Hey Sprites team! I’m setting up sprites for AI agents and ran into two limitations. Wanted to share the use cases in case these are feasible to support.
1) Some way to use Tailscale alongside network policy restrictions
The problem:
When any domain rules are set via the network policy API, UDP traffic is blocked entirely. This breaks Tailscale, which requires UDP for WireGuard.
My use case:
I want to be able to use Claude Code in the Sprite & restrict what it has access to while still giving it access to resources in our Tailscale network
Current behavior:
- No rules → UDP works, Tailscale works
- Any domain rules → UDP blocked, Tailscale broken
Desired behavior:
Some way to use Tailscale alongside network policy restrictions
2) HTTP header injection per domain
The problem:
When an AI agent makes authenticated API requests, it needs access to the token/secret. This means the agent could exfiltrate or misuse credentials.
My use case:
I have internal services the agent should be able to call, but I don’t want the agent to see the auth tokens. I want to inject headers at the network layer so the agent just makes requests and auth happens transparently.
Desired behavior:
Configure headers that get injected into outgoing requests, scoped by domain:
The agent makes a request to api.internal.com, and the proxy/firewall adds the Authorization header before forwarding. The agent never sees the token.