Hi HN,

We’ve been integrating AI coding agents deeply into our development workflows and saw major gains once we let agents run in long loops (tests → build → search → refine). The problem: to be effective, agents need real access to the environment.

Our first approach was allowing agents to run bash. It works, but it’s obviously dangerous — arbitrary commands, no guardrails, and a lot of implicit trust.

OpenCuff is our attempt to fix this.

It’s an open-source tool that gives AI coding agents explicit, capability-based access instead of raw shell execution. Agents can run useful actions (tests, builds, searches, etc.) while staying within well-defined, auditable boundaries. The goal is to let agents run autonomously for hours without turning your machine or CI environment into a free-for-all.

This is an early, fast-moving project. We built it for ourselves, but we think others running AI agents at scale may run into the same tradeoffs.

We’d really appreciate feedback from the HN community — especially around:

threat models we may be missing

comparisons to sandboxing / containers / policy-based systems

what you’d want from a tool like this

Links: https://opencuff.ai

https://github.com/OpenCuff/OpenCuff

Happy to answer questions and discuss design decisions.