Open Source · MIT License

See everything
your AI agents
do.

Runtime Gateway for AI Agents. Block threats. Cut token waste. Monitor your fleet. One config change.

SDK sees one agent. Static analysis sees code. Proxy sees everything — in real time, without code changes.

Get StartedStar on GitHub
pip install orchesis
# Before:client = OpenAI(base_url="https://api.openai.com/v1")# After — one line change:client = OpenAI(base_url="http://localhost:8080/v1")# ↑ 17 security phases now active
★ Stars17-Phase Pipeline🔍100+ MCP Checks🧪4,813 TestsZero DependenciesMIT LicenseMAST · OWASP · EU AI Act · NIST
17
Security Phases
4,813
Passing Tests
<3ms
Added Latency
33+
Detection Patterns
ORCHESIS_THREAT_LOGLIVE
0 phases
Secure
Adaptive detection
0% saved
Optimize
Context compression
0 actions
Heal
Auto-recovery

Security

17-phase adaptive detection. Prompt injection, credential leaks, tool abuse, delegation chain attacks. 33+ signatures across 10 categories.

# Blocked: prompt injection via issue delegation# Phase: Injection Shield (phase 4) + Crystal Alert# Detection: 96% explicit patterns, 0 false positives# Severity: HIGH → request terminated

Cost Control

Context compression saves 80–90% tokens in growing-context sessions. Semantic cache. Thompson Sampling model routing. Per-request budget enforcement — not per-heartbeat.

# Tokens: 4,847 → 612 (87% saved)# Cost: $0.043 → $0.006# Method: context compression + cache hit# Loop detected at call #3 → saved $55-150

Reliability

Auto-healing with 6 recovery actions. Loop detection at call #3 — saves $55–150 per incident. 450× faster than heartbeat-based checks. MAST & OWASP compliance mapping.

# Loop detected: 3 identical tool calls in 60s# Action: Circuit breaker → 429 Too Many Requests# Saved: $55 (vs $150 at next heartbeat check)# Speed: 450× faster detection

Observability

Real-time dashboard, runs locally. Fleet-level correlation: which agent did what, and why it cost so much. Independent audit log — tamper-resistant, outside your orchestrator.

# Fleet: 5 agents monitored# Cross-agent data flow: Agent A → Agent B detected# Cost: Orchesis $4.50 vs reported $0.00# Independent audit: 12,847 requests logged

Live Demo

See your fleet in real time

Security zones show agent health at a glance. Click any agent to inspect.

mainresearch_01coding_02qa_03marketing_04scout_sub
Working
Idle
Error / Threat
Click any agent to inspect
Demo data · npx orchesis-radar for your real fleet

Every request.
Analyzed. Secured. Optimized.

Orchesis sits as a transparent HTTP proxy between your AI agents and their LLM providers. One config change — set the base URL to localhost:8080 — and every request passes through a 17-phase pipeline. No SDK integration. No code changes. No vendor lock-in.

How it works

One config change.
Everything changes.

AI Agents
Paperclip30K★
CrewAI
LangChain
OpenClaw300K★
AutoGen
Google ADK
Any agent
Orchesis Proxy
Security (phases 1-8)
Context Engine (9-11)
Threat Intel (12-14)
Cost Optimizer (15-16)
Observability (17)
localhost:8080
LLM Providers
OpenAI
Anthropic
Google
Mistral
DeepSeek
Any OpenAI-compatible

base_url = "http://localhost:8080/v1" # one line change

Why proxy, not SDK?

SDK / callbacks
One agent, one session
Required
Static analysis
Code at rest
Required
Observability
Metrics and logs
Required
Orchesis proxy
Everything, cross-agent
None

Why agents fail in production

Four ways AI agents die.

Orchesis closes all four with one config change.

C
Context Collapse

Agent loses the thread. Repeats work. Contradicts itself mid-task.

Context compression removes 80–90% waste
O
Opacity Gap

No trace, no replay. You can't know what went wrong or why.

Flow X-Ray records every decision
S
Spend Explosion

$847 bill from OpenAI for one overnight run. No limits, no alerts.

Per-request budget enforcement blocks overspend
T
Trust Breakdown

Agent called APIs it shouldn't. One incident — banned from production.

17-phase threat detection with formal proof of limits

One config change. Zero code rewrites. All four problems solved.

By the numbers

What Orchesis catches

Proxy overhead
< 3msadded latency
Token savings
80–90%context reduction
Threat signatures
33+across 10 categories
MAST coverage
78.6%11/14 failure modes
OWASP coverage
80%8/10 risks
Auto-heal actions
6recovery strategies
Test coverage
4,813passing tests
Dependencies
0stdlib only
Proxy overhead (MVE)
0.8%measured
Context growth caught
12×without proxy: invisible

Free · No signup · Browser-based

Free security tools.

MCP Scanner

100+ checks. CVE database. OWASP mapping. Paste your config, get a report.

Security Scorecard

5 questions. Instant grade A+ to F. Know where you stand in 30 seconds.

Cost CalculatorComing soon

How much are agent loops and context bloat costing you?

OWASP MCP GuideComing soon

All 10 risks explained. Real examples. Detection methods. Fixes.

See all tools →

Mathematical foundations

Built on impossibility theorems.

What can and cannot be detected in AI agent security — proven mathematically.

3
Impossibility theorems
What NO monitor can detect
2
Necessity results
What ONLY a proxy can detect
26
Formal results total
Published, peer-reviewable

We don't just monitor your agents. We prove exactly where monitoring ends — and where your other defenses must begin.

Read the research →

Works with your stack

Drop in, don't rewrite.

AI Agents
OpenClawPaperclipCrewAILangChainLangGraphAutoGenOpenAI Agents SDKGoogle ADK
LLM Providers
OpenAIAnthropicGoogle GeminiMistralDeepSeekQwenMinimaxOllamaAny OpenAI-compatible

If it speaks OpenAI-compatible API — Orchesis works with it.

Integrate into your workflow

Wherever you work.

npm CLI
npx orchesis-scan
Zero-install CLI scan for any terminal. Auto-detects MCP configs.
npx orchesis-scan
npm · orchesis-scan
GitHub Action
CI/CD pipeline
Scan MCP configs on every PR. Fail builds with insecure configs.
uses: poushwell/orchesis@main
with:
  fail-on: 'high'
GitHub · mcp-scan action
pre-commit
Block bad commits
Prevent insecure MCP configs from ever reaching your repo.
repo: poushwell/orchesis
hooks:
  - id: orchesis-mcp-scan
pre-commit · hook

How Orchesis compares

Not another SDK.Just a proxy that keeps your agents honest.

CriteriaGeneric GatewayLLM RouterAgent PlatformOrchesis
Understands MCP/A2A
17-phase security
Fleet correlationpartial
Formal security proofs
Zero dependencies
Open source (MIT)variessome
Transparent proxypartial
Zero code changes
Self-hosted
No telemetry

Why this matters now

The window is closing.

40%

of agentic AI projects will be canceled by 2027 due to inadequate risk controls

Gartner, 2025
30K+

stars on Paperclip in 2.5 weeks. AI agent fleets are here. No dedicated security layer exists for them yet.

GitHub, March 2026
$417M

Runtime Gateway for AI Agents market in 2026, growing to $2.8B by 2030.

Market estimate
Aug 2026

EU AI Act enforcement begins. Audit trails and incident reporting required.

EU AI Act

Orchesis is ready. Are your agents?

From the blog

What we've learned

View all articles →
SECURITY

43% of MCP configs run bare shell. That's not a misconfiguration.

Bare shell execution is the most common MCP tool interface. Here's why that's dangerous.

Read more →INCIDENT

One compromised scanner, three hacked projects, 100M downloads poisoned.

LiteLLM supply chain attack: Trivy → KICS → PyPI. Full chain analysis.

Read more →INCIDENT

I left my AI agent running overnight. Here's what I found.

$47,000 from an agent loop. 43,175 restarts. 2.5 years of data wiped.

Read more →

Open source · MIT License

Your agents are already
making API calls.

Now you can see every one.

Get StartedStar on GitHub

Works whether AI wins or loses.

Open Source · MIT License · Zero Dependencies

// try: help