From b3d0970204977a60cae7400a0385330ae896de58 Mon Sep 17 00:00:00 2001 From: Phil Calvin Date: Sat, 11 Apr 2026 04:08:46 +0000 Subject: [PATCH 1/2] Rename README header to less-lethal: userspace LLM agent VM Co-Authored-By: Claude Opus 4.6 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index af8d730..75c6df5 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Agent VM +# less-lethal: userspace LLM agent VM A sandboxed Debian VM with no direct internet access. All traffic is forced through a host-side [mitmproxy](https://mitmproxy.org/) that enforces an allowlist, giving full visibility and control over what the guest can reach. Runs on macOS (Hypervisor.framework) and Linux (KVM or software emulation). No sudo required. From d1e0ac303ebc7a2407de50a5c9fbd43e8f669f52 Mon Sep 17 00:00:00 2001 From: Phil Calvin Date: Sat, 11 Apr 2026 04:12:51 +0000 Subject: [PATCH 2/2] CI: try larger runners (4-core Linux, xlarge macOS) Experiment to measure speedup. Linux gets KVM on larger runners. macOS is still TCG but has more CPU/RAM. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 52aa648..29fc7f2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,8 +19,8 @@ jobs: - run: uv run pytest tests/test_filter.py -v e2e-linux: - runs-on: ubuntu-latest - timeout-minutes: 20 + runs-on: ubuntu-latest-m # KVM-enabled, ~90s vs ~4min under TCG + timeout-minutes: 10 steps: - uses: actions/checkout@v5 - name: Install uv @@ -52,7 +52,7 @@ jobs: ${{ runner.temp }}/vm-state/mitmdump.log e2e-macos: - runs-on: macos-latest + runs-on: macos-latest-xlarge timeout-minutes: 20 steps: - uses: actions/checkout@v5