Greywall

Greywall provides a default‑deny sandbox for AI agents on Linux and macOS, enforcing filesystem, network, and command restrictions at the OS level. It uses a combination of Bubblewrap, Landlock, Seccomp BPF, eBPF monitoring, and a TUN + SOCKS5 proxy to isolate agents, record every attempted read, write, or outbound connection, and allow policies to be adjusted while the agent continues running.

The tool is aimed at developers and teams that run local AI agents and need real‑time observability and fine‑grained control over what those agents can access. By intercepting system calls and network traffic, Greywall can block secret files, prevent unwanted API calls, and enforce rate‑limiting or other governance rules without modifying the agent itself.

Greywall’s dashboard displays pending rules, activity logs, and conversation details, letting users approve or deny specific actions on the fly. It works with any locally executed agent, supports custom policy plugins, and can be extended via the Greyproxy component for additional governance features.