An edge governance and observability platform for AI agent traffic.
Roll out AI with confidence across your organisation.
Quick start · Verify · Trust · OSS vs Cloud · Configuration · Architecture · Docs · Contributing
Soth sits between your AI agents and the rest of the world — capturing, classifying, and governing MCP, HTTP, and AI-provider traffic. It runs fully standalone and headless: no account, no cloud, nothing leaves the machine. See what your agents are doing, enforce policy, and stay within budget — all from the local SQLite store and the CLI.
When you want a visual dashboard, live feeds, and policy/budget across a whole fleet, connect your nodes to the optional managed backend, SOTH Cloud. The proxy is identical either way.
- MITM proxy — selective TLS termination of AI-provider domains (OpenAI, Anthropic, Google, …); transparent tunnel for everything else. Always-on without breaking unrelated traffic.
- Policy & budget — OPA-style rules to block, allow, or rate-limit by agent, model, endpoint, or cost.
- Fleet observability — every event is captured locally (SQLite) and, with SOTH Cloud, streams to a managed dashboard with live feeds, policy and budget views, and multi-node management. No UI to build or host yourself.
Soth runs fully standalone by default — no account, no cloud, nothing leaves the machine. Install the headless binary and drive it from the CLI:
# macOS / Linux
curl -fsSL https://dashboard.soth.ai/install.sh | bash
# Windows (PowerShell 7.5+): iwr -useb https://dashboard.soth.ai/install.ps1 | iex
soth setup-ca # one-time local MITM CA
soth start # start the proxy
soth on # route system traffic through it
soth events stream # headless live feed (no GUI)Inspect traffic with soth events stream or query the SQLite store at ~/.soth/
directly. Prefer to pipe nothing into your shell? See
Verify before you run and
Why trust a MITM proxy? below.
Build from source instead:
git clone https://github.com/soth-ai/soth
cd soth && cargo build --release
./target/release/soth --versionWant a managed dashboard, live feeds, and policy/budget across a fleet? Enroll your nodes against the managed backend instead of installing standalone:
- Sign in at dashboard.soth.ai and create an enrollment link for your team.
- Run the one-liner it gives you on each machine:
curl -fsSL "https://dashboard.soth.ai/install?enroll_token=<token>" | bash -s --This installs the same signature-verified binary, enrolls the node with the backend, and starts capturing. Live traffic, policy, and budget show up in your dashboard right away — across every enrolled machine.
Prefer an API key to a per-node token?
curl -fsSL "https://dashboard.soth.ai/install" | bash -s -- --api-key <key>
Piping a script into your shell is convenient but opaque. If you'd rather read it first, download, inspect, and run it as separate steps:
# macOS / Linux
curl -fsSL https://dashboard.soth.ai/install.sh -o soth-install.sh
less soth-install.sh # read exactly what it does before running
bash soth-install.shYou don't have to take the script's word for what it installs. The installer itself performs a verifiable trust handshake before anything lands on disk:
- Fetches a release manifest over HTTPS.
- ed25519-verifies the manifest against a public key embedded in the script
(mirrors
ops/keys/) — a compromised storage bucket alone cannot push a malicious binary. - Downloads the platform binary and verifies its sha256 against the manifest before
installing (
scripts/install.sh).
So the only thing you're trusting at curl time is the script you just read — and it, in
turn, refuses to install anything that isn't operator-signed.
Soth asks for real privileges — it installs a local CA and terminates TLS for AI-provider domains. That's a lot to ask, so the design is built to be auditable rather than taken on faith:
- The CA is local and scoped.
soth setup-cagenerates a CA that lives only on your machine and is used solely to intercept the AI-provider domains you configure; everything else is tunnelled untouched. Read the code:commands/proxy/setup_ca.rs. - Selective interception, not blanket MITM. Only AI domains are TLS-terminated; all other traffic is a blind passthrough (see the architecture diagram below).
- You can see exactly what's recorded. The event/telemetry schema is open:
soth-core/src/telemetry.rsandsoth-api-types/src/api_types.rs. PII redaction is configurable underobserve. - Standalone means nothing leaves the machine. With no cloud enrollment, every event
stays in the local SQLite store at
~/.soth/. Sync to SOTH Cloud is opt-in and only happens after you enroll.
| Open source (this repo) | SOTH Cloud | |
|---|---|---|
| Edge proxy, MCP / HTTP capture | ✅ | ✅ |
| Policy engine, budget, classification | ✅ | ✅ |
Local SQLite store + soth events stream |
✅ | ✅ |
| Visual dashboard & live feeds | — | ✅ |
| Multi-node fleet management | — | ✅ |
| Managed policy / budget across teams | — | ✅ |
The proxy is fully functional standalone. SOTH Cloud is a managed backend + dashboard on top — there's no UI to build or host yourself.
Copy soth.example.yaml to ~/.soth/soth.yaml and edit. Key sections:
| Section | What it controls |
|---|---|
identity |
Per-agent crypto identity & trust store |
policy |
OPA Rego rules, enforcement mode, cache TTLs |
observe |
Local logging, PII redaction, retention |
budget |
Per-agent token & cost limits |
forward_proxy |
MITM listener, intercept domain list, CA paths |
cloud |
SOTH Cloud endpoints & enrollment credentials |
┌──────────────┐
agents │ AI clients │
│ (Claude, GPT │
│ MCP, curl) │
└──────┬───────┘
│ HTTP(S) / stdio / WebSocket
▼
┌──────────────┐ ┌─────────────────┐
│ soth │ ──────► │ AI providers │
│ edge proxy │ │ (api.openai...) │
└──────┬───────┘ └─────────────────┘
│ events
▼
┌──────────────┐ ┌─────────────────────┐
│ SQLite store │ ──────► │ SOTH Cloud │
│ (local) │ │ dashboard · policy │
└──────────────┘ │ budget · fleet │
└─────────────────────┘
Cloud sync is what powers the dashboard; the local SQLite store always works on its own, so the proxy runs fully standalone if you skip enrollment.
Core crates:
soth-cli— CLI surface and runtime lifecyclesoth-proxy— MITM transport, gating, classification, exchange assemblysoth-policy— policy engine (OPA Rego)soth-classify— 7-stage classification pipeline with optional ONNX modelssoth-detect— deterministic detection helperssoth-telemetry— local SQLite storagesoth-sync— cloud enrollment and event syncsoth-extensions— extension manager (bundleshistorianandcode)
| Guide | What's inside |
|---|---|
| Installation internals | Installer mechanics, paths, self-update |
| Production readiness | Operational guidance & known gaps |
| Configuration reference | Every config key, annotated |
| Contributing | Dev setup and the PR workflow |
| Security policy | Reporting vulnerabilities |
| Changelog | What's shipped |
Soth is alpha. The proxy and policy engine work today and are used in production by the maintainers, but APIs may change before 1.0. See CHANGELOG.md for what's shipped.
Bug reports, fixes, and ideas welcome. See CONTRIBUTING.md for setup and the PR workflow. Security issues: SECURITY.md.
Soth is distributed under the Mozilla Public License 2.0 — see LICENSE. Modifications to MPL-covered files must be shared under the same license; everything else (downstream applications, larger works that link to Soth) can be licensed however you like.
