The RenLayer proxy is the enforcement layer. It is a Rust + Axum reverse proxy that sits in the request path between an agent and the upstream model provider or tool API. Every request and response flows through it, so every action is observable and governable.
What the proxy does
- Authenticates the agent using a tenant-scoped API key.
- Classifies the call (chat completion, embedding, tool invocation, MCP request, arbitrary HTTP).
- Evaluates policies in priority order and decides whether to allow, flag, or deny the call.
- Runs DLP detectors on prompts and responses to catch PII, secrets, source code, and custom-defined sensitive data.
- Forwards allowed traffic to the configured upstream and streams the response back.
- Writes a trace with the request body, response, status, latency, token counts, and DLP findings.
Why inline (not async)
A logging proxy that mirrors traffic to an analytics pipeline can tell you what happened. An inline proxy can tell you what happened and stop bad things from happening. RenLayer is inline because:
- A
DENYpolicy must actually prevent the call, not just flag it after the model has responded. - A DLP block must redact or refuse before sensitive data leaves your network.
- Rate limits must apply at request time to be enforceable.
The trade-off is latency. The proxy adds typically 5–15 ms to a request when policies are simple and DLP detectors are pattern-based; heavy custom detectors can push that higher. For LLM calls (which already take seconds), this overhead is negligible.
What the proxy does not do
- It does not train or fine-tune models.
- It does not store model weights or maintain its own LLM.
- It does not rewrite prompts beyond redacting matched DLP patterns when configured to do so.
The proxy is a pass-through with policy and observability. Your agent’s behavior is unchanged when no rule matches.
How operators run it
The proxy is a single binary (or container). It depends on:
- PostgreSQL: shared with the Platform API; used for tenant, agent, policy, and trace data.
- Outbound network: to reach the upstream providers your agents call.
Three deployment patterns are common: sidecar, gateway, and standalone. See proxy deployment.
Where to go next
- How it works: request flow and headers.
- Deployment: sidecar / gateway / standalone.
- Policies: the policy model.
- DLP: built-in detectors and custom patterns.
- Rate limits: per-agent, per-user, per-tenant.