| ▲ | __MatrixMan__ 7 days ago | |
Keeping the powerful credentials where the agent can't reach them does buy you a bit of safety. But I still think its a bit loose when compared with exposing an API to the model which can only do what you intend for that model to do. | ||
| ▲ | dhorthy 3 days ago | parent [-] | |
sure fair enough. I guess i'm mostly being pragmatic here. Plus i'm not convinced that generating "kubectl"...json..."get"...json..."pod"... is easier for most models than "bash"...json..."kubectl get pod"... | ||