Back to Details

crabtrap-llm-proxy

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

CrabTrap LLM Proxy

CrabTrap LLM 代理

Skill by ara.so — Daily 2026 Skills collection.
CrabTrap is a transparent HTTP/HTTPS forward proxy that sits between AI agents and external APIs. Every outbound request is intercepted, checked against deterministic static rules, then evaluated by an LLM judge against a natural-language security policy. Blocked requests return a 403 with a reason; all decisions are logged to PostgreSQL.
ara.so 提供的技能 — 2026每日技能合集。
CrabTrap 是一个透明的HTTP/HTTPS正向代理,部署在AI Agent与外部API之间。所有出站请求都会被拦截,先根据确定性静态规则检查,再由LLM判断者基于自然语言安全策略进行评估。被拦截的请求会返回带原因说明的403响应;所有决策都会记录到PostgreSQL中。

Architecture Overview

架构概述

Agent → CrabTrap Proxy (:8080) → [Static Rules] → [LLM Judge] → External API
         Admin UI (:8081)
           PostgreSQL
Key concepts:
  • Static rules — deterministic prefix/exact/glob URL matching, checked first (no LLM call)
  • LLM judge — natural-language policy evaluated only when no static rule matches
  • Audit log — every request, decision, and response stored in PostgreSQL
  • SSRF protection — blocks RFC 1918, loopback, link-local, and other private ranges
Agent → CrabTrap Proxy (:8080) → [Static Rules] → [LLM Judge] → External API
         Admin UI (:8081)
           PostgreSQL
核心概念:
  • 静态规则 — 确定性的前缀/精确/通配符URL匹配,优先检查(无需调用LLM)
  • LLM判断者 — 仅当无匹配静态规则时,才基于自然语言策略进行评估
  • 审计日志 — 所有请求、决策和响应都存储在PostgreSQL中
  • SSRF防护 — 拦截RFC 1918、回环链路、链路本地及其他私有网段

Installation

安装

Docker Compose (Recommended)

Docker Compose(推荐方式)

yaml
undefined
yaml
undefined

docker-compose.yml

docker-compose.yml

services: crabtrap: image: quay.io/brexhq/crabtrap:latest ports: - "8080:8080" # proxy - "8081:8081" # admin UI environment: - DATABASE_URL=postgres://crabtrap:password@postgres:5432/crabtrap - OPENAI_API_KEY=${OPENAI_API_KEY} volumes: - ./config/gateway.yaml:/app/config/gateway.yaml depends_on: - postgres
postgres: image: postgres:16 environment: POSTGRES_USER: crabtrap POSTGRES_PASSWORD: password POSTGRES_DB: crabtrap volumes: - pgdata:/var/lib/postgresql/data
volumes: pgdata:

```bash
docker compose up -d
services: crabtrap: image: quay.io/brexhq/crabtrap:latest ports: - "8080:8080" # proxy - "8081:8081" # admin UI environment: - DATABASE_URL=postgres://crabtrap:password@postgres:5432/crabtrap - OPENAI_API_KEY=${OPENAI_API_KEY} volumes: - ./config/gateway.yaml:/app/config/gateway.yaml depends_on: - postgres
postgres: image: postgres:16 environment: POSTGRES_USER: crabtrap POSTGRES_PASSWORD: password POSTGRES_DB: crabtrap volumes: - pgdata:/var/lib/postgresql/data
volumes: pgdata:

```bash
docker compose up -d

Copy the generated CA certificate (needed for HTTPS interception)

Copy the generated CA certificate (needed for HTTPS interception)

docker compose cp crabtrap:/app/certs/ca.crt ./ca.crt
undefined
docker compose cp crabtrap:/app/certs/ca.crt ./ca.crt
undefined

Initial Setup

初始设置

bash
undefined
bash
undefined

Create an admin user and capture the token

Create an admin user and capture the token

admin_token=$(docker compose exec -it crabtrap ./gateway create-admin-user my-admin
| tail -n1 | cut -d" " -f2)
admin_token=$(docker compose exec -it crabtrap ./gateway create-admin-user my-admin
| tail -n1 | cut -d" " -f2)

Create an agent user (returns a gateway_auth_token)

Create an agent user (returns a gateway_auth_token)

token=$(curl -X POST http://localhost:8081/admin/users
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{"id": "my-agent@example.com", "is_admin": false}'
| jq -r '.channels[] | select(.channel_type == "gateway_auth") | .gateway_auth_token')
echo "Agent proxy token: $token"
token=$(curl -X POST http://localhost:8081/admin/users
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{"id": "my-agent@example.com", "is_admin": false}'
| jq -r '.channels[] | select(.channel_type == "gateway_auth") | .gateway_auth_token')
echo "Agent proxy token: $token"

Test the proxy

Test the proxy

curl -x "http://${token}:@localhost:8080"
--cacert ca.crt
https://httpbin.org/get
undefined
curl -x "http://${token}:@localhost:8080"
--cacert ca.crt
https://httpbin.org/get
undefined

Configuration

配置

Full Configuration Reference

完整配置参考

yaml
undefined
yaml
undefined

config/gateway.yaml

config/gateway.yaml

proxy: port: 8080 read_timeout: 30s write_timeout: 30s idle_timeout: 120s rate_limit: requests_per_second: 50 burst: 100

CIDR ranges allowed even though they're private (e.g. internal APIs)

ssrf_allowlist: - "10.0.0.0/8" # only if you explicitly need internal access
tls: ca_cert_path: /app/certs/ca.crt ca_key_path: /app/certs/ca.key cert_cache_size: 10000 # per-host cert cache
approval: mode: llm # "llm" or "passthrough" timeout: 30s
llm_judge: provider: openai model: gpt-4o fallback_mode: deny # "deny" or "passthrough" when LLM unavailable circuit_breaker: failure_threshold: 5 reset_timeout: 10s
database: url: ${DATABASE_URL} # supports env var expansion
audit: output: stderr # "stderr", "stdout", or a file path like "/var/log/crabtrap.json"
log_level: info # debug | info | warn | error
undefined
proxy: port: 8080 read_timeout: 30s write_timeout: 30s idle_timeout: 120s rate_limit: requests_per_second: 50 burst: 100

CIDR ranges allowed even though they're private (e.g. internal APIs)

ssrf_allowlist: - "10.0.0.0/8" # only if you explicitly need internal access
tls: ca_cert_path: /app/certs/ca.crt ca_key_path: /app/certs/ca.key cert_cache_size: 10000 # per-host cert cache
approval: mode: llm # "llm" or "passthrough" timeout: 30s
llm_judge: provider: openai model: gpt-4o fallback_mode: deny # "deny" or "passthrough" when LLM unavailable circuit_breaker: failure_threshold: 5 reset_timeout: 10s
database: url: ${DATABASE_URL} # supports env var expansion
audit: output: stderr # "stderr", "stdout", or a file path like "/var/log/crabtrap.json"
log_level: info # debug | info | warn | error
undefined

Environment Variables

环境变量

bash
DATABASE_URL=postgres://user:password@host:5432/dbname
OPENAI_API_KEY=sk-...          # if using OpenAI as LLM judge
ANTHROPIC_API_KEY=sk-ant-...   # if using Anthropic
bash
DATABASE_URL=postgres://user:password@host:5432/dbname
OPENAI_API_KEY=sk-...          # if using OpenAI as LLM judge
ANTHROPIC_API_KEY=sk-ant-...   # if using Anthropic

CLI Commands

CLI命令

bash
undefined
bash
undefined

Start the proxy

Start the proxy

./gateway serve --config /app/config/gateway.yaml
./gateway serve --config /app/config/gateway.yaml

Create an admin user (outputs web token on last line)

Create an admin user (outputs web token on last line)

./gateway create-admin-user <username>
./gateway create-admin-user <username>

Run database migrations

Run database migrations

./gateway migrate
./gateway migrate

Replay audit log entries against a policy (eval mode)

Replay audit log entries against a policy (eval mode)

./gateway eval --policy-id <id> --limit 100
undefined
./gateway eval --policy-id <id> --limit 100
undefined

Admin API

管理API

All admin endpoints require 
Authorization: Bearer <admin_token>
.
所有管理端点都需要 
Authorization: Bearer <admin_token>

User Management

用户管理

bash
undefined
bash
undefined

List all users

List all users

curl http://localhost:8081/admin/users
-H "Authorization: Bearer ${admin_token}"
curl http://localhost:8081/admin/users
-H "Authorization: Bearer ${admin_token}"

Create a user

Create a user

curl -X POST http://localhost:8081/admin/users
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "id": "agent-prod@example.com", "is_admin": false }'
curl -X POST http://localhost:8081/admin/users
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "id": "agent-prod@example.com", "is_admin": false }'

Delete a user

Delete a user

curl -X DELETE http://localhost:8081/admin/users/agent-prod@example.com
-H "Authorization: Bearer ${admin_token}"
undefined
curl -X DELETE http://localhost:8081/admin/users/agent-prod@example.com
-H "Authorization: Bearer ${admin_token}"
undefined

Static Rules

静态规则

bash
undefined
bash
undefined

List static rules for a user

List static rules for a user

curl "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Authorization: Bearer ${admin_token}"
curl "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Authorization: Bearer ${admin_token}"

Create an allow rule (prefix match)

Create an allow rule (prefix match)

curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "pattern": "https://api.github.com/repos/myorg/", "pattern_type": "prefix", "action": "allow", "methods": ["GET"], "description": "Allow reading our org repos" }'
curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "pattern": "https://api.github.com/repos/myorg/", "pattern_type": "prefix", "action": "allow", "methods": ["GET"], "description": "Allow reading our org repos" }'

Create a deny rule (glob match)

Create a deny rule (glob match)

curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "pattern": "https://api.github.com/repos/*/delete", "pattern_type": "glob", "action": "deny", "description": "Never allow repo deletion" }'
curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "pattern": "https://api.github.com/repos/*/delete", "pattern_type": "glob", "action": "deny", "description": "Never allow repo deletion" }'

Create an exact match rule

Create an exact match rule

curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "pattern": "https://slack.com/api/chat.postMessage", "pattern_type": "exact", "action": "allow", "methods": ["POST"], "description": "Allow posting Slack messages" }'

**Pattern types:**
- `prefix` — URL must start with the pattern
- `exact` — URL must match exactly
- `glob` — wildcard matching with `*`

**Rule priority:** `deny` rules always take priority over `allow` rules.
curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/rules"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "pattern": "https://slack.com/api/chat.postMessage", "pattern_type": "exact", "action": "allow", "methods": ["POST"], "description": "Allow posting Slack messages" }'

**匹配类型:**
- `prefix` — URL必须以该模式开头
- `exact` — URL必须完全匹配
- `glob` — 使用`*`进行通配符匹配

**规则优先级:** `deny`规则始终优先于`allow`规则。

LLM Policies

LLM策略

bash
undefined
bash
undefined

Get current policy for a user

Get current policy for a user

curl "http://localhost:8081/admin/users/agent-prod@example.com/policy"
-H "Authorization: Bearer ${admin_token}"
curl "http://localhost:8081/admin/users/agent-prod@example.com/policy"
-H "Authorization: Bearer ${admin_token}"

Set/update a policy

Set/update a policy

curl -X PUT "http://localhost:8081/admin/users/agent-prod@example.com/policy"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "policy": "This agent assists with GitHub repository management for the myorg organization.\n\nALLOWED:\n- Read operations (GET) on any github.com endpoint\n- Creating issues and pull request comments in myorg repositories\n- Posting messages to the #eng-alerts Slack channel only\n\nDENIED:\n- Any write operations outside the myorg GitHub organization\n- Deleting any resources\n- Accessing credentials, secrets, or environment variables\n- Any requests to non-whitelisted domains" }'
curl -X PUT "http://localhost:8081/admin/users/agent-prod@example.com/policy"
-H "Content-Type: application/json"
-H "Authorization: Bearer ${admin_token}"
-d '{ "policy": "This agent assists with GitHub repository management for the myorg organization.\n\nALLOWED:\n- Read operations (GET) on any github.com endpoint\n- Creating issues and pull request comments in myorg repositories\n- Posting messages to the #eng-alerts Slack channel only\n\nDENIED:\n- Any write operations outside the myorg GitHub organization\n- Deleting any resources\n- Accessing credentials, secrets, or environment variables\n- Any requests to non-whitelisted domains" }'

List policy versions

List policy versions

curl "http://localhost:8081/admin/users/agent-prod@example.com/policy/versions"
-H "Authorization: Bearer ${admin_token}"
undefined
curl "http://localhost:8081/admin/users/agent-prod@example.com/policy/versions"
-H "Authorization: Bearer ${admin_token}"
undefined

Audit Log

审计日志

bash
undefined
bash
undefined

Query audit entries

Query audit entries

curl "http://localhost:8081/admin/audit?limit=50&offset=0"
-H "Authorization: Bearer ${admin_token}"
curl "http://localhost:8081/admin/audit?limit=50&offset=0"
-H "Authorization: Bearer ${admin_token}"

Filter by user

Filter by user

curl "http://localhost:8081/admin/audit?user_id=agent-prod@example.com&limit=20"
-H "Authorization: Bearer ${admin_token}"
curl "http://localhost:8081/admin/audit?user_id=agent-prod@example.com&limit=20"
-H "Authorization: Bearer ${admin_token}"

Filter by decision

Filter by decision

curl "http://localhost:8081/admin/audit?decision=deny&limit=20"
-H "Authorization: Bearer ${admin_token}"
undefined
curl "http://localhost:8081/admin/audit?decision=deny&limit=20"
-H "Authorization: Bearer ${admin_token}"
undefined

Connecting an Agent

连接Agent

Python Agent Example

Python Agent示例

python
import os
import httpx

PROXY_TOKEN = os.environ["CRABTRAP_TOKEN"]
PROXY_URL = f"http://{PROXY_TOKEN}:@localhost:8080"
CA_CERT_PATH = "./ca.crt"
python
import os
import httpx

PROXY_TOKEN = os.environ["CRABTRAP_TOKEN"]
PROXY_URL = f"http://{PROXY_TOKEN}:@localhost:8080"
CA_CERT_PATH = "./ca.crt"

httpx client with CrabTrap proxy

httpx client with CrabTrap proxy

client = httpx.Client( proxies={ "http://": PROXY_URL, "https://": PROXY_URL, }, verify=CA_CERT_PATH, )
client = httpx.Client( proxies={ "http://": PROXY_URL, "https://": PROXY_URL, }, verify=CA_CERT_PATH, )

All requests through this client go through CrabTrap

All requests through this client go through CrabTrap

response = client.get("https://api.github.com/repos/myorg/myrepo")
undefined
response = client.get("https://api.github.com/repos/myorg/myrepo")
undefined

Using Environment Variables (Standard Proxy)

使用环境变量(标准代理)

bash
export HTTP_PROXY="http://${CRABTRAP_TOKEN}:@localhost:8080"
export HTTPS_PROXY="http://${CRABTRAP_TOKEN}:@localhost:8080"
export REQUESTS_CA_BUNDLE="./ca.crt"  # Python requests
export SSL_CERT_FILE="./ca.crt"       # general
export NODE_EXTRA_CA_CERTS="./ca.crt" # Node.js
bash
export HTTP_PROXY="http://${CRABTRAP_TOKEN}:@localhost:8080"
export HTTPS_PROXY="http://${CRABTRAP_TOKEN}:@localhost:8080"
export REQUESTS_CA_BUNDLE="./ca.crt"  # Python requests
export SSL_CERT_FILE="./ca.crt"       # general
export NODE_EXTRA_CA_CERTS="./ca.crt" # Node.js

Node.js Agent Example

Node.js Agent示例

javascript
import { HttpsProxyAgent } from 'https-proxy-agent';
import fetch from 'node-fetch';

const proxyToken = process.env.CRABTRAP_TOKEN;
const agent = new HttpsProxyAgent(`http://${proxyToken}:@localhost:8080`);

// Fetch through CrabTrap
const response = await fetch('https://api.github.com/repos/myorg/myrepo', {
  agent,
  headers: { Authorization: `Bearer ${process.env.GITHUB_TOKEN}` },
});
javascript
import { HttpsProxyAgent } from 'https-proxy-agent';
import fetch from 'node-fetch';

const proxyToken = process.env.CRABTRAP_TOKEN;
const agent = new HttpsProxyAgent(`http://${proxyToken}:@localhost:8080`);

// Fetch through CrabTrap
const response = await fetch('https://api.github.com/repos/myorg/myrepo', {
  agent,
  headers: { Authorization: `Bearer ${process.env.GITHUB_TOKEN}` },
});

LangChain / OpenAI SDK

LangChain / OpenAI SDK

python
import os
import httpx
from openai import OpenAI

PROXY_TOKEN = os.environ["CRABTRAP_TOKEN"]
python
import os
import httpx
from openai import OpenAI

PROXY_TOKEN = os.environ["CRABTRAP_TOKEN"]

Route OpenAI calls through CrabTrap too (optional — lets you audit LLM calls)

Route OpenAI calls through CrabTrap too (optional — lets you audit LLM calls)

http_client = httpx.Client( proxies={"https://": f"http://{PROXY_TOKEN}:@localhost:8080"}, verify="./ca.crt", )
client = OpenAI( api_key=os.environ["OPENAI_API_KEY"], http_client=http_client, )
undefined
http_client = httpx.Client( proxies={"https://": f"http://{PROXY_TOKEN}:@localhost:8080"}, verify="./ca.crt", )
client = OpenAI( api_key=os.environ["OPENAI_API_KEY"], http_client=http_client, )
undefined

Writing Effective Policies

编写有效的策略

Policies are natural-language strings evaluated by the LLM judge. Be explicit about allowed and denied behaviors.
text
undefined
策略是由LLM判断者评估的自然语言字符串。需明确说明允许和禁止的行为。
text
undefined

Example policy for a GitHub PR review agent

GitHub PR审核Agent示例政策

This agent reviews pull requests and posts review comments for the acme-corp GitHub organization.
ALLOWED:
DENIED:
  • Any requests outside of api.github.com
  • DELETE or PATCH requests to any endpoint
  • Accessing /orgs/acme-corp/members or any user/credential endpoints
  • Requests containing secrets, tokens, or API keys in the body
  • Requests to change repository settings, branch protection, or webhooks
When in doubt, deny the request and explain why.

**Policy writing tips:**
1. Start with what the agent is supposed to do (scope context for the LLM)
2. List explicit ALLOWED patterns before DENIED
3. Add a catch-all denial at the end
4. Deny rules in static rules are evaluated before LLM — use them for hard limits
该Agent负责为acme-corp GitHub组织审核拉取请求并发布审核评论。
允许操作:
禁止操作:
  • 所有api.github.com以外的请求
  • 对任意端点发起DELETE或PATCH请求
  • 访问/orgs/acme-corp/members或任何用户/凭证相关端点
  • 请求体中包含密钥、令牌或API密钥的请求
  • 修改仓库设置、分支保护或Webhook的请求
如有疑问,拒绝请求并说明原因。

**策略编写技巧:**
1. 首先说明Agent的用途(为LLM提供上下文范围)
2. 在禁止操作前列出明确的允许操作模式
3. 在末尾添加兜底的拒绝规则
4. 静态规则中的拒绝规则会在LLM评估前执行——用它们设置硬性限制

Policy Builder (Agentic Policy Generation)

策略生成器(Agentic策略生成)

CrabTrap can analyze observed traffic and draft a policy automatically:
bash
undefined
CrabTrap可以分析观测到的流量并自动生成策略草案:
bash
undefined

Trigger policy builder via admin API

Trigger policy builder via admin API

curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/policy/build"
-H "Authorization: Bearer ${admin_token}"
-d '{"sample_limit": 200}'

The builder runs an agentic loop, analyzes recent audit entries, and proposes a policy draft for review in the UI.
curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/policy/build"
-H "Authorization: Bearer ${admin_token}"
-d '{"sample_limit": 200}'

生成器会运行一个Agentic循环,分析近期的审计条目,并在UI中提供供审核的策略草案。

Eval System

评估系统

Replay historical audit entries against a policy to measure accuracy before deploying:
bash
undefined
在部署前,可将历史审计条目重新代入策略进行评估,以衡量准确性:
bash
undefined

Run eval from CLI

Run eval from CLI

./gateway eval
--user-id agent-prod@example.com
--policy-id <version-id>
--limit 500
./gateway eval
--user-id agent-prod@example.com
--policy-id <version-id>
--limit 500

Or via API

Or via API

curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/policy/eval"
-H "Authorization: Bearer ${admin_token}"
-d '{"policy_version_id": "<id>", "sample_limit": 500}'

Eval compares LLM judge decisions against the historical ground truth and reports accuracy, false positive rate, and false negative rate.
curl -X POST "http://localhost:8081/admin/users/agent-prod@example.com/policy/eval"
-H "Authorization: Bearer ${admin_token}"
-d '{"policy_version_id": "<id>", "sample_limit": 500}'

评估会将LLM判断者的决策与历史实际情况进行对比,并报告准确率、误报率和漏报率。

Troubleshooting

故障排查

TLS Certificate Errors

TLS证书错误

bash
undefined
bash
undefined

Agent gets SSL verification error

Agent gets SSL verification error

→ Make sure the CA cert is trusted

→ Make sure the CA cert is trusted

For curl:

For curl:

curl --cacert ./ca.crt -x "http://${token}:@localhost:8080" https://example.com
curl --cacert ./ca.crt -x "http://${token}:@localhost:8080" https://example.com

For Python requests:

For Python requests:

export REQUESTS_CA_BUNDLE=./ca.crt
export REQUESTS_CA_BUNDLE=./ca.crt

For Node.js:

For Node.js:

export NODE_EXTRA_CA_CERTS=./ca.crt
export NODE_EXTRA_CA_CERTS=./ca.crt

Regenerate certs if expired:

Regenerate certs if expired:

docker compose exec crabtrap ./gateway gen-certs docker compose cp crabtrap:/app/certs/ca.crt ./ca.crt
undefined
docker compose exec crabtrap ./gateway gen-certs docker compose cp crabtrap:/app/certs/ca.crt ./ca.crt
undefined

All Requests Being Blocked (LLM Unavailable)

所有请求被拦截(LLM不可用)

yaml
undefined
yaml
undefined

In gateway.yaml — change fallback to passthrough during LLM outages

In gateway.yaml — change fallback to passthrough during LLM outages

llm_judge: fallback_mode: passthrough # default is "deny"

Or check circuit breaker status:
```bash
curl http://localhost:8081/admin/health \
    -H "Authorization: Bearer ${admin_token}"
llm_judge: fallback_mode: passthrough # default is "deny"

或者检查断路器状态:
```bash
curl http://localhost:8081/admin/health \
    -H "Authorization: Bearer ${admin_token}"

SSRF Blocks Legitimate Internal APIs

SSRF拦截合法内部API

yaml
proxy:
  ssrf_allowlist:
    - "10.10.0.0/16"   # your internal API subnet
yaml
proxy:
  ssrf_allowlist:
    - "10.10.0.0/16"   # your internal API subnet

Rate Limiting

速率限制

yaml
proxy:
  rate_limit:
    requests_per_second: 200   # increase for high-throughput agents
    burst: 400
yaml
proxy:
  rate_limit:
    requests_per_second: 200   # increase for high-throughput agents
    burst: 400

Debug Logging

调试日志

yaml
log_level: debug
audit:
  output: /var/log/crabtrap-debug.json
bash
undefined
yaml
log_level: debug
audit:
  output: /var/log/crabtrap-debug.json
bash
undefined

Stream logs

Stream logs

docker compose logs -f crabtrap
docker compose logs -f crabtrap

Query recent denials from audit log

Query recent denials from audit log

curl "http://localhost:8081/admin/audit?decision=deny&limit=10"
-H "Authorization: Bearer ${admin_token}" | jq '.entries[].reason'
undefined
curl "http://localhost:8081/admin/audit?decision=deny&limit=10"
-H "Authorization: Bearer ${admin_token}" | jq '.entries[].reason'
undefined

Database Connection Issues

数据库连接问题

bash
undefined
bash
undefined

Check migration status

Check migration status

docker compose exec crabtrap ./gateway migrate --dry-run
docker compose exec crabtrap ./gateway migrate --dry-run

Force re-run migrations

Force re-run migrations

docker compose exec crabtrap ./gateway migrate --force
undefined
docker compose exec crabtrap ./gateway migrate --force
undefined

Development

开发

bash
undefined
bash
undefined

Clone and build

Clone and build

git clone https://github.com/brexhq/CrabTrap cd CrabTrap
make build # production binary (embeds web UI) make build-web # rebuild React UI only make test # lint + race-condition tests make fmt # format Go code make lint # go vet + staticcheck
undefined
git clone https://github.com/brexhq/CrabTrap cd CrabTrap
make build # production binary (embeds web UI) make build-web # rebuild React UI only make test # lint + race-condition tests make fmt # format Go code make lint # go vet + staticcheck
undefined

Project Layout Quick Reference

项目结构快速参考

PathPurpose
cmd/gateway/
Entry point, admin API wiring
internal/proxy/
MITM proxy, TLS generation, SSRF, rate limiting
internal/approval/
Static rules engine + orchestration
internal/judge/
LLM prompt construction + response parsing
internal/llm/
LLM adapters, circuit breaker
internal/builder/
Agentic policy builder loop
internal/eval/
Eval/replay system
internal/admin/
Admin API routes and auth
pkg/types/
Shared types (StaticRule, LLMPolicy, AuditEntry)
web/src/
React + TypeScript admin UI
路径用途
cmd/gateway/
入口点、管理API配置
internal/proxy/
MITM代理、TLS生成、SSRF防护、速率限制
internal/approval/
静态规则引擎与编排
internal/judge/
LLM提示构建与响应解析
internal/llm/
LLM适配器、断路器
internal/builder/
Agentic策略生成循环
internal/eval/
评估/重放系统
internal/admin/
管理API路由与认证
pkg/types/
共享类型(StaticRule、LLMPolicy、AuditEntry)
web/src/
React + TypeScript管理UI