The security layer
for AI agents.
Three open-source layers, one model. NockLock fences what an agent can touch on the machine. NockGuard firewalls the tools it can call. The Wall shows every decision, live. Watch an agent try to step out of bounds and get stopped at every layer.
Animated demo: an AI agent runs inside the Nock Security layers. It is allowed to read and patch the project login file, but its attempts to read SSH keys, reach an external API, and exfiltrate an AWS secret are each blocked and logged, ending with the boundary enforced and zero leaks.
Three layers.
One boundary.
An agent can do damage two ways: through the machine it runs on, and through the tools it calls. Nock Security closes both, and gives you a live view of every decision. All three are open source, MIT, and run locally with no telemetry.
Sandboxes the agent process itself: filesystem, network, and secret fencing. Default-deny, allowlist what it needs, abort on a secret. The OS-level boundary.
[fence.network] allow = ["api.anthropic.com"] deny = ["*"]
An MCP proxy between the agent and its tool servers. Every tool call passes a per-agent policy first: allowlist, deny, input validation, rate limits. The tool-level boundary.
policy: default-deny allow: - nockcc.task_* - github.read_*
A local, real-time dashboard of the audit trail. Watch allowed and blocked calls stream by per agent, as they happen. The boundary, made visible.
[allow] kit · github.read_pr [block] ash · fs.read ~/.ssh [allow] mira · nockcc.task_create
Fence the machine.
NockLock is a single binary that wraps any agent CLI in a sandbox. Allowlist the directories it can touch, the hosts it can reach, and the secrets it can never see. Every crossing is denied and written to a local SQLite audit log.
Filesystem fence
Allowlist the directories your agent can read and write. Everything else returns ENOENT. Symlink-escape attempts are logged and blocked.
Network fence
Default-deny outbound. Allowlist exactly the hosts the agent needs. DNS resolution and TLS SNI are both inspected.
Secret fence
Scan env, scan files, redact on read. The moment an AWS key or .pem touches the agent's context, the session aborts.
Install
One line. No accounts. No telemetry.
# homebrew (macOS, Linux) $ brew install nocktechnologies/tap/nocklock # initialize, then wrap any agent $ nocklock init $ nocklock run claude-code "fix login bug" [ok] 3 fences armed · agent sandboxed
Firewall the tools.
NockGuard is an MCP proxy that sits between your agent and its tool servers. Every tool call passes through a per-agent policy engine before it reaches the server. Violations are blocked and returned as an error to the agent, then written to the audit trail.
Animated demo: NockGuard proxies an agent's tool calls. github.read_pr and nockcc.task_create are allowed through to the server, while an attempt to read ~/.ssh and reach an external API are blocked by policy, ending with default-deny enforced and two calls blocked.
Per-agent tool policies
Each agent gets its own allowlist. Kit can read PRs; Ash cannot touch the filesystem. Default-deny, scaffolded by nockguard init.
Input validation & rate limits
Inspect arguments before they reach the server, and cap how often a tool can fire. Stop a runaway loop before it spends or breaks anything.
Audit trail, same format as the fence
Every allowed and blocked call is logged locally, in the same shape NockLock writes, so the Wall can show both in one stream.
Watch it happen.
The Wall is a local, real-time dashboard for the security audit trail. Every fence crossing and every tool-call decision streams in as it happens, per agent. The thing you usually only find out about in a post-mortem, visible while it is still happening.
Live decision stream
Allowed and blocked actions appear the moment they happen, tagged by agent and by layer. No refresh, no polling lag.
Per-agent, at a glance
See which agent is hitting a fence, which tool a policy just blocked, and whether anything is looping, across the whole fleet on one screen.
Local and private
Runs on your machine against your own audit log. Nothing leaves the box.
Animated demo: the NockGuard Wall streams the live audit trail across four guarded agents, each allowed or blocked action appearing as it happens, ending with zero secrets leaked and two blocked this minute.
Real fleet. Real receipts.
The Nock Security layers have been guarding the founder's own agent fleet in daily use. These are the numbers.
Fence it. Firewall it.
Watch it.
The rest of the fleet.
Security is the foundation. The rest of the stack runs on top of it: memory, patterns, orchestration, and the cockpit that ties it together.
Context persistence layer. Diary, handoffs, identity documents. 94–99% retention.
Learn more → FREE · OSS Nock Skills · the playbookOperational patterns: handoff protocols, review pipelines, standing orders.
Learn more → $29 / MO Nock Terminal · the cockpitMulti-session Claude Code with tabs, status dots, git ops, command palette. macOS native.
Learn more → $49 / MO Nock Command · the dashboardFleet coordination. Sprint planning, /fire dispatch, agent messaging, content pipeline.
Learn more → ← Back to homepage