Show HN: YSA – Sandbox for AI agents with outbound network control
github.comI've been running Claude CLI on production codebases and got uncomfortable not knowing what could leak outbound — especially in case of prompt injection.
YSA runs Claude CLI inside a rootless Podman container with a git worktree per task. Each container gets: - A MITM proxy (L7): TLS termination, GET-only enforcement, body blocked, URL length cap, outbound byte budget, rate limiting per domain - iptables rules via OCI hook (L3/L4): all outbound traffic blocked except through the proxy - seccomp whitelist, all capabilities dropped, read-only filesystem, no-new-privileges
The repo includes a basic dashboard to run tasks in parallel and visualize per-container network traffic in real time.
Early but functional — I use it daily.
Especially curious about feedback on the security model and proxy bypass detection.
No comments yet.