hey, someone just sent me the link to the project , while its early still would you be interested in a native sandbox component and agent auditing?
I noticed you introduced firecracker, this is solid for host / guest isolation, but comes up short for agents - as agents often require more nuance around what they can access. Sometimes they need to be blocked from accessing specific files, or folders, environment variables and vice versa they have legitimate need to access them. You might agent A not going near .aws/credentials , but agent B is considered ok , as long as the AWS_ENV is only STAGING - this is where nono really comes into its own.
The other aspect, you can run nono on top of firecracker and VM's without any need to raised permissions to root / cap-sys-admin, in fact we often recommend the two be combined as complimentary.
Let me know and I can put together a proposal where we evaluation in a few options.
One could be just the CLI wraps agents or we go native with nono's python library.
hey, someone just sent me the link to the project , while its early still would you be interested in a native sandbox component and agent auditing?
I noticed you introduced firecracker, this is solid for host / guest isolation, but comes up short for agents - as agents often require more nuance around what they can access. Sometimes they need to be blocked from accessing specific files, or folders, environment variables and vice versa they have legitimate need to access them. You might agent A not going near
.aws/credentials, but agent B is considered ok , as long as theAWS_ENVis onlySTAGING- this is where nono really comes into its own.The other aspect, you can run nono on top of firecracker and VM's without any need to raised permissions to root / cap-sys-admin, in fact we often recommend the two be combined as complimentary.
Let me know and I can put together a proposal where we evaluation in a few options.
One could be just the CLI wraps agents or we go native with nono's python library.