Keeping AI agents like OpenCode as separate environment (in Docker) Why should you keep your AI agent in a separate environment? For security!