Show HN: Pipelock – All-in-one security harness for AI coding agents (github.com)

A new tool called Pipelock has been introduced as an all-in-one security harness designed to protect AI coding agents, such as Claude Code and OpenHands, that operate with shell access and API keys. Unlike traditional security solutions, Pipelock consolidates various security measures into a single binary with zero dependencies. It primarily focuses on controlling network egress, monitoring workspace integrity, detecting credential exfiltration, and guarding against prompt injection—all critical in safeguarding sensitive data from potential breaches. The significance of Pipelock lies in its capability separation approach, where the AI agent (which handles sensitive API keys) operates in a restricted network environment while a fetch proxy manages web browsing without access to these secrets. Every web request passes through a sophisticated seven-layer scanning pipeline that checks for known threats, such as SSRF attacks and unauthorized data leaks. This architecture not only enhances security against common vulnerabilities but also provides detailed logging and auditing capabilities, making it an essential tool for developers looking to integrate robust security protocols into their AI applications.