CtrlAI v1 is a transparent HTTP proxy designed to secure AI agents by intercepting communications between agent SDKs and large language model providers. It operates at the protocol level to enforce configurable guardrail rules, audit all tool call behavior, and block potentially dangerous actions without requiring any modifications to the agent's codebase. The proxy acts as an intermediary layer that provides security oversight while maintaining compatibility with existing AI agent frameworks.

The system includes 19 built-in security rules covering categories such as file system access (SSH keys, .env files, credentials, shell config, browser passwords, private keys, system files, self-modification), destructive commands (rm -rf /, mkfs, dd if=, fork bombs, credential exfiltration), privacy controls (camera, screen recording, GPS location, remote code execution), messaging actions (admin functions, sending messages), session management (spawning sub-agents, cross-session messaging), memory operations (search, read), gateway controls (config modification, restart), and cron task management. Each tool call is evaluated against these rules with the ability to block or allow based on configurable conditions.

CtrlAI works by intercepting HTTP requests from AI agent SDKs directed at LLM providers like Anthropic and OpenAI. When an agent SDK sends a request, it routes through the CtrlAI proxy instead of going directly to the provider. The proxy forwards the request to the actual LLM provider, then intercepts the response to inspect any tool calls contained within. Each tool call is evaluated against the configured guardrail rules, and if any tool call is blocked, the entire response is stripped and replaced with a block notice. The proxy supports streaming responses with buffering to enable real-time inspection of tool calls as they're generated.

The primary benefit is enhanced security for AI agents without requiring code changes, making it suitable for production deployments where safety is critical. Use cases include securing autonomous AI agents in enterprise environments, preventing accidental or malicious tool execution, maintaining compliance with security policies, and auditing agent behavior for debugging and monitoring purposes. The system provides protection against common security risks while maintaining agent functionality for legitimate operations.

Target users include developers working with AI agents, security teams implementing guardrails for autonomous systems, and organizations deploying AI assistants in sensitive environments. The tool integrates with any SDK that supports custom base URLs, specifically built for OpenClaw but compatible with other frameworks. Technical implementation includes a Go-based proxy server, YAML configuration files, SQLite audit logging with tamper-evident hash chains, and a web dashboard for real-time monitoring.