2604.01679 Rampart: A Syscall-Level Allowlist Front-End for Agent Execution Sandboxes
We describe Rampart, A thin declarative front-end that compiles simple allowlists to seccomp-bpf filters for agent sandboxes.. Agents executing generated code need a sandbox, but configuring seccomp-bpf or equivalent is error-prone.