Security harness for AI coding agents (Claude Code, Codex CLI, etc.) — mitmproxy payload inspection + TOML policy control.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ymdarake from gravatar.com ymdarake

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: ymdarake
  • Tags agent , ai , claude , codex , harness , mitmproxy , sandbox , security
  • Requires: Python >=3.11
  • Provides-Extra: dev , e2e
Classifiers
Report project as malware

Project description

Agent Zoo

Agent Zoo

日本語 | English

CI

A security harness that isolates AI coding agents (Claude Code / Codex CLI / Gemini CLI) inside Docker containers and forces all outbound traffic through mitmproxy. Payload inspection plus TOML policy control physically prevent data exfiltration and dangerous command execution, without relying on the agent's own trustworthiness.

Quickstart

uv tool install agent-zoo                      # install from PyPI
mkdir my-zoo && cd my-zoo
zoo init                                       # secure by default: empty allow list (Inbox approval required)
# or: zoo init --policy claude                 # allow Anthropic/Claude only
# or: zoo init --policy {codex,gemini,all}     # see `zoo init --help`
zoo build                                      # build the claude image (5-10 min)
zoo run                                        # interactive mode (first run prompts /login)

zoo init now defaults to --policy minimal (empty domains.allow.list) so that the first outbound request is rejected and surfaced to the Inbox for per-request approval. Pick another profile (claude / codex / gemini / all) to preseed the allow-list, or edit .zoo/policy.toml directly. Live audit is available through the dashboard (zoo up --dashboard-only, http://localhost:8080).

Features

  • Docker isolation: agent containers run on an internal: true network, cut off from the host OS and other containers; the only egress is the mitmproxy sidecar
  • Domain allow-list: outbound destinations are explicitly enumerated in policy.toml, with hot reload support
  • Payload inspection: request and response bodies are inspected (Base64 decoding, secret patterns, URL-embedded secrets)
  • tool_use detection: SSE streams are parsed and dangerous tool invocations are blocked at the request hook
  • Dashboard auditing: requests / tool_uses / blocks shown live, with whitelist nurturing and Inbox (agent-to-human approval requests)
  • Agent-agnostic: same harness covers Claude Code / Codex CLI / Gemini CLI; the unified image enables cross-agent invocation

Documentation

Doc Contents
Install & Setup Detailed uv tool installzoo initzoo run flow, full command reference, unified profile
Inbox guide (JP) Approving agent-issued allow-list requests through the dashboard
Security model Defense in depth, known limitations, operating principles
Policy reference Every setting in policy.toml

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ymdarake from gravatar.com ymdarake

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: ymdarake
  • Tags agent , ai , claude , codex , harness , mitmproxy , sandbox , security
  • Requires: Python >=3.11
  • Provides-Extra: dev , e2e
Classifiers

Release history Release notifications | RSS feed

0.1.5

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.1b2 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_zoo-0.1.4.tar.gz (1.4 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_zoo-0.1.4-py3-none-any.whl (97.9 kB view details)

Uploaded Python 3

File details

Details for the file agent_zoo-0.1.4.tar.gz.

File metadata

  • Download URL: agent_zoo-0.1.4.tar.gz
  • Upload date:
  • Size: 1.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for agent_zoo-0.1.4.tar.gz
Algorithm Hash digest
SHA256 30b42e2262ba9726f1469801c84eece5ed018238329c4e978d26fb0351c1ba20
MD5 bf8d573cbf6843f766ae896d917bfa4e
BLAKE2b-256 e107277a808384510da67d3e97c4448282195686f386f4e4a818bd4e600a1851

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_zoo-0.1.4.tar.gz:

Publisher: release.yml on ymdarake/agent-zoo

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_zoo-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: agent_zoo-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 97.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for agent_zoo-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 34856bd5b6ee649bde03d6520c85e62cb4dcbe2f14fcb405e710cafd2d6acbd3
MD5 3a064ec8daa9470866051936470df828
BLAKE2b-256 446b31965de294d5fc1dbd411ec2ec0448e3233c90f7821b6c8afb484cf2c694

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_zoo-0.1.4-py3-none-any.whl:

Publisher: release.yml on ymdarake/agent-zoo

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page