IronCurtain: Secure Personal AI Assistant Architecture

IronCurtain is presented as a security-focused personal AI assistant architecture, born out of concerns regarding vulnerabilities in existing agents like OpenClaw. The design emphasizes a chokepoint architecture, where all agent actions pass through a single point for policy enforcement. This is achieved through an MCP proxy that mediates interactions between the agent and MCP servers. IronCurtain supports two sandbox architectures: Code Mode, which executes LLM-generated TypeScript code in a V8 isolate with limited access, and Docker Mode, which runs the agent in a container with network restrictions. Both modes funnel actions through the MCP proxy for policy checks. Credential separation is enforced by providing the agent with a fake API key, while the real key is managed by a MITM proxy. The architecture aims to provide a secure foundation for personal AI assistants, addressing concerns about data leaks, prompt injection attacks, and unauthorized access. The complexity of implementing and maintaining such a system may pose a challenge for widespread adoption. Further research could focus on simplifying the architecture and developing user-friendly tools for managing security policies.