Welcome to TameFlare

A transparent proxy firewall for AI agents. Intercept all outbound HTTP traffic, enforce per-agent permissions, require human approval for risky actions, and keep an audit trail of everything your agents do. Zero code changes required.

Tip

New here? Start with the Quick Start to get tf running in 5 minutes.

What is TameFlare?

AI agents are increasingly autonomous. They can create pull requests, send emails, transfer money, and provision infrastructure — all without a human in the loop. That's powerful, but it's also risky.

TameFlare sits between your agents and the tools they use. Every action an agent wants to take is sent to TameFlare first. TameFlare evaluates the action against your policies and returns one of three decisions:

allow

The action is safe. TameFlare issues a signed token and the agent proceeds.

requires_approval

The action is risky. TameFlare notifies a human via Slack. The agent waits until someone approves or rejects.

deny

The action is blocked. The agent receives a clear reason and cannot proceed.

Policies are configured in the dashboard via a 4-step builder and stored as JSON. They can match on action type, target environment, parameters, risk level, time of day, and more. TameFlare uses a deny-wins model: if any policy says deny, the action is denied regardless of other policies.

How it works

# 1. Sign up at tameflare.com/register

# 2. Create a gateway in the dashboard (Gateways → Create gateway)

# 3. Run your agent through the proxy
npx @tameflare/cli run --name "DevOps Bot" python my_agent.py

# All outbound HTTP is now proxied:
# domain → connector → parse action → check permission
# allowed:          inject credentials → forward
# denied:           return 403
# require_approval: hold connection → wait for human

The gateway is a Go binary that acts as a transparent HTTP/HTTPS proxy. It intercepts all outbound traffic from your agent, parses requests via connectors (GitHub, OpenAI, Anthropic, Stripe, Slack, or any HTTP API), checks per-agent permissions, and injects credentials from an encrypted vault. The agent never sees real API keys.

The control plane is a Next.js application that hosts the dashboard, v1 SDK API, policy engine, and audit trail. For v2 proxy mode, the gateway handles enforcement directly. Both modes can coexist.

What can you control?

TameFlare's policy engine is generic. It evaluates fields like action_spec.type and parameters.* against conditions you define. This means you can write policies for any domain:

Source control

Merge PRs, delete branches, create releases

Payments

Wire transfers, refunds, subscription changes

Infrastructure

Provision servers, modify DNS, scale clusters

Communications

Send emails, post to Slack, publish announcements

Access management

Create users, change permissions, rotate secrets

Agent orchestration

Spawn sub-agents, delegate tasks, share context

See the Writing Policies page for real-world examples across all these domains.

Key capabilities

6 built-in connectors

GitHub (20+ actions), OpenAI (24+), Anthropic, Stripe (40+), Slack (35+), and Generic HTTP. Each connector parses raw HTTP requests into structured actions with risk levels.

Credential vault

API keys stored in AES-256-GCM encrypted vault. Injected by the proxy at request time. Agent never sees real credentials. Compromised agent cannot extract keys.

Human-in-the-loop

Proxy holds HTTP connection open until a human approves via CLI or dashboard (5 min timeout). Also supports Slack notifications. RBAC enforces role hierarchy: owner, admin, member, viewer.

Live traffic log

Every proxied request logged with agent, domain, action type, decision, latency, and status code. Searchable, filterable, and exportable from the dashboard.

Scoped kill switch

Block all traffic instantly, or scope to a specific connector or agent. Activate via CLI or dashboard. Restricted to org owners via RBAC.

Platform templates

Quick-start templates for OpenClaw, LangChain, n8n, and Claude Code. Pre-configured connectors and permissions for each platform.

Documentation

Quick Start

Install, configure, and send your first action request in 5 minutes.

Core Concepts

Connectors, permissions, deny-all model, approval workflow, kill switch, and SDK concepts.

Integration Guide

Proxy mode (zero code changes), SDK mode, LangChain, CrewAI, and raw HTTP examples.

Writing Policies

Policy builder, scopes, nested conditions, and real-world examples for GitHub, payments, infrastructure, and more.

API Reference

Gateway v2 internal API + control plane v1 API with examples.

SDKs & CLI

CLI v2 commands, Node.js SDK, Python SDK, and error handling.

Action Types

Registry of all supported action types, naming conventions, and custom type guidance.

Security

Threat model, ES256 tokens, encryption at rest, rate limiting, and operational checklist.

Deployment

Docker, env vars, TLS, SQLite vs Turso, Fly.io, Railway, and maintenance.

Changelog

Release notes and version history.

Source-available

TameFlare is source-available under the Elastic License v2 (ELv2). Full source code auditable. Cannot be offered as a managed service by third parties.