Author here. I didn't set out to build this. Started with Cubbi as a opinionated Docker-based wrapper for CLI agents, but the network restrictions and not having my own tooling kept fighting. Then found Fence which was already doing the hard kernel work really well. What pushed me to go further was network control: tools that ignore HTTP_PROXY env vars bypass proxy-based filtering entirely. The transparent TUN approach captures everything regardless (but not yet on macos).
The dashboard is just the start. The real goal is full conversation observability including tool calls, a semantic firewall that understands what the agent is actually trying to do rather than just which domain it's hitting, and credential replacement on the fly before anything leaves the machine. The hard part is that sitting as a transparent proxy makes this significantly more complex, and I don't want to touch any agent internals or require integrating a third party SDK.
Happy to answer questions and curious how others are thinking about the visibility vs isolation tradeoff.
Author here. I didn't set out to build this. Started with Cubbi as a opinionated Docker-based wrapper for CLI agents, but the network restrictions and not having my own tooling kept fighting. Then found Fence which was already doing the hard kernel work really well. What pushed me to go further was network control: tools that ignore HTTP_PROXY env vars bypass proxy-based filtering entirely. The transparent TUN approach captures everything regardless (but not yet on macos).
The dashboard is just the start. The real goal is full conversation observability including tool calls, a semantic firewall that understands what the agent is actually trying to do rather than just which domain it's hitting, and credential replacement on the fly before anything leaves the machine. The hard part is that sitting as a transparent proxy makes this significantly more complex, and I don't want to touch any agent internals or require integrating a third party SDK.
Happy to answer questions and curious how others are thinking about the visibility vs isolation tradeoff.
[flagged]
[dead]