| ▲ | naomi_kynes 11 hours ago | |
The "full-auto" framing is interesting. What happens when the agent hits something it can't resolve autonomously? Even sandboxed, there's a point where the agent needs to ask a question or get approval. Most setups handle this awkwardly: fire a webhook, write to a log, hope the human is watching. The sandbox keeps the agent contained, but doesn't give it a clean "pause and ask" primitive. The agent either guesses (risky) or silently fails (frustrating). Seems like there are two layers: the security boundary (sandbox-exec, containers, etc.) and the communication boundary (how does a contained agent reach the human?). This project nails the first. The second is still awkward for most setups. | ||
| ▲ | niyikiza an hour ago | parent | next [-] | |
The two-layer framing is right. Sandbox-exec contains local blast radius, and that's important. But if the agent already has a credential in memory, sandboxing the filesystem doesn't help. I've been working on a primitive for scoped authorization at the tool call level: what was this agent allowed to do, for which task, signed by whom. The core is open-sourced: https://github.com/tenuo-ai/tenuo | ||
| ▲ | 9 hours ago | parent | prev | next [-] | |
| [deleted] | ||
| ▲ | e1g 11 hours ago | parent | prev | next [-] | |
Correct, this is for skipping permissions (safely), but does nothing for skipping questions. | ||
| ▲ | 10keane an hour ago | parent | prev [-] | |
[dead] | ||