VetoBlast

A zero-trust runtime proxy and security gateway that intercepts AI agent terminal commands, redacting secrets and vetoing malicious shell executions.

Comment

Inspiration

The speed of AI-driven software development is exhilarating. Autonomous developer agents can scan files, write code, run terminals, and execute shell configurations. But this autonomy introduces a massive security risk: agents operate without security awareness. They scan private .env files and accidentally include database credentials in prompt payloads, exposing them to public LLM training logs. They can also hallucinate destructive commands in the terminal, causing catastrophic file loss. We built VetoBlast to serve as a zero-trust firewall for AI agents, allowing teams to leverage AI coding safely.

What it does

VetoBlast is a local proxy daemon and terminal wrapper that intercepts all standard input, output, and command arguments generated by autonomous agents. When an agent attempts a terminal execution or API tool-call:

  1. VetoBlast intercepts the payload.
  2. It runs a local, high-speed entropy scanner and token classifier (DeBERTa-Sec) to detect sensitive credentials.
  3. It redacts all credentials in-flight, swapping them with secure local hashes while preserving context.
  4. If a hazardous command pattern (e.g., destructive shell scripts, loose port binding) is detected, VetoBlast instantly halts execution.
  5. It fires an alert to a cyberpunk dashboard console where a human developer can review the diff and veto, modify, or approve the action.

How we built it

We engineered a low-latency security wrapper utilizing:

  1. Proxy Engine: A Node.js daemon using node-pty to pipe terminal streams with less than 10ms of computational overhead.
  2. AI Classification: A local Python FastAPI service executing ONNX-quantized DeBERTa-Sec weights for context-aware credential identification.
  3. Database Logging: A Supabase database tracking historical threat vectors, audit records, and security telemetry.
  4. Control Deck: A Next.js dashboard featuring real-time terminal tracers, alert popups, and risk speedometer metrics.

Challenges we ran into

Our primary challenge was building a scanner that didn't disrupt the developer's workflow. Traditional regex scanners trigger false-positive alerts on standard git commit hashes or build checksums, halting the agent constantly. We solved this by pairing our high-speed entropy scanner with a specialized, local DeBERTa-Sec model. This combination allows us to distinguish between random hash strings and actual private credentials, ensuring low false-positive rates while maintaining high security.

Accomplishments that we're proud of

We successfully compressed our DeBERTa-Sec model to ONNX format to run on raw CPU with sub-15ms inference latency. We also built an extremely lightweight node-pty stream interceptor that introduces less than 10ms of end-to-end execution latency, proving that zero-trust agent security doesn't have to slow down the speed of autonomous development.

What we learned

We learned that agent security must be enforced locally. Relying on cloud endpoints for security filtering introduces high latency and defeats the purpose of data privacy. Local-first security gateways are the only viable path to protecting developer workspaces.

What's next for VetoBlast

We plan to introduce adaptive sandbox profiling. This will allow VetoBlast to learn the normal behavior profile of specific agents in a repository (e.g. only modifying files in src/, only running vitest) and dynamically restrict agent capabilities based on historical commands without requiring manual rules.

Built With

Share this project:

Updates