|
| 1 | +{"version": 2, "width": 130, "height": 30, "timestamp": 1775685449, "idle_time_limit": 3.0, "env": {"SHELL": "/usr/bin/zsh", "TERM": "tmux-256color"}, "title": "aigate — sandbox AI agents in seconds"} |
| 2 | +[0.011109, "o", "\u001b[H\u001b[J\u001b[3J"] |
| 3 | +[0.515434, "o", "\u001b[2;36m# aigate — wrap any command in an OS-level sandbox for AI agents\u001b[0m\r\n"] |
| 4 | +[2.316579, "o", "\u001b[2;36m# every example below uses the default rules from ~/.aigate/config.yaml\u001b[0m\r\n"] |
| 5 | +[4.318677, "o", "\u001b[H\u001b[J\u001b[3J"] |
| 6 | +[4.719883, "o", "\u001b[2;36m# 1) deny_exec — shell tools blocked even when installed on the host\u001b[0m\r\n"] |
| 7 | +[6.121717, "o", "\u001b[1;32m$\u001b[0m a"] |
| 8 | +[6.186953, "o", "i"] |
| 9 | +[6.252542, "o", "g"] |
| 10 | +[6.31701, "o", "a"] |
| 11 | +[6.382896, "o", "t"] |
| 12 | +[6.449218, "o", "e"] |
| 13 | +[6.515163, "o", " "] |
| 14 | +[6.581809, "o", "r"] |
| 15 | +[6.635178, "o", "u"] |
| 16 | +[6.687339, "o", "n"] |
| 17 | +[6.74003, "o", " "] |
| 18 | +[6.79346, "o", "-"] |
| 19 | +[6.846505, "o", "-"] |
| 20 | +[6.899489, "o", " "] |
| 21 | +[6.952924, "o", "c"] |
| 22 | +[7.006153, "o", "u"] |
| 23 | +[7.059022, "o", "r"] |
| 24 | +[7.112076, "o", "l"] |
| 25 | +[7.164782, "o", " "] |
| 26 | +[7.217827, "o", "h"] |
| 27 | +[7.270647, "o", "t"] |
| 28 | +[7.322659, "o", "t"] |
| 29 | +[7.375458, "o", "p"] |
| 30 | +[7.429369, "o", "s"] |
| 31 | +[7.481472, "o", ":"] |
| 32 | +[7.533275, "o", "/"] |
| 33 | +[7.585457, "o", "/"] |
| 34 | +[7.64712, "o", "a"] |
| 35 | +[7.709539, "o", "p"] |
| 36 | +[7.770963, "o", "i"] |
| 37 | +[7.833362, "o", "."] |
| 38 | +[7.894528, "o", "g"] |
| 39 | +[7.95609, "o", "i"] |
| 40 | +[8.018667, "o", "t"] |
| 41 | +[8.079994, "o", "h"] |
| 42 | +[8.142215, "o", "u"] |
| 43 | +[8.203565, "o", "b"] |
| 44 | +[8.267329, "o", "."] |
| 45 | +[8.331411, "o", "c"] |
| 46 | +[8.393408, "o", "o"] |
| 47 | +[8.455442, "o", "m"] |
| 48 | +[8.768926, "o", "\r\n"] |
| 49 | +[8.772711, "o", "[aigate] sandbox active\r\n[aigate] deny_read: .env, .env.*, secrets/, credentials/, ~/.ssh/, *.pem, *.key, *.p12, ~/.aws/, ~/.gcloud/, ~/.kube/config, ~/.npmrc, ~/.pypirc, terraform.tfstate, *.tfvars\r\n[aigate] deny_exec: curl, wget, nc, ncat, netcat, ssh, scp, rsync, ftp, kubectl delete, kubectl exec\r\n[aigate] allow_net: api.anthropic.com, api.openai.com, api.github.com, registry.npmjs.org, proxy.golang.org (all other outbound connections will be blocked)\r\n[aigate] mask_stdout: openai, anthropic, aws_key, github, bearer; +1 custom pattern(s)\r\ncommand is blocked by deny rules: \"curl\" is in the deny_exec list\r\n"] |
| 50 | +[12.277041, "o", "\u001b[H\u001b[J\u001b[3J"] |
| 51 | +[12.678972, "o", "\u001b[2;36m# 2) deny_read — secrets are hidden from the sandboxed process\u001b[0m\r\n"] |
| 52 | +[14.080608, "o", "\u001b[2;36m# first, what the host sees:\u001b[0m\r\n"] |
| 53 | +[14.882601, "o", "\u001b[1;32m$\u001b[0m c"] |
| 54 | +[14.92618, "o", "a"] |
| 55 | +[14.969463, "o", "t"] |
| 56 | +[15.012669, "o", " "] |
| 57 | +[15.055577, "o", "."] |
| 58 | +[15.098407, "o", "e"] |
| 59 | +[15.141096, "o", "n"] |
| 60 | +[15.183574, "o", "v"] |
| 61 | +[15.477939, "o", "\r\n"] |
| 62 | +[15.479518, "o", "OPENAI_API_KEY=sk-proj-fake-DEMO-key-1234567890\r\nDB_PASSWORD=hunter2\r\n"] |
| 63 | +[17.681149, "o", "\u001b[2;36m# now from inside the sandbox:\u001b[0m\r\n"] |
| 64 | +[18.482612, "o", "\u001b[1;32m$\u001b[0m "] |
| 65 | +[18.482642, "o", "a"] |
| 66 | +[18.542319, "o", "i"] |
| 67 | +[18.602688, "o", "g"] |
| 68 | +[18.658458, "o", "a"] |
| 69 | +[18.713295, "o", "t"] |
| 70 | +[18.768658, "o", "e"] |
| 71 | +[18.823415, "o", " "] |
| 72 | +[18.879534, "o", "r"] |
| 73 | +[18.934989, "o", "u"] |
| 74 | +[18.991067, "o", "n"] |
| 75 | +[19.046959, "o", " "] |
| 76 | +[19.103129, "o", "-"] |
| 77 | +[19.159111, "o", "-"] |
| 78 | +[19.215067, "o", " "] |
| 79 | +[19.271536, "o", "c"] |
| 80 | +[19.327361, "o", "a"] |
| 81 | +[19.383821, "o", "t"] |
| 82 | +[19.43905, "o", " "] |
| 83 | +[19.494332, "o", "."] |
| 84 | +[19.549987, "o", "e"] |
| 85 | +[19.605914, "o", "n"] |
| 86 | +[19.666133, "o", "v"] |
| 87 | +[19.977953, "o", "\r\n"] |
| 88 | +[19.980355, "o", "[aigate] sandbox active\r\n[aigate] deny_read: .env, .env.*, secrets/, credentials/, ~/.ssh/, *.pem, *.key, *.p12, ~/.aws/, ~/.gcloud/, ~/.kube/config, ~/.npmrc, ~/.pypirc, terraform.tfstate, *.tfvars\r\n[aigate] deny_exec: curl, wget, nc, ncat, netcat, ssh, scp, rsync, ftp, kubectl delete, kubectl exec\r\n[aigate] allow_net: api.anthropic.com, api.openai.com, api.github.com, registry.npmjs.org, proxy.golang.org (all other outbound connections will be blocked)\r\n[aigate] mask_stdout: openai, anthropic, aws_key, github, bearer; +1 custom pattern(s)\r\n"] |
| 89 | +[19.980778, "o", "\u001b[90m\u001b[90m23:57:49\u001b[0m\u001b[0m \u001b[32mINFO \u001b[0m starting bwrap network-filtered sandbox \u001b[36mallow_net=\u001b[0m[\"api.anthropic.com\",\"api.openai.com\",\"api.github.com\",\"registry.npmjs.org\",\"proxy.golang.org\"] \u001b[36mdns_servers=\u001b[0m[\"1.1.1.1\",\"1.0.0.1\",\"1.1.1.1\",\"1.0.0.1\",\"8.8.8.8\"]\r\n"] |
| 90 | +[20.475756, "o", "[aigate] access denied: this file is protected by sandbox policy. See /tmp/.aigate-policy for all active restrictions.\r\n"] |
| 91 | +[24.496781, "o", "\u001b[H\u001b[J\u001b[3J"] |
| 92 | +[24.898714, "o", "\u001b[2;36m# 3) mask_stdout — secrets that slip out are redacted on the way back\u001b[0m\r\n"] |
| 93 | +[26.300264, "o", "\u001b[1;32m$\u001b[0m a"] |
| 94 | +[26.346693, "o", "i"] |
| 95 | +[26.393402, "o", "g"] |
| 96 | +[26.439559, "o", "a"] |
| 97 | +[26.48566, "o", "t"] |
| 98 | +[26.531279, "o", "e"] |
| 99 | +[26.577147, "o", " "] |
| 100 | +[26.620166, "o", "r"] |
| 101 | +[26.66312, "o", "u"] |
| 102 | +[26.706201, "o", "n"] |
| 103 | +[26.749177, "o", " "] |
| 104 | +[26.792617, "o", "-"] |
| 105 | +[26.836017, "o", "-"] |
| 106 | +[26.878714, "o", " "] |
| 107 | +[26.921408, "o", "p"] |
| 108 | +[26.965167, "o", "r"] |
| 109 | +[27.008495, "o", "i"] |
| 110 | +[27.051596, "o", "n"] |
| 111 | +[27.095046, "o", "t"] |
| 112 | +[27.138411, "o", "f"] |
| 113 | +[27.181549, "o", " "] |
| 114 | +[27.224143, "o", "'"] |
| 115 | +[27.267298, "o", "o"] |
| 116 | +[27.310091, "o", "p"] |
| 117 | +[27.353028, "o", "e"] |
| 118 | +[27.395705, "o", "n"] |
| 119 | +[27.438599, "o", "a"] |
| 120 | +[27.480523, "o", "i"] |
| 121 | +[27.522922, "o", " "] |
| 122 | +[27.566044, "o", "k"] |
| 123 | +[27.614399, "o", "e"] |
| 124 | +[27.661275, "o", "y"] |
| 125 | +[27.709589, "o", ":"] |
| 126 | +[27.757745, "o", " "] |
| 127 | +[27.806121, "o", "s"] |
| 128 | +[27.853978, "o", "k"] |
| 129 | +[27.902123, "o", "-"] |
| 130 | +[27.951075, "o", "p"] |
| 131 | +[27.999664, "o", "r"] |
| 132 | +[28.047941, "o", "o"] |
| 133 | +[28.096834, "o", "j"] |
| 134 | +[28.1455, "o", "-"] |
| 135 | +[28.193679, "o", "a"] |
| 136 | +[28.242345, "o", "b"] |
| 137 | +[28.290521, "o", "c"] |
| 138 | +[28.338888, "o", "1"] |
| 139 | +[28.386976, "o", "2"] |
| 140 | +[28.434915, "o", "3"] |
| 141 | +[28.482619, "o", "d"] |
| 142 | +[28.530065, "o", "e"] |
| 143 | +[28.579807, "o", "f"] |
| 144 | +[28.646161, "o", "4"] |
| 145 | +[28.713249, "o", "5"] |
| 146 | +[28.780359, "o", "6"] |
| 147 | +[28.84742, "o", "g"] |
| 148 | +[28.915209, "o", "h"] |
| 149 | +[28.982761, "o", "i"] |
| 150 | +[29.049949, "o", "7"] |
| 151 | +[29.117158, "o", "8"] |
| 152 | +[29.184676, "o", "9"] |
| 153 | +[29.250339, "o", "\\"] |
| 154 | +[29.316657, "o", "n"] |
| 155 | +[29.383747, "o", "'"] |
| 156 | +[29.702308, "o", "\r\n"] |
| 157 | +[29.705, "o", "[aigate] sandbox active\r\n[aigate] deny_read: .env, .env.*, secrets/, credentials/, ~/.ssh/, *.pem, *.key, *.p12, ~/.aws/, ~/.gcloud/, ~/.kube/config, ~/.npmrc, ~/.pypirc, terraform.tfstate, *.tfvars\r\n[aigate] deny_exec: curl, wget, nc, ncat, netcat, ssh, scp, rsync, ftp, kubectl delete, kubectl exec\r\n[aigate] allow_net: api.anthropic.com, api.openai.com, api.github.com, registry.npmjs.org, proxy.golang.org (all other outbound connections will be blocked)\r\n[aigate] mask_stdout: openai, anthropic, aws_key, github, bearer; +1 custom pattern(s)\r\n"] |
| 158 | +[29.705258, "o", "\u001b[90m\u001b[90m23:57:59\u001b[0m\u001b[0m \u001b[32mINFO \u001b[0m starting bwrap network-filtered sandbox \u001b[36mallow_net=\u001b[0m[\"api.anthropic.com\",\"api.openai.com\",\"api.github.com\",\"registry.npmjs.org\",\"proxy.golang.org\"] \u001b[36mdns_servers=\u001b[0m[\"1.1.1.1\",\"1.0.0.1\",\"1.1.1.1\",\"1.0.0.1\",\"8.8.8.8\"]\r\n"] |
| 159 | +[29.770698, "o", "openai key: sk-***\r\n"] |
| 160 | +[33.795432, "o", "\u001b[H\u001b[J\u001b[3J"] |
| 161 | +[34.197103, "o", "\u001b[2;36m# 4) wrap claude itself — the full interactive TUI works the same way\u001b[0m\r\n"] |
| 162 | +[137.01605, "o", "\u001b[1;32m$\u001b[0m aigate run -- claude\r\n"] |
| 163 | +[137.020615, "o", "[aigate] sandbox active\r\n[aigate] deny_read: .env, .env.*, secrets/, credentials/, ~/.ssh/, *.pem, *.key, *.p12, ~/.aws/, ~/.gcloud/, ~/.kube/config, ~/.npmrc, ~/.pypirc, terraform.tfstate, *.tfvars\r\n[aigate] deny_exec: curl, wget, nc, ncat, netcat, ssh, scp, rsync, ftp, kubectl delete, kubectl exec\r\n[aigate] allow_net: api.anthropic.com, api.openai.com, api.github.com, registry.npmjs.org, proxy.golang.org (all other outbound connections will be blocked)\r\n[aigate] mask_stdout: openai, anthropic, aws_key, github, bearer; +1 custom pattern(s)\r\n23:58:05 INFO starting bwrap network-filtered sandbox allow_net=[\"api.anthropic.com\",\"api.openai.com\",\"api.github.com\",\"registry.npmjs.org\",\"proxy.golang.org\"] dns_servers=[\"1.1.1.1\",\"1.0.0.1\",\"1.1.1.1\",\"1.0.0.1\",\"8.8.8.8\"]\r\n ▐▛███▜▌ Claude Code v2.1.97\r\n▝▜█████▛▘ Opus 4.6 (1M context) · Claude Max\r\n ▘▘ ▝▝ ~/Documents/workspace/axeforge/git/aigate\r\n ⎿ SessionStart:startup says: {\"content\":[{\"type\":\"text\",\"text\":\"\"}]}\r\n\r\n View Observations Live @ http://localhost:37777\r\n\r\n❯ what is 2+2? answer in one short sentence.\r\n\r\n● 4.\r\n\r\n\r\n─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\r\n❯ \r\n─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\r\n"] |
| 164 | +[137.020879, "o", "\r\n\u001b[1;32m✓ claude (inside aigate sandbox) answered:\u001b[0m \u001b[1;33m4.\u001b[0m\r\n"] |
0 commit comments