Skip to content

WiseChef (internal + public service)

Agent Rescue — diagnostic service for broken AI agents

Built a roadside-assistance service for broken AI agents. Free scanner, $7 to unlock fixes. 26 passing adversarial tests on the security-critical egress firewall before public launch.

security diagnostics hardening

The situation

Most AI agents in production fail silently. They stop responding, drift off-task, get stuck on retries, or burn money calling the wrong endpoints — and the owner finds out hours later when a customer complains. We wanted a tool that could look at a running agent from the outside and tell its owner what was actually broken, without requiring deep-root access.

What we did

  • Built a standalone diagnostic service that provisions an ephemeral Cloudflare tunnel to the target agent, runs a scan, and reports back
  • Free tier: scan-only. Paid tier ($7): unlock the fix workflow and apply it under supervision
  • Hardened the core egress firewall for the scanning side — fail-closed DNS, IPv4-mapped IPv6 handling, port stripping, alternate IPv4 notations, CIDR coverage for multicast, reserved, CGNAT, 6to4, and NAT64 ranges
  • Wrote a 26-test adversarial suite for the egress layer. All 26 pass
  • Shipped behind two layers of auth: per-session SSH key fallback plus a bearer-token gate on the management surface
  • Security review occurred before the public release; the hardening PR merged to main with the full test suite attached

Timeline: 4 days from scope to public release, including adversarial review.

What changed

The service is live at rescue.wisechef.ai — visit it now and run a free Scan in under 2 minutes. Anyone with a broken agent can run a Scan for free. Paid tier unlocks the automated fix workflow ($7 Scan, $29 Rescue, $79/mo continuous Ward).

Live as of 2026-04-28: brand-parity panel with React-Vite SPA, isolated Hetzner CX23 VPS in Falkenstein, GDPR Article 28-compliant DPA + privacy notice, 575+ tests across backend/frontend/security/e2e, network ACLs that hard-block outbound from the rescue VPS to our internal infrastructure (verified: a compromised rescue agent CANNOT pivot to our other systems).

For buyers: this is the kind of work we do on our own infrastructure before shipping it to clients. The hardening is real engineering, not a security badge on a marketing page. We do the adversarial review ourselves, in writing, and ship the patch before the button goes live.

Want to try it? Free Scan →

Relevant context

The egress-firewall work was not easy. Six classes of DNS and IP-notation edge cases were caught only by writing an adversarial review explicitly looking for fail-open paths. The fact that an agent-diagnostics tool needs a fail-closed DNS resolver is itself a lesson about how fragile most agent deployments are — the failure modes are not where you would look first.

The core code lives in a private repo for now. We plan to extract and open-source the egress-hardening module as a standalone package; it is useful beyond this one service.