Findie security: every AI agent runs inside OS-level confinement, credentials live in an encrypted vault, and everything outside the task's worktree is denied by default.

Let agents run wild. Inside the walls.

Findie gives AI agents real power over real code, inside OS-level confinement, with credentials sealed in an encrypted vault. The default answer to everything else is no.

● perimeter armed
seatbelt · bwrap · containers
scroll to turn the wheel
01/03
confine

Every agent process runs inside OS-level confinement: Seatbelt on macOS, bwrap on Linux, containers on the Isolated tier.

The switchboard is yours.

Keys, providers, tiers and rules, all configured locally, all stored on your machine. This is the real settings screen.

Findie's global settings screen: API keys, providers and preferences, all stored locally
AES-256-GCM vault OS keychain custody per-task write fences deny by default
The doctrine

Confined by the OS

not a prompt asking nicely. seatbelt, bwrap or a container wraps every agent process.

Sealed credentials

api keys live in an encrypted vault with keychain custody. never plaintext in dotfiles.

Write fences

an agent writes inside its task worktree. your ssh keys, your main, your home: refused.

Tiers, not toggles

protected runs sandboxed on your machine; isolated runs in a container. you choose per project.

Fail closed

when confinement is unavailable, the run is refused. never silently downgraded.

$ agent: write ~/.ssh/id_ed25519 → denied

Power is easy.
Containment is the product.

real walls

Confinement is enforced by the operating system, not by asking the model to behave.

sealed vault

Secrets are encrypted at rest with AES-256-GCM; custody sits in your OS keychain.

fail closed

An environment that can't confine doesn't run with a warning. It doesn't run at all.