RepoRadar
Leave a Tip
Item detail

luckyPipewrench/pipelock

Pipelock is an Apache-2.0 open-source AI agent firewall for MCP security and agent egress, written in Go. It scans mediated HTTP, MCP, A2A, and WebSocket traffic for prompt-injection patterns and secret-leak attempts, then enforces policy before an agent's tool call hits the real world. 719 stars, drops in front of any agent that speaks MCP or A2A.

Open source Back to radar
Score7.6
Popularity65.0
Riskconditional
TierSilver
Score breakdown
Usefulness8.0
Novelty8.0
Momentum7.0
Maturity6.9
Open-source/build8.4
Evidence7.2
Workflow potential9.1
Setup ease6.4

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for teams deploying MCP servers or A2A agents who need a runtime guardrail between the agent and the tools / external systems it can call. Drop Pipelock in front of your MCP traffic, point it at the agent's egress channel, and let it block obvious prompt-injection and secret-leak patterns before they reach the tool layer.

Who should use it

teams running MCP servers who need a runtime guardrail between agents and tool callsA2A agent orchestrators that need to scan inter-agent traffic for prompt-injection payloadssecurity teams who want a Go-native firewall they can drop inline without adding meaningful latencyanyone shipping agent-to-tool integrations in production who needs prompt-injection and secret-leak detectionDevSecOps teams standardizing on egress controls for AI workloads

Who should skip it

Skip if the source link, docs, or setup requirements do not match your workflow.

Risk explanation

runtime security tool — false positives can block legitimate tool calls; tune the policy carefully before production; intercepts MCP/A2A traffic, which means it sees every tool call payload — review what it logs and stores.

Evidence links

Closest alternatives / related signals

agent-securitymcpa2afirewallprompt-injectionsecret-leakegressruntime