{"slug": "show-hn-i-built-a-smart-proxy-so-your-coding-agent-can-run-loose", "title": "Show HN: I built a smart proxy so your coding agent can run loose", "summary": "A developer built trollbridge, a smart proxy that enforces HTTP-level policies on coding agents, with an optional LLM advisor for held requests. The tool logs all decisions and falls back to human approval when the advisor is uncertain, aiming to give developers safe but unrestricted agent access.", "body_md": "## Isn't this just mitmproxy with extra steps?\n\nmitmproxy is an interception toolkit; trollbridge is a policy-enforced\ngateway. You could build trollbridge on top of mitmproxy in a weekend\n— the parts that take longer are the rule engine, the optional LLM\nadvisor, the JSONL audit log with per-request correlation, and the\napproval TUI. Operationally, you set `HTTPS_PROXY`\n\nonce and\nforget it; there's no Python deployment story.\n\n## Why an LLM in the proxy path — isn't that slow or expensive?\n\nThe advisor only ever sees what policy *holds*. Your inline\nallow/deny lists settle the bulk of traffic at the wire, before any\nmodel is consulted. When a request is held — that's default-ask mode,\nor a rule that returns `ask_llm`\n\n— a configured advisor\nclassifies it against your lists and, if it's confident, resolves it;\nlow-confidence or unreachable verdicts fall to the operator queue\ninstead of auto-allowing. It's off unless you configure one, so most\nsetups never call a model at all.\n\n## What happens when the LLM advisor is wrong?\n\nEvery LLM verdict is written to the audit log alongside the request\nmetadata, the model that decided, and the confidence floor it cleared\n— `grep`\n\nand `jq`\n\nare the review interface.\nBelow the floor, or when the advisor is unreachable, the decision\nfalls back to the operator approval queue instead of auto-allowing,\nso close calls land in front of a human.\n\n## How is this different from gVisor, firejail, or Bubblewrap network policy?\n\nThose gate egress at the kernel boundary — binary allow/deny by\ndestination IP or port. trollbridge gates at HTTP semantics: host and\nport for HTTPS by default, plus path/method/query/body when TLS\ninterception is on. It also stays out of the file system and the\nprocess table entirely. The layers are complementary; run both.\n\n## Can I run it without sending data to a third-party LLM?\n\nYes — two ways. First, the LLM advisor is off by default: with no\n`advisor`\n\nblock configured and no rule returning\n`ask_llm`\n\n, trollbridge never calls out to a model, decisions\nstay on the deterministic policy and operator-queue path, and the binary\nmakes zero outbound calls. Second, if you do want the advisor, run your\nown model — point the advisor `endpoint`\n\nat a local,\nOpenAI-compatible server (Ollama, vLLM, llama.cpp, and friends) so the\njudgment runs on hardware you control and request data never leaves your\nnetwork.", "url": "https://wpnews.pro/news/show-hn-i-built-a-smart-proxy-so-your-coding-agent-can-run-loose", "canonical_source": "https://trollbridge.dev/", "published_at": "2026-07-14 14:55:53+00:00", "updated_at": "2026-07-15 13:31:25.129078+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "developer-tools"], "entities": ["trollbridge", "mitmproxy", "Ollama", "vLLM"], "alternates": {"html": "https://wpnews.pro/news/show-hn-i-built-a-smart-proxy-so-your-coding-agent-can-run-loose", "markdown": "https://wpnews.pro/news/show-hn-i-built-a-smart-proxy-so-your-coding-agent-can-run-loose.md", "text": "https://wpnews.pro/news/show-hn-i-built-a-smart-proxy-so-your-coding-agent-can-run-loose.txt", "jsonld": "https://wpnews.pro/news/show-hn-i-built-a-smart-proxy-so-your-coding-agent-can-run-loose.jsonld"}}