Built on 3,400+ OpenClaw GitHub issues

Your OpenClaw agent
is looping.
You don't know yet.

Orchesis sits between your agents and the LLM API, telling you what's going wrong before it costs you money.

Orchesis is an open-source HTTP proxy that sits between OpenClaw agents and LLM APIs to detect loops, prompt injection, and cost anomalies in real time — based on analysis of 3,400+ OpenClaw GitHub issues.

122 calls · loopDetection ON · zero alerts · Orchesis: call #3

Install in 5 minutes →★ Star on GitHub

⚡ 4,813+ tests passing

🔒 18 injection patterns

◎ Zero vendor lock-in

⚖ MIT License

~/.openclaw/openclaw.json

# Before — agent calls Anthropic directly
"baseUrl": "https://api.anthropic.com"

# After — one line change
"baseUrl": "http://localhost:8080"
✓ Crystal Alert: active
✓ Injection Shield: active (33+ patterns)
✓ Cost tracking: real-time
⚠ 14:23 · agent:coder-01 · crystal phase · call #8
🔴 Telegram alert sent · /thaw to resume

Real incidents that actually happened

Real incidents. Real GitHub issues.

Each story has a public issue number. Each number is verifiable.

Issue #27602 · OpenClaw

$15.09

spent in 90 minutes on one image

The image that triggered 33 million cache reads

A group chat photo triggered a cache recursion bug. Every read spawned more reads. Nobody got an alert. Nobody got a refund.

Orchesis detects it on request #3 — 8 seconds after the photo. $0.20 spent. $14.89 prevented.

Issue #28191 · OpenClaw

43,175×

restarts in one night, zero alerts

The loop that ran until Windows killed the VM

A port conflict triggered systemd restart policy. The gateway tried to bind, failed, and restarted. 43,175 times. Found out when the VM died.

Orchesis detects it on restart #4 — 14 seconds after boot. One Telegram message with the exact diagnostic.

Issue #41555 · OpenClaw

80:1

thinking-to-output ratio at peak

Opus thought itself into a loop /new couldn't fix

Thinking tokens doubled every request: 1,800 to 14,400. The model was still working. Session reset didn't help. Model swap was the only exit.

Orchesis alerts at 10:1 ratio — Two requests before the loop became unrecoverable. Tells you which model to switch to.

Issue #9828 · OpenClaw

~100K

extra tokens per request, default config

The config that costs you money on every single call

Default OpenClaw config injects the entire configuration schema into every system prompt. Every request. ~100,000 extra tokens the LLM doesn't need. It breaks Anthropic prompt caching — instead of 90% savings on repeated calls, you pay full price every time.

orchesis verify detects it in 30 seconds — Shows the exact overhead and the one-line fix.

Setup

Three steps. Five minutes.

No code changes in your agents. No API key changes. One line in your OpenClaw config.

01 · Install

30 seconds

pip install orchesis

orchesis init

Proxy starts on port 8080. Nothing changes in your agents until you update the config.

02 · Connect

One line

"proxy": { "url": "http://localhost:8080" }

Add to your OpenClaw config. Restart the gateway. Your agents route through Orchesis automatically.

03 · Protect

Automatic

Orchesis reads every request your agents make without touching your code or API keys.

When something goes wrong: Telegram alert, one diagnosis, one action.

What changes

Without Orchesis vs With Orchesis

Feature	Without Orchesis	With Orchesis
Loop detection	loopDetection fires on some loops, misses exec tool calls entirely.Issue #34574 · 122 identical calls · 0 alerts	Alert on call #3. Catches exec loops, thinking loops, restart loops, all 6 types.
Cost visibility	totalTokens: null. Find out from the monthly invoice.Issue #21819 · token tracking structurally broken	Per-request cost in real time, from the actual API response. Not estimated. Exact.
Injection defense	Tool results land directly in LLM context. No scanning.SECURITY.md · "prompt injection is out of scope"	33+ patterns scanned before LLM sees the content. Block or alert per pattern.
Crystal phase	Agent locks into a fixed execution pattern. Looks like progress. Isn't.Issue #41555 · thinking loop survives /new session	Ψ_α computed per request. Alert fires when tool diversity collapses below threshold.
Fleet view	No cross-agent visibility. Gateway restarts kill all sessions.Issue #43178 · Issue #26322 · $636/mo OAuth waste	All agents visible simultaneously. Cross-agent patterns detected.
Setup time	Custom logging, custom alerts, custom wrappers. Weeks of backlog.	pip install + one config line. First alert in under 5 minutes.
Config audit	Default config adds ~100,000 extra tokens per request. Breaks prompt caching. No warning.Issue #9828 · every request · every user	orchesis verify detects in 30 seconds. Shows exact overhead and one-line fix.
Price	Your time, plus whatever the next loop costs.	$0. MIT license. Self-hosted. No telemetry.

Why a proxy, not a plugin

Some limitations aren't engineering problems.

They're architectural constraints. We proved three of them.

T1
Fleet Metric Impossibility

Your agent physically cannot monitor your fleet.

An SDK inside a single agent sees one conversation from inside. Fleet-level metrics require data from all agents simultaneously. Getting that data costs O(n) reports plus O(n) queries per update. For pairwise comparisons: O(n²).

What this means: A proxy already sees every agent's traffic as a side effect of routing. Zero additional calls. The same data that would require constant polling from an SDK is always present in the proxy's view.

T2
Self-Detection Impossibility

A compromised agent can't detect its own compromise.

If a prompt injection modifies an agent's context, the agent's own security checks run inside that modified context. It's checking itself with corrupted instructions. An external observer compares behavior against the fleet baseline.

What this means: Issue #28191 ran 43,175 iterations with nothing reported. The gateway saw activity. Orchesis saw the pattern of activity and spotted the deviation before the crash.

T3
Causal Graph Impossibility

You can't trace multi-agent failures from single-agent logs.

When something goes wrong, an SDK watching one agent sees one slice of the story. It sees "I called X and got error Y." It doesn't see that another agent triggered the failure 30 seconds earlier.

What this means: Issue #26322: 18 agents, one OAuth profile. Agent A refreshed the token. Agent B used the stale one, got 401, fell back to Opus at $0.186/turn. That's $636/month from one architectural decision. Orchesis sees both streams and identifies the cross-agent cause.

Install

Start in 5 minutes. No credit card. No account.

# 1. Install
pip install orchesis

# 2. Start with both detectors
orchesis init --with-crystal-alert --with-injection-shield

# 3. Connect OpenClaw (one line)
"proxy": { url: "http://localhost:8080", enabled: true }
openclaw gateway restart
orchesis verify

✓ Proxy running · Crystal Alert active · Injection Shield active

Read the docs →★ Star on GitHub

GitHub ↗PyPI ↗Docs ↗MIT license · self-hosted · no telemetry

The agent that's failing right now
won't tell you.

First run

orchesis verify

Before your first real session, run one command. It checks your OpenClaw config for known issues.

orchesis verify

✓ Proxy connection: OK
✓ Crystal Alert: active
✓ Injection Shield: active (33+ patterns)
⚠ Config schema injection detected
  Extra tokens per request: ~100,000
  Breaks Anthropic prompt caching (~100x cost)
  Fix: agents.defaults.injectConfigSchema = false
⚠ Token tracking: totalTokens null in responses
  Your cost data is incomplete
  See: Issue #21819

30 seconds. Shows what's wrong. Shows how to fix it.

Frequently asked questions

Common questions

Does Orchesis work with OpenClaw Telegram bots?

Yes. Orchesis monitors all traffic between your OpenClaw agent and the LLM API regardless of which channel — Telegram, WhatsApp, Discord, or WebChat — the user message came from. One proxy covers all channels.

How does Orchesis detect OpenClaw loops?

Orchesis tracks request patterns across 6 loop types: exec tool loops, thinking token escalation, restart cascades, OAuth races, cache recursion, and crystal phase lock-in. It alerts on the pattern, not just the count, catching loops that OpenClaw's built-in loopDetection misses entirely.

Does Orchesis read my API keys?

No. Orchesis proxies HTTP traffic without extracting or storing API keys. Your keys pass through to the LLM provider unchanged. Orchesis reads request and response payloads for security analysis only.

What happens if Orchesis goes down?

Your agents fall back to direct API calls automatically. Orchesis is not in the critical path. If the proxy is unavailable, OpenClaw routes directly to the LLM provider. Zero downtime risk.

Does Orchesis work with Claude, GPT-4, Gemini?

Yes. Orchesis proxies any HTTP-based LLM API: Anthropic Claude, OpenAI GPT-4 and o1, Google Gemini, Mistral, and any provider using standard HTTP REST endpoints.

Is Orchesis free?

Yes. MIT license. Self-hosted. No telemetry. No vendor lock-in. No usage limits.

How is Orchesis different from Portkey or Galileo?

Portkey is a gateway focused on routing and cost optimization. Galileo is an evaluation platform for post-hoc testing. Orchesis is a security proxy that sits inline and detects threats in real time, not after the fact. Orchesis is also fully open source and self-hosted, with no SaaS dependency.

Your OpenClaw agentis looping.You don't know yet.