Original Reddit post

Quick clarification before the security comments roll in: The Demo Video: In the video, I have autoApprove turned on just to keep the video short and smooth. By default, manual approval is required - meaning absolutely nothing happens unless you explicitly click “Allow”. Zero Shell Access: This doesn’t use bash, exec , or std::process::Command at all. Everything is executed safely and natively using pure Rust filesystem APIs ( tokio::fs ). There is no shell environment for the AI to manipulate. Ironclad Root Jailing: Path traversal is mathematically blocked . The root jailing handles all edge cases (like sneaky …/…/ tricks or absolute path injections). The AI is physically trapped in the workspace you give it. If you actually find a real exploit or a way to break the sandbox, definitely let me know! But please check out the Rust code before randomly commenting that it’s dangerous. I’ve been experimenting with giving web AI assistants direct access to my local codebase. how it works: The Extension: A browser extension injects into the chat UI. When the AI outputs a specific JSON action block, the extension intercepts it and sends it to a local daemon. The Rust Daemon: A lightweight Rust binary runs in the background. It intercepts the request, verifies the path, and queues it. The Human Gate: The extension pops up a notification. Absolutely nothing touches your disk until you explicitly click “Allow”. Security Model (Why it’s safe): Zero Shells: The daemon is built purely on tokio::fs and std::fs . There is absolutely zero std::process::Command or shell spawning anywhere in the codebase. Root Jailing: You configure a specific workspace directory. Any path (even things like …/…/…/etc/passwd ) is lexically normalized and blocked if it tries to escape the root. Localhost Only: The daemon binds strictly to 127.0.0.1 . It works seamlessly across Linux, macOS, and Windows. I just finalized version 0.6 (the stable core) and I’d love for people to test it out, poke holes in the security model, or build on top of the API! open source: https://github.com/flawme/anvaya Would love to hear your thoughts or feedback! submitted by /u/Inner-Combination177

Originally posted by u/Inner-Combination177 on r/ArtificialInteligence