Los Altos Hacks X 2026

Resolagent

An AI-powered macOS firewall that intercepts every outbound connection at the kernel level and decides in real time whether it's safe.

GitHub How it works
resolagent — proxy.py
[*] AI Firewall Proxy listening on 127.0.0.1:8443
[*] Blocklists loaded: BLOCK.txt, ads.txt, malicious.txt (14,209 domains)
[*] Adaptive learning: ON
[*] Entropy tolerance: 4.0  |  Trustscore tolerance: 65
[*] Waiting for connections...
[INTERCEPTED] Chrome (52341) → cdn.tracking-pixel.net
   Entropy: 3.21   Trustscore: 38.7
   [judge] round 1/12 → WHOIS
   [judge] round 2/12 → VIRUSTOTAL
[BLOCKED] AI verdict: block (trustscore=38.7) — Chrome → cdn.tracking-pixel.net
[INTERCEPTED] Slack (52387) → edgeapi.slack.com
   [judge] cache hit → allow

How it works

1

Intercept

macOS pf kernel rules redirect all outbound HTTPS through our proxy. SNI is extracted from raw TLS ClientHello bytes—no decryption needed.

2

Score

Each domain is checked against 100k+ blocklist entries, then scored with Shannon entropy analysis and a 7-factor trust heuristic.

3

Judge

Ambiguous domains trigger a local AI agent that autonomously calls WHOIS, DNS, VirusTotal, and HTTP fetch across up to 12 rounds before ruling.

Screenshots

Dashboard overview Live traffic view AI agent decisions

Demo