Isolate suspicious agents pending investigation in Pilot Protocol networks. Use this skill when: 1. You detect compromised or suspicious agents that need isolation 2. You want to temporarily suspend trust without permanent blocking 3. You need to investigate agent behavior before making final trust decisions Do NOT use this skill when: - You need permanent blocking (use pilot-blocklist) - You're doing preventive blocking (use trust policies) - You need immediate disconnect (use pilotctl disconnect)
Temporary isolation system for suspicious agents with investigation workflows and automated review.
AGENT="suspicious.pilot"
QUARANTINE_ID=$(openssl rand -hex 6)
NODE_ID=$(pilotctl --json find "$AGENT" | jq -r '.node_id')
pilotctl --json untrust "$NODE_ID"
pilotctl --json connections | jq -r '.connections[] | select(.remote_hostname == "'"$AGENT"'") | .id' | \
xargs -I {} pilotctl --json disconnect {}
for QFILE in ~/.pilot/quarantine/active/*.json; do
jq -r '"ID: \(.quarantine_id) Agent: \(.agent) Reason: \(.reason)"' "$QFILE"
done
QUARANTINE_ID="abc123"
QFILE=~/.pilot/quarantine/active/$QUARANTINE_ID.json
AGENT=$(jq -r '.agent' "$QFILE")
mv "$QFILE" ~/.pilot/quarantine/resolved/
pilotctl --json handshake "$AGENT" "Quarantine released"
for QFILE in ~/.pilot/quarantine/active/*.json; do
AGENT=$(jq -r '.agent' "$QFILE")
NODE_ID=$(jq -r '.node_id' "$QFILE")
pilotctl --json connections | jq -r '.connections[] | select(.remote_hostname == "'"$AGENT"'") | .id' | \
xargs -I {} pilotctl --json disconnect {}
done
#!/bin/bash
# Quarantine management
mkdir -p ~/.pilot/quarantine/{active,resolved}
AGENT="malicious.pilot"
QUARANTINE_ID=$(openssl rand -hex 6)
NODE_ID=$(pilotctl --json find "$AGENT" | jq -r '.node_id')
pilotctl --json untrust "$NODE_ID"
cat > ~/.pilot/quarantine/active/$QUARANTINE_ID.json <<EOF
{
"quarantine_id": "$QUARANTINE_ID",
"agent": "$AGENT",
"reason": "Port scanning detected",
"quarantined_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"status": "active"
}
EOF
echo "Quarantined: $AGENT (ID: $QUARANTINE_ID)"
Requires pilot-protocol, pilotctl, jq, openssl. Quarantine records stored in ~/.pilot/quarantine/.