{"id":50116918,"url":"https://github.com/statespace-tech/nv","last_synced_at":"2026-05-23T15:33:40.853Z","repository":{"id":348400679,"uuid":"1187798650","full_name":"statespace-tech/nv","owner":"statespace-tech","description":"A transparent HTTPS proxy for AI agents, written in Rust.","archived":false,"fork":false,"pushed_at":"2026-04-01T01:06:13.000Z","size":132,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-01T03:51:32.177Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/statespace-tech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-21T07:14:03.000Z","updated_at":"2026-04-01T02:59:27.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/statespace-tech/nv","commit_stats":null,"previous_names":["statespace-tech/nv"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/statespace-tech/nv","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/statespace-tech%2Fnv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/statespace-tech%2Fnv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/statespace-tech%2Fnv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/statespace-tech%2Fnv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/statespace-tech","download_url":"https://codeload.github.com/statespace-tech/nv/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/statespace-tech%2Fnv/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33402165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-23T04:15:53.637Z","status":"ssl_error","status_checked_at":"2026-05-23T04:15:53.242Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-23T15:33:37.608Z","updated_at":"2026-05-23T15:33:40.847Z","avatar_url":"https://github.com/statespace-tech.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nv\n\n[![License](https://img.shields.io/badge/license-MIT-007ec6?style=flat-square)](https://github.com/statespace-tech/nv/blob/main/LICENSE)\n\n`nv` is a transparent HTTPS proxy for AI that sits between your agents and the internet. It injects credentials automatically so agents can make authenticated API requests without ever seeing a secret.\n\n---\n\n## Installation\n\nInstall nv:\n\n```console\n$ cargo install --path .\n```\n\nThen install the proxy CA certificate once per machine:\n\n```console\n$ nv trust\n```\n\n---\n\n## Quickstart\n\n```console\n$ nv init\nInitialised net environment [myproject] in: /path/to/myproject\n\n$ nv activate\nnv [myproject] active (port 51234). Run 'deactivate' to stop.\n\n$ nv add api.example.com --bearer\nBearer token: ••••••••\nAuth configured for 'api.example.com' (secret stored in .nenv/secrets.enc).\n\n$ claude \"Make some API requests\"\n```\n\n---\n\n## Commands\n\n### `nv init [path] [--name \u003cname\u003e]`\n\nCreate a net environment. Generates a project ID, creates an encryption key at `~/.config/nv/keys/\u003cid\u003e`, and writes `nv.toml`.\n\n```console\n$ nv init\n$ nv init ~/projects/myapp\n$ nv init --name myapp\n```\n\n### `nv add \u003chost\u003e \u003cauth-type\u003e`\n\nConfigure authentication for a host. Prompts for the secret, encrypts it into `.nenv/secrets.enc`, and records the auth type in `nv.toml`. The secret value is never written to `nv.toml`.\n\nHost can be an exact hostname or a glob pattern:\n\n```console\n$ nv add api.stripe.com --bearer\n$ nv add api.notion.com --header authorization\n$ nv add maps.googleapis.com --query key\n$ nv add api.sendgrid.com --bearer\n$ nv add auth.example.com --oauth2 --token-url https://auth.example.com/token\n$ nv add github.com --device-flow --client-id \u003cid\u003e\n$ nv add \"*.googleapis.com\" --query key\n$ nv add \"*.azure.com\" --bearer\n```\n\n\u003e Tip: Add `--browser` to collect the secret via a local browser form instead of a terminal prompt.\n\n### `nv sync`\n\nPopulate missing secrets interactively. Reads `nv.toml`, finds every host with auth configured but no secret in `.nenv/secrets.enc`, and prompts for each one. Run this after cloning a repo that already has an `nv.toml`.\n\n```console\n$ nv sync\napi.openai.com (bearer token): ••••••••\napi.anthropic.com (x-api-key header): ••••••••\nSecrets saved.\n```\n\nIf everything is already populated:\n\n```console\n$ nv sync\nAll secrets up to date.\n```\n\n### `nv activate`\n\nActivate the environment in the current shell. Starts the proxy daemon, sets `HTTP_PROXY`/`HTTPS_PROXY`, and defines `deactivate` to undo everything.\n\n```console\n$ nv activate\nnv [myproject] active (port 51234). Run 'deactivate' to stop.\n\n[myproject] $ deactivate\nnv deactivated.\n```\n\n\u003e `source .nenv/bin/activate` is equivalent.\n\n### `nv run \u003ccommand\u003e`\n\nRun a single command inside the environment without activating a shell.\n\n```console\n$ nv run python agent.py\n$ nv run curl https://api.openai.com/v1/models\n```\n\n### `nv list`\n\nShow all configured hosts and their auth types.\n\n### `nv allow \u003chost\u003e`\n\nAllow a host to pass through the proxy without auth injection. Useful for hosts the agent needs to reach but that don't require credentials. Accepts globs.\n\n```console\n$ nv allow cdn.example.com\n$ nv allow \"*.cloudflare.com\"\n```\n\n### `nv block \u003chost\u003e`\n\nBlock a host from passing through the proxy. Use `\"*\"` to block all traffic by default, then selectively allow or add hosts.\n\n```console\n$ nv block \"*.analytics.com\"\n$ nv block \"*\"                    # block everything by default\n$ nv add api.stripe.com --bearer  # implicitly allowed, wins over block *\n$ nv allow cdn.example.com        # pass-through, also wins over block *\n```\n\nExplicit allows (`nv add`, `nv allow`) always take precedence over blocks, including `\"*\"`.\n\n### `nv remove \u003chost\u003e`\n\nRemove a host's auth config from `nv.toml` and erase its secret from `.nenv/secrets.enc`.\n\n### `nv trust` / `nv untrust`\n\nInstall or remove the proxy CA from the system trust store. Required once per machine.\n\n---\n\n## CI usage\n\nCommit `nv.toml` and `.nenv/secrets.enc` to your repository. Export the project key once and store it as a masked CI secret:\n\n```console\n$ cat ~/.config/nv/keys/\u003cproject-id\u003e | base64\nabc123...\n```\n\nThen in CI:\n\n```yaml\n- name: Run agent\n  env:\n    NV_KEY: ${{ secrets.NV_PROJECT_KEY }}\n  run: |\n    source .nenv/bin/activate\n    python agent.py\n```\n\n`NV_KEY` is read by the daemon at startup and unset by the activate script before your command runs. The agent process never has access to it.\n\n---\n\n## nv.toml\n\n`nv.toml` can be committed to your repository. It contains auth types and host rules but **never** secrets.\n\n```toml\nid = \"a3f9c2d1-...\"\n\n[proxy]\nblock = [\"*\"]\nallow_only = [\"api.stripe.com\", \"cdn.example.com\"]\n\n[hosts.\"api.stripe.com\".auth]\ntype = \"bearer\"\n\n[hosts.\"api.notion.com\".auth]\ntype = \"header\"\nname = \"authorization\"\n\n[hosts.\"api.notion.com\".headers]\nNotion-Version = \"2022-06-28\"\n\n[hosts.\"auth.example.com\".auth]\ntype = \"oauth2\"\ntoken_url = \"https://auth.example.com/token\"\nscopes = [\"read\", \"write\"]\n```\n\n### Host patterns\n\n| Pattern | Matches |\n|---|---|\n| `\"api.example.com\"` | exact hostname |\n| `\"*.example.com\"` | single label wildcard |\n| `\"**.example.com\"` | any subdomain depth |\n| `\"api.example.com/v1/*\"` | host + path glob |\n\n---\n\n## Community\n\n- **Discord** — [Join our community server](https://discord.gg/statespace) for real-time help and discussions\n- **X** — Follow us [@statespace_tech](https://x.com/statespace_tech) for updates and news\n- **Issues** — Report bugs or request features on [GitHub Issues](https://github.com/statespace-tech/nv/issues)\n\n## License\n\nThis project is licensed under the terms of the MIT license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstatespace-tech%2Fnv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstatespace-tech%2Fnv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstatespace-tech%2Fnv/lists"}