Proxy
Setup guide for the PromptShield proxy.
The proxy is a single Go binary. It handles provider routing, rate limiting, audit logging, and metrics. Connect the detection engine to enable scanning and policy enforcement.
Requirements
- Go 1.21+ (build from source) or download a pre-built release
Install
From source:
git clone https://github.com/promptshieldhq/promptshield-proxy
cd promptshield-proxyDownload a release:
Grab the binary for your platform from releases.
Configure
cp .env.example .envMinimum required:
PROMPTSHIELD_PROVIDER=gemini # gemini | openai | anthropic | openai-compatible | selfhosted
GEMINI_API_KEY=your-key # key for your chosen providerSee Environment Variables for the full list.
Run
From source:
make run
# listening on :8080From release binary:
./promptshield-proxy
# listening on :8080Verify
curl -s http://localhost:8080/health
# {"status":"ok","service":"promptshield-proxy"}Connect your app
Change base_url in your SDK. No other code changes needed.
client = OpenAI(base_url="http://localhost:8080/v1", api_key="sk-...")Admin API
The proxy exposes an admin API for runtime configuration without restarts:
Requires authentication:
PROXY_ADMIN_TOKEN=your-secret-tokenGet current config
curl -H "Authorization: Bearer YOUR_TOKEN" \
http://localhost:8080/admin/configUpdate configuration
curl -X PUT -H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"mode": "security",
"engineUrl": "http://localhost:4321",
"providerMode": "single",
"provider": "openai"
}' \
http://localhost:8080/admin/configGet policy
curl -H "Authorization: Bearer YOUR_TOKEN" \
http://localhost:8080/admin/policyUpdate policy (hot-reload)
curl -X PUT -H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/yaml" \
--data-binary @config/policy.yaml \
http://localhost:8080/admin/policyConnect the detection engine
Set in .env and restart:
PROMPTSHIELD_ENGINE_URL=http://localhost:4321
PROMPTSHIELD_ENGINE_API_KEY=your-engine-keyWithout this the proxy runs in gateway mode: routing, rate limiting, and observability only. See Engine for setup.