|
2 | 2 |
|
3 | 3 | **Hardened autonomous agent infrastructure. Careful β you might get stung.** |
4 | 4 |
|
5 | | -Hornet is an open framework for running AI coding agents as isolated Linux processes with defense-in-depth security. It assumes the worst: that the agent *will* be prompt-injected, and builds kernel-level walls that hold even when the LLM is fully compromised. |
| 5 | +Hornet is an open framework for running always-on AI agents that support software teams β coding agents, automated SREs, QA bots, monitoring, triage, and more. Agents run as isolated Linux processes with defense-in-depth security. Hornet assumes the worst: that an agent *will* be prompt-injected, and builds kernel-level walls that hold even when the LLM is fully compromised. |
6 | 6 |
|
7 | 7 | ## Why |
8 | 8 |
|
9 | 9 | Every AI agent framework gives the model shell access and hopes for the best. Hornet doesn't hope β it enforces: |
10 | 10 |
|
11 | 11 | - **OS-level isolation** β dedicated Unix user, no sudo, can't see other processes |
12 | 12 | - **Kernel-enforced network control** β iptables per-UID egress allowlist |
13 | | -- **Tamper-proof security** β root-owned hooks prevent the agent from weakening its own defenses |
| 13 | +- **Tamper-proof security** β root-owned hooks prevent agents from weakening their own defenses |
14 | 14 | - **Dual-layer command blocking** β dangerous shell patterns caught before execution at two independent layers |
15 | 15 | - **Self-healing** β permissions hardened on every boot, secrets redacted from logs automatically |
16 | 16 |
|
| 17 | +Agents work on real files in real repos β no sandbox friction. They make real git branches, run real tests, and push real PRs. But they can't exfiltrate data, escalate privileges, or phone home. |
| 18 | + |
17 | 19 | ## Security Stack |
18 | 20 |
|
19 | 21 | | Layer | What | Survives prompt injection? | |
@@ -157,7 +159,7 @@ sudo -u hornet_agent bash -c "export PATH=~/opt/node-v22.14.0-linux-x64/bin:\$PA |
157 | 159 |
|
158 | 160 | ## How It Works |
159 | 161 |
|
160 | | -Hornet runs a **control-agent** that spawns sub-agents (dev-agent, sentry-agent) in tmux sessions and starts a Slack bridge. Messages flow: |
| 162 | +Hornet runs a **control-agent** that spawns specialized sub-agents in tmux sessions and starts a Slack bridge. Out of the box it ships with a dev-agent (coding), sentry-agent (monitoring/triage), and a control-agent (orchestration) β but you can add any agent role. Messages flow: |
161 | 163 |
|
162 | 164 | ``` |
163 | 165 | Slack β bridge (access control + content wrapping) β pi agent β tools (tool-guard + safe-bash) β workspace |
|
0 commit comments