Nomos is trying to make that boundary explicit at execution time, but I’m curious how others are handling it today.

For example: - do you restrict tools at the framework level? - rely on sandboxing? - or allow broad access and rely on monitoring/audit?