The latest articles on DEV Community by Vadim (@vaad2). https://dev.to/vaad2 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F437055%2F852c8af4-0464-40bc-a66a-d672b73048c7.png https://dev.to/vaad2 en Vadim Tue, 28 Apr 2026 20:48:31 +0000 https://dev.to/vaad2/i-built-agent-shield-an-open-source-traffic-control-layer-for-ai-coding-agents-1pjd https://dev.to/vaad2/i-built-agent-shield-an-open-source-traffic-control-layer-for-ai-coding-agents-1pjd <p>The idea is simple: AI agents send a lot of stuff over the network: prompts, code snippets, logs, tool output, telemetry, sometimes secrets. Most of that is hidden inside the CLI.</p> <p>Agent Shield sits between the agent and the network, so you can see and control what goes out.</p> <h3> What you can do with it </h3> <ul> <li> <strong>See traffic</strong> — inspect HTTP, WebSocket, and SSE traffic from AI tools in real time.</li> <li> <strong>Audit and observability</strong> — record what was sent, where it went, which tool produced it, when it happened, and which decision was applied.</li> <li> <strong>Data protection and DLP</strong> — stop secrets, private code, customer data, internal logs, or environment details before they leave the machine; run traffic through custom rules, a local classifier, a DLP service, or a local LLM.</li> <li> <strong>Modify packets</strong> — redact, replace, block, or reroute requests and responses.</li> <li> <strong>Model routing</strong> — send simple work to a local model via Ollama or llama.cpp, route harder tasks to external APIs.</li> <li> <strong>Cost control</strong> — attach counters, budgets, latency rules, and project-specific policies outside the AI client itself.</li> <li> <strong>Agent orchestration</strong> — observe and coordinate multiple CLI agents through one traffic layer instead of writing a custom integration per client.</li> <li> <strong>Worker status</strong> — see which agent is busy, which is free, what task it is on, and where it may be blocked.</li> <li> <strong>Alerts</strong> — plug in listeners for Telegram, dashboards, logs, or analytics.</li> <li> <strong>Client independence</strong> — keep control outside the vendor UI, pricing model, telemetry settings, and protocol changes.</li> </ul> <h2> How it works </h2> <p>There are two extension points:</p> <ul> <li> <strong>Listeners</strong> get a copy of the event. They do not block traffic. Good for logs, alerts, dashboards, and analytics.</li> <li> <strong>Decision handlers</strong> run before traffic continues. They can allow, block, modify, replace, or route it.</li> </ul> <p>Current pieces:</p> <ul> <li>MITM proxy for explicitly routed traffic</li> <li>HTTP, websocket, and SSE handling</li> <li>normalized events</li> <li>REST listeners and handlers</li> <li>NATS event flow</li> <li>dashboard for captured traffic</li> <li>worker status signals</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fej0yb3s4dn6dgyh2zo1j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fej0yb3s4dn6dgyh2zo1j.png" alt="AS architecture" width="800" height="475"></a></p> <h2> Why I built it </h2> <p>AI agents are becoming part of the dev workflow, but we still treat their network traffic like a black box.</p> <p>Terminal control is useful, but it does not answer the important question:</p> <blockquote> <p>What did the agent actually send out?</p> </blockquote> <p>Agent Shield gives that traffic a clear control point.</p> <p>Repo: <a href="https://github.com/bytepiper/agent-shield" rel="noopener noreferrer">agent-shield</a></p> webdev programming ai