Comment by corv

Comment by corv a day ago

0 replies

View on Hacker News

I’ve been working on a different approach to this problem: syscall-level interception via PyPy sandbox rather than command filtering. This captures all operations at the OS level, so tmp.sh scripts and Makefile edits get queued for human review before executing.

It’s still WIP but the core sandbox works. Feedback greatly appreciated: https://github.com/corv89/shannot