HN Showcase
Back to browse
GitHub Repository

A mitmproxy-based egress WAF that restricts connections to allowlisted HTTP routes

9 starsPython

Egress WAF to limit AI agents and NPM malware based on mitmproxy

by esamatti·May 31, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemShip It

Egress filtering for npm malware and rogue AI agents when most firewalls only handle ingress.

Strengths
  • Fails closed by default blocking all traffic if rules are missing or invalid.
  • Real-time mitmweb interface shows all proxied traffic for monitoring.
  • Systemd integration with automatic iptables rule cleanup on service stop.
Weaknesses
  • Ubuntu-only with no support for other Linux distributions or macOS.
  • MITM approach breaks certificate pinning and may interfere with legitimate apps.
Category
Security
Target Audience

DevOps engineers, security teams, Ubuntu server administrators

Similar To

GlassWire · Little Snitch · OpenZiti

Similar Projects

Security●●Solid

Agent Panopticon – Proxy sidecar for autonomous AI agents

Forcing an agent's traffic through a transparent mitmproxy while using iptables as a killswitch and swapping placeholder tokens for real secrets is a neat, practical approach to hardening autonomous agents. The idea shows real domain knowledge, but the repo is an MVP — many features are TODO, docs and use cases are thin, and mitmweb feels like a temporary dev choice rather than a finished UX.

Niche GemShip It
rakag
303mo ago
Security●●Solid

Security Scanner for Agent Skills and MCP

Finally a security linter for MCP configs before you accidentally execute a prompt injection payload.

Solve My ProblemShip It
lirantal
701mo ago