@parajulisandip0000/agent-gate
v1.0.3
Published
> **A Firewall & Telemetry Proxy for Coding Agents**
Readme
🛡️ Agent-Gate
A Firewall & Telemetry Proxy for Coding Agents
Agent-Gate is a lightweight, local proxy and CLI that sits between autonomous AI coding agents (like Claude Code, Cursor, Codex, OpenDevin, and Continue) and your system. It acts as an interactive guardrail, intercepting terminal executions, file changes, and outbound network requests to keep your machine safe.
Developers and enterprises are terrified of AI agents running a rogue rm -rf, leaking API keys, or fetching malicious dependencies. Agent-Gate solves this by enforcing human-in-the-loop approvals for sensitive operations and tracking exactly what the agent is doing.
Key Features
- Interactive Guardrails: A beautiful Terminal UI (TUI) that asks for your explicit approval when an agent attempts a sensitive command (e.g.,
git push,npm install,rm). - Agent Telemetry: Logs exactly what the agent did in a clean, readable Markdown format and local SQLite database for later auditing.
- Cost & Token Tracker: Intercepts API requests to track exactly how many tokens the local or API-based agent is burning per task, giving you a real-time view of your costs.
- Universal Compatibility: Works with any agent that uses standard system commands and HTTP APIs.
- Zero-Config Setup: Easy to install and run locally via
npm.
Architecture
Agent-Gate operates using three main components:
- The Gate (Network Proxy): Intercepts LLM API requests to track tokens, estimate costs, and log the agent's prompts/responses.
- The Guard (Command Interceptor): A smart
PATHshim system that wraps common risky commands. When an agent attempts a command, the shim sends an IPC message to the Agent-Gate process and pauses execution. - The Watchtower (Interactive TUI): The developer interface where you approve, deny, or modify command executions in real-time.
📁 File Structure
agent-gate/
├── bin/
│ └── agent-gate.js # CLI entry point
├── shims/ # Shim scripts for command interception (generated dynamically)
├── src/
│ ├── cli/ # Command Line Interface & TUI
│ ├── proxy/ # HTTP/HTTPS Proxy for API interception
│ ├── guard/ # Command interception & IPC communication
│ ├── telemetry/ # Logging, SQLite DB, token tracking
│ ├── config/ # Configuration management (rule sets)
│ └── index.ts # Core application logic
├── docs/ # Detailed documentation
└── tests/ # Unit and integration testsGetting Started
Installation
Agent-Gate is now available on the global NPM registry! You can install it globally via npm:
npm install -g @parajulisandip0000/agent-gateUsage
To start Agent-Gate and run an agent through it, simply prefix the agent's command with agent-gate:
agent-gate run -- claude-codeThis will:
- Start the Agent-Gate TUI and telemetry engine.
- Inject the command shims into the agent's environment.
- Proxy API requests to track token usage.
Telemetry Dashboard
To view a summary of your recent interceptions, API costs, and tokens burned, open a new terminal and run:
agent-gate logsThis will launch The Watchtower TUI dashboard showing a full timeline of the agent's actions.
IDE & Extension Monitoring (VS Code, Cursor, Codex)
Because extensions run inside your editor rather than as standalone terminal scripts, you need to configure them slightly differently:
1. Intercepting Commands
To force VS Code extensions (like GitHub Copilot or Continue) to use your guardrails, launch VS Code itself through Agent-Gate from your terminal:
agent-gate run -- code .Every extension inside that VS Code window will now inherit your protected PATH. If an extension tries to run a background npm install, your terminal will prompt you for approval.
2. Tracking API Costs
To track the tokens and costs of an AI extension, open the extension's settings inside your IDE and change its API Base URL to point to your local Agent-Gate proxy:
http://localhost:8080/v1
As soon as you do this, every line of code generated will be logged in your agent-gate logs dashboard with its exact token cost!
Configuration
Agent-Gate is highly configurable. You can define rules for which commands require approval, which are auto-approved, and which are strictly denied.
Create an agent-gate.config.json in your project root or ~/.agent-gate/:
{
"guardrails": {
"requireApproval": ["git push", "npm install", "rm", "curl"],
"autoApprove": ["git status", "ls", "cat"],
"deny": ["rm -rf /"]
},
"proxy": {
"port": 8080,
"trackTokens": true
}
}Contributing
We welcome contributions! Whether it's adding support for new agents, improving the TUI, or refining the token tracking algorithms, your help is appreciated.
Please see our CONTRIBUTING.md for details on how to get started.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
