aflock
Cryptographically signed policies for constrained AI agent execution
Constrain
Define what AI agents can do with signed .aflock policy files. Set spend limits, tool restrictions, file access patterns, and domain allowlists.
Attest
Every agent action produces a cryptographically signed in-toto attestation. The agent never sees the signing key — unforgeable proof of compliance.
Verify
Verify constraint compliance with a 6-phase verification algorithm. Signature verification is implemented; identity, Rego, AI evaluation, and sublayout recursion are in active development.
cilock
Protecting against malicious GitHub Actions.
An attacker hijacked a popular GitHub Action. Every pipeline using it started exfiltrating secrets — SSH keys, cloud credentials, Kubernetes tokens, all to an attacker-controlled domain. The industry response was "pin your SHAs." That's one lock on a building that needs three.
Prevention
Policy blocks unapproved action sources before they execute. Tag rewrite is irrelevant if you enforce source and SHA pinning.
Content Detection
Recursive secret scanning catches credential harvesting in build output, even through layers of base64 encoding. The build is blocked.
Behavioral Detection
Syscall tracing + OPA policy catches covert exfiltration that never hits stdout. The attacker writes creds to files — cilock catches the filesystem access pattern.
Every attestation is cryptographically signed and timestamped. Not logging — tamper-evident proof of what ran and whether it met policy.
Pinning is a lock. Attestation is a security camera, a receipt, and a notary.