Transparent proxy that secures AI agents with guardrails
CTRL-AI v1 is a transparent HTTP proxy that sits between your AI agent and LLM provider, enforcing guardrails, auditing behavior, and blocking unsafe tool calls — with zero SDK modification required.
CtrlAI uses a YAML-based rules engine supporting glob patterns for paths, regex for commands and URLs, substring matching for arguments, and per-agent scoping. Users can block specific tools (e.g., read, write, exec), match on file paths (**/.env), command patterns (rm -rf /), or URL domains without writing code.
CtrlAI intercepts LLM responses before they reach the agent SDK, evaluates tool calls against configurable guardrail rules (19 built-in rules covering file system, destructive commands, privacy, messaging), and blocks dangerous calls. This stops harmful actions like SSH key access, credential exfiltration, or shell command injection without modifying agent code.
CtrlAI supports per-agent rule configuration and kill switches via URL path routing (e.g., /provider/anthropic/agent/main/). Teams can apply different guardrail rules to different agents and instantly disable an agent's tool access without redeploying code.
CtrlAI acts as a transparent HTTP proxy that logs every LLM request and response to a local audit directory. Users can review what tools were called, what arguments were passed, and what was blocked, enabling compliance reporting and troubleshooting without invasive code instrumentation.
CtrlAI is a drop-in HTTP proxy that sits between agent SDK and LLM provider. Users only need to change the baseUrl in their agent config to point to CtrlAI (e.g., http://127.0.0.1:3100/provider/anthropic). The agent SDK sees no difference; all guardrail logic runs transparently in the proxy.