← All Projects

Agent Embassy

archived AI Security

Turnkey Docker Compose for sandboxing AI agents. Egress proxy allowlist, output validation, read-only filesystem. Three containers, zero host access.

Read-only filesystem, dropped capabilities
Squid-based domain allowlist for network access
Host-side output validation with secret detection
Configurable agent definitions via YAML

DockerSquidPython

Activity Timeline

2026-03-08
Post-mortem complete; project formally deprecated.
Published containment code confirmed sound. Failures were in unpublished observation/exchange layer. Minor gaps noted (missing healthchecks, incomplete depends_on). Deprecation logged.

phase-change

Ask About Projects

Hi! I can answer questions about Ashita's projects, the tech behind them, or how this blog was built. What would you like to know?