Governed AI-ops for Traefik + Caddy + HAProxy reverse proxies / load balancers: routes, services, upstream health, TLS cert expiry sweep, 5xx error-rate RCA, route conflict analysis, and governed writes (caddy config, haproxy server state/weight) with a built-in governance harness (audit, budget, undo, risk tiers)
Project description
Proxy AIops (preview)
Governed, audited AI-ops for Traefik, Caddy and HAProxy reverse proxies / load balancers — for AI agents (via MCP) and humans (via CLI).
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by Traefik Labs, the Caddy project, HAProxy Technologies, or the HAProxy project. Traefik, Caddy and HAProxy are trademarks of their respective owners. MIT licensed.
proxy-aiops speaks to three proxy platforms behind one MCP server — Traefik
(its API under /api/..., metrics-text counters via /metrics), Caddy (the
admin API, default localhost:2019) and HAProxy (the Data Plane API v2 under
/v2/..., HTTP Basic auth) — with the same tools working on all three. Each
target in the config names its own platform; a name-keyed platform registry
selects the API shape (auth + resource paths), and an explicit support matrix
raises teaching errors for ops a platform genuinely cannot do — e.g. Traefik
writes point you at its providers (file, container labels, orchestrator CRDs), never
a silent no-op.
Every tool runs through a built-in governance harness (vendored, zero external dependency): audit log, token/call budget with runaway circuit-breaker, graduated risk-tier approval, undo-token recording, and output sanitisation.
Why this exists
- One server, three proxies — Traefik, Caddy and HAProxy in a mixed edge, spoken to through identical tool names. Adding another proxy later is a new platform descriptor, not a rewrite.
- Read the whole edge — version, entrypoints/listeners, routes (routers / caddy routes / frontends) with parsed hosts+paths, services and server-level upstream health, middlewares, TLS domain inventory, traffic/error counters, and the live config tree (snapshot + search).
- Flagship RCA analyses — transparent heuristics that show their numbers,
never a black-box verdict:
backend_health_rca(down upstreams → cause class L4/L6/L7/DNS/maint + action),cert_expiry_sweep(days-to-expiry buckets + per-platform renewal hints),error_rate_rca(5xx share vs the fleet baseline, dominant code → 502/503/504/500 cause), androute_conflict_analysis(shadowed routes, dead routes, redirect loops). - Governed writes — caddy config
set/delete/ fullload(the prior subtree/config is fetched first, so the recorded undo replays a real restore) and haproxy runtime serverstate(ready/drain/maint) andweight(undo restores the prior value) — all withdry_runpreviews; delete/load are risk=high behind an approver gate.
Tool inventory (26 tools)
| Domain | Tools | # | Kind |
|---|---|---|---|
| Status | proxy_overview, version_info, list_entrypoints |
3 | read |
| Routes | list_routes, route_detail, find_route |
3 | read |
| Services | list_services, service_detail, list_upstreams, upstream_detail, list_middlewares |
5 | read |
| Certificates | list_certificates |
1 | read |
| Traffic | traffic_stats, error_counters |
2 | read |
| Config | config_snapshot, search_config, get_config_value |
3 | read |
| Flagship analyses | backend_health_rca, cert_expiry_sweep, error_rate_rca, route_conflict_analysis |
4 | read |
| Writes (caddy) | set_config_value |
1 | write (med) |
| Writes (caddy) | delete_config_path, load_config |
2 | write (high) |
| Writes (haproxy) | set_server_state, set_server_weight |
2 | write (med) |
Reversible writes record an inverse undo descriptor built from the real fetched
before-state (set_config_value restores the prior subtree; delete_config_path
re-creates it; load_config re-loads the snapshotted config; server state/weight
restore the prior value). The undo params match each tool's own signature, so the
descriptor replays as-is.
Per-platform support matrix
| Capability | traefik | caddy | haproxy |
|---|---|---|---|
| Routes / services / upstream health | ✅ | ✅ | ✅ |
| Middlewares list | ✅ | teaching note (inline handlers) | teaching note (haproxy.cfg) |
| TLS cert inventory + expiry sweep | ✅ | ✅ | teaching note (.pem files) |
| Error counters / error-rate RCA | ✅ (/metrics) | teaching note (no per-route counters) | ✅ (stats) |
| Config snapshot / search | ✅ (rawdata, read-only) | ✅ | teaching note |
| Config writes | teaching error → edit the provider | ✅ (the write surface) | teaching error → runtime writes |
| Runtime server state / weight | teaching error → provider | teaching error → config tree | ✅ |
Unsupported combinations raise a teaching error that says what to use instead — never a silent empty result.
Install
uv tool install proxy-aiops # or: pipx install proxy-aiops
Quick start
proxy-aiops init # wizard: pick platform (traefik/caddy/haproxy) + optional encrypted secret
proxy-aiops doctor # verify config, secrets, and connectivity
proxy-aiops overview # one-shot: version + route/service counts + upstream health
proxy-aiops routes list # normalised route table
proxy-aiops services upstreams # server-level upstream health
proxy-aiops analyze health # backend/upstream health RCA
proxy-aiops analyze errors # 5xx error-rate RCA
proxy-aiops analyze conflicts # shadowed/dead routes, redirect loops
proxy-aiops certs --sweep # TLS cert expiry sweep (traefik/caddy)
proxy-aiops server state app web1 drain --dry-run # governed haproxy write preview
proxy-aiops config set apps/http/servers/srv0 '{"listen":[":8080"]}' --dry-run
Run the MCP server (stdio) for an agent:
proxy-aiops mcp # or: proxy-aiops-mcp
MCP client config
{
"mcpServers": {
"proxy-aiops": {
"command": "uvx",
"args": ["--from", "proxy-aiops", "proxy-aiops-mcp"],
"env": { "PROXY_AIOPS_MASTER_PASSWORD": "your-master-password" }
}
}
}
Env-block caveat: the
envblock is only needed when a credential is stored (haproxy always; traefik/caddy only behind Basic auth). MCP clients do not inherit your shell profile — setPROXY_AIOPS_MASTER_PASSWORD(andPROXY_AIOPS_CONFIG/PROXY_AIOPS_HOMEif you relocated them) explicitly in the client config, or the server cannot unlocksecrets.enc.
Configuration
~/.proxy-aiops/config.yaml (non-secret connection details only):
targets:
- name: edge1
platform: traefik # traefik | caddy | haproxy
base_url: http://192.0.2.10:8080
verify_ssl: true
- name: caddy1
platform: caddy
base_url: http://127.0.0.1:2019
- name: lb1
platform: haproxy
base_url: http://192.0.2.20:5555
username: dpapi # Data Plane API user
The secret — the HAProxy Data Plane API password, or an optional Basic-auth
password in front of Traefik/Caddy — is stored encrypted in
~/.proxy-aiops/secrets.enc (Fernet + scrypt-derived key), never plaintext on
disk. Traefik and Caddy commonly run unauthenticated on localhost, so their
secret is optional (like a local socket); HAProxy's is required. Set it with
proxy-aiops secret set <target> or the init wizard. The store is unlocked by
a master password from PROXY_AIOPS_MASTER_PASSWORD (non-interactive/MCP/CI) or
an interactive prompt (CLI on a TTY). A legacy plaintext env var
PROXY_<TARGET>_SECRET is honoured as a fallback (migrate with
proxy-aiops secret migrate).
Governance
Every MCP tool is wrapped by @governed_tool:
- Audit — every call is logged to
~/.proxy-aiops/audit.db(tool, params with secrets redacted, status, duration, risk tier, approver, rationale). - Budget / runaway guard — per-process token/call caps and a repeat-call circuit
breaker (
PROXY_MAX_TOOL_CALLS,PROXY_RUNAWAY_MAX, …). - Graduated risk tiers — secure by default — with no
~/.proxy-aiops/rules.yaml, high-risk writes (delete_config_path,load_config) require an approver: setPROXY_AUDIT_APPROVED_BY(andPROXY_AUDIT_RATIONALE) before they will run.initseeds a starter rules.yaml; an operator-authored rules file is honoured as-is. - Undo recording — reversible writes record an inverse descriptor to
~/.proxy-aiops/undo.dbfrom the fetched before-state (recording only; an external orchestrator executes it). Undo params match the target tool's own signature, so the descriptor replays as-is. - Sanitisation — all proxy-returned text is bounded + control-character sanitised before it reaches the agent.
Preview status
- Platforms: Traefik (API + /metrics), Caddy (admin API), HAProxy (Data Plane API v2).
- Preview — mock-validated only. Not run against a live proxy. All behaviour is
validated against mocked JSON/metrics responses; the concrete REST paths are
modelled from each project's public API and need live verification. All three
platforms are free and self-hostable (a small container-compose lab with
traefik + caddy + haproxy/dataplaneapi is a one-evening setup), so
proxy-aiops doctor— a health/info probe per platform — is the fastest live check. - Routing note: this tool operates reverse proxies / load balancers. Do NOT use it for firewall rules — use firewall-aiops.
- Missing a capability? Open an issue or PR at github.com/AIops-tools/Proxy-AIops — contributions and feedback welcome.
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file proxy_aiops-0.1.0.tar.gz.
File metadata
- Download URL: proxy_aiops-0.1.0.tar.gz
- Upload date:
- Size: 179.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2b96226fda8df15e1669f81a6d8b5e0070e25fbe621870b5dd8be09c5c57580e
|
|
| MD5 |
ae1b467bd45deeb023a11d656d1ee6ca
|
|
| BLAKE2b-256 |
16218cca6cb7a76d4eeaa8275a3b735dd825f4b8923101a74d4f499c9bf3148d
|
Provenance
The following attestation bundles were made for proxy_aiops-0.1.0.tar.gz:
Publisher:
publish.yml on AIops-tools/Proxy-AIops
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
proxy_aiops-0.1.0.tar.gz -
Subject digest:
2b96226fda8df15e1669f81a6d8b5e0070e25fbe621870b5dd8be09c5c57580e - Sigstore transparency entry: 2188488446
- Sigstore integration time:
-
Permalink:
AIops-tools/Proxy-AIops@46caabe1550272b097fe95fed09ded8020a51ec2 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/AIops-tools
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@46caabe1550272b097fe95fed09ded8020a51ec2 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file proxy_aiops-0.1.0-py3-none-any.whl.
File metadata
- Download URL: proxy_aiops-0.1.0-py3-none-any.whl
- Upload date:
- Size: 106.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
125b0bfcce6c958b970f3ee3f9e4388c99141b41b21c12f1599659bb6c1af603
|
|
| MD5 |
2a6d3d1debaa2e78c866976c3daeaaa2
|
|
| BLAKE2b-256 |
1a74c04ed15a971e51d2a177b0cabd807795f491640852ed492ab1a67f5b9d73
|
Provenance
The following attestation bundles were made for proxy_aiops-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on AIops-tools/Proxy-AIops
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
proxy_aiops-0.1.0-py3-none-any.whl -
Subject digest:
125b0bfcce6c958b970f3ee3f9e4388c99141b41b21c12f1599659bb6c1af603 - Sigstore transparency entry: 2188488510
- Sigstore integration time:
-
Permalink:
AIops-tools/Proxy-AIops@46caabe1550272b097fe95fed09ded8020a51ec2 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/AIops-tools
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@46caabe1550272b097fe95fed09ded8020a51ec2 -
Trigger Event:
workflow_dispatch
-
Statement type: