{"slug": "show-hn-nakshguard-on-prem-proxy-that-stops-ai-agent-loops", "title": "Show HN: NakshGuard – on-prem proxy that stops AI agent loops", "summary": "NakshGuard, an open-source on-premises reverse proxy, detects and blocks runaway loops in AI agent traffic before they consume excessive API tokens. It sits between agents and LLM APIs like OpenAI and Anthropic, applying detection layers for rate limits, token limits, repetition, and context velocity, with sub-millisecond overhead and zero external dependencies.", "body_md": "A reverse proxy that detects and blocks runaway loops in AI agent traffic before they consume excessive API tokens.\n\nNakshGuard sits between your agents and the LLM API. It inspects each request, tracks per-agent session state, and applies a set of detection layers to identify looping behaviour — rapid repetition, unbounded context growth, and rate spikes — then blocks or logs them according to your configuration. It runs on-premises with no external dependencies; request data never leaves your network.\n\n```\nnakshguard 0.4.0 | tier=v1 shadow=false\ntarget: https://api.openai.com | listening on :8080\n```\n\n- Reverse proxy for the OpenAI and Anthropic chat APIs (auto-detected)\n- Four detection layers: rate limit, hard token limit, repetition, context velocity\n- Per-agent session tracking and configurable thresholds\n- Shadow mode for safe calibration before enforcement\n- Fail-open: if the proxy fails, traffic passes through to the upstream\n- Sub-millisecond overhead, in-memory state, zero external dependencies\n- Hot config reload via SIGHUP\n\n```\ngo build .\n```\n\nOr with Docker:\n\n```\ndocker build -t nakshguard .\ndocker run -p 8080:8080 -e OPENAI_API_KEY=sk-... nakshguard\n```\n\nRun the proxy:\n\n```\nOPENAI_API_KEY=sk-... ./nakshguard\n```\n\nPoint your client at the proxy and identify each agent with a header:\n\n```\nclient = openai.OpenAI(\n    api_key=os.environ[\"OPENAI_API_KEY\"],\n    base_url=\"http://localhost:8080\",\n    default_headers={\"X-Agent-ID\": \"billing_bot\"},\n)\n```\n\nRequests now flow through NakshGuard. It estimates request cost, runs the detection layers, and forwards to the upstream or blocks with HTTP 429.\n\n| layer | triggers on |\n|---|---|\n| rate limit | too many requests in a short window |\n| hard limit | session token total exceeds a ceiling |\n| repetition | identical requests repeated within the window |\n| cve | context size growing across consecutive requests |\n\nContext velocity (cve) detects the common error-append loop, where an agent\nappends its last error to the context and retries, growing the request each\nturn. Additional detection layers are available in the Pro and Enterprise\ntiers; see [COMMERCIAL.md](/PujanMirani/NakshGuard/blob/main/COMMERCIAL.md).\n\nBy default the proxy starts in shadow mode: every layer runs and logs what it\nwould have blocked, without blocking anything. Run it against real traffic,\nreview the logs, then disable shadow mode in `proxy.yaml`\n\n:\n\n```\nglobal_settings:\n  shadow_mode: false\n```\n\nReload without restarting:\n\n```\nkill -HUP $(pgrep nakshguard)\n```\n\nBlocking can also be enabled per agent for incremental rollout.\n\nAll settings live in `proxy.yaml`\n\n: the upstream target, rate limits, and\nper-agent thresholds. The most common change is `llm_target`\n\nto match your\nprovider.\n\nIf the host is reachable by untrusted clients, set\n\n`NAKSHGUARD_AUTH_KEY`\n\nso that only requests carrying the matching`X-Nakshguard-Auth`\n\nheader are accepted. Without it, anyone who can reach the port can use your upstream credentials.\n\n| path | purpose |\n|---|---|\n`/v1/...` |\nproxied to the upstream LLM API |\n`/health` |\nliveness and current mode |\n`/stats` |\nper-agent session counters |\n\n```\ngo test -race -v             # unit tests\npython3 tests/run_all_tests.py   # integration tests (needs shadow_mode: false)\n```\n\nOne instance tracks hundreds of agents in memory. To run multiple instances\nbehind a load balancer, route by `X-Agent-ID`\n\nso each agent maps to a\nconsistent instance. Shared-state clustering is on the roadmap\n\nThe open-source version handles the common loop patterns. Teams running many\nagents in production, or with on-prem compliance requirements, can get\nadditional detection layers, priority support, and deployment help. Email\n[pujanmirani2708@gmail.com](mailto:pujanmirani2708@gmail.com) if that's you.\n\nAGPL-3.0. Free for internal use with no source-sharing obligation. Commercial\nlicensing and the Pro/Enterprise detection layers are covered in\n[COMMERCIAL.md](/PujanMirani/NakshGuard/blob/main/COMMERCIAL.md).", "url": "https://wpnews.pro/news/show-hn-nakshguard-on-prem-proxy-that-stops-ai-agent-loops", "canonical_source": "https://github.com/PujanMirani/NakshGuard", "published_at": "2026-06-25 12:28:46+00:00", "updated_at": "2026-06-25 12:44:11.842956+00:00", "lang": "en", "topics": ["ai-agents", "ai-infrastructure", "ai-safety", "ai-tools", "developer-tools"], "entities": ["NakshGuard", "OpenAI", "Anthropic", "Pujan Mirani"], "alternates": {"html": "https://wpnews.pro/news/show-hn-nakshguard-on-prem-proxy-that-stops-ai-agent-loops", "markdown": "https://wpnews.pro/news/show-hn-nakshguard-on-prem-proxy-that-stops-ai-agent-loops.md", "text": "https://wpnews.pro/news/show-hn-nakshguard-on-prem-proxy-that-stops-ai-agent-loops.txt", "jsonld": "https://wpnews.pro/news/show-hn-nakshguard-on-prem-proxy-that-stops-ai-agent-loops.jsonld"}}