Lobster Trap

Top Builders

Explore the top contributors showcasing the highest number of app submissions within our community.

Lobster Trap

Lobster Trap is a reverse proxy built by Veea that sits between AI agents and any OpenAI-compatible LLM backend. It performs deep prompt inspection (DPI) on both incoming prompts and outgoing responses, classifying threats and enforcing YAML-based firewall rules in sub-millisecond time using compiled regex patterns. No additional model calls, API keys, cloud connectivity, or runtime dependencies are required.

General
Release date	18 Feb 2026
Developer	Veea
Type	Open-source LLM security proxy
License	MIT
GitHub	veeainc/lobstertrap
Documentation	README and policy reference

Core Features

Regex-based DPI - all classification runs in sub-millisecond time using compiled regex patterns, with no secondary LLM calls for threat detection.
Bidirectional inspection - rules apply to both incoming prompts and outgoing responses, catching both injection attempts and exfiltration in responses.
Structured metadata extraction - detects and surfaces intent categories, risk scores, credentials, PII, system commands, injection attempts, exfiltration patterns, target paths, domains, and risky commands.
Programmable YAML policy - first-match-wins ingress and egress rules with actions: ALLOW, DENY, LOG, HUMAN_REVIEW, QUARANTINE, and RATE_LIMIT.
Declared vs. detected intent - agents can declare intent via _lobstertrap request headers; Lobster Trap compares declared against detected and reports mismatches in the audit trail.
Real-time dashboard - built-in web UI at http://localhost:8080/_lobstertrap/ showing live traffic, decisions, and metadata.
JSON-line audit logs - structured logs of every decision, readable by security tooling or a regulator.
Drop-in deployment - transparent proxy for any tool using the OpenAI chat completions API; no application code changes required.

Supported Backends

Lobster Trap works with any OpenAI-compatible inference endpoint:

Backend	Notes
Ollama	Default target in quickstart config
vLLM	Compatible via OpenAI-compatible API
llama.cpp	Compatible via server mode
OpenAI	Proxy to production OpenAI API
Anthropic	Via OpenAI-compatible adapter
Gemini	Via OpenAI-compatible adapter

Policy System

Policies are defined in YAML and loaded at startup. Each rule specifies a direction (ingress or egress), a priority, match conditions, and an action.

Available actions:

Action	Behavior
`ALLOW`	Pass the request through
`DENY`	Block and return an error
`LOG`	Allow but write a log entry
`HUMAN_REVIEW`	Flag for manual review queue
`QUARANTINE`	Isolate for deferred inspection
`RATE_LIMIT`	Throttle matching traffic

A default policy file is provided at configs/default_policy.yaml as a starting point. Rules also support network policies and filesystem restrictions in addition to content-based matching.

Tools and Resources

GitHub repo (MIT) - source code, issues, and contribution guide.
README and quickstart - full policy reference and setup instructions.
Default policy - configs/default_policy.yaml in the repo, ready to fork and extend.
Adversarial test suite - run ./lobstertrap test to validate your policy against built-in attack patterns.
Single-prompt debugger - run ./lobstertrap inspect "<your prompt>" to see full metadata extraction output for any input.

Deployment Options

Three ways to run Lobster Trap:

Standalone - clone the repo, run make build, then start with ./lobstertrap serve. Requires Go 1.22 or later.
Pre-built static binary - download a Linux, Windows, or macOS binary from the repo with no Go toolchain required.
Native.Builder - already packaged inside lablab's Native.Builder environment; no setup needed.

No API keys, signups, rate limits, or cloud dependency required for any deployment path.

Ecosystem and Integrations

Acts as the trust layer beneath multi-agent systems, enforcing per-agent permission boundaries and logging cross-agent interactions.
Serves as a foundation for compliance policy packs targeting HIPAA, SOC2, or financial regulations.
Integrates with governance dashboards and drift monitoring tooling via its structured JSON audit log output.
Supported by Veea engineers in the lablab Discord for policy review, integration help, and architecture questions during hackathon build phases.

Get started by cloning the repo and running ./lobstertrap serve, or download a pre-built binary from github.com/veeainc/lobstertrap. The full policy reference is in the README.

Edit on GitHub

veea Lobster Trap AI technology Hackathon projects

Discover innovative solutions crafted with veea Lobster Trap AI technology, developed by our community members during our engaging hackathons.

ATLAS - Enterprise Multi-Agent Governance

ATLAS is an enterprise multi-agent system where every agentic decision is inspected, signed, and auditable. THE PROBLEM Goldman Sachs CIO said publicly: "We don't know what controls we need for agentic AI." Enterprise LLM agents make decisions affecting databases, APIs, financial records. There is no infrastructure that makes these decisions inspectable, auditable, and compliant. WHAT ATLAS DELIVERS - 29/29 scientific test suite PASS in under 1 second - All 5 sponsors integrated end-to-end (real API calls, not mocked): · Speechmatics for voice transcription · Featherless for open-source model routing (MiniMax-M2.5, DeepSeek-V3.2, Kimi-K2.5, Llama-3.3-70B) · Google Gemini 2.0 Flash for orchestration and synthesis · Vultr for infrastructure layer · Kraken for financial action layer - SOUF AI DPI inline governance: every prompt inspected in 0.079ms avg (well under 1ms ceiling) - Ed25519-signed audit chain with SHA-256 Merkle tamper-evidence - 8 signed records per full pipeline request, chain verified - Isaac Adams (Featherless judge): "confidence is what enterprise AI needs" — ATLAS is that confidence layer ARCHITECTURE 6-layer governed pipeline: Voice → Speechmatics → SOUF AI DPI gate → Gemini orchestrator → Featherless router → Tool executor (Search/Database/Kraken/Vultr) → Ed25519 audit trail → Gemini synthesis. REPRODUCIBILITY git clone https://github.com/SRKRZ23/atlas cd atlas && pip install -r requirements.txt python3 src/test_atlas.py → 29/29 PASS in under 1 second ECOSYSTEM ATLAS is the routing layer of a 4-product AI safety ecosystem: SOUF AI provides DPI, FORGE generates policies, CITADEL evaluates models, ATLAS calls them all. Same Ed25519 audit chain across four products. MIT licensed. Lobster Trap is the floor. ATLAS is the agent governance ceiling. Built solo by Sardor Razikov, Tashkent.

CXGuard - Powered by Lobstertrap

CXGuard is a security gateway and governance dashboard for AI-powered customer support agents. It is designed for companies that want to deploy AI support bots safely without exposing themselves to prompt injection, customer data leakage, refund abuse, secret extraction, policy manipulation, or unsafe automated actions. As more customer experience teams adopt AI agents to answer questions, resolve tickets, process returns, and reduce support costs, a new class of risk appears. Unlike traditional software, AI agents can be manipulated through language. A malicious customer may try to override the agent’s instructions, reveal hidden system prompts, extract private customer information, access internal policies, bypass refund limits, or trick the bot into performing actions it should not take. For enterprises, these failures are not just technical bugs — they can become privacy incidents, financial losses, compliance gaps, and reputational damage. CXGuard solves this by sitting between the customer support interface and the underlying language model. Every support conversation is routed through Lobster Trap, an inline prompt inspection and policy enforcement layer, before the request reaches the LLM. Lobster Trap inspects incoming prompts and outgoing model responses for risky signals such as prompt injection, credential extraction, personally identifiable information requests, sensitive file paths, role impersonation, unsafe commands, external exfiltration, and other suspicious patterns. CXGuard then turns those low-level security signals into an enterprise-ready product experience: clear decisions, risk scores, policy hits, incident details, human-review queues, and audit-ready logs.

Carapace

Carapace is the action-layer trust boundary that sits on top of Veea's Lobster Trap. AI agents now run at the edge with authority to take destructive actions on production infrastructure — isolate a spine switch, quarantine a node, migrate VMs across sites. Lobster Trap guards the conversation with deep prompt inspection, but a conversation that looks perfectly clean can still end in isolate(spine-switch-sj-01), and a single poisoned log line can trigger a self-inflicted outage with no clear audit of why. Carapace closes that gap. It sits between the agent's reasoning and its tool execution as a fail-closed policy engine that gates the action itself on declared-versus-detected intent, source provenance (trusted telemetry versus untrusted ingested text), and blast radius. It folds Lobster Trap's conversation-layer verdict into its own rule matrix so the two compose into genuine defense-in-depth — Lobster Trap can only ever make Carapace stricter, never looser. An injection-driven destructive action is escalated to QUARANTINE and never reaches the executor: proven live with real Gemini through the real Lobster Trap binary, blocked at $0 versus a ~$47k/minute outage with no trust layer. Every decision lands in a tamper-evident, hash-chained audit trail a regulator could read. It's the ceiling Veea's "floor, not ceiling" challenge asked for — a drop-in trust layer enterprise security teams will actually sign off on, with a 114-test suite and a live Gemini + Three.js demo.

RackVision AI

### Problem Global enterprise data centers currently operate with a critical "Visibility Gap." Traditional network management systems monitor logical traffic and software logs but remain completely blind to the physical space. When an onsite technician over-bends a fiber line or miswires a high-density GPU rack, the logical system drops packets, and engineering teams waste hours guessing why. ### Solution RackVision AI bridges this gap as a Physical-to-Logical Digital Twin Platform. We turn real-world visual telemetry into intelligent infrastructure workflows, giving operators full visibility across both the physical data center floor and the network layer. ### How We Built It (Technology Stack) * **Google Gemini Flash (via Gemini API & Google AI Studio):** Powers our Vision-Language pipelines. It acts as our autonomous workspace inspector, processing low-latency live video streams to evaluate hardware device health, track port alignment, and identify physical cable strain. * **Google Gemini Pro:** Drives our "Sketch-to-Topology" simulation engine. It interprets geometric, hand-drawn layout photos from field engineers and instantly converts them into interactive digital twin maps. * **Veea Lobster Trap:** Our mission-critical AI governance layer. Because an infrastructure agent handles production switch logic, we deployed Lobster Trap as a Deep Prompt Inspection proxy firewall. It blocks malicious prompt injections, intercepts unauthorized credential extraction commands, and logs an unalterable, regulator-ready compliance audit trail. ### Track Alignment: Track 3 (Robotics & Simulation) RackVision AI directly addresses Track 3 focus areas by deploying multi-modal Vision-Language models to interpret real-world spatial environments and compiling hand-drawn drafts into scalable, digital twins for industrial IT environments.

Incident Brain: Autonomous AI for Handling Outages

Incident Brain is an autonomous co-responder for production incidents built with Google Gemini and Veea Lobster Trap. It continuously ingests Slack conversations and terminal or screen activity during live outages, converts them into structured events, and builds a searchable semantic timeline in real time. Instead of acting like a chatbot that waits for prompts, Incident Brain proactively monitors the flow of an incident. Every action, hypothesis, observation, failure, and mitigation attempt is embedded into long-term incident memory using pgvector similarity search. When engineers repeat actions that previously failed in similar incidents, the system immediately warns the team with contextual reasoning grounded in historical outcomes. Google Gemini powers multimodal event extraction, reasoning, embeddings, intervention generation, cascade prediction, and automated post-mortem creation. Veea Lobster Trap provides a governed AI gateway layer for secure and policy-aware model traffic during incident analysis. Incident Brain also predicts cascading failures before they happen. By analyzing the evolving incident narrative, it identifies likely downstream failures, estimates confidence, and recommends mitigation steps while the outage is still unfolding. If the system detects that responders are stuck in a failure loop, it escalates into an autonomous co-responder. It synthesizes the current timeline, warning history, and historical recovery patterns to suggest actionable next steps directly in Slack and the live dashboard. Privacy is built into the architecture. Sensitive terminal data is redacted locally using OCR and Presidio before any structured events are sent to Gemini. Raw screenshots and secrets stay on the engineer’s machine. After resolution, Incident Brain automatically generates a complete post-mortem with timelines, root cause hypotheses, failed attempts, successful mitigations, and follow-up actions.