Show HN: yolo-cage โ€“ AI coding agents that can't exfiltrate secrets

https://news.ycombinator.com/rss Hits: 5
Summary

yolo-cage: autonomous coding agents that do no harm You're a responsible engineer. You'd never just let an AI run roughshod through your most sensitive systems and codebases. That's why you'd never just shut off the safeguards for a tool like Claude Code. It asks permission for every dangerous action! Safe! So you wait. And you answer. Decision fatigue sets in. And that's when it happens. Permission prompts neglect the weakest part of the thread model: a tired user. What if we could empower the agent while limiting its blast radius, thus deferring your decisions until PR review? That would be great! And that would be yolo-cage. Try it curl -fsSL https://github.com/borenstein/yolo-cage/releases/latest/download/yolo-cage -o yolo-cage chmod +x yolo-cage && sudo mv yolo-cage /usr/local/bin/ yolo-cage build --interactive --up Then create a sandbox and start coding: yolo-cage create feature-branch yolo-cage attach feature-branch # Claude in tmux, YOLO mode Prerequisites: Vagrant with libvirt (Linux) or QEMU (macOS, experimental), 8GB RAM, 4 CPUs, GitHub PAT ( repo scope), Claude account. See setup docs for details. What gets blocked Secrets in HTTP/HTTPS - egress proxy scans request bodies, headers, URLs: sk-ant-* , AKIA* , ghp_* , SSH private keys, generic credential patterns Git operations - dispatcher enforces branch isolation: Push to any branch except the one assigned at sandbox creation git remote , git clone , git config , git credential GitHub CLI - dispatcher blocks dangerous commands: gh pr merge , gh repo delete , gh api GitHub API - proxy blocks at HTTP layer: PUT /repos/*/pulls/*/merge , DELETE /repos/* , webhook modifications Exfiltration sites: pastebin.com, file.io, transfer.sh, etc. See Architecture for the full threat model. How it works โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ Vagrant VM (MicroK8s) โ”‚ โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ Sandbox Pod โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ Claude...

First seen: 2026-01-21 16:40

Last seen: 2026-01-21 20:41

Read Full Article More from this Source
Related News
Show HN: Dwm.tmux โ€“ a dwm-inspired window manager for tmux
2026-01-28 ยท 1 hits
FBI is investigating Minnesota Signal chats tracking ICE
2026-01-27 ยท 27 hits
Xfwl4 โ€“ The Roadmap for a Xfce Wayland Compositor
2026-01-27 ยท 31 hits
Aperture: Senior QA (2004-2005)
2026-01-28 ยท 3 hits
Rust's Standard Library on the GPU
2026-01-28 ยท 23 hits