logoalt Hacker News

SwellJoeyesterday at 5:17 PM0 repliesview on HN

I was using VMs for agents, but wanted something lighter and faster, so I made flar, which bubblewraps the agent, its config/history and the project directory. The agent runs in your usual environment but has no access to anything other than what it's been explicitly granted, short-circuiting prompt injections (or intentional secret exfiltration on the part of the agent or model) as well as any supply chain exploits the agent might accidentally introduce.

https://github.com/swelljoe/flar

It starts instantly, as it's a namespace, rather than a full VM or container that has to be downloaded/built/updated on start.

It defaults to dangerously skip permissions mode, but is much safer than the very porous sandbox the agents provide, and the agent can't reach outside of it even if told to, by the user or a prompt injection.