You can configure a network allow-list (for anything beyond what it absolutely requires in order to function).

yoloAI is just leveraging the sandboxing functionality that Docker, Kata, firecracker etc already provides.

▲ throwaway290 an hour ago | parent [-]

sorry. At this point it's just a meme how people give llms open access to internet, literally all passwords and all tokens and then they are actually surprised when something bad happens "but I run it in docker"

even if docker sandbox escapes didn't exist it's just chef's kiss

	▲	kstenerud 26 minutes ago \| parent [-]
		Yup, very irresponsible. And then the horror stories. `yoloai new --network-isolated ...` ONLY agent API traffic allowed. Everything else gets blocked by iptables. `yoloai new --network-allow api.example.com --network-allow cdn.example.org ...` ONLY agent API traffic + api.example.com and cdn.example.org. Everything else blocked by iptables.