Cette page est affichée en anglais. Une traduction française est en cours.
SkillsMay 12, 2026·2 min de lecture

IronCurtain — Secure Runtime for AI Agents

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

Script Depot
Script Depot · Community
Prêt pour agents

Cet actif peut être lu et installé directement par les agents

TokRepo expose une commande CLI universelle, un contrat d'installation, le metadata JSON, un plan selon l'adaptateur et le contenu raw pour aider les agents à juger l'adaptation, le risque et les prochaines actions.

Native · 98/100Policy : autoriser
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
Asset
Commande CLI universelle
npx tokrepo install ac61bb7c-183a-4eee-b56a-03b97b61992d
contrat d'installationJSON metadataplan adaptateurcontenu raw
Introduction

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

  • Best for: teams running autonomous agents who need enforced guardrails beyond prompt-level instructions
  • Works with: Node.js 22+, Docker (recommended), LLM provider API keys (Anthropic/Google/OpenAI)
  • Setup time: 18 minutes

Practical Notes

  • Enforces policy at the boundary (not by trusting the model to follow instructions)
  • Supports both a Docker-mediated mux mode and a builtin sandboxed mode (per README)
  • GitHub stars/forks (verified): see Source & Thanks

When an agent is autonomous, the biggest failure mode isn’t “bad answer” — it’s uncontrolled side effects.

IronCurtain’s framing is useful even if you don’t adopt it fully:

  • Assume the model is untrusted.
  • Put enforcement outside the model (policy engine + controlled tool boundary).
  • Make risky operations explicit and reviewable (writes, pushes, network calls).

A pragmatic adoption path:

  1. Use the built-in agent mode first for small tasks.
  2. Move to Docker-mediated mux mode when you want stronger isolation.
  3. Treat policies as code: version them, review them, and keep a default-deny posture for mutations.

FAQ

Q: Is it a model or a wrapper? A: It’s a runtime/policy boundary that runs an agent and mediates tool calls.

Q: Do I need Docker? A: Docker is strongly recommended for the strongest isolation, but some modes run without it.

Q: What should I lock down first? A: Network access and write operations: make them explicit and require approval/escalation.

🙏

Source et remerciements

Source: https://github.com/provos/ironcurtain > License: Apache-2.0 > GitHub stars: 399 · forks: 52

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

microsandbox — Secure Local Sandboxes for AI Agents

microsandbox provides lightweight, programmable sandboxes that let AI agents execute code safely on your own machine, with strong isolation and support for multiple runtimes.

Skills
Script Depot

Wasmtime — Fast Secure WebAssembly Runtime

Wasmtime is a standalone WebAssembly runtime by the Bytecode Alliance. It runs Wasm modules outside the browser with near-native speed, sandboxed security, and WASI support — enabling server-side Wasm for plugins, serverless functions, and edge computing.

Skills
AI Open Source

Kata Containers — Lightweight VMs for Secure Container Runtime

Run containers inside lightweight virtual machines that provide hardware-level isolation with near-native performance, combining the security of VMs with the speed of containers.

Skills
Script Depot

ONNX Runtime — Cross-Platform ML Model Inference Engine

ONNX Runtime is a high-performance inference engine for machine learning models in the ONNX format. Developed by Microsoft, it accelerates model serving across CPU, GPU, and specialized hardware with a unified API for Python, C++, C#, Java, and JavaScript.

Skills
Script Depot
Accueil🔍Rechercher👤Moi