coilysiren/website
1
0
Fork 0
Code Issues 14 Pull requests Projects Releases Packages Wiki Activity Actions 3

Blog post: coily as a safety boundary for AI agents #15

New issue
Closed
opened 2026-05-23 20:55:40 +00:00 by coilysiren · 1 comment
coilysiren commented 2026-05-23 20:55:40 +00:00
Owner
Copy link

Originally filed by @coilysiren on 2026-05-03T19:53:30Z - https://github.com/coilysiren/website/issues/1345

🤖 Filed by Claude Code on Kai's behalf.

Working title: coily, a safety boundary for AI agents on personal infrastructure

Hook: AI agents are increasingly the operator on personal infra. The blast radius of a bad tool call is real. coily is the wrapper that sits between the agent and aws / kubectl / ssh, audit-logs every invocation, and lockdowns destructive ops behind explicit confirmation.

Beats:

  • The threat model: not malicious agents, just confidently wrong ones.
  • The design: mirror the real CLI, layer policy, audit-log, lock down by default.
  • Lockdown vs. allowlist: why deny-by-default fights against the natural agent loop and what to do about it.
  • The Claude Desktop deny-list bypass investigation (separate post can go deeper, link).
  • What this looks like in practice: agent transcript snippets where coily caught a thing.
  • Why the wrapper-not-replacement decision matters for human operators too.

Why now: distinct take in the AI-agent-tooling discourse, grounded in a real homelab.

Audience: platform engineers running agents against real infra; AI tooling builders.

🤖 Filed by Claude Code on Kai's behalf.

Moved from coilysiren/coilyco-ai#11.

_Originally filed by @coilysiren on 2026-05-03T19:53:30Z - [https://github.com/coilysiren/website/issues/1345](https://github.com/coilysiren/website/issues/1345)_ > 🤖 Filed by Claude Code on Kai's behalf. **Working title:** coily, a safety boundary for AI agents on personal infrastructure **Hook:** AI agents are increasingly the operator on personal infra. The blast radius of a bad tool call is real. coily is the wrapper that sits between the agent and `aws` / `kubectl` / `ssh`, audit-logs every invocation, and lockdowns destructive ops behind explicit confirmation. **Beats:** - The threat model: not malicious agents, just confidently wrong ones. - The design: mirror the real CLI, layer policy, audit-log, lock down by default. - Lockdown vs. allowlist: why deny-by-default fights against the natural agent loop and what to do about it. - The Claude Desktop deny-list bypass investigation (separate post can go deeper, link). - What this looks like in practice: agent transcript snippets where coily caught a thing. - Why the wrapper-not-replacement decision matters for human operators too. **Why now:** distinct take in the AI-agent-tooling discourse, grounded in a real homelab. **Audience:** platform engineers running agents against real infra; AI tooling builders. > 🤖 Filed by Claude Code on Kai's behalf. --- *Moved from coilysiren/coilyco-ai#11.*
coilysiren commented 2026-05-30 05:43:04 +00:00
Author
Owner
Copy link

Iceboxed in the 2026-05-29 backlog burn-down: Speculative blog post draft. Reopen anytime if it becomes real.

Iceboxed in the 2026-05-29 backlog burn-down: Speculative blog post draft. Reopen anytime if it becomes real.
coilysiren 2026-05-30 05:43:04 +00:00
  • closed this issue
  • added the
    icebox
         label
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
og-article-tags-1373
claude/coily-docker-image-FF2Rw
No results found.
Labels
Clear labels   
icebox
Closed in the 2026-05-29 backlog burn-down; reopen if it becomes real

  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
P4

No labels
icebox
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilysiren/website#15
No description provided.