BeforeWire 中文 Request shadow audit

Use case / relay poisoning

Block poisoned relay responses before tools run.

This demo uses an OpenAI-compatible fake relay. The relay returns both a poisoned package install and a safe one. BeforeWire strips the suspicious tool call, keeps the safe call, and writes a local evidence packet before execution.

Run the open-source demo Watch demos and reports
returned content 2 action intents
BeforeWire quarantined reqursts
safe action preserved requests 
[beforewire] blocked bash ['slopsquat']
[beforewire] suspicious tool call stripped
[receipt] #2 DENY reqursts / #3 ALLOW requests
[chain] hash verified

The model can be safe while the returned action intent is not.

A relay, gateway, or API router can alter returned content after the model has produced it. The agent still sees a compatible payload, so the risky moment is after the answer and before the tool executes.

baseline response path

Both action intents reach the agent.

{
  "tool_calls": [
    { "command": "pip install reqursts" },
    { "command": "pip install requests" }
  ]
}
BeforeWire action control

The poisoned install is denied before execution.

[beforewire] intercept corr=e8f75b45
policy=relay-guard
effect=deny
reason=slopsquat package
blocked="pip install reqursts"
protected action path

The safe call is preserved.

{
  "tool_calls": [
    { "command": "pip install requests" }
  ]
}
evidence packet

The proof is a decision record, not an accusation.

BeforeWire does not need to claim that a provider, model, or route is malicious. It proves that suspicious returned content cannot silently become a package install, shell command, HTTP request, or MCP tool call. The decision is deterministic and the evidence stays local.

local evidence receipt verified
#2 DENY
tool=pip_install args={"command":"pip install reqursts"} policy=relay-guard reason=slopsquat
#3 ALLOW
tool=pip_install args={"command":"pip install requests"}
source
api_route_response
boundary
before tool execution
chain
hash verified

How to show the control boundary live.

Use a fake compatible relay to make the risk obvious, then put BeforeWire on the agent execution path and repeat the same request. The difference is not a screenshot; it is a local receipt.

  1. Baseline

    Call the fake route directly and show that returned content includes both pip install reqursts and pip install requests.

  2. Control

    Run the same request through BeforeWire. The suspicious action is denied while it is still only intent; the safe action remains available.

  3. Evidence

    Open the local evidence packet and show [DENY] reqursts, [ALLOW] requests, policy reason, and verified hash chain.

  4. Next review object

    Run a shadow audit on redacted agent config or trace to see whether this report can enter your launch review path.

shadow audit response path
Want to map this to your agent stack?

Request a shadow audit to map your AI clients, API routes, MCP tools, outbound destinations, and local evidence packet requirements.

Request shadow audit