BREAK THE LOOP before it breaks YOUR BUDGET.
Loopers is the firewall for the agentic era. It acts as a baremetal, zero-delay circuit breaker that intercepts requests to prevent token overspending, stop runaway agent loops, and safeguard against catastrophic bill shocks like LLMjacking.
$ docker pull ghcr.io/cursed-me/loopers-oss[ AUDIT LOGS ]
Why autonomous AI infrastructure needs a firewall, not a dashboard.
LLMjacking
Attackers steal API keys from public repos, deploy agents, and leave you with the bill. Sysdig documented a 376% spike in AI credential theft.
Agent Runaway
Autonomous agents stuck in retry loops scale costs silently. Token cost grows O(n²) in agent steps. The loop doesn't sleep.
Provider Gaps
Google's caps have a 10-minute enforcement lag. AWS Budgets exclude Marketplace charges entirely by design. They don't stop the bleed.
Why Loopers?
If an autonomous agent gets stuck in a loop or an API key is compromised, it can burn thousands of dollars in minutes. Loopers isn't just an alert or an observability dashboard—it's a strict, fail-closed firewall with an active kill-switch.
Atomic Correctness Guarantee
Executes checks in a single Redis Lua transaction, preventing TOCTOU race conditions under extreme concurrency.
Zero-Storage Security Model
Pass-through architecture. Your API keys are only kept in-memory during request lifecycles. Zero persistence to disk/database, rendering it immune to data breaches.
Sub-Millisecond Overhead
Written in Go using httputil.ReverseProxy and Redis, adding only ~1-2ms of latency to the request path. No cold starts, no blocking streaming performance.
Fail-Closed Guarantee
Fails closed if Redis or the proxy goes down, instantly blocking requests to protect your wallet.
Mid-Stream Cutoffs
Intercepts streaming Server-Sent Events (SSE) responses, counts tokens in real-time, and severs the connection instantly if limits are exceeded.
How it works
Point your SDK
That's the entire integration.
Set your caps
Any granularity you need.
Sleep
Your key is never stored. It's injected into the provider call, then discarded on response. We can't lose what we never had.
Performance Benchmarks (Episode 1)
Loopers is engineered to handle massive concurrent traffic spikes without dropping the ball on budget enforcement. In our latest LLM Gateway benchmarks against Python/FastAPI alternatives, Loopers demonstrated absolute dominance.
[ SPEC SHEET ]
Technical comparison vs alternatives
Fully Transparent. MIT Licensed.
Any piece of software that sits between your application and your AI provider must be fully transparent. Inspect every line. Fork it. Run it yourself.
The managed SaaS adds anomaly detection, team controls, and compliance reporting — that's what you pay for. The core kill switch is open.
Frequently Asked Questions
Direct answers for developers and engineering teams.
What happens if my AI agent gets stuck in an infinite loop?
AI providers like OpenAI charge for every word generated. If your code has a bug and makes endless requests, you could wake up to a massive surprise bill. Loopers sits between your app and the AI provider. You set a strict spending limit, and Loopers automatically blocks any requests that go over budget.
Can't I just use the budget limits on the OpenAI dashboard?
Provider dashboards update slowly and usually only let you set account-wide limits. If you hit that limit, your entire application goes down. Loopers acts as an active firewall, letting you set real-time, custom budgets for specific users, projects, or API keys. This means one bad actor or bug can't take down your whole system.
How does Loopers protect against stolen API keys?
Hackers constantly search for exposed AI API keys to steal and use on your dime—a fast-growing attack known as LLMjacking. Loopers protects you by enforcing strict daily or hourly spending limits. Even if a key is stolen, the hackers are instantly blocked the moment they hit the limit you defined.
Will routing requests through Loopers slow down my app?
No. Loopers is designed to be extremely fast. It checks budgets instantly before forwarding your request to the AI provider. It adds only ~1-2ms of latency to the request path, which is completely unnoticeable compared to the time it takes the AI to actually generate a response.
Join the Waitlist
No spam. No growth hacks. One email when we launch.