|
|
|
|
|
|
by kstenerud
80 days ago
|
|
|
That's a bit better, but the subtleties of even the basic shell commands is enough that you still need to be conservative. Plus there's still the issue of the approve/deny mechanism being part of the agent process, and thus subvertable by the agent. I took a different approach with https://github.com/kstenerud/yoloai - The agent is put entirely in a container or VM sandbox (docker, podman, gvisor, kata, seatbelt, tart) - The agent safely runs with --dangerously-skip-permissions because it can't touch your files or system directly. You can even restrict its network access. - You review the results of its work using "yoloai diff mysandbox" - You selectively apply the results of its work using "yoloai apply mysandbox". Commits it makes are available to cherry pick or just accept whole. |
|
|