The execution firewall for AI agents.
Nullsec Interlock sits between AI agents and dangerous actions — shell commands, file writes, git operations, HTTP requests, wallet transactions, database queries, and cloud deploys. Every action is classified, risk-scored, secret-scanned, simulated, policy-checked, and either allowed, blocked, sandboxed, or escalated for human approval — with a full signed audit trail. Everything runs locally.
pnpm add -g @nullsec/cli
nullsec init # scaffold nullsec.policy.ts
nullsec dev # start local approval daemon
nullsec run -- git push origin main- Policy engine — glob/wildcard/domain matching rules per action type
- 7 action guards — shell, HTTP, filesystem, git, wallet, database, cloud
- Risk scoring — weighted factor model producing a 0–100 score
- Secret scanning — 12 built-in detectors (AWS, GitHub, Stripe, JWT, PEM, …)
- Simulation — dry-run preview of destructive actions before execution
- Signed audit trail — ES256-signed events with SHA-256 hash chaining
- Local approval daemon — HTTP server for approve/deny from CLI or browser
- MCP server — 7 tools over stdio transport for Claude Desktop / Cursor
- Node.js SDK —
@nullsec/interlockfor programmatic integration
| Command | Description |
|---|---|
nullsec init |
Scaffold a nullsec.policy.ts in the current project |
nullsec dev |
Start the local approval daemon |
nullsec run -- <cmd> |
Execute a command through the interlock |
nullsec check <cmd> |
Classify and score a command without executing |
nullsec approve <id> |
Approve a pending action |
nullsec deny <id> |
Deny a pending action |
nullsec verify |
Verify audit chain integrity |
nullsec timeline |
View the audit trail |
nullsec policy |
Print the resolved policy |
Add to claude_desktop_config.json:
{
"mcpServers": {
"nullsec": {
"command": "nullsec",
"args": ["mcp"]
}
}
}Add to your MCP settings:
{
"nullsec": {
"command": "nullsec",
"args": ["mcp"]
}
}| Package | Description |
|---|---|
@nullsec/interlock |
SDK — NullsecInterlock class |
@nullsec/cli |
CLI binary |
@nullsec/core |
Shared types, action model, errors |
@nullsec/policy |
Policy engine |
@nullsec/classifier |
Action classification |
@nullsec/risk |
Risk scoring |
@nullsec/simulator |
Action simulation |
@nullsec/secrets |
Secret detection |
@nullsec/audit |
Signed audit events + hash chain |
@nullsec/mcp |
MCP server (stdio transport) |
@nullsec/shell-guard |
Shell command guard |
@nullsec/http-guard |
HTTP request guard |
@nullsec/fs-guard |
File system guard |
@nullsec/git-guard |
Git operations guard |
@nullsec/wallet-guard |
Wallet transaction guard |
@nullsec/db-guard |
Database query guard |
@nullsec/cloud-guard |
Cloud deploy guard |
See ROADMAP.md for the release plan.
MIT