Show HN: Airlock – container agents should never hold credentials
github.comI built Airlock to move policy enforcement for credentialed CLI access out of agent containers and onto the host.
In Dockerized agent setups, prompt files, skills, and other in-container controls are not a real boundary. The agent can ignore or rewrite them.
Airlock replaces sensitive CLIs in the container with shims that send requests to a host daemon over a Unix socket. The host validates the request against policy and, if allowed, executes the real command there.
The goal is to let a containerized agent use tools like git, ssh, aws, terraform, or docker without the container holding the real credentials.
It’s not a general sandbox or a complete agent security solution. It solves a narrower problem: host-side enforcement for credentialed CLI access.
No comments yet.