Summary

Pipelock addresses the critical security vulnerabilities inherent in AI agents by acting as a comprehensive firewall. It protects against data exfiltration, prompt injection, SSRF, and tool poisoning, enabling safer deployment of AI agents. The project targets developers and power users building or integrating AI agents, offering robust security with minimal integration effort.

How It Works

Pipelock functions as a WAF for AI agents, sitting inline between the agent and the internet. It enforces capability separation, isolating the agent process while Pipelock inspects all traffic through an 11-layer scanner pipeline. It offers three proxy modes—Fetch, Forward, and WebSocket—allowing integration with any HTTP-speaking agent without code modifications. This approach provides deep packet inspection and security enforcement across various communication protocols.

Quick Start & Requirements

Installation is straightforward via Homebrew (brew install luckyPipewrench/tap/pipelock), direct binary download, Docker (docker pull ghcr.io/luckypipewrench/pipelock:latest), or from source using Go 1.25+ (go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest). A quick start guide demonstrates generating a config and testing basic blocking scenarios in under 30 seconds.

Highlighted Details

• Features an 11-layer URL scanner pipeline, including DLP, entropy analysis, SSRF protection, and rate limiting.
• Provides robust protection against prompt injection, tool poisoning, and secret exfiltration across HTTP, WebSocket, and MCP protocols.
• Supports zero-code-change integration via Forward proxy (using HTTPS_PROXY), Fetch proxy, and WebSocket proxy modes.
• Ensures release integrity with SLSA provenance and SBOM, verifiable using gh attestation verify.
• Offers extensive OWASP Agentic AI Top 10 coverage, detailed in docs/owasp-mapping.md.
• Supports signed community rule bundles for enhanced detection capabilities.

Maintenance & Community

Contributions are welcomed, and users are encouraged to star the repository. No specific community channels (like Discord or Slack) or notable sponsorships are detailed in the README.

Licensing & Compatibility

The core Pipelock is licensed under the Apache License 2.0, permitting commercial use. Advanced multi-agent features are available under the Elastic License 2.0 (ELv2), requiring a separate license key. Pre-built artifacts bundle enterprise code, activating with a license; source builds yield Community-only binaries.

Limitations & Caveats

Pipelock operates as a content inspection layer and does not perform process sandboxing or syscall restriction. For comprehensive defense-in-depth, it should be used in conjunction with an operating system-level sandbox. TLS interception for deep scanning requires explicit CA setup.