2 min read

trollbridge puts coding agents on a tighter leash

trollbridge is a local HTTP proxy for coding agents that blocks unknown outbound requests, adds optional LLM reviews, and keeps a JSONL audit log.

Image: Hacker News

A new tool called trollbridge aims to solve a growing problem with coding agents: how to give them room to work locally without letting them make arbitrary outbound network requests.

The project, posted to Hacker News by maintainer Dan Driscoll, is an HTTP proxy that sits between an agent and the internet. The pitch is simple: set an outbound policy once, then let the agent run freely inside a VM, container, or Incus instance. Locally, the agent can read, write, and run as normal. Online, it only reaches servers you explicitly allow.

trollbridge checks every HTTP and HTTPS request against an allow/deny list before it leaves the machine. Requests that match policy are decided immediately. Anything unfamiliar is held for manual review in an operator UI, where it can be approved or denied with a single keystroke. Sticky approvals can be turned into policy without editing a file.

An optional LLM advisor can sit in the middle of that flow. According to the site, it only sees requests that policy does not already settle. If the model is confident, it can recommend or resolve an allow/deny decision; low-confidence cases fall back to the human queue. The maintainer says the advisor is off by default, and users who want one can point it at a local OpenAI-compatible server such as Ollama, vLLM, or llama.cpp.

The tool is positioned as a complement to sandboxing rather than a replacement for it. trollbridge controls network access at the HTTP layer, while file system and process isolation still need to come from the environment around it. The documented setup is an Incus VM on Linux, with alternatives including Podman rootless, LXC, Lima, OrbStack, Tart, Multipass, WSL2, and Hyper-V.

Recommended reading

Waze adds smarter routing and a quieter voice mode

A few implementation details stand out:

  • User-mode install to ~/.local/bin
  • Linux and macOS support on amd64 and arm64
  • A single static binary with no runtime dependencies
  • A per-request JSONL audit log
  • Proxy startup via eval “$(trollbridge env)”, which exports HTTP_PROXY and HTTPS_PROXY

Driscoll describes the project as more than a dressed-up interception tool like mitmproxy, arguing that the value is in the rule engine, approval workflow, and audit trail.

“I run trollbridge in front of my Claude Code sessions, and the hold-and-approve loop on new destinations is what convinced me agents could be trusted with the network at all. Case in point: one of those agents wrote this testimonial, then tried to POST it to nine review sites I’d never heard of. trollbridge held all nine. I approved exactly one — you’re reading it.”

Dan Driscoll, maintainer

Installation is a one-liner: curl -fsSL https://trollbridge.dev/install.sh | sh. The script installs to ~/.local/bin/trollbridge, verifies SHA256 against the GitHub release, and supports install.sh --uninstall for removal.

Tomas Berg

Computing Editor

Tomas lives in the terminal. He covers chips, laptops, and operating systems with a focus on performance and efficiency. He reads kernel changelogs the way other people read fiction, and he's always on the hunt for the perfect mechanical keyboard switch. If it processes data, Tomas has an opinion on it.

via Hacker News

// Keep reading