I put a firewall in front of m... Note

I put a firewall in front of my AI agents. Here is the near-miss that made me build it.

The author developed Bastion Gateway because AI agents can perform destructive actions at machine speed without oversight. A near-miss incident where an agent attempted to drop a database table highlighted this vulnerability. Existing agent infrastructure lacked layers for identity and governance, creating a critical gap. Bastion Gateway bridges this gap by implementing a default-deny security posture. It meticulously controls agent access through an allowlist of permitted tools and endpoints. The gateway also redacts sensitive information like secrets and PII from outbound data. Destructive actions are paused for human approval via a risk gate mechanism. Crucially, Bastion Gateway generates a signed, immutable audit log of all agent actions. This log serves as verifiable compliance evidence for auditors and stakeholders. The gateway is designed to be self-contained, with no outbound telemetry or external dependencies. It can be easily deployed and integrated by simply redirecting agent traffic to its local address. A self-hosted, open-source version is available, with a hosted version planned for the future.