With agentjail ( https://github.com/LuD1161/agentjail ), I've tried to contain coding agents in os-native sandboxes (sbpl for macos and similarly for linux, <4ms start time) + policy guardrails evaluated by Open Policy Agent (OPA), policies written in rego.
Protocol aware network proxy coming soon Then you can match a DSL and block particular network requests.
This ensures you no longer fear --dangerously-skip-permissions and stop babysitting agents
What else would you want to see in this project? Please star the repo, if you like the idea :)
It seems like your approach depends on figuring out what the command is doing, classifying it into three tiers (deny/ask/approve) and then letting the agent run its command depending on that classification. Is that right?
[flagged]
> What else would you want to see in this project?
Absence of spamming mentions of it everywhere.