|
|
|
|
|
|
by Jonathanfishner
100 days ago
|
|
|
Re IronClaw is probably the most hardened open-source implementation I've seen for this, but a sufficiently clever prompt injection against the built-in tools (especially shell) could still reach secrets. Re TLS: OneCLI itself runs in a separate container, acting as an HTTPS proxy. The SDK auto-configures agent containers with proxy env vars + a local CA cert. When the agent hits an intercepted domain, OneCLI terminates TLS, swaps placeholder tokens for real creds, and forwards upstream. Containers never touch actual keys. More here: https://www.onecli.sh/docs/sdks/node#how-it-works Re 1Password adapters: not yet, but on the roadmap. |
|
|