TL;DR. Pipelock Agent Egress Control is a GitHub Action. It runs an agent script inside a Linux network namespace, forces supported egress through Pipelock, and writes a signed Audit Packet a security reviewer can verify offline with a pinned public key. v0.1.0 shipped 2026-05-09. Apache 2.0. Marketplace listing . Agent jobs are starting to run inside pull requests, issue triage workflows, release pipelines, docs bots, and security automation. Those jobs touch source code, secrets, package registries, cloud APIs, MCP tools, and the public internet. A normal CI log can tell you what the agent said it did. An Audit Packet is meant to prove what the network boundary saw. This is the launch post for pipelock-agent-egress-action v0.1.0, the first tagged release. What it does Wraps a bash script in a Linux network namespace with iptables enforcement. The script runs as a non-root pipelock-agent user with sudo denied and capabilities dropped.…