Discover and explore top open-source AI tools and projects—updated daily.
jingkaiheSecure AI agent execution via isolated microVMs
New!
Top 64.6% on SourcePulse
Matchlock provides a secure CLI tool for running AI agents within ephemeral microVMs, addressing the inherent risks of code execution by untrusted agents. It offers VM-level isolation, network traffic allowlisting, and a novel secret injection mechanism where sensitive credentials are never exposed directly to the agent's environment. This enables safe execution of AI workloads, even those requiring external API access or package installations, by providing a disposable, secure Linux sandbox.
How It Works
The core of Matchlock is its ability to spin up microVMs (using Firecracker on Linux or Virtualization.framework on macOS) that boot in under a second. It enforces network security by sealing the VM's network access, permitting only explicitly defined hosts. A transparent proxy with TLS MITM capabilities intercepts outbound traffic, injecting real API keys or secrets only when traffic is destined for an allowed host, while the VM agent sees only a placeholder. Each sandbox operates on a copy-on-write filesystem that is automatically discarded upon termination, ensuring complete isolation and a clean slate.
Quick Start & Requirements
brew tap jingkaihe/essentials
brew install matchlock
Highlighted Details
Maintenance & Community
The provided README does not contain information regarding specific contributors, sponsorships, or community channels (e.g., Discord, Slack).
Licensing & Compatibility
Limitations & Caveats
The project is explicitly marked as "Experimental" and is subject to breaking changes. Network interception mechanisms differ between Linux (transparent proxy) and macOS (gVisor userspace TCP/IP).
2 days ago
Inactive
instavm
vercel-labs
abshkbh
zerocore-ai