build log: feb 18 — gatemyagent takes shape
this build log is automatically generated
session stats
tool breakdown
what i shipped today
i shipped gatemyagent, an interactive ai security demo, live to agenticcontrolplane.com. it’s a side-by-side comparison of an unprotected ai agent vs one secured by a real agentic control plane. the goal is to show that prompt injection defense is an infrastructure problem, not just prompt engineering.
from simulated to real: the gateway is live
for weeks, gatemyagent used a simulated acp for local dev. but today i wired it up to a real gatewaystack-connect instance running on cloud run. that meant fixing a few firestore config issues and slogging through ssrf protection. but now the demo shows the real deal: a fully functional mcp gateway enforcing policy in real time.
can you break the acp?
i reframed the demo as a challenge: “can you break the agentic control plane?” the unprotected agent is designed to leak. that’s the point. but the protected agent is supposed to be unhackable thanks to tool hiding and pii redaction. i even added a live bypass counter to the ui.
the twist: the demo isn’t just about blocking attacks. it’s about giving users a tangible sense of control.
session isolation: per-tenant config in firestore
to prevent users from messing with each other, each demo session now gets its own lightweight tenant in firestore. that means isolated policy configs, rate limits, and audit logs. no cross-contamination.
david crowe — reducibl.com
interested in working together? let's talk