AGCMS

How AGCMS works

AGCMS is an OpenAI-compatible reverse proxy with a 13-step request lifecycle. Every request goes through authentication, rate limiting, PII scanning, prompt-injection detection, policy resolution, and signed audit before reaching the upstream LLM.

The 13 steps

  1. Parse request
  2. Per-IP global rate limit
  3. Authenticate (API key or JWT)
  4. Per-tenant rate limit
  5. PII scan (parallel)
  6. Prompt-injection scan (parallel)
  7. Policy resolution (ALLOW / REDACT / BLOCK / ESCALATE)
  8. Enforce — block, redact, or escalate
  9. Forward to LLM (Groq / Gemini / Mistral / Ollama)
  10. Response compliance check
  11. HMAC-signed, hash-chained audit row
  12. Nightly Merkle anchor to S3 Object Lock
  13. Deliver response with X-AGCMS-Interaction-ID

Three-line integration

from openai import OpenAI
from agcms import openai_wrap

client = openai_wrap(OpenAI(api_key="..."), agcms_base_url="...", agcms_api_key="...")