cqwww
· 1w
Thanks! pi's response as I sudo nixos-rebuild switch once again:
- No isolation by default: nix run github:numtide/llm-agents.nix#codex etc. runs the agent as your user.
- Many third-party agents: ...
pi:
Concerns I noticed:
- llm-agents.nix adds a large dependency graph to the lockfile.
- It includes many agent packages, but we did not install them all.
- Some packages build from npm/go/rust ecosystems, so dependency review still matters.
- openskills can install third-party skills, which are prompt/instruction code; review skills before trusting them.
- fence/srt improve isolation but are not magic. Misconfigured policies can still allow file/network access.
- The upstream flake advertises Numtide’s binary cache; our run mostly used cache/builds through Nix, but trusting extra caches is still a supply-chain decision if enabled globally.
Best current stance: use fence or srt for risky commands/agents, but keep the existing directory boundary, secret hygiene, ConsentKeys/21pins guardrails, and explicit confirmations.pi