{"id":37085433,"url":"https://github.com/dariomonopoli-dev/codegate-cli","last_synced_at":"2026-01-14T10:30:13.296Z","repository":{"id":329553536,"uuid":"1119446940","full_name":"dariomonopoli-dev/codegate-cli","owner":"dariomonopoli-dev","description":"Zero Trust Runtime for AI Agents. Isolates pip install in Firecracker MicroVMs to prevent slopsquatting and hallucinated package attacks.","archived":false,"fork":false,"pushed_at":"2025-12-21T10:43:36.000Z","size":158,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-22T15:18:53.080Z","etag":null,"topics":["devsecops","llm","malware-detection","python","security","supply-chain"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dariomonopoli-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-19T09:34:06.000Z","updated_at":"2025-12-22T14:38:05.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/dariomonopoli-dev/codegate-cli","commit_stats":null,"previous_names":["dariomonopoli-dev/codegate-cli"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/dariomonopoli-dev/codegate-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dariomonopoli-dev%2Fcodegate-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dariomonopoli-dev%2Fcodegate-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dariomonopoli-dev%2Fcodegate-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dariomonopoli-dev%2Fcodegate-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dariomonopoli-dev","download_url":"https://codeload.github.com/dariomonopoli-dev/codegate-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dariomonopoli-dev%2Fcodegate-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:25:19.714Z","status":"ssl_error","status_checked_at":"2026-01-14T10:22:49.371Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","llm","malware-detection","python","security","supply-chain"],"created_at":"2026-01-14T10:30:11.346Z","updated_at":"2026-01-14T10:30:13.260Z","avatar_url":"https://github.com/dariomonopoli-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"./assets/codegate_logo.png\" alt=\"CodeGate logo\" width=\"200\" /\u003e\n\n# CodeGate  \n### Guardrails for AI Agents\n\nPrevent hallucinated and malicious dependencies from executing at runtime.\n\n\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Python](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/)\n[![Virtualization](https://img.shields.io/badge/Virtualization-Firecracker-orange)](https://firecracker-microvm.github.io/)\n[![Security](https://img.shields.io/badge/Security-Zero_Trust-red)]()\n\n**Guardrails that stop AI agents from installing malicious dependencies.**\n\n\nCodeGate prevents hallucinated and malicious dependencies from executing when AI agents run `pip install`. \nIt works at runtime, requires no agent integration, and is fully opt-in.\n\n\u003c/div\u003e\n\n---\n\n## Quick demo (30 seconds)\n\n```bash\npip install codegate-cli\ncodegate activate\n\npip install requests     # ✅ allowed\npip install dotenv       # ⛔ blocked\n```\n\nOutput:\n```\nBlocked by CodeGate (known hallucination):\n  dotenv → use python-dotenv instead\n\n```\n\n---\n\n## Why this exists\n\nAutonomous coding agents generate and execute code at runtime.  \nUnlike humans, LLMs frequently hallucinate dependency names or suggest unsafe packages.\n\nAttackers register those names on PyPI (slopsquatting) to deliver malware.\n\nIf an agent runs `pip install` on a hallucinated name, your machine is compromised instantly.\n\nCodeGate blocks those installs before they execute.\n\n---\n\n## What CodeGate does\n\n**Does**\n- Intercepts `pip install` at runtime\n- Blocks known hallucinations and slopsquatting attacks\n- Optionally enforces a remote security policy\n- Works with any AI agent or coding tool\n\n**Does NOT**\n- Hijack your system globally\n- Run invisibly or auto-update\n- Require blind trust\n- Depend on agent behavior\n\n---\n\n## How it works\n\n1. `codegate activate` installs a guarded pip shim in PATH\n2. Any `pip install` is intercepted before execution\n3. Known hallucinated or malicious packages are denied before execution\n4. Unknown packages are evaluated against explicit execution policies\n5. Allowed installs are delegated to the real `pip`\n\nCodeGate only affects environments where it is explicitly activated.\n\n---\n\n## Installation\n\n```bash\npip install codegate-cli\n```\n\nActivate CodeGate:\n\n```bash\ncodegate activate\n```\n\n---\n\n## Usage (recommended)\n\n```bash\npip install numpy\npip install requests\n\n```\n\nIf the agent runs `pip install`, CodeGate is enforced.\n\n---\n\n## Strict mode (CI / production)\n\n```bash\ncodegate activate --strict\n```\n\nStrict mode fails closed:  \nif the security scanner is unreachable or denies a dependency, the installation is blocked.\n\n## Scoped execution (advanced)\n\nIf you want to limit enforcement to a single command or process:\n\n```bash\ncodegate run -- pip install numpy\ncodegate run -- python my_agent.py\n```\n---\n\n## MCP (Agent Integration)\n\nCodeGate can optionally expose its policy decisions to autonomous agents\nvia the Model Context Protocol (MCP).\n\nThis allows agents to check whether a dependency is allowed\n*before* attempting installation.\n\nAgent integration is optional — CodeGate enforces policies\neven without agent awareness.\n\nSee: https://github.com/dariomonopoli-dev/codegate-mcp\n---\n\n## Trust model\n\nCodeGate is intentionally opt-in and inspectable.\n\n- Shims are readable shell scripts\n- Enforcement happens only when invoked\n- No mandatory global PATH hijacking\n- Fully open source\n\n---\n\n\n## Firecracker \u0026 isolation (roadmap)\n\nCodeGate is designed to support runtime isolation for unknown packages  \n(using Firecracker MicroVMs and network confinement).\n\nThis repository currently focuses on runtime interception and policy enforcement.\n\n---\n\n## License\n\nMIT License © 2025 CodeGate\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdariomonopoli-dev%2Fcodegate-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdariomonopoli-dev%2Fcodegate-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdariomonopoli-dev%2Fcodegate-cli/lists"}