HN Showcase
Back to browse
GitHub Repository

A mitmproxy-based egress WAF that restricts connections to allowlisted HTTP routes

10 starsPython

Egress WAF to limit AI agents and NPM malware based on mitmproxy

by esamatti·May 31, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemShip It

Egress filtering for npm malware and rogue AI agents when most firewalls only handle ingress.

Strengths
  • Fails closed by default blocking all traffic if rules are missing or invalid.
  • Real-time mitmweb interface shows all proxied traffic for monitoring.
  • Systemd integration with automatic iptables rule cleanup on service stop.
Weaknesses
  • Ubuntu-only with no support for other Linux distributions or macOS.
  • MITM approach breaks certificate pinning and may interfere with legitimate apps.
Category
Security
Target Audience

DevOps engineers, security teams, Ubuntu server administrators

Similar To

GlassWire · Little Snitch · OpenZiti

Similar Projects

Security●●Solid

Agent Panopticon – Proxy sidecar for autonomous AI agents

Forcing an agent's traffic through a transparent mitmproxy while using iptables as a killswitch and swapping placeholder tokens for real secrets is a neat, practical approach to hardening autonomous agents. The idea shows real domain knowledge, but the repo is an MVP — many features are TODO, docs and use cases are thin, and mitmweb feels like a temporary dev choice rather than a finished UX.

Niche GemShip It
rakag
304mo ago
Security●●Solid

Drydock – VM Sandboxes for macOS Autonomous Coding Agents

Host-side API key gateway keeps credentials out of agent sandboxes entirely.

Big BrainNiche Gem
sricola
102d ago
Security●●Solid

Security Scanner for Agent Skills and MCP

Finally a security linter for MCP configs before you accidentally execute a prompt injection payload.

Solve My ProblemShip It
lirantal
701mo ago