From d98b5d8455899f40687ca6fa1603301afed3902f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabor=20K=C3=B6rber?= <gab@g4b.org>
Date: Sat, 23 May 2026 18:19:29 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=A5=87=20export=20from=20upstream=20(c09c?=
 =?UTF-8?q?d75)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/README.md b/README.md
index 278e50f..35c4b18 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,23 @@
 
 ---
 
+> [!WARNING]
+> **⚠️ Unreleased Software ⚠️**
+>
+> 🚧 This project is under active development and **not yet released**. APIs, configuration formats, and behavior may change without notice. Please **do not use without contacting the author** about the current state of the project. 🚧
+
+> [!CAUTION]
+> **⚠️ Development Tool Only ⚠️**
+>
+> 🚧 Sandcage is designed for **local development use**. Do **not** use it in CI pipelines or production environments — container isolation is not yet hardened for those contexts. 🚧
+
+### Planned Features
+
+- **Full encapsulation hardening** — for worker and CI environments, ensuring complete sandboxing of file system, network, and credentials
+- **ACP integration** via [`dirigate`](https://github.com/dirigence/dirigate) — Agent Communication Protocol support for structured agent orchestration
+
+---
+
 ## Why Sandcage?
 
 AI coding agents need broad access to do their work: shell, filesystem, network. Letting them run directly on your machine means they share your credentials, your session history, and your entire environment.