Show HN: Pipelock – All-in-One Security Harness for AI Coding Agents

The rapid adoption of autonomous coding assistants such as Claude Code and OpenHands has exposed a glaring security gap: agents often run with full shell privileges and unrestricted network access, making them attractive vectors for credential theft and supply‑chain attacks. Traditional sandboxing solutions either add heavyweight dependencies or lack granular visibility into agent behavior, leaving organizations to rely on ad‑hoc scripts and manual monitoring. Pipelock addresses this void by delivering a purpose‑built, single‑binary proxy that enforces capability separation, ensuring that the process holding API keys cannot directly reach the internet.

At the heart of Pipelock is a seven‑layer scanning pipeline that evaluates every outbound request. It combines SSRF protection, domain blocklists, rate limiting, DLP pattern matching, environment‑variable leak detection, entropy analysis, and URL length checks before forwarding traffic through a fetch proxy that holds no secrets. Responses are then inspected for prompt‑injection signatures and system‑role overrides, with configurable actions ranging from warning to outright blocking. The tool ships with three operational modes—strict (block‑only), balanced (block + warn), and audit (log‑only)—allowing teams to calibrate security posture to regulatory requirements or development speed.

For DevOps and security teams, Pipelock’s zero‑dependency footprint means it can be dropped into CI/CD pipelines, Docker Compose stacks, or Kubernetes pods without additional runtime overhead. Built‑in Prometheus endpoints and JSON audit logs provide immediate observability, while Git‑diff scanning and file‑integrity monitoring extend protection to the codebase itself. Compared with existing Python or npm‑based scanners, Pipelock offers stronger secret‑exfiltration guarantees and a unified interface for both URL and MCP response scanning, positioning it as a pragmatic baseline defense as AI‑driven development matures.