profiles, so you can only log in to one.

So therefore... a natural evolution was to have both:

  • a personal VPS with all personal toolkits set up
  • a workplace VPS with all workspace toolkits set up

to physically isolate tenancies.

Now we've solved the multiple-profile issue, but the client's problems persist. Now let's get back to the environments:

  • End-user UI
  • Agent Runtime Environment
  • LLM Server

All MCP auth or toolkit auth info should always be saved in the Agent Runtime Environment IMHO. However, a surprising number of harnesses tie them to the LLM server (such as Codex Apps or Claude.ai Plugins) or put them in the end-user UI (Claude Desktop or Codex Desktop).

Now the problem is:

  • If the auth data is put on the LLM server, you cannot reuse LLM accounts across tenants
  • If the auth data is put on the end-user UI, you cannot use the same app to access multi-tenants.

The only way to reliably isolate different auth information is thus:

  • You ssh to a virtual private server (VPS) and run Claude Code there. Never use LLM server plugins.

Then

  • End-user UI
  • Agent Runtime Environment

are both isolated VPS, and

  • LLM Server holds no information on the tenancy

This way, you can provide different toolkits, creating multiple dev environments.

Backlinks (1)
  • 260619
AT protocol
AT protocol

AT protocol

The Authenticated Transfer Protocol (AT Protocol or atproto) is a distributed social application framework that enables large-scale federation. It addresses some of the limitations and challenges associated with current social networking technologies and aims to offer better scalability, user choice, data portability, and more robust data security.

  1. Identity: Users in the AT Protocol are identified by domain names, which map to cryptographic URLs. This ensures security for the user's account and data.
  2. Data Repositories: User data is shared and managed in the form of signed data repositories, which can contain various records, including posts, comments, likes, and so forth.
  3. Federation: The protocol operates on a federated networking model to maintain usability and reliability. It uses standard web technologies like HTTP and WebSockets to synchronize data between servers.
  4. Interoperation: The AT Protocol uses a global schemas network known as Lexicon to enable interoperability across servers, allowing software from different organizations to understand each other's data without needing to exchange rendering code.
  5. Scaling and User Choice: The protocol's architecture includes Personal Data Servers (PDS) that host user data, manage identity, and facilitate interactions with other services. There are also Big Graph Services (BGS) that handle events like retrieving metrics, content discovery, and user search.
  6. Algorithmic Choice: Users can select their aggregators, so they can choose how they interact with and discover content.
  7. Account Portability: The protocol assumes that any PDS can fail at any time; hence it has built-in features to ensure that users can move their account to a new PDS without needing the old server's help. This is achieved through the use of signed data repositories and DIDs, or Decentralized Identifiers, which are secure and independent.
  8. Speech, Reach, and Moderation: The protocol divides the concept of speech (content creation) and reach (content discovery) into separate layers. This allows for a flexible and scalable architecture that gives everyone a voice.

AT Protocol is not a blockchain nor uses blockchain technology. It's also different from existing solutions like ActivityPub due to a focus on portability and other unique design principles. The AT Protocol utilizes its formats like Lexicon and XRPC over alternatives like Resource Description Framework and JSON-LD due to better developer experience and usability. These tools are designed to make distributed systems development easier and more robust.

Backlinks (3)
  • Universal Chat App
  • Threads (Service)
  • Bluesky
Index
cho.sh
I prefer CLIBB9A08260619260619컴퓨트로늄37A88F컴퓨트로늄0CF03F컴퓨트로늄2C60FB260618260618260418260418260528260528AutoBuilder63849A260419260419Setup9AC296StellaD226F7260415260415Debian SetupD2F701260414260414anaclumos/configs/AGENTS.mdED86A3Ramp의 AX (회사를 AI로 물들이는 법)840774260413260413How to get your company AI pilled46544C260411260411260409260409260407260407260406260406Separating Claude Code Personal Sub and Claude Code Company Sub33A53C
Warning
This post is more than a year old. Information may be outdated.