https://github.com/bbrowning/paude is similar to claudio. I've been experimenting with it.
Here are the security features I get with Paude to help limit the lethal trifecta:
- SELinux compatibility (copying files, rather than mounting across SELinux labels)
- Full network isolation: all traffic goes through squid, so you can approve individual outbound connections to specific websites for various tasks, like
pypi.org, github.com, atlassian.net, etc.
- paude-proxy, so the agent never has direct access to credential files or env vars. (There are alternatives)
I'm still new to claudio's architecture so I'm not sure how these would fit together, but I am interested in what it would involve to build some or all of this into claudio.
https://github.com/bbrowning/paude is similar to claudio. I've been experimenting with it.
Here are the security features I get with Paude to help limit the lethal trifecta:
pypi.org,github.com,atlassian.net, etc.I'm still new to claudio's architecture so I'm not sure how these would fit together, but I am interested in what it would involve to build some or all of this into claudio.