> We don't have E2EE yet (it's on the roadmap), so some level of trust in Omnara is required today. All repo operations happen locally on your machine. For messages/chat history: we store those encrypted at rest because we need access to sync across devices, send notifications, and resume agents. Cloud sandboxing is opt-in and would require syncing codebase state.
Does your service require access to the code? Could you explain what trust specifically is required - is there anything else besides messages / chat history that you store and how long you retain those?
Sandboxing, which is an optional, opt-in feature, requires persistent access to the code via our github integration + us syncing certain refs to our backend.
However, even if you don't opt into syncing, tool calls will end up sending pieces of code from your codebase to our backend. That's just the nature of how we handle persistence of chats. Though messages/chats are retained until you delete them.
It sounds like an interesting experiment that you're doing. Are there any plans to support cli mode? Many developer are reluctant of VS code and other slow IDEs
Harsh, but a good point on egress cost that I overlooked, I'm adding a section on this - if you use Oracle cloud it looks like you get 10TB included at no additional cost where DO would be around $84 at the same bandwidth levels
You can block the specific offending IPs without collateral damage.
CGNATs reuse IPs so any IP block rule fairly quickly becomes somebody else's IP that you shouldn't be blocking.
If, however, you use IPv6, you don't need CGNAT and, while addresses may change, a blocked address won't suddenly get recycled to an unsuspecting user. In addition, if the allocation is static, you can block the whole network range and the problematic devices can't change their allocation sufficiently to escape the IP block.
While it would allow us to be more specific with the IPs, it would entail blocking 500.000 IPs, or more. That quickly becomes unmanageable as well.
What I'd love to see is a service where websites could report abuse to ISPs, who would then take the misbehaving customers offline, until their system or behavior is fixed. Right now there's zero incentives to take customers offline, neither for ISP, nor cloud providers.
> it would entail blocking 500.000 IPs, or more. That quickly becomes unmanageable as well.
Companies don't seem to have a tough time managing the blocks for all the various ranges of all the VPS providers to prevent you from using VPNs to access their services. Somehow, I don't think blocking 500,000 IPs is a technical problem.
I also suspect that once you start getting effective IP blocking, that 500,000 number will drop quite rapidly as it simply won't be so profitable to commandeer a device.
> What I'd love to see is a service where websites could report abuse to ISPs, who would then take the misbehaving customers offline, until their system or behavior is fixed.
IPv4 CGNAT is part of that problem, too. Because of CGNAT, the offending IPs get "tumbled" and are more difficult to identify from outside the ISP. Consequently, it makes it difficult to punish the ISPs. Without IPv4 CGNAT, those IPs are more stable over time and can be identified outside the ISP boundary. If ISPs start losing customers because everybody in the universe has blocked various ranges, the ISPs will start blocking devices at origin.
First, you should fix fundamental operations on Mac and other distributions - for example when you stash or perform operations on files from other tools, it will put the state out of sync.
You can build the most beautiful and fastest IDE, but with this bugs, it’s useless
How are you handling private data and chats transmitted?
reply