newsReddit r/awsTrust 52 · CommunityPublished 18h agoLive · 11h ago
I couldn't tell what an AI agent was allowed to do without reading its code, so I built a Dockerfile-shaped way to declare it
Here's the gap that's been bugging me: everyone's shipping AI agents, but I can't answer a basic question about any of them — what model does it use, what network can it reach, what tools can it call? — without reading the implementation. We govern containers with manifests and labels; agents are just… vibes and a Python file. Security can't review them; platforms can't enforce anything. So I've been building **agentrc** — an open spec + small CLI to make
