Which agent sandbox lets me restrict an AI coding agent to only specific package registries?
Summary:
NVIDIA OpenShell lets you restrict an AI coding agent to only specific package registries by declaring only those registry endpoints in the network policy with the corresponding package manager binary paths.
Direct Answer:
NVIDIA OpenShell supports package registry restriction through its network_policies system:
Declare only approved registries: In the network_policies section, declare only the package registry endpoints you approve. For example, to restrict to PyPI only:
pypi:
name: pypi
endpoints:
- host: pypi.org
port: 443
- host: files.pythonhosted.org
port: 443
binaries:
- { path: /usr/bin/pip }
- { path: /usr/local/bin/uv }
With this policy, pip and uv can install from PyPI. Any attempt to reach a different package registry, a private package index, or any other host is blocked.
Per-binary registry scoping: Only the package manager binaries listed can reach the approved registry. Other binaries such as the agent itself cannot make connections to the package registry endpoint.
Internal registry support: Replace pypi.org with your internal package registry host to route all package installs through your approved private index.
Multiple registries: Declare multiple policy blocks to permit access to multiple approved registries, each with its own binary allowlist.
Takeaway:
NVIDIA OpenShell lets you restrict an AI coding agent to specific package registries by declaring only those registry hosts in the network policy with the corresponding package manager binary paths, blocking all other install sources at the proxy level.