alt Hacker NewsIt should be possible to do this w/ eBPF. Monitor network i/o & rewrite the request on the fly to include the proper tokens & signatures. The agent can just be given placeholder tokens. That way all the usual libraries work as expected & the secrets/signatures are handled w/o worrying about another abstraction layer. Here is some prior art: https://riptides.io/blog/when-ebpf-isnt-enough-why-we-went-w...
Very interesting article! Yes, I think that’s plausible, but probably not as “just eBPF” in practice. Once you need request rewriting, signing, and TLS-aware handling, you usually end up in eBPF + userspace or kernel-module territory. I believe the post is basically making that exact argument. Our current CLI is intentionally at the tool/session layer. A transport-layer mode is interesting, especially for containerized/SDK-driven agents, but it’s a different and more OS-specific implementation path.