Transparent HTTP proxy for AI agents. Block threats, cut token waste, monitor your fleet. Zero code changes. MIT license.
Project description
Orchesis is a transparent HTTP proxy for AI agents. Every request passes through a 17-phase detection pipeline before reaching the LLM provider. Zero dependencies. MIT license.
SDK sees one agent. Static analysis sees code. Observability sees metrics. Proxy sees everything, in real time, without code changes.
Installation
pip install orchesis
With integrations
pip install orchesis[integrations]
One line change
Before:
client = OpenAI(base_url="https://api.openai.com/v1")
After:
client = OpenAI(base_url="http://localhost:8080/v1")
# 17 security phases now active
Why proxy, not SDK?
| Approach | What it sees | Code changes |
|---|---|---|
| SDK/callbacks (LangSmith, LangChain) | One agent, one session | Required |
| Static analysis (Snyk, Semgrep) | Code at rest | Required |
| Observability (Datadog, Helicone) | Metrics and logs | Required |
| Orchesis proxy | All agents, all requests, cross-session | None |
The proxy layer sees what SDK cannot: cross-agent patterns, fleet-level anomalies, duplicate context across providers.
What Orchesis does
Security: 17-phase detection. Prompt injection, credential leaks, tool abuse. 25 signatures.
Cost: Semantic cache. Budget enforcement. Token Yield tracking. MVE result: 0.8% overhead, 12x context growth detected.
Reliability: Auto-healing. Circuit breakers. Loop detection. 6 recovery actions.
Observability: Real-time dashboard. Flow X-Ray. Agent Reliability Score.
By the numbers
| Metric | Value |
|---|---|
| Pipeline phases | 17 |
| Threat signatures | 25 across 10 categories |
| Proxy overhead | 0.8% measured |
| Context collapse | 12x growth caught |
| MAST coverage | 78.6% |
| OWASP coverage | 80% |
| Tests passing | 2,969 |
| Dependencies | 0 (stdlib only) |
Free MCP Security Scanner
We scanned 900+ MCP configurations on GitHub. 75% had at least one security issue: hardcoded credentials, overpermissioned tools, missing input validation.
Run the scanner on your own configs:
npx orchesis-scan
Or visit: https://orchesis.io/scan
52 security checks across 10 categories. No data sent to external servers.
Website | Documentation | MCP Scanner | GitHub | Blog
MIT License. Built with zero dependencies.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file orchesis-0.2.1.tar.gz.
File metadata
- Download URL: orchesis-0.2.1.tar.gz
- Upload date:
- Size: 852.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
362727758e0b916f6bcafbc340840fae284e944ece026f00f96213ccc6a8fd1b
|
|
| MD5 |
ab5c197ee645c8946338370d8ae489d8
|
|
| BLAKE2b-256 |
9db6882b476e1ed66c6140bce50675cad1027c29b5d5a30f5e2773c78858af43
|
File details
Details for the file orchesis-0.2.1-py3-none-any.whl.
File metadata
- Download URL: orchesis-0.2.1-py3-none-any.whl
- Upload date:
- Size: 655.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67b1e93b00371607f20712de5b238c4a1113d8994abf95464901f3769a6b96c8
|
|
| MD5 |
762140dd28914e6fa3d40d150a37c0a2
|
|
| BLAKE2b-256 |
57d3965a8df3674b040faa07d80c0a5ac550f52a2ed2dbc3ae46abedd1f85b7d
|
