Hey everyone, new to the forum and diving into AutoGen. I've been setting up some multi-agent workflows locally, and a question keeps nagging at me.
I understand that `UserProxyAgent`s with code execution can run `requests.get()` or use other Python modules to make network calls. Even a simple `AssistantAgent` could, in theory, generate a code block that the `UserProxyAgent` would then execute, potentially sending data out.
I want to sandbox these agents to prevent any unauthorized data exfiltration. My goal is to allow them to compute and talk to each other, but block all network egress from the agent's execution environment, unless it's to a specific, allowed internal service (like a local LLM).
I'm thinking about using Docker to containerize the whole AutoGen runtime. What would be the best practice here?
1. Is it enough to run the AutoGen script inside a container with `--network=none`? Or would that break inter-agent communication if they're separate processes?
2. Should I be looking at Linux network namespaces or `iptables` rules on the host instead?
3. How do you handle cases where an agent *needs* to fetch something from a known, safe API? Is a proxy the only secure pattern?
Here's a super basic Docker setup I'm considering, but I'm unsure about the networking part:
```dockerfile
FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
# Is --network=none the right flag to use at runtime?
CMD ["python", "my_autogen_crew.py"]
```
I'd really appreciate some step-by-step guidance or examples of how you've locked this down in your own projects. My expertise is more in basic Docker and Linux, so the deeper security mechanics are a bit new to me.
Thanks - Jay