The capability ceiling — how ACT sandboxes third-party tools

Short summary

ACT provides a capability-based policy system for safely sandboxing third-party tools in AI agents. Components declare their needs (filesystem paths, HTTP hosts) at build time; operators grant runtime permissions that intersect with these declarations, creating a security ceiling that neither the component nor the operator can exceed. The system handles HTTP redirects, DNS-based filtering, and CIDR blocks to prevent common bypass vectors.

• •ACT uses declarative capability manifests (act.toml) where components specify required filesystem and HTTP access
• •Operator policy (--fs-allow, --http-allow flags) intersects with component declarations, preventing privilege escalation from either side
• •HTTP policy includes DNS resolution checks, CIDR filtering, and per-redirect validation to block bypass attempts

Generated with AI, which can make mistakes.