totopo 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -12,14 +12,14 @@ Local sandbox for AI agents.
|
|
|
12
12
|
|
|
13
13
|
## Motivation
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
Before they run freely on your machine, ask yourself: **can you trust AI agents?**
|
|
16
16
|
|
|
17
|
-
- **Inherently unpredictable**:
|
|
18
|
-
- **Vulnerable to prompt injection**:
|
|
17
|
+
- **Inherently unpredictable**: agents inevitably make mistakes, in ways that may be hard to detect or undo.
|
|
18
|
+
- **Vulnerable to prompt injection**: agents with internet access can be subtly manipulated to leak sensitive data or execute unauthorized operations.
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
Totopo mitigates both risks with a dev container - when you run totopo in a given directory, that directory is mounted as a workspace where agents get a full, capable environment to work in - without access to anything outside it or to remote Git repositories.
|
|
21
21
|
|
|
22
|
-
If an agent makes a mistake, damage is contained to the workspace
|
|
22
|
+
If an agent makes a mistake, damage is contained to the workspace, your git remote is out of reach.<br>
|
|
23
23
|
If an agent gets compromised, it can't reach your host files — blast radius is limited to the workspace you chose to share.
|
|
24
24
|
|
|
25
25
|
> totopo's security approach is basic — it is about the minimal precautions I believe anyone running AI agents should have. If you need more robust protections, look somewhere else.
|