So technically you could use Coasts to sandbox but our default approach is actually not sandboxed at all. The agents still run host-side so unless you're sandboxing the agent host-side, you're not sandboxed. With coasts you're basically running exec commands against the coast container to extract runtime information.
>One thing I've been thinking about with agent infrastructure: the auth model gets complex fast when agents need to call external APIs on behalf of users. Per-key rate limiting and usage tracking at the edge (rather than in the container) has worked well for me. Curious how you’re handling the credential passing to containerized agents.
The way we handle secrets is at build-time we allow you to run scripts that can extract secrets and env vars host-side. The secrets get stored in a sqlite table (not baked into the coast image). When you start a coast, it injects those secrets -- you can decide how you the secrets should appear either as env vars, or if they should be written to the write layer. You're then able to trigger a re-injection of the secrets, so you can extract all the secrets again host-side and have them injected into all running coasts. This is useful because you don't have to rebuild and re-run just to update secrets.
alt Hacker News
So technically you could use Coasts to sandbox but our default approach is actually not sandboxed at all. The agents still run host-side so unless you're sandboxing the agent host-side, you're not sandboxed. With coasts you're basically running exec commands against the coast container to extract runtime information.
>One thing I've been thinking about with agent infrastructure: the auth model gets complex fast when agents need to call external APIs on behalf of users. Per-key rate limiting and usage tracking at the edge (rather than in the container) has worked well for me. Curious how you’re handling the credential passing to containerized agents.
The way we handle secrets is at build-time we allow you to run scripts that can extract secrets and env vars host-side. The secrets get stored in a sqlite table (not baked into the coast image). When you start a coast, it injects those secrets -- you can decide how you the secrets should appear either as env vars, or if they should be written to the write layer. You're then able to trigger a re-injection of the secrets, so you can extract all the secrets again host-side and have them injected into all running coasts. This is useful because you don't have to rebuild and re-run just to update secrets.