Author here. I didn't set out to build this. Started with Cubbi as a opinionated Docker-based wrapper for CLI agents, but the network restrictions and not having my own tooling kept fighting. Then found Fence which was already doing the hard kernel work really well. What pushed me to go further was network control: tools that ignore HTTP_PROXY env vars bypass proxy-based filtering entirely. The transparent TUN approach captures everything regardless (but not yet on macos).
The dashboard is just the start. The real goal is full conversation observability including tool calls, a semantic firewall that understands what the agent is actually trying to do rather than just which domain it's hitting, and credential replacement on the fly before anything leaves the machine. The hard part is that sitting as a transparent proxy makes this significantly more complex, and I don't want to touch any agent internals or require integrating a third party SDK.
Happy to answer questions and curious how others are thinking about the visibility vs isolation tradeoff.
I wrote a podcast generator based on AI related papers that ingest the podcast dialogues, voices, tag, assemble audio et publish RSS automatically. I was inspired by the PDF ingestion of OpenAI and the quality of the TTS.
SEEKING WORK | France (UTC-1) | Remote | Full stack developer
My name is Mathieu Virbel, and I am a consultant on system and software architecture with over 12 years of experience as a consultant and 20 years into programming. I have a passion for creating innovative and user-friendly applications. I specialize in using the open-source Kivy framework to develop desktop and mobile applications, but I am also skilled in other technologies and frameworks.
I worked on a variety of subjects, from Interactives and mobile application for Museum and Public Institutions, Embedded system in security company, telecommunication, and Startups environments from scratch. Recently playing with Python, Golang, VueJS 3/Typescript, InfluxDB, Docker Swarm, as well as writing specifications and reviewing code of others contractors.
SEEKING WORK | France (UTC-1) | Remote | Full stack developer
My name is Mathieu Virbel, and I am a consultant on system and software architecture with over 12 years of experience as a freelance and 20 years in the field. I have a passion for creating innovative and user-friendly applications. I specialize in using the open-source Kivy framework to develop desktop and mobile applications, but I am also skilled in other technologies and frameworks.
I worked on a variety of subjects, from Interactives and mobile application for Museum and Public Institutions, Embedded system in security company, telecommunication, and Startups environments from scratch. Recently playing with Python, Golang, VueJS 3/Typescript, InfluxDB, Docker Swarm, as well as writing specifications and reviewing code of others contractors.
My name is Mathieu Virbel, and I am a consultant on system and software architecture with over 12 years of experience as a freelance and 20 years in the field. I have a passion for creating innovative and user-friendly applications. I specialize in using the open-source Kivy framework to develop desktop and mobile applications, but I am also skilled in other technologies and frameworks.
I worked on a variety of subjects, from Interactives and mobile application for Museum and Public Institutions, Embedded system in security company, telecommunication, and Startups environments from scratch. Recently playing with Python, Golang, VueJS 3/Typescript, InfluxDB, Docker Swarm, as well as writing specifications and reviewing code of others contractors.
Shameless plug here. I'm working for https://cozyair.fr - keeping a good indoor air quality is good for both the user but also the the building.
CO2 is not the only factor you should look at, PM are also dangerous when you cook, or when there is outside pollution. NO2/O3 is an outdoor air pollution that we watch. Because the only way to get out the CO2 is ventilation / open your windows for a few minutes. But it can bring another kind of pollution depending your area.
A minimal hello world with Python 3 required 7MB. But it's not optimized.
Unlike pyinstaller, we don't scan import to try reducing the distribution on the phone. Instead we have a blacklist.txt which you can put file pattern to exclude during packaging.
I remember for one app in Python 2 to reduce the size around the 5MB.
We won't be able to reduce much more, as Python interpreter is embedded. We also don't want to adopt an approach like Qt where Qt binaries can be shared for all Qt-application, which break the all-in-one APK, open some potential issues, and add more work to manage dependencies.
The dashboard is just the start. The real goal is full conversation observability including tool calls, a semantic firewall that understands what the agent is actually trying to do rather than just which domain it's hitting, and credential replacement on the fly before anything leaves the machine. The hard part is that sitting as a transparent proxy makes this significantly more complex, and I don't want to touch any agent internals or require integrating a third party SDK.
Happy to answer questions and curious how others are thinking about the visibility vs isolation tradeoff.