Govrix
Documentation

Everything you need to govern AI agents.

Govrix is a transparent HTTP proxy that sits between your AI agents and LLM providers. One environment variable. Full visibility. Zero code changes.

View on GitHubSee Pricing
<1msP50 latency
<5msP99 latency
17API endpoints
343Tests passing
MITScout license
Architecture

How Govrix fits in your stack

A drop-in proxy layer. No SDK, no agent code changes. One env var.

Request flow
Request
PII Scan
Budget Check
Forward
Log Event

AI Agents

Agent A
Agent B
Agent C

Govrix Proxy

:4000 proxy:4001 api:3000 dash

LLM Providers

OpenAI
Anthropic
Custom

Event pipeline

mpsc channel10K cap
batch writer100ms / 100 events
PostgreSQLTimescaleDB
Prometheus:9090
Capabilities

Two tiers. Every feature documented.

Scout is free and MIT-licensed. Platform adds enterprise identity, multi-provider routing, and compliance reports.

Scout — Free & Open Source (MIT)

Cost Attribution

Per-agent, per-model, per-day cost breakdown. Catch runaway loops before your CFO does.

Agent Discovery

Auto-populated registry. Agents appear in the dashboard the moment they route through the proxy. No registration needed.

PII Detection

SSN, credit card, email, phone, address — detected inline with <0.5ms overhead. 25+ pattern tests.

Tamper-Proof Audit

SHA-256 Merkle lineage chain on every event. Compile-time enforced. Immutable, compliance-ready evidence.

SSE Streaming

True pass-through, no buffering. Works with OpenAI, Anthropic and any compatible endpoint. <5ms p99. 11 tests.

YAML Policy Engine

6 operators, 5 fields, 3 actions, 16 tests. Declarative rules that run inline on every request.

Kill Switch

Block rogue agents instantly. HTTP 403 returned. Fail-open on DB error so governance never breaks production.

Budget Enforcement

Per-agent + global caps with DB persistence. Startup loads today's counters. Fire-and-forget writes.

Session Forensics

Full session reconstruction. SessionRecorder wired; enterprise API exposes /sessions endpoints.

Fail-Open Design

Proxy is stateless. If Govrix goes down, agents keep working. Governance never blocks production.

Prometheus Metrics

Standard metrics exposed on port 9090. Compatible with any Prometheus-scraping stack.

Management API

17 REST endpoints, bearer auth. Full programmatic control over agents, budgets, policies, sessions.

React Dashboard

Real-time visibility dashboard. React 18, TanStack Query with 5s polling, Recharts. Port 3000.

CLI

Command-line management tool. govrix-scout-cli crate. Full API coverage.

Platform — Enterprise
Planned

Multi-Provider Routing

Bedrock, Azure OpenAI, VertexAI, Cohere. Load balance, failover, and route by policy. One endpoint for all models.

Planned

SSO / OIDC + RBAC

OIDC authentication, role-based access control, team-scoped permissions. No SSO tax.

Planned

Webhook Connectors

Datadog, Splunk, PagerDuty, custom webhooks. Real-time alerts when budgets break or PII is detected.

Planned

mTLS A2A

Mutual TLS agent identity on port 4443. Config and CA generation exist; proxy integration in progress.

Planned

Compliance Reports

EU AI Act readiness, SOC 2 evidence packages, GDPR audit packs. Dedicated report generation.

Planned

HIPAA BAA

Business Associate Agreement available on enterprise plan. Full healthcare workload support.

Technical Specs

Built for production. Numbers, not promises.

Performance
Proxy P50 latency<1ms
Proxy P99 latency<5ms
Event channel capacity10,000 events
Batch writer interval100ms or 100 events
Fire-and-forget writesNever awaited in hot path
Stack
Proxy hot pathRust 1.75+ · hyper
Management APIaxum 0.8 · port 4001
DatabasePostgreSQL 16 + TimescaleDB
ORMsqlx 0.8 · runtime-tokio-rustls
DashboardReact 18 · Vite · Tailwind · Recharts
Protocols
OpenAI-compatible APIsFull support
Anthropic APIFull support
SSE StreamingTrue pass-through
MCP (Model Context Protocol)Stub — roadmap Q3 2026
A2A (Agent-to-Agent)Stub — roadmap Q3 2026
Compliance
EU AI ActAugust 2026 deadline tracked
SOC 2Evidence package (Enterprise)
GDPRPII detection + data residency
HIPAABAA available (Enterprise)
Audit fieldssession_id · timestamp · lineage_hash · compliance_tag
Comparison

How Govrix compares

LiteLLM P99 degrades to 90s at 500 RPS. Govrix stays under 5ms.

ToolLanguageP50Agent DiscoveryPII DetectionAudit TrailZero CodeSelf-HostedLicense
Govrix Scout
Rust<1ms
MIT
LiteLLM
Python~10ms
MIT
Portkey
Node.js~8ms
Proprietary
Helicone
Node.js~12ms
Proprietary

Latency numbers are p50 added overhead at production load. LiteLLM p99 degradation sourced from public benchmarks.

Roadmap

What's shipped. What's next.

Honest roadmap. Real status. No vaporware.

Q1 2026

Done
  • Kill switch — block rogue agents, HTTP 403, fail-open
  • Budget persistence — budget_daily table, DB writes, startup load
  • Session forensics — SessionRecorder wired, /sessions API
  • 0 dead_code warnings across both repos

Q2 2026

Now
  • Multi-provider routing (Bedrock, Azure OpenAI, VertexAI, Cohere)
  • Webhook connectors (Datadog, Splunk, PagerDuty)
  • Move basic OIDC/SSO to OSS tier (fix SSO Tax)
  • TTL in-process cache for kill switch agent lookups

Q3 2026

Next
  • mTLS wiring — mtls.rs → proxy handler
  • Production-grade Kubernetes manifests (PVCs, resource limits)
  • Compliance report generation (EU AI Act, SOC 2 evidence)
  • Emit compliance event on blocked agent rejection

2027+

2027+
  • eBPF sidecar for deep semantic observability
  • SLM guardrails via ONNX runtime in Rust
  • AIDIP/AGP agent registry compliance
  • Automated compliance reporting SaaS tier
Quick Start

Up and running in minutes.

No SDK to install. No agent code to change. Just point OPENAI_BASE_URL at Govrix.

One env varbash
# One environment variable. That's it.

export OPENAI_BASE_URL=http://your-govrix:4000
Docker Composebash
# Start Govrix Scout

docker compose up -d



# Verify health

curl http://localhost:4001/health
Your agents are now governedbash
# View agent registry

curl -H "Authorization: Bearer <key>" \

  http://localhost:4001/api/v1/agents



# Check cost breakdown

curl -H "Authorization: Bearer <key>" \

  http://localhost:4001/api/v1/costs
Native binary (no Docker)bash
GOVRIX_PROXY__UPSTREAM_OPENAI=https://api.openai.com \

GOVRIX_DATABASE_URL=postgres://govrix:pass@localhost:5432/govrix \

GOVRIX_PROXY_PORT=4000 \

GOVRIX_API_PORT=4001 \

GOVRIX_API_KEY=your-key \

./govrix-scout

Ready to get started?

Scout is free, MIT-licensed, and self-hosted. No credit card required.

Star on GitHubSee Pricing