jokecode
rich / metatron-security Private

AI sandbox runtime — caging autonomous agents at ring-0

securityrustsandboxai
50 commits
Commits on 16 Dec 1969
  • syscall: deny ptrace from sandboxed processes
    rich · 16 Dec
    b02953b View →
Commits on 14 Dec 1969
  • sandbox: ring-0 caging for autonomous agents
    rich · 14 Dec
    4eb6d23 View →
Commits on 13 Dec 1969
  • tests: regression — escape via clone+namespace
    rich · 13 Dec
    a639ee7 View →
Commits on 10 Dec 1969
  • docs: threat model — when ring-0 is sufficient
    rich · 10 Dec
    319ebae View →
Commits on 8 Dec 1969
  • kernel: trim BPF surface for sandbox helpers
    rich · 8 Dec
    5215661 View →
Commits on 5 Dec 1969
  • feat: telemetry feed for sandbox decisions
    rich · 5 Dec
    44df6cc View →
  • perf: hash syscall args via SHAKE-128
    rich · 5 Dec
    424cf61 View →
Commits on 27 Nov 1969
  • fix: race in seccomp filter installation
    rich · 27 Nov
    00df94c View →
Commits on 26 Nov 1969
  • audit: enable lockdown=integrity at boot
    rich · 26 Nov
    29b4b21 View →
Commits on 23 Nov 1969
  • refactor: split policy engine into core + cli
    rich · 23 Nov
    07decd1 View →
Commits on 20 Nov 1969
  • feat: per-agent capability allowlist
    rich · 20 Nov
    a7da70f View →
Commits on 15 Nov 1969
  • fix: file descriptor leak on policy reload
    rich · 15 Nov
    a462121 View →
Commits on 14 Nov 1969
  • docs: explain why we picked landlock
    rich · 14 Nov
    cd52d89 View →
Commits on 10 Nov 1969
  • chore: vendor microhttpd at 0.9.78
    rich · 10 Nov
    f781865 View →
Commits on 8 Nov 1969
  • tests: fuzz seccomp filter with afl++
    rich · 8 Nov
    5f87258 View →
Commits on 6 Nov 1969
  • syscall: emulate getrandom for sandboxed jails
    rich · 6 Nov
    3c32538 View →
Commits on 4 Nov 1969
  • feat: trace mode with verbose syscall logging
    rich · 4 Nov
    e5715ad View →
Commits on 2 Nov 1969
  • perf: avoid copy on syscall arg inspect
    rich · 2 Nov
    b5b68ea View →
Commits on 30 Oct 1969
  • fix: kill agent on ENOMEM instead of OOM oom-kill
    rich · 30 Oct
    0c2aaa4 View →
Commits on 27 Oct 1969
  • docs: prod deployment hardening checklist
    rich · 27 Oct
    afe01f5 View →
Commits on 26 Oct 1969
  • refactor: rename SandboxPolicy → CageSpec
    rich · 26 Oct
    0102e30 View →
Commits on 22 Oct 1969
  • feat: ring-0 LSM hooks for agent introspection
    rich · 22 Oct
    afecae7 View →
Commits on 21 Oct 1969
  • chore: bump rust toolchain to 1.94
    rich · 21 Oct
    7130418 View →
  • tests: integration — escape attempts library
    rich · 21 Oct
    07c9ca6 View →
Commits on 18 Oct 1969
  • docs: white paper draft v1
    rich · 18 Oct
    466d2db View →
Commits on 14 Oct 1969
  • kernel: harden mmap to deny PROT_EXEC by default
    rich · 14 Oct
    b64b267 View →
Commits on 8 Oct 1969
  • feat: post-exec audit — what did the agent touch
    rich · 8 Oct
    5099709 View →
Commits on 6 Oct 1969
  • fix: stack-clash mitigation via guard pages
    rich · 6 Oct
    7ea0d28 View →
Commits on 3 Oct 1969
  • perf: micro-optimise syscall hot path
    rich · 3 Oct
    f03dfbe View →
Commits on 30 Sept 1969
  • refactor: drop dead policy dialect parser
    rich · 30 Sept
    21e6254 View →