Fetching from the wire…
Public story · 2026-02-21 · source-backed
BakeLens/crust (355 stars) — Go-based transparent gateway that intercepts agent tool calls and blocks dangerous actions via hot-reloadable YAML rules. Fills the critical gap between static code scanning and full VM isolation. Define rules like "block all file writes outside /tmp" and the gateway enforces them at the tool call level, regardless of what the agent tries to do.
jingkaihe/matchlock (460 stars) — MicroVM sandbox using Firecracker/Apple Virtualization Framework with MITM proxy for secret injection. Credentials never enter the VM — they're injected at the proxy layer during outbound requests. HN front page. This is the Docker-for-agent-sandboxing approach: each agent gets a lightweight VM with network-level secret management.
praetorian-inc/MCPHammer — First open-source MCP security testing framework with server chaining demos, content injection, and exfil PoCs. If you deploy MCP servers, this is your validation tool.
Each link below shares sources, entities, or timing with this story.
OWASP released MCP / Shared entities / Same source domain / Shared topic / What happened next / Tension
Linked by a graph relationship (OWASP released MCP); both cover MCP, YAML; reported by the same outlet (github.com).
OWASP released MCP / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (OWASP released MCP); both cover MCP, Security; reported by the same outlet (github.com).
Claude uses MCP / Shared entities / Same source domain / Shared topic / Earlier coverage
Linked by a graph relationship (Claude uses MCP); both cover Docker, MCP; reported by the same outlet (github.com).