Skip to content

Introduction

Lupid is a runtime security and observability layer for AI agents. You drop it between your agents and everything they call — the LLM, MCP servers, your own internal APIs — and from then on every request the agent makes goes through Lupid.

What that gets you, in one product:

Security

Tool calls run through a policy you write. Prompts and responses are scanned for secrets and PII. Credentials are leased, not stored long-lived. Risky actions can park in a human-approval queue.

Observability

Every decision is recorded in an append-only audit log. The dashboard streams live tool calls, alerts, and the approval queue. OpenTelemetry traces and Prometheus metrics are wired in.

Identity & access

Per-agent Ed25519 keypair, JWT sessions bound to network context, registry, and kill switch. Full IAM is included — it’s one capability inside Lupid, not the whole product.

LLM-driven agents make decisions you can’t fully predict at deploy time. A requests.get() your code never wrote can still appear in production. Static analysis catches some of this. Runtime enforcement catches the rest.

Lupid evaluates every agent action against your policy at the moment it happens. Allowed actions proceed. Disallowed ones don’t. Either way, the decision lands in the audit log.

There are two ways to wire your agents to Lupid:

  • SDK pathimport the TypeScript SDK and call init(). The SDK monkey-patches fetch so calls to OpenAI / Anthropic / Cohere / Gemini and the OpenAI-compatible providers (Azure OpenAI, Together, Mistral, Groq, DeepSeek, X.AI, Perplexity, OpenRouter, Fireworks, Anyscale) route through Lupid with no other code changes.
  • Network proxy path — point the agent at HTTPS_PROXY=http://lupid:7070. No code changes at all. The HTTPS-CONNECT gateway intercepts TLS, runs the same enforcement pipeline, forwards the call.

You can run either, or both, at the same time.