I spent the last month writing a Kernel-Level Driver (using aya for eBPF on Linux and WFP Callouts on Windows) to enforce security underneath the agent process instead of putting it in a container.
The Architecture:
Network: Intercepts sys_connect to force agent traffic through a local DLP proxy (scrubbing API keys).
FS: Hooks sys_unlink to prevent the agent from deleting files outside ./workspace.
Identity: Binds the process to the TPM so the binary can't be exfiltrated.
The repo is still in early alpha (expect kernel panics), but I wanted to share the WFP/Rust bindings I wrote because they were a nightmare to debug.
Technical Question for HN: Has anyone successfully used eBPF for blocking sys_open calls reliably? I'm hitting a race condition on older kernels."
Why this works:
It admits it causes "Kernel Panics" (Honesty = Trust).
It asks a specific technical question (Invites smart people to comment).
It shares code/bindings (Gives value).