Mathieu Virbel

@mathieuvirbel
3 Followers
16 Following
11 Posts
Working on AI agent sandboxing at greyhaven.co
Retired Kivy.org core dev
Modular music enthousiast
23 years in, still debugging
Mathieu Virbel3d ago
Turns out GVFS can route file ops through D-Bus, bypassing Landlock entirely. Fixed it in greywall today. Still figuring out how many IPC tunnels are hiding in a standard Linux session. #sandboxing
Mathieu Virbel4d ago

Currently wired OpenAI's /v1/responses into greyproxy, and we can now watch Anthropic + OpenAI traffic through the same MITM proxy now. Their streaming formats differ more than I expected - tool calls especially. I guess i was also out of the loop seeing that openai thinking is encrypted...

#greyproxy #opensource #aiagent #ai

Mathieu Virbel5d ago
The UI is coming together nicely, definitely feeling confident enough to ship it.
After weeks of iterating on greyproxy's MITM capabilities, being able to reconstruct full agent conversations from HTTP requests feels like a superpower. Finally seeing exactly what data flows.
Mathieu Virbel6d ago
Building MITM into greyproxy/greywall means I now see API calls for both penguin_mode and grove. Finally, true observability: my AI is secretly a penguin lost in a forest 🐧🌲
Mathieu VirbelMar 13
Today I pushed the MITM in greyproxy further: I reached a POC that reconstructs the agent conversations just based off multiple HTTP requests! This will give full visibility into what agents are doing. Now I have to clean and ship :)
Mathieu VirbelMar 12
TIL how Homebrew tap/cask actually works. Finally sat down and figured out the formula syntax so we could ship greyproxy and greywall as proper brew casks.
Also just added settings and notifications so you never miss a pending approval when an AI agent tries something unexpected.
Mathieu VirbelMar 9

On the menu this week: MITM in greyproxy experimentation achieved Sunday - let's see how far I can take it. The team also shipped a website for greywall: https://greywall.io - go check it out!

Oh, and we added dark mode to greyproxy <3

Mathieu VirbelMar 6
tun2socks + PF on macOS is not tun2socks + TPROXY on Linux.
Linux namespaces = true per-app isolation. macOS PF = user/group filtering only.
DNS is broken too: mDNSResponder uses a Unix socket, PF never sees it. Your "transparent" proxy isn't.
NETransparentProxyProvider exists, rabbit hole for later
Mathieu VirbelMar 5
Changed the architecture: split the proxy from the sandbox.
greyproxy: SOCKS5/DNS proxy with UI for network requests
greywall: process/filesystem sandbox that routes through greyproxy
Install + demo: https://github.com/GreyhavenHQ/greywall
Linux only for now. macOS is being stubborn.
Mathieu VirbelMar 5

Last year I built Cubbi: opinionated Docker containers for AI agents. The problem? Images broke constantly.

So I'm trying another approach: a sandbox using namespaces, seccomp, Landlock, and redirects traffic to a transparent proxy that shows every network request.

My day to day sandbox.