Skip to content

Instantly share code, notes, and snippets.

View Ar9av's full-sized avatar

Arnav Ar9av

View GitHub Profile
@solar-flare99
solar-flare99 / gist-XXXXXX.md
Last active July 2, 2026 16:24
Prismor: enterprise control plane for AI agents — tool call interception, policy enforcement, and audit trail

Prismor: Enterprise Control Plane for AI Agents

Prismor intercepts every AI agent tool call before execution, enforces policy in real time, and writes a tamper-evident audit trail.

Open Source Repo: https://github.com/PrismorSec/prismor


The problem

@solar-flare99
solar-flare99 / immunity-agent-gist.md
Created June 29, 2026 03:56
immunity-agent: the control plane for AI agents — intercept, policy, audit

immunity-agent: the control plane for AI agents

Every cloud engineer knows IAM. Not because it's fun, but because you learned the hard way what happens without it. Someone gets a key. Blast radius is bad. You add policies, audit logs, least-privilege rules, and a lot of regret.

We're at that same moment with AI agents. Except most teams haven't had the incident yet.


When an agent runs in production with access to tools — your file system, your APIs, your databases — what stops it from doing something it shouldn't? Usually the answer is: nothing. There's no interception layer. No per-user policy. No audit log that security can read. Just vibes and hope.

@solar-flare99
solar-flare99 / gist-XXXXXX.md
Last active June 24, 2026 17:57
immunity-agent: runtime security for AI agents — blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools

immunity-agent: Runtime Security for AI Agents

immunity-agent intercepts every AI agent action before it reaches your OS, blocking prompt injection, malicious packages, and secret exfiltration across 55+ coding tools.

Repo: https://github.com/PrismorSec/immunity-agent

What it does

AI agents need secrets to work: API keys, credentials, env vars. But once those enter model context, you lose control of where they go. Agents also install packages, run shell commands, and browse the web autonomously. Any of those steps can be hijacked.

@solar-flare99
solar-flare99 / secret-tokens-ai-agent.md
Last active June 21, 2026 04:46
Your AI Agent Remembers Your Secrets

Your AI Agent Remembers Your Secrets/Tokens/api-keys

The practice of keeping sensitive keys in a .env file is a fundamental rule of modern development. It is the first line of defense that every developer learns. However, the rise of AI coding agents has introduced a subtle complication: keys are shared in agent chats and the agent might still end up creating a permanent record of those secrets elsewhere.

What We Found

Even when a developer is careful to use a .env file, the moment a key is mentioned in a chat or read by the agent to debug a connection, it is recorded. We found thousands of lines of session data tucked away in hidden folders. Within these logs, API keys and access tokens were sitting in plain text, completely unencrypted and accessible to anyone who knows where to look.

Good Memory Costs Something

@solar-flare99
solar-flare99 / secure-agent-layer.md
Created June 19, 2026 17:14
Extract the most out of your ai agents without worrying about security or interruptions

immunity-agent is the open-source guard that watches the three places an agent can hurt us: what it does, what it installs, and what it leaves behind. It integrates with more than 55 AI coding tools. Before any command reaches a machine

When a layer is watching every action, secret, package, and fix in real time, we no longer have to stand over an agent's shoulder. We can let it move at full speed while something underneath continuously verifies its work.

Four components share the work: Warden is the rule-keeper. It evaluates every action through deterministic policies backed by AI analysis. Dangerous behavior like destructive commands, reverse shells, or security bypasses can be blocked before execution.

Cloak protects secrets. If an agent tries to expose an API key or password, Cloak catches it before it reaches logs, prompts, or outbound requests.

IAM gives agents only the permissions they need. A research agent can research. A deployment agent can deploy

@Ar9av
Ar9av / SKILL.md
Created June 19, 2026 13:44
claude-session-load — Claude Code skill: load a Claude Code session by id into context

name: claude-session-load description: > Load a specific Claude Code session into the current conversation by session id, given as a rough/possibly-mistyped uuid (e.g. "01935a40-5a79-4142-966a-47a1da99c3bb"). Reads the matching .jsonl under ~/.claude/projects/**/ (and Claude desktop's local-agent-mode-sessions), produces a concise summary of what was asked, done, and changed, and keeps the raw file path on hand to look up exact detail later in the conversation. Use when the user invokes /claude-session-load , says "load claude session ", "what happened in claude session ", "summarize this claude session", or pastes a Claude session id and asks what it contains.

@Ar9av
Ar9av / SKILL.md
Created June 19, 2026 13:43
codex-session-load — Claude Code skill: load a Codex CLI session by id into context

name: codex-session-load description: > Load a specific Codex CLI session into the current conversation by session id, given as a rough/possibly-mistyped uuid (e.g. "019edfd4-fbf0-7100-a982-2ab5bdf125fb"). Reads the matching rollout-*.jsonl under ~/.codex/sessions (and ~/.codex/archived_sessions), produces a concise summary of what was asked, done, and changed, and keeps the raw file path on hand to look up exact detail later in the conversation. Use when the user invokes /codex-session-load , says "load codex session ", "what happened in codex session ", "summarize this codex session", or pastes a Codex session id and asks what it contains.

@solar-flare99
solar-flare99 / security-best-practice.md
Created June 17, 2026 02:57
AI Security and Governance and how to make your coding agents write secure code

To trust an agent moving at this speed, we can’t be the ones checking its work. By the time we’ve read one command, it has already run three more. So the checking has to happen on its own, in the moment, on every single action. Security already has a name for that idea, which is zero trust. We stop assuming something is safe because of who is asking, and we judge each action on its own merits, every time.

It turns out our own bodies already run this exact playbook. The immune system never asks a threat for its credentials or waves it through on reputation. It watches what is happening in front of it, and it shuts the harmful thing down before it can spread. That is the layer we set out to build for AI agents, which is why we named it immunity. Like its namesake, it watches the three places an agent can hurt us: what it does, what it installs, and what it leaves broken behind.

immunity-agent is the open-source guard that does the watching, and it slots into m

@solar-flare99
solar-flare99 / yolo-safely.md
Last active June 24, 2026 22:06
`--dangerously-skip-permissions` Is Fine, Actually

--dangerously-skip-permissions Is Fine, Actually

Coding agents interrupt you constantly. Allow this command? Edit this file? Run this script? Those prompts exist for good reason, but they also make autonomous workflows basically impossible. A multi-hour refactor, a CI pipeline, an overnight agent run: you can't approve every step. So developers turn the prompts off.

That's a reasonable call. But it removes the only checkpoint between your agent and your filesystem, credentials, and network. Immunity Agent puts that checkpoint back, at the agent layer, without getting in your way.

Autonomy Settings by Agent

Agent Flag / Setting Description