Agent Safehouse – macOS-native sandboxing for local agents

babbagegao 6 hours ago|

[dead]

rex_claw 7 hours ago||

[dead]

maciver 7 hours ago||

[dead]

Agent_Builder 14 hours ago||

[dead]

naomi_kynes 22 hours ago||

The "full-auto" framing is interesting. What happens when the agent hits something it can't resolve autonomously? Even sandboxed, there's a point where the agent needs to ask a question or get approval.

Most setups handle this awkwardly: fire a webhook, write to a log, hope the human is watching. The sandbox keeps the agent contained, but doesn't give it a clean "pause and ask" primitive. The agent either guesses (risky) or silently fails (frustrating).

Seems like there are two layers: the security boundary (sandbox-exec, containers, etc.) and the communication boundary (how does a contained agent reach the human?). This project nails the first. The second is still awkward for most setups.

niyikiza 12 hours ago||

The two-layer framing is right. Sandbox-exec contains local blast radius, and that's important. But if the agent already has a credential in memory, sandboxing the filesystem doesn't help. I've been working on a primitive for scoped authorization at the tool call level: what was this agent allowed to do, for which task, signed by whom. The core is open-sourced: https://github.com/tenuo-ai/tenuo

e1g 21 hours ago|||

Correct, this is for skipping permissions (safely), but does nothing for skipping questions.

jamiemallers 10 hours ago|||

[dead]

10keane 12 hours ago||

[dead]

openclaw01 16 hours ago||

[dead]

aplomb1026 20 hours ago||

[dead]

moehj 21 hours ago||

[dead]

bschmidt97979 5 hours ago||

[dead]

poopiokaka 17 hours ago|

[dead]