Features
Every outbound agent request passes through a verifiable, auditable security pipeline — no exceptions, no bypasses. Here is exactly what runs on every call.
HMAC Integrity Verification
Every request routed through guard_net must carry a valid HMAC-SHA256 signature computed over the canonical request string. The signature is verified at the Cloudflare edge before any downstream processing begins — a tampered or replayed request is rejected immediately. Timestamps are enforced within a ±300 second window to prevent replay attacks without requiring clock synchronization infrastructure.
# Request signing format
x-sphyr-hmac-sig: HMAC-SHA256(key, "guard_net:<url>:<method>:<ts>")
# Example header sent with every guard_net call
x-sphyr-hmac-sig: a3f9c2e1b5d8...
x-sphyr-ts: 1743800400SSRF Protection
Server-Side Request Forgery (SSRF) attacks let compromised agents probe internal networks, metadata APIs, or private services. Sphyr validates every target URL against known private IP ranges (RFC 1918, loopback, link-local), enforces HTTPS-only protocols, and performs forward DNS resolution to detect DNS rebinding attempts — where a hostname initially resolves to a public IP but later resolves to an internal one. Requests that fail any check are blocked before the outbound connection is made.
# Blocked request patterns (examples)
http://169.254.169.254/latest/meta-data/ # AWS metadata endpoint
http://10.0.0.1/admin # RFC 1918 private range
http://localhost:6379 # Loopback (Redis)
ftp://example.com/data # Non-HTTPS protocol
# Only HTTPS to public IP space is allowed throughEntropy-Based Secret Detection
Exfiltration attacks often embed secrets — API keys, credentials, private keys — inside seemingly normal outbound requests. Sphyr computes Shannon entropy on request payloads and rejects payloads that exceed the configured threshold. Known high-entropy but benign patterns (UUIDs, base64-encoded binaries you explicitly allowlist) are excluded from the check. This stops LLM-prompted exfiltration attempts before they leave your network perimeter.
# Entropy configuration (per-key or global default)
{
"entropy_threshold": 4.8, # bits/char — triggers block above this
"entropy_allowlist": [
"^[0-9a-f]{8}-[0-9a-f]{4}-.{...", # UUID v4 pattern — allowed
"^[A-Za-z0-9+/]{44}=$" # Base64 256-bit key — allowed if declared
]
}Honeytoken Breach Detection
Honeytokens are decoy credentials deliberately planted in your agent's context. If an attacker steals your agent's context and exfiltrates the honeytoken, Sphyr detects the outbound request to the honeytoken domain, immediately revokes the associated API key, and generates a forensic trail with IP, timestamp, and session data. This turns every breach attempt into an early warning signal with zero manual monitoring required.
# System config (set once per deployment)
honeytoken_domain = "trap.yourdomain.com"
# Automatic response on detection:
# 1. API key revoked immediately (Unkey API call)
# 2. Session terminated
# 3. Forensic event logged with IP + sess_token + timestamp
# 4. Alert surfaced in admin dashboardAdaptive Rate Limiting
Rate limiting is applied at two levels: per-key (protecting your API quota and credit balance) and per-IP (protecting the gateway infrastructure from unauthenticated flood attacks). Each level uses a sliding window counter backed by Cloudflare KV for edge-distributed consistency. When a limit is exceeded, the response includes precise retry-after timing so well-behaved agents can back off gracefully without polling.
# Rate limit response headers
HTTP/1.1 429 Too Many Requests
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1743800460 # Unix timestamp
# guard_net rate limit error envelope
{
"error": "RATE_LIMITED",
"retry_after_ms": 8400
}Credit Billing Engine
Each successful guard_net call deducts one credit from the key's prepaid balance. Credits are consumed in first-in, first-out (FIFO) order — oldest credits are used first. All credits are valid for 12 months from purchase date. When the balance reaches zero, requests are blocked with a clear QUOTA_EXCEEDED error before any upstream call is made. No subscriptions, no metered billing — just prepaid credits that never surprise you.
{
"key_id": "key_2Y5k...",
"credits_remaining": 48750,
"oldest_expiry": "2027-04-13T00:00:00Z"
}Session Management
Sessions are established via the audit_sess handshake: the agent presents its Unkey API key, Sphyr verifies it, and issues a 30-minute session token (UUID v4). The token is IP-bound — requests from a different IP are rejected, preventing session token theft. All requests within a session are grouped in the forensics view, giving operators a coherent view of what each agent task did across its lifetime.
# audit_sess handshake
POST /mcp (tool: audit_sess)
{ "api_key": "uk_live_..." }
# Response
{
"sess_token": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"expires_at": 1743801200, # UTC Unix timestamp (+30 min)
"ip_bound": "203.0.113.42"
}Preflight / Dry-Run Mode
Dry-run mode lets you validate agent behavior against Sphyr's full policy engine without making any real outbound requests or consuming credits. Every check runs — HMAC validation, SSRF screening, entropy analysis, rate limit accounting — but the actual HTTP call to the target URL is skipped. Toggle dry-run per API key from the admin dashboard. Ideal for onboarding new agents, testing policy configurations, or running integration tests in CI without side effects.
# Preflight flag in guard_net call
POST /mcp (tool: guard_net)
{
"url": "https://api.example.com/data",
"mthd": "GET",
"preflight": true, # policy check only — no real HTTP call
"sess_token": "...",
"sig": "...",
"ts": 1743800400,
"cat": "preflight-test"
}
# Dry-run mode: toggled per-key in admin dashboard (dry_run: true)Ready to protect your
agents?
No credit card required. Start with a 1,000 request free grant.