Skip to content

[feat] borrow security ideas from paude #141

Description

@ktdreyer

https://github.com/bbrowning/paude is similar to claudio. I've been experimenting with it.

Here are the security features I get with Paude to help limit the lethal trifecta:

  • SELinux compatibility (copying files, rather than mounting across SELinux labels)
  • Full network isolation: all traffic goes through squid, so you can approve individual outbound connections to specific websites for various tasks, like pypi.org, github.com, atlassian.net, etc.
  • paude-proxy, so the agent never has direct access to credential files or env vars. (There are alternatives)

I'm still new to claudio's architecture so I'm not sure how these would fit together, but I am interested in what it would involve to build some or all of this into claudio.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions