If you've ever watched an AI agent spiral into an infinite loop and wondered how many tokens that would cost, NakshGuard has your back. Developer Pujan Mirani just dropped version 0.4.0 of this on-prem reverse proxy on Hacker News, and it's exactly the kind of tool the OpenClaw crowd has been asking for—a lightweight gatekeeper that sits between your agents and the LLM API, inspecting traffic for loop patterns before they burn through your budget.
How NakshGuard Works
The proxy auto-detects both OpenAI and Anthropic chat APIs, then runs four detection layers on every request: rate limiting catches bursty retry storms; a hard token limit ceiling stops sessions from accumulating runaway context; repetition detection flags identical requests within a sliding window; and the context velocity layer—labeled 'cve' in the docs—is purpose-built for the classic error-append loop where an agent tacks its last failure onto the prompt and retries, growing the request by chunks each turn. Sessions are tracked per-agent using the X-Agent-ID header you pass with each call.
Shadow Mode: Test Before You Enforce
One smart design choice here is shadow mode. By default, NakshGuard runs in shadow=true, meaning every detection layer fires and logs what it would have blocked—without actually blocking anything. Point it at your production traffic, review the logs to tune thresholds, then flip shadow_mode: false when you're ready for enforcement. Reload config without restarting via SIGHUP. The proxy also fails open—if it crashes or errors out, traffic passes through to the upstream rather than silently dropping requests. That's the right call for production reliability.
Setup and Scaling
Getting started is straightforward: set your OPENAI_API_KEY environment variable, point your client at localhost:8080 as the base_url, and add an X-Agent-ID header per agent for session tracking. NakshGuard estimates request cost, runs detections, then forwards or returns HTTP 429. One instance handles hundreds of agents in memory with sub-millisecond overhead. For horizontal scaling behind a load balancer, route by X-Agent-ID to keep sessions sticky on the same instance—shared-state clustering is on the roadmap. If your deployment exposes the proxy port to untrusted clients, set NAKSHGUARD_AUTH_KEY and require the matching X-Nakshguard-Auth header.
Pricing and Licensing
The open-source version ships under AGPL-3.0 with no source-sharing obligation for internal use. Mirani offers Pro and Enterprise tiers with additional detection layers, priority support, and deployment help via pujanmirani2708@gmail.com. The core loop-stopping functionality is fully free—commercial features are additive, not gated behind a paywall.
Key Takeaways
- Auto-detects OpenAI and Anthropic APIs; point clients at localhost:8080
- Four detection layers catch rate spikes, token ceilings, repetition loops, and context growth
- Shadow mode lets you test against live traffic before enforcing blocks
- Fail-open design prevents proxy crashes from breaking your agents
- AGPL-3.0 with commercial licensing available for teams needing extra layers
The Bottom Line
This is the kind of infrastructure that gets reinvented a dozen times in every AI-heavy shop before someone open-sources it properly. NakshGuard isn't flashy, but it's solid—zero dependencies, hot reloads, and a fail-safe design that won't silently tank your production pipeline. If you're running agents at scale and haven't thought about loop containment yet, this is where you start.