Show HN: NakshGuard – on-prem proxy that stops AI agent loops

NakshGuard, an open-source on-premises reverse proxy, detects and blocks runaway loops in AI agent traffic before they consume excessive API tokens. It sits between agents and LLM APIs like OpenAI and Anthropic, applying detection layers for rate limits, token limits, repetition, and context velocity, with sub-millisecond overhead and zero external dependencies.

A reverse proxy that detects and blocks runaway loops in AI agent traffic before they consume excessive API tokens. NakshGuard sits between your agents and the LLM API. It inspects each request, tracks per-agent session state, and applies a set of detection layers to identify looping behaviour — rapid repetition, unbounded context growth, and rate spikes — then blocks or logs them according to your configuration. It runs on-premises with no external dependencies; request data never leaves your network. nakshguard 0.4.0 | tier=v1 shadow=false target: https://api.openai.com | listening on :8080 - Reverse proxy for the OpenAI and Anthropic chat APIs auto-detected - Four detection layers: rate limit, hard token limit, repetition, context velocity - Per-agent session tracking and configurable thresholds - Shadow mode for safe calibration before enforcement - Fail-open: if the proxy fails, traffic passes through to the upstream - Sub-millisecond overhead, in-memory state, zero external dependencies - Hot config reload via SIGHUP go build . Or with Docker: docker build -t nakshguard . docker run -p 8080:8080 -e OPENAI API KEY=sk-... nakshguard Run the proxy: OPENAI API KEY=sk-... ./nakshguard Point your client at the proxy and identify each agent with a header: client = openai.OpenAI api key=os.environ "OPENAI API KEY" , base url="http://localhost:8080", default headers={"X-Agent-ID": "billing bot"}, Requests now flow through NakshGuard. It estimates request cost, runs the detection layers, and forwards to the upstream or blocks with HTTP 429. | layer | triggers on | |---|---| | rate limit | too many requests in a short window | | hard limit | session token total exceeds a ceiling | | repetition | identical requests repeated within the window | | cve | context size growing across consecutive requests | Context velocity cve detects the common error-append loop, where an agent appends its last error to the context and retries, growing the request each turn. Additional detection layers are available in the Pro and Enterprise tiers; see COMMERCIAL.md /PujanMirani/NakshGuard/blob/main/COMMERCIAL.md . By default the proxy starts in shadow mode: every layer runs and logs what it would have blocked, without blocking anything. Run it against real traffic, review the logs, then disable shadow mode in proxy.yaml : global settings: shadow mode: false Reload without restarting: kill -HUP $ pgrep nakshguard Blocking can also be enabled per agent for incremental rollout. All settings live in proxy.yaml : the upstream target, rate limits, and per-agent thresholds. The most common change is llm target to match your provider. If the host is reachable by untrusted clients, set NAKSHGUARD AUTH KEY so that only requests carrying the matching X-Nakshguard-Auth header are accepted. Without it, anyone who can reach the port can use your upstream credentials. | path | purpose | |---|---| /v1/... | proxied to the upstream LLM API | /health | liveness and current mode | /stats | per-agent session counters | go test -race -v unit tests python3 tests/run all tests.py integration tests needs shadow mode: false One instance tracks hundreds of agents in memory. To run multiple instances behind a load balancer, route by X-Agent-ID so each agent maps to a consistent instance. Shared-state clustering is on the roadmap The open-source version handles the common loop patterns. Teams running many agents in production, or with on-prem compliance requirements, can get additional detection layers, priority support, and deployment help. Email pujanmirani2708@gmail.com mailto:pujanmirani2708@gmail.com if that's you. AGPL-3.0. Free for internal use with no source-sharing obligation. Commercial licensing and the Pro/Enterprise detection layers are covered in COMMERCIAL.md /PujanMirani/NakshGuard/blob/main/COMMERCIAL.md .