Integration Guide

Connect any AI agent to TameFlare with zero code changes. TameFlare works at the transport layer - it intercepts HTTP traffic via a proxy, so it works with any language, framework, or tool.

Step 1: Create a gateway

Go to tameflare.com/dashboard/gateways and click Create gateway. Name your gateway (e.g. "dev-bot", "ci-agent"), then the wizard walks you through:

Connectors - select which APIs this gateway can access (GitHub, OpenAI, Stripe, etc.), paste API keys, test connection
Access Rules - per connector: toggle action categories on/off, set per-action overrides (allow / deny / require approval)
Notifications - TameFlare dashboard (always on) + optional Slack
Review - pre-flight checklist, then click Create gateway

After creation, the dashboard shows your Gateway ID and Gateway Token.

Step 2: Log in and initialize

tf login    # Opens browser - authorize the CLI (one-time per machine)
tf init     # Auto-detects your gateway, saves config

tf login opens your browser to tameflare.com where you click Authorize. Credentials are saved to ~/.tameflare/credentials.json. Then tf init fetches your gateways and selects one (or prompts you to pick if you have multiple).

For CI/CD (headless environments), use the manual approach instead:

tf init --gateway-id gw_xxx --gateway-token gwtk_xxx

Step 3: Run your agent

tf run -- python my_agent.py
tf run -- node my_agent.js
tf run -- ./my_agent

That's it. All outbound HTTP traffic is now routed through proxy.tameflare.com. The agent never sees real API keys.

Step 4: Monitor

Use the CLI or dashboard:

tf status                     # Gateway config + connectivity
tf logs                       # Opens dashboard traffic view

Or use the dashboard at tameflare.com/dashboard for a full view of traffic, approvals, and audit history.

Available connectors

Connector	Domains	Actions
`github`	`api.github.com`	20+ (PRs, issues, branches, releases, files, repos)
`openai`	`api.openai.com`	24+ (chat, embeddings, images, audio, files, fine-tuning)
`anthropic`	`api.anthropic.com`	2+ (messages, models)
`stripe`	`api.stripe.com`	40+ (charges, refunds, payments, subscriptions, invoices)
`slack`	`slack.com`, `api.slack.com`	35+ (messages, channels, files, users, admin)
`mcp`	Configurable	JSON-RPC tool calls (tools/call, tools/list)
`webhook`	Any domain	Generic HTTP (POST, GET, PUT, PATCH, DELETE)
`generic`	Any domain	Method-based (GET, POST, PUT, DELETE)

See Connectors for full details on each connector.

Why proxy mode works

Zero code changes - works with any agent, any language
Deny-all default - no connector = no access
Credential isolation - agent never sees real API keys
Hold-connection approvals - proxy holds HTTP request until human approves
Strong enforcement - all HTTP/HTTPS traffic is routed through the proxy; for full bypass-resistance, pair with OS-level egress restrictions

Credential vault

When you create a gateway in the dashboard wizard, you paste API keys into the encrypted vault. The gateway injects these credentials into allowed requests at proxy time.

Credential	Where to add it
GitHub PAT	Gateway wizard > GitHub connector > API key field
OpenAI API key	Gateway wizard > OpenAI connector > API key field
Stripe secret key	Gateway wizard > Stripe connector > API key field
Slack bot token	Gateway wizard > Slack connector > API key field
Any HTTP API key	Gateway wizard > Generic HTTP or Webhook connector > API key field

Note

Credentials are encrypted at rest with AES-256-GCM. The agent process only sees the proxy URL - never the real API keys. Remove API keys from your agent's environment variables.

How framework interception works

TameFlare intercepts HTTP traffic at the transport layer, not the framework layer. This means it works with any agent framework without plugins or adapters.

Approach	How it works	Limitation
Framework plugin	Hook into LangChain/CrewAI tool system	Only works with that framework. Requires code changes.
SDK wrapper	Wrap each tool call with a check	Requires code changes per tool. Agent can skip the check.
Transport interception (TameFlare)	Set `HTTP_PROXY` / `HTTPS_PROXY` env vars. All HTTP calls go through the proxy.	Works with everything. Strong enforcement for HTTP/HTTPS; pair with egress rules for full isolation.

When you run tf run -- python my_agent.py, TameFlare sets HTTP_PROXY / HTTPS_PROXY (and lowercase variants) to https://{token}@proxy.tameflare.com for the child process. Most HTTP libraries respect these variables automatically (see compatibility table below). For full bypass-resistance, pair with OS-level egress controls.

Framework compatibility

Framework	Proxy support	Notes
LangChain	Automatic	Uses `requests`/`httpx` which respect `HTTP_PROXY`
CrewAI	Automatic	Uses `requests` under the hood
n8n	Automatic	Node.js `fetch`/`axios` respect proxy env vars
OpenClaw	Automatic	Standard HTTP client
Claude Code	Automatic	Uses Node.js HTTP client
Custom Python	Automatic	`requests`, `httpx`, `urllib3` all respect proxy
Custom Node.js	Automatic	`fetch`, `axios`, `node-fetch` all respect proxy
Custom Go	Automatic	`net/http` respects `HTTP_PROXY` by default
Shell scripts (curl)	Automatic	`curl` respects proxy env vars

Tip

The proxy works with Python, Node.js, Go, shell scripts, LangChain, CrewAI, OpenClaw, n8n, and any tool that makes HTTP calls.

Multiple gateways

Create separate gateways in the dashboard for different agents or environments, each with their own connectors and permissions:

# Dev directory - full access gateway
cd ~/dev-agent && tf init --list && tf run -- python dev_agent.py
 
# CI directory - read-only GitHub gateway
cd ~/ci-agent && tf init --gateway-id gw_ci --gateway-token gwtk_xxx && tf run -- ./deploy.sh
 
# Prod directory - approval required for writes
cd ~/prod-agent && tf init --list && tf run -- python prod_agent.py

Each directory has its own .tf/config.yaml pointing to a different gateway. Each gateway has its own token, connectors, and permissions.

Recommended rollout

Step	Action	Enforcement
1	Create gateway in dashboard, add connectors, set permissions	-
2	`tf run` with `monitor` enforcement level	All traffic forwarded, decisions logged but not enforced
3	Review traffic in dashboard for 1-2 weeks, tune permissions	Still monitor
4	Switch to `soft_enforce` in dashboard	Denies logged as `would_deny`, still forwarded
5	Switch to `full_enforce`	Denied requests return 403

Tip

Start with monitor mode to observe real agent behavior before enforcing. This prevents false positives that block legitimate work.

Troubleshooting

Problem	Solution
Agent traffic not proxied	Ensure you used `tf run` - it sets `HTTP_PROXY` / `HTTPS_PROXY` (and lowercase variants)
Agent gets 403 from proxy	Check the dashboard traffic view for the denied action. Add a permission rule or switch to `monitor` mode
Approval never resolves	Check the dashboard approvals page. Approvals expire after 5 minutes
Kill switch blocking everything	Disable the kill switch in the dashboard
Agent gets `407 Proxy Auth Required`	Check that the gateway token is correct (`tf status`) and the gateway is active in the dashboard
`tf init` fails	Ensure you've run `tf login` first, or pass `--gateway-id` and `--gateway-token` for CI/CD
Approval never arrives in Slack	Check Slack integration in Settings (bot token, signing secret, channel ID)

Next steps

Writing Policies - create custom rules for your domain
Concepts & Terminology - understand connectors, permissions, and enforcement
Connectors - full connector reference
Kill Switch - emergency stop procedures