Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Apylon777 2 days ago

This is a really cool library to look at even if you aren't running openclaw directly.

Lots of good concepts to seek inspiration from.

1. process-scoped egress policy

2. policy-as-code

3. explicit approval classes

4. normalized network/ guardrail receipts.

5. structured guardrail outcomes

6. centralized decision rules

rough-sea 2 days ago | parent [-]

Thanks! Don't forget wire level protocol parsing - this is important because agents usually can spawn subprocesses and if they have postgres credentials, you're just one psql call away from disaster if you only have MCP/HTTP proxies in place.

oulipo2 an hour ago | parent [-]

So, why not instead limit your agents to a few endpoints / MCP functions that you control, which give access to your db (or whatever) through read-only permissions?

It seems this is a bit like "reinventing permissions" no?

rough-sea 6 minutes ago | parent [-]

Could work - but our agents (codex/claude/openclaw) spawn subprocesses - imagine an engineer uses claude to debug an issue, it spawns psql directly, routing around MCP. Wire level interception is the only place a process tree can't escape.

Regarding reinventing permissions - scoped credentials solve this to some extent, but it's really nice to have a single place where we can define rules for all services (eg "DROP TABLE" never can occur), or you can SELECT unless it includes the env_vars.secrets column.