[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-cli-luckyPipewrench-pipelock-en":3,"guides-for-luckyPipewrench-pipelock":362,"similar-k17bc73bymk3wvfgy6mjgpjcps86ncc6-en":363},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":248,"isFallback":243,"parentExtension":251,"providers":252,"relations":257,"repo":259,"tags":358,"workflow":359},1778692456956.1387,"k17bc73bymk3wvfgy6mjgpjcps86ncc6",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Open-source AI agent firewall for MCP security: agent egress control, DLP, SSRF, and prompt injection defense.",{"go":12},"github.com/luckyPipewrench/pipelock","pipelock","https://github.com/luckyPipewrench/pipelock",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":229,"workflow":246},1778692494030.9622,"kn71mzqxapsmpwhecx3fmv9ttn86mm50","en",{"checks":20,"evaluatedAt":194,"extensionSummary":195,"features":196,"nonGoals":202,"promptVersionExtension":206,"promptVersionScoring":207,"purpose":208,"rationale":209,"score":210,"summary":211,"tags":212,"targetMarket":222,"tier":223,"useCases":224},[21,26,29,32,36,39,43,47,50,53,57,61,64,68,71,74,77,80,83,86,90,94,98,102,106,109,112,115,119,122,125,128,131,134,137,141,145,149,152,156,159,162,166,169,173,176,179,182,185,188,191],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly names the problem of securing AI agent egress and defending against common attacks like prompt injection and SSRF.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","Pipelock offers significant value beyond a simple prompt by providing a firewall with mediator-signed receipts, process containment, and MCP-aware policy enforcement.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The tool is designed for production use, offering a comprehensive suite of security features, clear integration guides, and robust deployment options.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","Pipelock focuses on AI agent egress security and command control, with all its features coherently contributing to this core purpose.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The displayed description accurately and concisely reflects the tool's capabilities as an AI agent firewall for security.",{"category":40,"check":41,"severity":24,"summary":42},"Invocation","Scoped tools","The CLI uses a hierarchical command structure and specific tools for actions like 'check', 'sandbox', and 'assess', avoiding generalist 'execute' commands.",{"category":44,"check":45,"severity":24,"summary":46},"Documentation","Configuration & parameter reference","The documentation provides a comprehensive reference for configuration options, including presets and a detailed breakdown of features.",{"category":33,"check":48,"severity":24,"summary":49},"Tool naming","Tool names are descriptive and follow a clear verb-noun or noun-verb hierarchy, such as 'pipelock check' and 'pipelock mcp proxy'.",{"category":33,"check":51,"severity":24,"summary":52},"Minimal I/O surface","Inputs are well-defined via flags and configuration, and outputs (especially with JSON mode) are focused on the requested data without unnecessary telemetry.",{"category":54,"check":55,"severity":24,"summary":56},"License","License usability","The core Pipelock is licensed under Apache 2.0, a permissive open-source license, with enterprise features under ELv2. Both are clearly indicated.",{"category":58,"check":59,"severity":24,"summary":60},"Maintenance","Commit recency","The repository shows recent commits as of May 2026, indicating active maintenance.",{"category":58,"check":62,"severity":24,"summary":63},"Dependency Management","The go.mod file indicates pinned dependencies with specific versions, and the project uses Go 1.25+, suggesting good dependency management.",{"category":65,"check":66,"severity":24,"summary":67},"Security","Secret Management","Pipelock is designed to handle secrets securely, with no hardcoded secrets in committed files and clear mechanisms for accepting secrets via environment variables or files.",{"category":65,"check":69,"severity":24,"summary":70},"Injection","The tool explicitly scans for and defends against prompt injection and URL evasion techniques, with documentation detailing its bypass resistance matrix.",{"category":65,"check":72,"severity":24,"summary":73},"Transitive Supply-Chain Grenades","The project emphasizes supply chain security with SLSA provenance, SBOMs, signed releases, and no runtime fetching of unverified code.",{"category":65,"check":75,"severity":24,"summary":76},"Sandbox Isolation","Pipelock implements process containment using OS-native primitives like Landlock and seccomp, with clear documentation on its sandbox capabilities.",{"category":65,"check":78,"severity":24,"summary":79},"Sandbox escape primitives","The architecture and implementation appear to prevent sandbox escape primitives by design, with network isolation and process containment.",{"category":65,"check":81,"severity":24,"summary":82},"Data Exfiltration","The tool's primary purpose is to prevent data exfiltration, with multiple layers of scanning and blocking for sensitive information.",{"category":65,"check":84,"severity":24,"summary":85},"Hidden Text Tricks","The project's documentation and code practices appear free of hidden text tricks or malicious Unicode characters.",{"category":87,"check":88,"severity":24,"summary":89},"Hooks","Opaque code execution","The source code is plain Go and the build process does not appear to involve obfuscation or runtime code fetching.",{"category":91,"check":92,"severity":24,"summary":93},"Portability","Structural Assumption","The CLI is designed to be portable, with installation methods like Homebrew and Docker, and does not appear to make rigid assumptions about user project structure.",{"category":95,"check":96,"severity":24,"summary":97},"Trust","Issues Attention","With 2 open and 30 closed issues in 90 days, the project shows active engagement and a high closure rate.",{"category":99,"check":100,"severity":24,"summary":101},"Version","Release Management","The project uses GitHub releases and reports versioning information clearly, with a latest release tag visible.",{"category":103,"check":104,"severity":24,"summary":105},"Code Execution","Validation","Input validation is a core component of Pipelock's security model, as evidenced by its extensive scanning and policy enforcement features.",{"category":65,"check":107,"severity":24,"summary":108},"Unguarded Destructive Operations","Destructive operations are either prevented, logged, or subject to strict policy enforcement and clear action receipts, with no evidence of unguarded destructive primitives.",{"category":103,"check":110,"severity":24,"summary":111},"Error Handling","The CLI is built with Cobra and utilizes structured error handling, with specific commands for verification and diagnostics.",{"category":103,"check":113,"severity":24,"summary":114},"Logging","The tool produces structured audit logs and Prometheus metrics, with clear documentation on their format and use.",{"category":116,"check":117,"severity":24,"summary":118},"Compliance","GDPR","Pipelock's focus on preventing exfiltration and scanning data aligns with GDPR principles by minimizing exposure of personal data.",{"category":116,"check":120,"severity":24,"summary":121},"Target market","The tool is designed for global applicability in AI agent workflows, with no apparent regional or jurisdictional limitations.",{"category":91,"check":123,"severity":24,"summary":124},"Runtime stability","The tool is built with Go and aims for cross-platform compatibility, with installation methods like Docker and pre-built binaries.",{"category":44,"check":126,"severity":24,"summary":127},"README","The README is comprehensive, well-organized, and clearly states the extension's purpose and capabilities.",{"category":33,"check":129,"severity":24,"summary":130},"Tool surface size","The CLI exposes a focused set of commands (e.g., init, check, mcp, sandbox, assess) within a manageable surface area.",{"category":40,"check":132,"severity":24,"summary":133},"Overlapping near-synonym tools","Tool commands are distinct and cover specific security functions, avoiding near-synonyms for similar operations.",{"category":44,"check":135,"severity":24,"summary":136},"Phantom features","All documented features, such as DLP, SSRF protection, and MCP scanning, have corresponding implementations and tooling.",{"category":138,"check":139,"severity":24,"summary":140},"Install","Installation instruction","Installation instructions are clear, offering multiple methods (Homebrew, Docker, source) and detailed setup guidance.",{"category":142,"check":143,"severity":24,"summary":144},"Errors","Actionable error messages","The CLI provides clear error messages with exit codes and hints, facilitating troubleshooting and automation.",{"category":146,"check":147,"severity":24,"summary":148},"Execution","Pinned dependencies","Dependencies are managed via go.mod and pinned to specific versions, ensuring reproducible builds.",{"category":33,"check":150,"severity":24,"summary":151},"Dry-run preview","While not explicitly a '--dry-run' flag for all actions, the security-focused nature and audit logging provide visibility into intended actions.",{"category":153,"check":154,"severity":24,"summary":155},"Protocol","Idempotent retry & timeouts","The tool's design emphasizes statelessness between calls and robust error handling, suggesting an architecture conducive to retries and timeouts where applicable.",{"category":138,"check":157,"severity":24,"summary":158},"No unnecessary global install","Installation options like Homebrew, Docker, and `go install` allow for isolated or project-specific setups, avoiding mandatory global installs.",{"category":138,"check":160,"severity":24,"summary":161},"Pipe-to-shell installer","Installation instructions avoid untrusted pipe-to-shell commands, favoring secure methods like Homebrew or verified binaries.",{"category":163,"check":164,"severity":24,"summary":165},"Output","Stream separation","The tool supports JSON output mode, ensuring clean separation of data from diagnostics and progress messages.",{"category":163,"check":167,"severity":24,"summary":168},"Structured output mode","Pipelock offers a `--json` flag for all its subcommands, enabling machine-readable output for integration with agents and scripts.",{"category":170,"check":171,"severity":24,"summary":172},"Subprocess behavior","Signal handling","Built with Go and Cobra, the CLI is expected to handle signals gracefully, ensuring proper shutdown and cleanup.",{"category":40,"check":174,"severity":24,"summary":175},"Hierarchical discoverable arguments","The CLI uses a clear noun-verb hierarchical structure (e.g., 'pipelock audit-packet PATH') with help text and runnable examples.",{"category":40,"check":177,"severity":24,"summary":178},"Unknown-flag handling","Cobra's argument parsing, used by the CLI, provides explicit errors for unknown flags and often includes 'did-you-mean' suggestions.",{"category":65,"check":180,"severity":24,"summary":181},"Secrets not in argv","Secrets are handled via environment variables, files, or stdin, with no direct exposure in command-line arguments documented.",{"category":40,"check":183,"severity":24,"summary":184},"Parseable --version","The `--version` flag outputs a single-line, parseable string in the format 'name version (commit)'.",{"category":40,"check":186,"severity":24,"summary":187},"Flag precedence","While not explicitly detailed in the README, the CLI structure and use of Cobra suggest adherence to standard flag precedence.",{"category":40,"check":189,"severity":24,"summary":190},"Schema introspection","The verifier subcommands and their JSON output provide a machine-readable schema for input and output validation.",{"category":40,"check":192,"severity":24,"summary":193},"Prompt bypass","As a CLI tool designed for automation, Pipelock avoids interactive prompts, opting for flags and configuration files.",1778692493926,"Pipelock is a Go-based CLI tool acting as an AI agent firewall, providing comprehensive security features like egress control, DLP, SSRF defense, prompt injection prevention, and auditable action receipts.",[197,198,199,200,201],"AI agent firewall with mediator-signed receipts","Process containment via OS-native primitives","MCP security, egress control, DLP, and prompt injection defense","11-layer URL scanner with advanced evasion detection","Audit logging and verifiable evidence emission",[203,204,205],"Replacing fundamental OS security controls.","Providing agent-side vulnerability scanning.","Acting as a general-purpose network proxy without security focus.","3.0.0","4.4.0","To secure AI agent workflows by acting as an inline firewall, protecting against data exfiltration, prompt injection, and other threats, while providing verifiable proof of agent actions.","All checks passed with a high degree of confidence, indicating excellent security, documentation, and usability.",100,"A comprehensive and highly secure AI agent firewall CLI tool.",[213,214,215,216,217,218,219,220,221],"security","firewall","agent","cli","mcp","dlp","ssrf","injection-defense","auditing","global","verified",[225,226,227,228],"Securing AI agents with sensitive credentials in their environment.","Preventing prompt injection attacks in LLM interactions.","Auditing and verifying the actions taken by AI agents.","Integrating AI agent security into CI/CD pipelines.",{"codeQuality":230,"collectedAt":232,"documentation":233,"maintenance":236,"security":242,"testCoverage":245},{"hasLockfile":231},true,1778692476279,{"descriptionLength":234,"readmeSize":235},110,39848,{"closedIssues90d":237,"forks":238,"hasChangelog":231,"openIssues90d":239,"pushedAt":240,"stars":241},30,61,2,1778692154000,584,{"hasNpmPackage":243,"license":244,"smitheryVerified":243},false,"Apache-2.0",{"hasCi":231,"hasTests":231},{"updatedAt":247},1778692494031,{"basePath":249,"githubOwner":250,"githubRepo":13,"locale":18,"slug":13,"type":216},"","luckyPipewrench",null,{"evaluate":253,"extract":255},{"promptVersionExtension":206,"promptVersionScoring":207,"score":210,"tags":254,"targetMarket":222,"tier":223},[213,214,215,216,217,218,219,220,221],{"commitSha":256},"HEAD",{"repoId":258},"kd728h5jcjjje6rbqwymfj9zph86m4jp",{"_creationTime":260,"_id":258,"identity":261,"providers":262,"workflow":354},1778692451503.9746,{"githubOwner":250,"githubRepo":13,"sourceUrl":14},{"classify":263,"discover":332,"github":335},{"commitSha":256,"extensions":264},[265,281,308,323],{"basePath":266,"description":267,"displayName":268,"installMethods":269,"rationale":270,"selectedPaths":271,"source":280,"sourceLanguage":18,"type":216},"sdk/verifiers/ts","TypeScript reference verifier for Pipelock Audit Packet v0 receipts and chains.","@pipelock/verifier-ts",{"npm":268},"cli ecosystem detected at sdk/verifiers/ts",[272,275,277],{"path":273,"priority":274},"package.json","mandatory",{"path":276,"priority":274},"README.md",{"path":278,"priority":279},"src/cli.ts","low","rule",{"basePath":249,"installMethods":282,"rationale":283,"selectedPaths":284,"source":280,"sourceLanguage":18,"type":216},{"go":12},"cli ecosystem detected at /",[285,287,288,291,294,296,298,300,302,304,306],{"path":286,"priority":274},"go.mod",{"path":276,"priority":274},{"path":289,"priority":290},"LICENSE","high",{"path":292,"priority":293},"cmd/license-service/main.go","medium",{"path":295,"priority":293},"cmd/pipelock/main.go",{"path":297,"priority":293},"cmd/pipelock-verifier/main.go",{"path":299,"priority":279},"cmd/pipelock/enterprise.go",{"path":301,"priority":279},"cmd/pipelock-verifier/auditpacket.go",{"path":303,"priority":279},"cmd/pipelock-verifier/chain.go",{"path":305,"priority":279},"cmd/pipelock-verifier/output.go",{"path":307,"priority":279},"cmd/pipelock-verifier/receipt.go",{"basePath":309,"installMethods":310,"rationale":312,"selectedPaths":313,"source":280,"sourceLanguage":18,"type":216},"sdk/verifiers/rust",{"cargo":311},"pipelock-verifier-rs","cli ecosystem detected at sdk/verifiers/rust",[314,316,317,319,321],{"path":315,"priority":274},"Cargo.toml",{"path":276,"priority":274},{"path":318,"priority":293},"src/main.rs",{"path":320,"priority":279},"src/cli.rs",{"path":322,"priority":279},"src/lib.rs",{"basePath":324,"installMethods":325,"rationale":327,"selectedPaths":328,"source":280,"sourceLanguage":18,"type":216},"tools/demo-metrics",{"go":326},"github.com/pipelockdev/pipelock/tools/demo-metrics","cli ecosystem detected at tools/demo-metrics",[329,330],{"path":286,"priority":274},{"path":331,"priority":293},"main.go",{"sources":333},[334],"manual",{"closedIssues90d":237,"description":10,"forks":238,"homepage":336,"license":244,"openIssues90d":239,"pushedAt":240,"readmeSize":235,"stars":241,"topics":337},"https://pipelab.org",[338,339,218,340,341,342,213,343,344,345,217,346,347,348,349,350,351,352,353,219],"ai-agents","ai-security","fetch-proxy","golang","llm-security","ssrf-protection","egress-proxy","integrity-monitoring","github-action","security-scanning","agent-security","ai-agent-security","ai-firewall","mcp-security","prompt-injection","security-tools",{"classifiedAt":355,"discoverAt":356,"extractAt":357,"githubAt":357,"updatedAt":355},1778692456792,1778692451504,1778692455092,[215,221,216,218,214,220,217,213,219],{"evaluatedAt":247,"extractAt":360,"updatedAt":361},1778692456956,1778692621694,[],[364,392,412],{"_creationTime":365,"_id":366,"community":367,"display":368,"identity":374,"providers":377,"relations":385,"tags":387,"workflow":388},1778697107735.8984,"k177h2k24qprbp2pjjs5tsb9r586nywg",{"reviewCount":8},{"description":369,"installMethods":370,"name":372,"sourceUrl":373},"AI Constraint Engine — enforces CLAUDE.md, .cursorrules, AGENTS.md rules as laws. 51 MCP tools, 991 tests. Official MCP Registry. npx speclock protect",{"pypi":371},"speclock_ros2","speclock-ros2","https://github.com/sgroy10/speclock",{"basePath":372,"githubOwner":375,"githubRepo":376,"locale":18,"slug":372,"type":216},"sgroy10","speclock",{"evaluate":378,"extract":384},{"promptVersionExtension":206,"promptVersionScoring":207,"score":210,"tags":379,"targetMarket":222,"tier":223},[380,381,382,216,213,217,383],"ai-constraints","code-enforcement","developer-tool","robotics",{"commitSha":256},{"repoId":386},"kd73m85wtkj05xmfff4vq695hn86mgg4",[380,216,381,382,217,383,213],{"evaluatedAt":389,"extractAt":390,"updatedAt":391},1778697123911,1778697107735,1778697174406,{"_creationTime":393,"_id":394,"community":395,"display":396,"identity":399,"providers":400,"relations":408,"tags":409,"workflow":410},1778692456956.1392,"k175y95md19renhn0q6ve6e8ed86n081",{"reviewCount":8},{"description":10,"installMethods":397,"name":398,"sourceUrl":14},{"go":326},"demo-metrics",{"basePath":324,"githubOwner":250,"githubRepo":13,"locale":18,"slug":398,"type":216},{"evaluate":401,"extract":407},{"promptVersionExtension":206,"promptVersionScoring":207,"score":402,"tags":403,"targetMarket":222,"tier":223},99,[213,214,404,405,217,218,220,406],"proxy","ai-agent","command-line",{"commitSha":256},{"repoId":258},[405,406,218,214,220,217,404,213],{"evaluatedAt":411,"extractAt":360,"updatedAt":411},1778692536994,{"_creationTime":413,"_id":414,"community":415,"display":416,"identity":421,"providers":425,"relations":434,"tags":436,"workflow":437},1778683644393.5793,"k171esc5b8pbh1r9s90d526z3586njrn",{"reviewCount":8},{"description":417,"installMethods":418,"name":419,"sourceUrl":420},"Local skill manager and installer for agent-playbook across Claude Code, Codex, and Gemini.",{"npm":419},"@codeharbor/agent-playbook","https://github.com/charon-fan/agent-playbook",{"basePath":422,"githubOwner":423,"githubRepo":424,"locale":18,"slug":424,"type":216},"packages/agent-playbook","charon-fan","agent-playbook",{"evaluate":426,"extract":432},{"promptVersionExtension":206,"promptVersionScoring":207,"score":210,"tags":427,"targetMarket":222,"tier":223},[216,215,428,429,430,431],"skills","management","automation","configuration",{"commitSha":256,"license":433},"MIT",{"repoId":435},"kd7cf5d43dzccs0fw9c2rp131n86mrv4",[215,430,216,431,429,428],{"evaluatedAt":438,"extractAt":439,"updatedAt":438},1778684270439,1778683644393]