cd /news/ai-agents/show-hn-i-built-a-smart-proxy-so-you… Β· home β€Ί topics β€Ί ai-agents β€Ί article
[ARTICLE Β· art-60555] src=trollbridge.dev β†— pub= topic=ai-agents verified=true sentiment=Β· neutral

Show HN: I built a smart proxy so your coding agent can run loose

A developer built trollbridge, a smart proxy that enforces HTTP-level policies on coding agents, with an optional LLM advisor for held requests. The tool logs all decisions and falls back to human approval when the advisor is uncertain, aiming to give developers safe but unrestricted agent access.

read2 min views1 publishedJul 14, 2026
Show HN: I built a smart proxy so your coding agent can run loose
Image: source

Isn't this just mitmproxy with extra steps? #

mitmproxy is an interception toolkit; trollbridge is a policy-enforced gateway. You could build trollbridge on top of mitmproxy in a weekend β€” the parts that take longer are the rule engine, the optional LLM advisor, the JSONL audit log with per-request correlation, and the approval TUI. Operationally, you set HTTPS_PROXY

once and forget it; there's no Python deployment story.

Why an LLM in the proxy path β€” isn't that slow or expensive? #

The advisor only ever sees what policy holds. Your inline allow/deny lists settle the bulk of traffic at the wire, before any model is consulted. When a request is held β€” that's default-ask mode, or a rule that returns ask_llm

β€” a configured advisor classifies it against your lists and, if it's confident, resolves it; low-confidence or unreachable verdicts fall to the operator queue instead of auto-allowing. It's off unless you configure one, so most setups never call a model at all.

What happens when the LLM advisor is wrong? #

Every LLM verdict is written to the audit log alongside the request metadata, the model that decided, and the confidence floor it cleared β€” grep

and jq

are the review interface. Below the floor, or when the advisor is unreachable, the decision falls back to the operator approval queue instead of auto-allowing, so close calls land in front of a human.

How is this different from gVisor, firejail, or Bubblewrap network policy? #

Those gate egress at the kernel boundary β€” binary allow/deny by destination IP or port. trollbridge gates at HTTP semantics: host and port for HTTPS by default, plus path/method/query/body when TLS interception is on. It also stays out of the file system and the process table entirely. The layers are complementary; run both.

Can I run it without sending data to a third-party LLM? #

Yes β€” two ways. First, the LLM advisor is off by default: with no advisor

block configured and no rule returning ask_llm

, trollbridge never calls out to a model, decisions stay on the deterministic policy and operator-queue path, and the binary makes zero outbound calls. Second, if you do want the advisor, run your own model β€” point the advisor endpoint

at a local, OpenAI-compatible server (Ollama, vLLM, llama.cpp, and friends) so the judgment runs on hardware you control and request data never leaves your network.

── more in #ai-agents 4 stories Β· sorted by recency
── more on @trollbridge 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain β€” perfect for shipping the agent you just read about.

$git push zahid main
β†’ Live at https://your-agent.zahid.host βœ“
Get free account β†’ Pricing
from €0/mo Β· no card required
LIVE [news/show-hn-i-built-a-sm…] indexed:0 read:2min 2026-07-14 Β· β€”