Gitiles
Code Review Sign In
code.v1.dodo.cloud / sketch / 7013e9ee282ef58104f91d64d85d4aec62f9c022
commit7013e9ee282ef58104f91d64d85d4aec62f9c022[log] [tgz]
authorSean McCullough <banksean@gmail.com>Wed May 14 02:03:58 2025 +0000
committerSean McCullough <banksean@gmail.com>Wed May 14 11:15:45 2025 -0700
treebaa2d5484c5a5e7add5f9caef2833a3da4abbe29
parent00442413a2d0e6d6978982f9eeec0268e533ba56 [diff]
ssh: use local CA, add mutual container/host auth

See loop/server/local_ssh.md for a detailed description of how sketch uses
now uses a local CA to sign each container certificate instead of adding
a new entry to known_hosts for each container.

This also adds another layer of security by having the container's ssh
server verify that incoming ssh connections have valid host certificates,
whereas prior to this change the authentication was only one-way (verifying
that the sketch container you think you're ssh'ing into really is the one
you think you're ssh'ing into).

This is somewhat inspired by https://github.com/FiloSottile/mkcert - which
plays a similar role as ssh_theater.go local for ssh connections, but mkcert
uses a local CA to address local development use cases for TLS/https rather
than for ssh.

Co-Authored-By: sketch <hello@sketch.dev>
Change-ID: sc7b3928295277d5dk
6 files changed
tree: baa2d5484c5a5e7add5f9caef2833a3da4abbe29
  1. .github/
  2. .vscode/
  3. bin/
  4. browser/
  5. claudetool/
  6. cmd/
  7. dockerimg/
  8. experiment/
  9. httprr/
  10. llm/
  11. loop/
  12. skabandclient/
  13. skribe/
  14. termui/
  15. test/
  16. webui/
  17. .clabot
  18. .dockerignore
  19. .gitignore
  20. CONTRIBUTING.md
  21. dear_llm.md
  22. go.mod
  23. go.sum
  24. LICENSE
  25. README.md
README.md

Sketch

Sketch is an agentic coding tool. It draws the 🦉.

Sketch runs in your terminal, has a web UI, understands your code, and helps you get work done. To keep your environment pristine, sketch starts a docker container and outputs its work onto a branch in your host git repository.

Sketch helps with most programming environments, but Sketch has extra goodies for Go.

To get started:

go install sketch.dev/cmd/sketch@latest
sketch

Requirements

Currently sketch runs on macOS and linux. It uses docker for containers.

macOS: brew install colima (or an equivalent, like Docker Desktop or Orbstack) linux: apt install docker.io (or equivalent for your distro) WSL2: install Docker Desktop for Windows (docker entirely inside WSL2 is tricky)

The sketch.dev service is used to provide access to an LLM service and give you a way to access the web UI from anywhere.

Feedback/discussion

We have a discord server to discuss sketch.

Join if you want! https://discord.gg/6w9qNRUDzS

GitHub issues are also welcome: https://github.com/boldsoftware/sketch/issues

User Guide

Start sketch by running sketch in a git repository. It will open your browser to the Sketch chat interface, but you can also use the CLI interface. Use -open=false if you want to use just the CLI interface.

Ask Sketch about your code base or ask Sketch to implement a feature. It may take a little while for Sketch to do its work, so hit the bell (🔔) icon to enable browser notifications. We won't spam you or anything; it will notify you when the Sketch agent's turn is done, and there's something to look at.

How Sketch Works

When you start Sketch, it creates a Dockerfile, builds it, copies your repository into it, and starts a Docker container, with the "inside" Sketch running inside. This design let's you run multiple sketches in parallel since they each have their own sandbox. It also lets Sketch work without worry: it can trash its own container, but it can't trash your machine.

Sketch's agentic loop uses tool calls (mostly shell commands, but also a handful of other important tools) to allow the LLM to interact with your code base.

Getting Your Git Changes Out

Sketch is trained to make git commits. When those happen, they are automatically pushed to the git repository where you started sketch with branch names sketch/*. Use git branch -a --sort=creatordate | grep sketch/ | tail to find them. The UI keeps track of the latest branch it pushed and displays it prominently. You can use git cherry-pick $(git merge-base origin/main sketch/foo or git merge sketch/foo or git reset --hard sketch/foo and so on to pull those branches into your workspace. Use the same workflows you would as if you were pulling in a friend's Pull Request.

Advanced: You can ask Sketch to git fetch sketch-host and rebase onto some commit or other. Doing so will also fetch where you started Sketch, and we do a bit of "git fetch refspec configuration" to make origin/main work as a git reference.

Don't be afraid of asking Sketch to help you rebase, merge/squash commits, rewrite commit messages, and so forth; it's good at it!

Reviewing Diffs

The diff view shows you changes since Sketch started. Leaving comments on lines adds them to the chat box, and, when you hit Send (at the bottom of the page), Sketch goes to work addressing your comments.

Connecting to Sketch's Container

You can interact directly with the container by:

  1. Using the "Terminal" tab in the UI
  2. Using ssh. Look at the startup logs or click on the information icon to see a command like ssh sketch-ilik-eske-tcha-lott. We have automatically configured your SSH configuration to make these special hostnames work.
  3. Using Visual Studio Code. Again, look for a command line or magic link behind the information icon, or when Sketch starts up. This starts a new VSCode session "remoted into" the container. You can edit the code, use the terminal, review diffs, and so forth.

By using SSH (and/or VSCode), you can forward ports from the container to your machine. For example, if you want to start your development webserver, you can do something like ssh -L8000:localhost:8888 sketch-ilik-epor-tfor-ward go run ./cmd/server to make http://localhost:8000/ on your machine point to localhost:8888 inside the container.

Using the Browser Tools

You can ask Sketch to browse a web page and take screenshots. There are tools both for taking screenshots and "reading images", the latter of which sends the image to the LLM. This functionality is handy if you're working on a web page and want to see what the in-progress change looks like.

FAQ

no space left on device

Docker images, containers, and so forth tend to pile up. docker prune -a is a good command to start with to prune unused images and containers.

Development

Go Reference

See CONTRIBUTING.md

Open Source

Sketch is open source. It is right here in this repository! Have a look around and mod away.

If you want to run sketch entirely without the sketch.dev service, you can set the flag -skaband-addr="" and then provide an ANTHROPIC_API_KEY environment variable. (More LLM services coming soon!)