Skip to main content

agentshield/
lib.rs

1//! # AgentShield
2//!
3//! **Default-deny egress firewall for AI agents.**
4//!
5//! AgentShield is a local HTTP/HTTPS proxy that intercepts outbound requests from
6//! AI agents (e.g., Claude Code, OpenClaw) and enforces configurable security policies.
7//!
8//! ## Architecture
9//!
10//! - **[`proxy`]** — TCP proxy server handling HTTP and HTTPS CONNECT tunneling
11//! - **[`policy`]** — TOML-based configuration and rule evaluation engine
12//! - **[`dlp`]** — Data Loss Prevention scanner detecting secrets and PII in request bodies
13//! - **[`logging`]** — SQLite-backed request logging with JSON/CSV export
14//! - **[`notification`]** — Async notification system (Telegram) for deny/DLP events
15//! - **[`cli`]** — Command-line interface (clap) and interactive approval prompt
16//! - **[`error`]** — Unified error types using `thiserror`
17//!
18//! ## Quick Start
19//!
20//! ```bash
21//! # Initialize configuration and database
22//! agentshield init
23//!
24//! # Apply a policy template
25//! agentshield policy template openclaw-default
26//!
27//! # Start the proxy
28//! agentshield start
29//!
30//! # Route AI agent traffic through the proxy
31//! export HTTPS_PROXY=http://127.0.0.1:18080
32//! ```
33
34pub mod ask;
35pub mod cli;
36pub mod dlp;
37pub mod error;
38pub mod logging;
39pub mod notification;
40pub mod policy;
41pub mod proxy;
42pub mod ratelimit;
43pub mod web;