Hacker News — vinext + Cloudflare Workers

new
past
show
ask
show
jobs
submit

▲Show HN: Ash, an Agent Sandbox for Mac (ashell.dev)

9 points by amsha 19 hours ago | 8 comments

nxtfari 6 hours ago [-]

I believe you’re late to the “ash shell” name by about 36 years

https://en.wikipedia.org/wiki/Almquist_shell

s3anw3 6 hours ago [-]

Great tool! I've witnessed numerous cases where novice users lost critical data assets by recklessly granting proxies/AI agents excessive permissions without understanding the security implications.

ThroneCreator 11 hours ago [-]

One thing that comes to mind is whether the sandbox can restrict outbound network access per process or per command. That could be useful for preventing agents from silently exfiltrating data while still allowing limited API calls.

socialinteldev 6 hours ago [-]

the network restriction question is the interesting one for agent sandboxing — the real risk isn't the agent reading files it shouldn't, it's exfiltrating data through api calls to attacker-controlled endpoints. for agent-to-agent payment protocols like x402 the question gets weird: the agent needs outbound to pay for data, but you want to allowlist which endpoints it can call. per-process network policy + endpoint allowlisting seems like the right primitive here

Muhammad523 12 hours ago [-]

There's a shell with the exact same name for Unix

matthewsinclair 9 hours ago [-]

And there’s also the Ash framework for Elixir.

cjbarber 5 hours ago [-]

See also various sandbox tools I and others (e.g. jpeeler) have collected: https://news.ycombinator.com/item?id=47102258

jakejmnz 11 hours ago [-]

Looks cool, I'll give it a shot. Is this any different from /sandbox command?

Rendered at 10:06:02 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.