Nucleus: Enforced permissions for AI agents – policy+enforcement in one stack
Nucleus introduces a system to enforce permissions for AI coding agents, preventing untrusted input from combining with privileged actions. It utilizes two primitives, join and flows_to, to ensure information flow control and maintain session integrity. The framework includes features for tracking data provenance and blocking unsafe operations, enhancing security for AI-assisted coding tasks.
- ▪Nucleus prevents AI coding agents from combining untrusted input with privileged actions.
- ▪The system employs two primitives, join and flows_to, to enforce information flow control.
- ▪It tracks data provenance and blocks dangerous combinations, ensuring safe coding practices.
Opening excerpt (first ~120 words) tap to expand
Nucleus Nucleus prevents AI coding agents from combining untrusted input with privileged actions, and proves what was and wasn't allowed. Two primitives — join and flows_to — enforce information flow control with four algebraic laws. Once web content enters a session, it cannot silently reach git push. That property is machine-checked, not hoped. let mut state = FlowState::bottom(); // clean session state.join_operation(Operation::WebFetch); // tainted by web content assert!(!state.flows_to(SinkClass::GitPush)); // can't push tainted data Quick Start cargo install --git https://github.com/coproduct-opensource/nucleus nucleus-cli nucleus audit # scan agent configs (Tier 0, no runtime) nucleus run --local "your task" # run with enforced permissions (Tier 1) Every tool call flows through the…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.