8 Repos
Permissions and mechanisms for granting agents access to view and modify files.
Distinct from Code Execution Sandboxes: Focuses on agent-specific access to files, distinct from general code execution sandboxing.
Explore 8 awesome GitHub repositories matching devops & infrastructure · Filesystem Access Controls. Refine with filters or upvote what's useful.
Nanoclaw is an LLM agent orchestrator and multi-platform chat gateway designed to deploy and manage isolated AI agents. It provides a containerized runtime that executes agents within sandboxed Linux containers, ensuring filesystem and state isolation through dedicated workspaces and host bind-mounts. The project distinguishes itself through a unified routing pipeline that connects agents to diverse messaging platforms, including WhatsApp, Discord, Slack, Telegram, Signal, and iMessage. It integrates the Model Context Protocol to extend agent capabilities via managed external data and functio
Limits agent filesystem access to a specific allowlist of directories to prevent host system corruption.
This project is a Python framework for building autonomous, event-driven agent systems. It provides a unified runtime for orchestrating multi-agent workflows, managing persistent conversation state, and executing code within secure, isolated sandbox environments. The framework is designed to handle complex task delegation, allowing agents to invoke other agents as tools while maintaining context across multi-turn interactions. The framework distinguishes itself through its deep integration with the Model Context Protocol, enabling agents to connect to external data sources and remote services
Grants agents controlled access to view and modify files within the sandbox for automated project updates.
PydanticAI is a Python framework designed for building production-grade autonomous agents. It provides a unified interface for interacting with diverse language models, enabling developers to construct agents that perform complex tasks through structured data validation, tool execution, and multi-turn conversation management. The library centers on type-safe schema enforcement, ensuring that model inputs and outputs remain consistent and reliable throughout the agent's lifecycle. The framework distinguishes itself through a robust architecture that emphasizes modularity and testability. It ut
Provides sandboxed filesystem access and code execution tools with fine-grained permission controls for safe interaction with local or remote environments.
Waydroid is a containerized mobile runtime that executes a full Android operating system directly on Linux desktop environments. By utilizing Linux kernel namespaces, it isolates the mobile environment while sharing the host kernel to provide native-like performance and hardware access for mobile applications. The project distinguishes itself through deep integration with the host system, bridging mobile display buffers to native desktop windows and translating host input events into mobile gestures. It enables multi-window management, allowing mobile applications to run alongside native desk
Configures storage mount options to support required access control lists for compatibility with containerized operating system versions.
Bottles is a Wine compatibility manager and prefix manager that provides a graphical interface for running Windows applications on Linux. It functions as a Windows application sandbox and dependency manager, organizing isolated environments to prevent dependency conflicts and protect the host operating system. The project acts as a Wine runner orchestrator, allowing users to download, install, and switch between different compatibility layers and graphics renderers. It distinguishes itself by using community-driven scripts for automated software installation and dependency management, alongsi
Controls permissions for granting sandboxed environments access to specific host system directories.
SSHFS is a network filesystem client that maps remote server directories to local mount points. It functions as a userspace implementation of a filesystem, allowing users to access and manage remote files as if they were on a local disk using the SFTP protocol over SSH. The tool distinguishes itself by offering multiple transport options, including encrypted SSH tunnels for security and direct TCP socket connections to bypass encryption for higher throughput. It also supports connectivity via virtual sockets to access directories hosted inside virtual machines. The system includes capabiliti
Restricts mount access to specific local users or grants permissions to others on the host machine.
Open Multi-Agent is a TypeScript framework for multi-agent orchestration that decomposes natural language goals into a runtime-generated directed acyclic graph of tasks. It functions as a task orchestrator and workflow state manager, coordinating multiple AI models to execute parallel and sequential operations. The framework is distinguished by a proposer-judge consensus protocol used to validate agent outputs through a quorum of agreement. It employs provider-agnostic model routing to assign specific models to tasks based on roles or execution phases and utilizes state-based workflow checkpo
Prevents symlink escapes and enforces directory boundaries for built-in filesystem tools used by agents.
This project is an OS-level process sandbox and cross-platform security wrapper for Linux and macOS. It is designed to isolate arbitrary processes from the host machine by restricting filesystem and network access without the use of full containerization. The system functions as a system-call interceptor and access controller, blocking unauthorized operating system calls based on predefined security policies. It employs allowlists and denylists to manage resource requests and monitors for security violations in real time. Capability areas include filesystem access management using glob-patte
Enforces read and write permissions using allowlists and glob patterns to prevent unauthorized file access.