Esta página se muestra en inglés. Una traducción al español está en curso.
SkillsMay 12, 2026·2 min de lectura

IronCurtain — Secure Runtime for AI Agents

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Asset
Comando de instalación directa
npx -y tokrepo@latest install ac61bb7c-183a-4eee-b56a-03b97b61992d --target codex

Ejecutar después de confirmar el plan con dry-run.

Introducción

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

  • Best for: teams running autonomous agents who need enforced guardrails beyond prompt-level instructions
  • Works with: Node.js 22+, Docker (recommended), LLM provider API keys (Anthropic/Google/OpenAI)
  • Setup time: 18 minutes

Practical Notes

  • Enforces policy at the boundary (not by trusting the model to follow instructions)
  • Supports both a Docker-mediated mux mode and a builtin sandboxed mode (per README)
  • GitHub stars/forks (verified): see Source & Thanks

When an agent is autonomous, the biggest failure mode isn’t “bad answer” — it’s uncontrolled side effects.

IronCurtain’s framing is useful even if you don’t adopt it fully:

  • Assume the model is untrusted.
  • Put enforcement outside the model (policy engine + controlled tool boundary).
  • Make risky operations explicit and reviewable (writes, pushes, network calls).

A pragmatic adoption path:

  1. Use the built-in agent mode first for small tasks.
  2. Move to Docker-mediated mux mode when you want stronger isolation.
  3. Treat policies as code: version them, review them, and keep a default-deny posture for mutations.

FAQ

Q: Is it a model or a wrapper? A: It’s a runtime/policy boundary that runs an agent and mediates tool calls.

Q: Do I need Docker? A: Docker is strongly recommended for the strongest isolation, but some modes run without it.

Q: What should I lock down first? A: Network access and write operations: make them explicit and require approval/escalation.

🙏

Fuente y agradecimientos

Source: https://github.com/provos/ironcurtain > License: Apache-2.0 > GitHub stars: 399 · forks: 52

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados