Security
Tool calls run through a policy you write. Prompts and responses are scanned for secrets and PII. Credentials are leased, not stored long-lived. Risky actions can park in a human-approval queue.
Lupid is a runtime security and observability layer for AI agents. You drop it between your agents and everything they call — the LLM, MCP servers, your own internal APIs — and from then on every request the agent makes goes through Lupid.
What that gets you, in one product:
Security
Tool calls run through a policy you write. Prompts and responses are scanned for secrets and PII. Credentials are leased, not stored long-lived. Risky actions can park in a human-approval queue.
Observability
Every decision is recorded in an append-only audit log. The dashboard streams live tool calls, alerts, and the approval queue. OpenTelemetry traces and Prometheus metrics are wired in.
Identity & access
Per-agent Ed25519 keypair, JWT sessions bound to network context, registry, and kill switch. Full IAM is included — it’s one capability inside Lupid, not the whole product.
LLM-driven agents make decisions you can’t fully predict at deploy time. A
requests.get() your code never wrote can still appear in production. Static analysis
catches some of this. Runtime enforcement catches the rest.
Lupid evaluates every agent action against your policy at the moment it happens. Allowed actions proceed. Disallowed ones don’t. Either way, the decision lands in the audit log.
There are two ways to wire your agents to Lupid:
import the TypeScript SDK and call init(). The SDK monkey-patches
fetch so calls to OpenAI / Anthropic / Cohere / Gemini and the OpenAI-compatible
providers (Azure OpenAI, Together, Mistral, Groq, DeepSeek, X.AI, Perplexity,
OpenRouter, Fireworks, Anyscale) route through Lupid with no
other code changes.HTTPS_PROXY=http://lupid:7070. No code
changes at all. The HTTPS-CONNECT gateway intercepts TLS, runs the same enforcement
pipeline, forwards the call.You can run either, or both, at the same time.