Security●●Solid
Agent Gate – a deterministic CI firewall for AI-generated PRs
Deterministic CI firewall that blocks AI PRs without running untrusted code or calling LLMs.
Big BrainShip It
sjh9714
207d ago
Back to browse
GitHub Repository
CargoWall Action to secure your GitHub Workflows
37 starsTypeScript
CargoWall – eBPF Firewall for GitHub Actions
by caleblloyd·Mar 31, 2026·14 points·2 comments
AI Analysis
●●SolidBig BrainSolve My Problem
eBPF firewall for GitHub Actions stops supply chain attacks at the kernel level.
Strengths
- •Wire-protocol parsing with eBPF means zero code changes to existing workflows
- •Per-step connection correlation shows exactly which CI step made suspicious calls
- •DNS proxy with hostname allowlists prevents tunneling before IPs even resolve
Weaknesses
- •Requires ubuntu-latest runners, no Windows or macOS support yet
- •Competes with StepSecurity and other emerging CI security tools
Category
Target Audience
DevOps engineers, CI/CD security teams
Similar To
StepSecurity · StackRox · Snyk
Post Description
We just open-sourced CargoWall - a lightweight eBPF firewall for GitHub Actions.
We originally built it to stop LLM agents from connecting to untrusted domains. After recent GitHub Actions supply chain compromises like the Trivy attack, we realized it'd work well for blocking untrusted connections from CI runners too.
It uses iptables DNAT to redirect all outbound port 53 traffic to a local DNS proxy, which checks each query against a hostname allowlist before forwarding. Resolved IPs from allowed responses are inserted into eBPF LPM trie maps, and a TC egress classifier attached to the network interface drops any packet whose destination IP/protocol/port isn't in the trie.
Cgroup hooks capture every socket connect/sendmsg call system-wide, mapping the socket cookie to the process to correlate where connections are coming from. It then correlates the connection times with steps to provide a summary of which connections originated from which steps.
ubuntu-latest and ubuntu-24.04 runners are supported. Simple one-step setup example:
uses: code-cargo/cargowall-action@v1 # or v1.0.0 for immutable tag with: mode: enforce allowed-hosts: | registry.npmjs.org
eBPF Program: https://github.com/code-cargo/cargowallGitHub Action: https://github.com/code-cargo/cargowall-action
We'd love for you to give it a try! Happy to answer questions or take feedback.
Similar Projects
Security●●Solid
I built a 0.07ms Python firewall to stop AI hallucinations
Deterministic policy gates beat LLM guardrails when your agent tries to DROP TABLE.
Solve My ProblemSlick
richardewing1
422mo ago
Developer Tools●●●Banger
Hud – eBPF-based blocking detector for Tokio
eBPF blocking detector for Tokio, zero instrumentation required.
WizardrySolve My ProblemBig Brain
cong-or
204mo ago
Developer Tools●●●Banger
CCG – Block merges until devs prove they read their own diff
GitHub Action quizzes devs on their PR diff using Claude before merging.
Big BrainBold Bet
islandbytes
302mo ago
Security●●●Banger
Abom – Actions Bill of Materials for GitHub Actions Supply Chains
SBOMs for CI/CD pipelines catch transitive action deps that grep misses entirely.
Solve My ProblemDark Horse
julietsecurity
212mo ago
Developer Tools●●Solid
Write Your GitHub Actions in TypeScript
TypeScript Actions with type safety beats shell-in-YAML hell.
Solve My ProblemShip It
windsor
714d ago