ReceiptBot – Stop Node.js AI agents from reading .env and burning your budget (github.com)

ReceiptBot is a groundbreaking runtime governance library for Node.js that enhances the security of AI agents by controlling their operations and budget expenditures. Designed to protect against prompt injection and other vulnerabilities, ReceiptBot offers a suite of features including a Policy Engine to enforce user-defined rules, a Flight Recorder to create an immutable audit trail of every action taken, and a Global Interceptor that patches Node.js core modules to prevent unauthorized access and function calls. This means AI agents cannot exfiltrate sensitive data, overspend on LLM usage, or otherwise compromise system integrity without being detected and blocked. The significance of ReceiptBot lies in its ability to provide in-process safeguards without requiring a virtual machine or OS-level sandbox, making it versatile for use in existing Node.js applications. By leveraging AsyncLocalStorage for multi-tenant safety and creating require patches for core modules, ReceiptBot effectively mitigates the risks associated with rogue libraries or operator errors. With detailed cost tracking and secret redaction capabilities, ReceiptBot not only ensures responsible AI research and deployment but also meets the stringent security needs of enterprise environments, enabling safer innovations in AI/ML development.