Indie developer duncatzat has released Vigils, an open-source security middleware layer for AI agents that has gained 285 GitHub stars and 21 version releases in approximately six days. Built with Rust and Tauri, the tool provides local audit logging, approval queues, secret redaction, and sandboxing for autonomous AI agents like Claude Code, Cursor, and Zed, addressing security risks as these tools gain abilities to call APIs, read files, and interact with systems.
Four Security Layers Protect Against Agent Risks
Vigils implements four primary security mechanisms that operate entirely on the user's machine. The Audit Ledger records every tool call in a tamper-evident SHA-256 hash-chained ledger with full-text search, creating an immutable record of agent actions. The Approval Queue pauses destructive or sensitive operations for human review, allowing users to grant scoped permissions before execution.
The Secret Redaction engine strips credentials and personally identifiable information before text reaches models, logs, or screens. It uses hard-fingerprint rules and optional ML detection for 13+ credential types including API keys, tokens, and passwords. The Sandboxing layer employs "fail-closed by default" execution with WebAssembly, native processes, and Linux Landlock filesystem isolation, limiting agent system access even when granted execution permission.
Rust-Based Architecture Enables Zero-Cloud Operation
The project consists of 89.8% Rust code across 15 specialized crates handling audit, policy, firewall, redaction, and execution functions. Built on Tauri 2 with a Vue 3 interface, Vigils operates under a strict local-first philosophy where prompts, secrets, and audit trails never leave the user's machine. The architecture includes a Chrome MV3 extension with zero npm dependencies, demonstrating the developer's focus on minimal external dependencies.
With 54 commits on the main branch and version 0.1.20 released on June 6, 2026, the project shows extremely active development. The rapid iteration from v0.1.0 to v0.1.20 in six days suggests the developer is responding quickly to community feedback and expanding features based on real-world usage.
Addresses Critical Gap in AI Agent Security
Vigils fills a security gap in the AI agent ecosystem by providing user-side controls rather than depending on cloud-based safeguards from companies like Anthropic and OpenAI. As AI coding assistants gain autonomous capabilities to interact with local systems and sensitive data, the tool enables users to maintain complete control over their security posture without relying on external services.
Released under the Apache-2.0 license, the project is available on GitHub with all security enforcement happening locally. The local-first approach ensures that even if cloud services are compromised or unavailable, users retain full visibility and control over their AI agents' actions.
Key Takeaways
- Vigils gained 285 GitHub stars and released 21 versions in approximately 6 days, demonstrating rapid community adoption
- Four security layers provide audit logging, approval queues, secret redaction for 13+ credential types, and WebAssembly-based sandboxing
- Built with 89.8% Rust code across 15 specialized crates, using Tauri 2 framework for desktop deployment
- Operates entirely locally with zero cloud dependencies, ensuring prompts and secrets never leave the user's machine
- Addresses the security gap created by autonomous AI agents that can call tools, read files, and interact with systems