I built Agent Shield an open-source traffic control layer for AI coding agents.

#webdev #programming #ai

The idea is simple: AI agents send a lot of stuff over the network: prompts, code snippets, logs, tool output, telemetry, sometimes secrets. Most of that is hidden inside the CLI.

Agent Shield sits between the agent and the network, so you can see and control what goes out.

What you can do with it

See traffic — inspect HTTP, WebSocket, and SSE traffic from AI tools in real time.
Audit and observability — record what was sent, where it went, which tool produced it, when it happened, and which decision was applied.
Data protection and DLP — stop secrets, private code, customer data, internal logs, or environment details before they leave the machine; run traffic through custom rules, a local classifier, a DLP service, or a local LLM.
Modify packets — redact, replace, block, or reroute requests and responses.
Model routing — send simple work to a local model via Ollama or llama.cpp, route harder tasks to external APIs.
Cost control — attach counters, budgets, latency rules, and project-specific policies outside the AI client itself.
Agent orchestration — observe and coordinate multiple CLI agents through one traffic layer instead of writing a custom integration per client.
Worker status — see which agent is busy, which is free, what task it is on, and where it may be blocked.
Alerts — plug in listeners for Telegram, dashboards, logs, or analytics.
Client independence — keep control outside the vendor UI, pricing model, telemetry settings, and protocol changes.

How it works

There are two extension points:

Listeners get a copy of the event. They do not block traffic. Good for logs, alerts, dashboards, and analytics.
Decision handlers run before traffic continues. They can allow, block, modify, replace, or route it.

Current pieces: