| ▲ | hardsnow 3 hours ago | |
OpenShell is the gem here indeed. A lot of good ideas like network sandbox that does TLS decryption and use of policy engine to set the rules. However: > Credentials never leak into the sandbox filesystem; they are injected as environment variables at runtime. If anyone from the team is reading - you should copy surrogate credentials approach from here to secure the credentials further: https://github.com/airutorg/airut/blob/main/doc/network-sand... | ||
| ▲ | angry_octet 2 hours ago | parent [-] | |
The LLM will easily leak these credentials out. So the creds should be outside the sandbox, and the only thing the sandbox should see is a connection API that opens a socket/file handle. Alternatively where is needs an API key, it should be one bound to the endpoint using it. E.g. a ticket granting ticket is used to create a bound ticket. A copy on write filesystem would be an interesting way to sandbox writes, but there is difficulty in checking the diff. | ||