| ▲ | jawiggins 10 hours ago | |
Oh good question, I haven't thought deeply about this. Right now nothing special happens, so claude/codex can access their normal tools and make web calls. I suppose that also means they could figure out they're running in a k8s pod and do service discovery and start calling things. What kind of features would you be interested in seeing around this? Maybe a toggle to disable internet connections or other connections outside of the container? | ||
| ▲ | nevon 2 hours ago | parent [-] | |
Network policies controlling egress would be one thing. I haven't seen how you make secrets available to the agent, but I would imagine you would need to proxy calls through a mitm proxy to replace tokens with real secrets, or some other way to make sure the agent cannot access the secrets themselves. Specifically for an agent that works with code, I could imagine being able to run docker-in-docker will probably be requested at some point, which means you'll need gvisor or something. | ||