Airlock: deterministic egress gate for locked‑down LLM agents
Airlock tackles the risk that autonomous LLM agents might exfiltrate data or perform unwanted network actions. It runs a lightweight MCP server that only forwards a sanitized query to a single pre‑configured domain, reads the result, and never lets the model initiate arbitrary requests. The gate drives a real Chrome instance via CDP, relaunches it if it crashes, and logs only status metadata, providing a self‑healing, audit‑ready solution. It’s aimed at developers building agents that need safe, controlled web access, offering stronger guarantees than prompt‑based or raw browser tools.
View on GitHub →fazalrshah/airlock