Skip to Content
prxy.monster v1 is in early access. See what shipped →
Local ModeLocal mode — Airgap mode

Airgap mode

For environments where outbound network access must be tightly controlled. The airgap module rejects any outbound call that doesn’t go to your configured provider.

The airgap module ships in v1.1. Until then, enforce airgap rules at the firewall / network namespace level — the gateway already respects whatever your network policy permits.

What airgap mode does (v1.1)

When airgap is the first module in your pipeline:

  1. Wraps the request lifecycle in a network policy.
  2. Allows: HTTPS to your configured provider host (e.g. api.anthropic.com).
  3. Blocks: every other outbound call. Including embedding APIs (Voyage, OpenAI) and any module that tries to fetch externally.
  4. Falls back to offline behavior wherever a network call is denied (e.g. embedding stub, no remote pricing fetch).

Configuration (v1.1)

pipeline:
  - airgap:
      allowedHosts:
        - api.anthropic.com
        - api.openai.com   # if you use both
      onViolation: 'block' # 'block' | 'log-only'

If you set allowedHosts: [], the module infers from your provider env vars — whichever providers you have keys for are auto-allowed.

Enforce airgap today (without v1.1 module)

Two options:

1. Firewall / iptables rule

On the host:

# Allow Docker bridge → api.anthropic.com only
sudo iptables -I DOCKER-USER -d <anthropic-ip> -p tcp --dport 443 -j ACCEPT
sudo iptables -I DOCKER-USER -j REJECT

(Adjust for your distro’s Docker chain conventions.)

2. Network namespace

# Run the container in an isolated netns with restricted DNS + routes
docker run --network=airgap-net ...

Pre-create airgap-net with docker network create and apply iptables rules to that bridge.

3. Drop embedding requirements

The simplest version of airgap: don’t set VOYAGE_API_KEY or OPENAI_API_KEY for embeddings. The gateway falls back to the offline stub embedder. Now the only outbound traffic is the LLM call itself.

# .env
ANTHROPIC_API_KEY=sk-ant-xxx
# (no VOYAGE_API_KEY)
# (no OPENAI_API_KEY for embeddings)
PRXY_PIPE='ipc,patterns,semantic-cache'

Now grep your container’s outbound packet capture and the only host you’ll see is api.anthropic.com.

Trade-offs

With airgapWithout airgap
Embeddings: stub (deterministic, poor quality)Embeddings: provider API (high quality)
semantic-cache hit rate: lowersemantic-cache hit rate: higher
mcp-optimizer accuracy: lowermcp-optimizer accuracy: higher
Network surface: minimalNetwork surface: provider + embedding API

For sensitive workloads (legal, healthcare, internal tools handling regulated data), the quality trade-off is usually worth it.

See also

Last updated on
Using prxy.monster with the Vercel AI SDKAWS self-deploy (CDK)