We've been running AI coding agents on our dev servers for a while, and one thing became obvious very quickly: to be useful, these systems need real access.
They need SSH sessions. They run commands. They read and modify files.
And unless you put hard limits around them, there's often nothing stopping them from reading secrets out of configs, touching system files they were never meant to see, or sending sensitive data through tools and MCP servers you didn't fully mean to trust.
Today we're open-sourcing HellAdmin — a firewall for AI agents that uses Linux Landlock and seccomp to restrict what an agent can access.
No root. No containers. The agent runs in your real environment, but selected paths and syscalls are denied at the kernel level.
pip install helladmin
helladmin start --publicWhat it does
- Kernel-level restrictions for files and syscalls
- Sandboxed SSH sessions for coding agents
- MCP request inspection and validation
- Real-time visibility and temporary overrides
HellAdmin works with Claude Code, Codex, Cursor, OpenClaw, and anything that speaks MCP.
This is an early alpha. The project is still at the very beginning and will keep evolving. We wouldn't recommend relying on it for production security just yet. But if you're curious — or you already have a real need for this kind of control — give it a shot.
We built HellAdmin because giving agents real access without clear boundaries felt like a bad idea.
https://helladmin.dev
https://github.com/reimmerse-one/helladmin