Security harness for AI coding agents (Claude Code, Codex CLI, etc.) — mitmproxy payload inspection + TOML policy control.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ymdarake from gravatar.com ymdarake

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: ymdarake
  • Tags agent , ai , claude , codex , harness , mitmproxy , sandbox , security
  • Requires: Python >=3.11
  • Provides-Extra: dev , e2e
Classifiers
Report project as malware

Project description

Agent Zoo

Agent Zoo

日本語 | English

CI

A security harness that isolates AI coding agents (Claude Code / Codex CLI / Gemini CLI) inside Docker containers and forces all outbound traffic through mitmproxy. Payload inspection plus TOML policy control physically prevent data exfiltration and dangerous command execution, without relying on the agent's own trustworthiness.

Quickstart

uv tool install agent-zoo                      # install from PyPI
mkdir my-zoo && cd my-zoo
zoo init                                       # secure by default: empty allow list (Inbox approval required)
# or: zoo init --policy claude                 # allow Anthropic/Claude only
# or: zoo init --policy {codex,gemini,all}     # see `zoo init --help`
zoo build                                      # build the claude image (5-10 min)
zoo run                                        # interactive mode (first run prompts /login)

zoo init now defaults to --policy minimal (empty domains.allow.list) so that the first outbound request is rejected and surfaced to the Inbox for per-request approval. Pick another profile (claude / codex / gemini / all) to preseed the allow-list, or edit .zoo/policy.toml directly. Live audit is available through the dashboard (zoo up --dashboard-only, http://localhost:8080).

Features

  • Docker isolation: agent containers run on an internal: true network, cut off from the host OS and other containers; the only egress is the mitmproxy sidecar
  • Domain allow-list: outbound destinations are explicitly enumerated in policy.toml, with hot reload support
  • Payload inspection: request and response bodies are inspected (Base64 decoding, secret patterns, URL-embedded secrets)
  • tool_use detection: SSE streams are parsed and dangerous tool invocations are blocked at the request hook
  • Dashboard auditing: requests / tool_uses / blocks shown live, with whitelist nurturing and Inbox (agent-to-human approval requests)
  • Agent-agnostic: same harness covers Claude Code / Codex CLI / Gemini CLI; the unified image enables cross-agent invocation

Documentation

Doc Contents
Install & Setup Detailed uv tool installzoo initzoo run flow, full command reference, unified profile
Inbox guide (JP) Approving agent-issued allow-list requests through the dashboard
Security model Defense in depth, known limitations, operating principles
Policy reference Every setting in policy.toml

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ymdarake from gravatar.com ymdarake

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: ymdarake
  • Tags agent , ai , claude , codex , harness , mitmproxy , sandbox , security
  • Requires: Python >=3.11
  • Provides-Extra: dev , e2e
Classifiers

Release history Release notifications | RSS feed

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

This version

0.1.1b2 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_zoo-0.1.1b2.tar.gz (1.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_zoo-0.1.1b2-py3-none-any.whl (95.2 kB view details)

Uploaded Python 3

File details

Details for the file agent_zoo-0.1.1b2.tar.gz.

File metadata

  • Download URL: agent_zoo-0.1.1b2.tar.gz
  • Upload date:
  • Size: 1.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for agent_zoo-0.1.1b2.tar.gz
Algorithm Hash digest
SHA256 b14081dd55b496eae3210760238c9358cfe28c76a3f7d2939f3634addb53525e
MD5 5cf546e921260c004f50d021d1039966
BLAKE2b-256 0a5147453a9f49fbc30d17e8f242009ab70e40233d3126a71b0f9fccf97caff7

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_zoo-0.1.1b2.tar.gz:

Publisher: release.yml on ymdarake/agent-zoo

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_zoo-0.1.1b2-py3-none-any.whl.

File metadata

  • Download URL: agent_zoo-0.1.1b2-py3-none-any.whl
  • Upload date:
  • Size: 95.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for agent_zoo-0.1.1b2-py3-none-any.whl
Algorithm Hash digest
SHA256 26277d577cfb8f583f696bb9b492abab1576b53435105bd7411d2d5bc03825b7
MD5 3bec178f302aaed51d6472f411f923a7
BLAKE2b-256 e9f581900f1a033a66c291947ab3ba6b7a39637cf48edf6026f014d21f30feb7

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_zoo-0.1.1b2-py3-none-any.whl:

Publisher: release.yml on ymdarake/agent-zoo

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page