Posted on September 12, 2025
Fine-grained HTTP filtering for Claude Code
Default‑deny HTTP(S) for dev tools and AI agents. Script rules in JS or shell, log every request, and keep egress within your policy.
Coding agents are becoming more powerful every day without commensurate security and governance tooling. The result is a world where solo developers happily run claude --dangerously-skip-permissions for hours unmoderated while many of the world's most important organizations have barely tried agentic developmentLearned from our experience at Coder . I've been working on a tool called httpjail in an effort to make agents available everywhere.
The tool is focused on mitigating these classes of risks:
Risk Example Agents performing destructive actions Deleting your database Agents leaking sensitive information Exposing API keys or credentials Agents operating with more authority than desired Pushing straight to main instead of opening a PR
Agents may transgress accidentally (user misinterpretation) or intentionally (prompt injection).
There is a class of risks at the file-system interface too, but, I believe existing tooling (containers) is sufficient here. Existing network isolation tools rely on IP-based rules. In our case, they're imprecisecentralized, anycast load balancers power much of the internet and require constant maintenanceIPs change randomly and they're not a part of a service's implicit "contract".
httpjail
httpjail implements an HTTP(S) interceptor alongside process-level network isolation. Under default configuration, all DNS (udp:53) is permitted and all other non-HTTP(S) traffic is blocked.
... continue reading