eunox — Policy Proxy for AI Agents

A capability firewall for AI agents

One YAML file decides what every agent is allowed to do — enforced before the tool call ever runs. Drop-in, Go-based, no infrastructure.

No spam. One email when it launches.

Watch eunox block credential exfiltration

A prompt injection tells the agent to read a secret and POST it to attacker.example.com. Each call is authorized on its own — eunox blocks the combination. No database role or API gateway can: only the proxy remembers what the agent already did this session. The upstream is never contacted; the kill-chain is signed and audited. This is a preview of what’s launching.

# eunox.policy.yaml — AgentCapabilityManifest # Validate: eunox-mcp validate ./eunox.policy.yaml schemaVersion: "0.1" name: dev-agent version: "0.1.0" capabilities: # The agent may read secrets — that’s its job. - target: tool:read_credentials actions: [call] # And it may call external services — also fine, alone. # But NOT after it has read credentials this session. - target: tool:write_external actions: [call] conditions: - type: sequenceBlock afterTools: [read_credentials]

Latest writing

25 June 2026

Blocking the lethal trifecta: the one attack only the MCP layer can stop

An agent with read access to secrets and an external channel is one prompt injection away from exfiltrating them. Each call is authorized on its own — eunox's sequenceBlock condition blocks the combination, because only the proxy remembers what the agent already did this session.

Read →

4 June 2026

The prompt injection problem: why every AI agent needs a policy layer

Why fixing prompt injection inside the model doesn't work, and why the only reliable defense is a policy layer at the structured tool call.

Read →

A capability firewall for AI agents

Watch eunox block credential exfiltration

Blocking the lethal trifecta: the one attack only the MCP layer can stop

The prompt injection problem: why every AI agent needs a policy layer