The Control Plane for AI in Production

Stop runaway agents.
Cap per-user spend.
Audit every LLM decision your team ships.

Hard cost ceilings and loop detection for every agent your team ships. Five lines of code. Zero infrastructure.

Get started — it's free See how the kill works

Works with LangGraph · CrewAI · OpenAI Agents SDK · any framework

agent-run · research-agent · live$0.000

thskyshield · policy enforced0/8 events

< 10ms

P99 Decision Latency

Faster than your LLM cold-starts

99.99%

Atomic enforcement

Lua-in-Redis. No race window.

5 lines

Drop into any agent loop

LangGraph, CrewAI, OpenAI, or roll your own

Two Products. One Engine.

Runtime protection for every LLM call.

Design partners

My agent might loop and burn $200.

Runtime governance for agent runs — hard budget ceilings, loop detection, and a kill switch that fires before the money is spent.

Budget ceilingLoop detectionKill switchStep audit

See how it works Talk to us →

Live today

My users could drain my OpenAI bill.

Per-user spend enforcement with atomic Redis. Blocks the API call before it executes — no tokens burned, no cost incurred.

Per-user limitsUnder 10ms checkFail-open

Full product Get started →

For AI Agents

Your agent shouldn't be able to spend $200 on a $2 task.

Autonomous agents are non-deterministic by design. One stuck loop, one bad tool call, one hallucinated retry — and a $0.40 task becomes a $40 incident. You won't see it until the OpenAI bill arrives.

Thskyshield wraps every agent run with a hard budget, a tool-call policy, and a circuit breaker. Set the policy once in your dashboard. Enforce it across every agent your team ships. Audit every decision.

Runaway loops

Agent retrying the same call 80 times — killed at the loop signature, not at midnight.

Cost blowouts

Task hits the per-run ceiling — terminated with partial result, not infinite retry.

Tool abuse

Agent tries to call send_email 50× or hit an unallowlisted domain — blocked at the call site.

Silent drift

Cost-per-successful-task creeping up after a deploy — flagged before the bill lands.

agent/run.ts

import { Thskyshield } from '@thsky-21/thskyshield'

const shield = new Thskyshield({
  siteId: process.env.THSKYSHIELD_SITE_ID!,
  apiKey:  process.env.THSKYSHIELD_KEY!,
})

const run = await shield.beginRun({
  agent:  'research-agent',
  user:   userId,
  policy: 'default',  // policies live in your dashboard
})

try {
  while (!done) {
    const ok = await run.beforeStep({ tool, args, estimatedTokens })
    if (!ok.allowed) break   // budget, loop, or policy hit
    const result = await callLLMAndTool()
    await run.afterStep({ tokens, toolResult })
  }
} finally {
  await run.end()
}

Five lines. Drop into any agent loop. Works with LangGraph, CrewAI, OpenAI Agents SDK, or your own.

Design partners. We're working with a small group of teams to shape the agent SDK. Free forever for the first five. Want in?

Talk to us

How It Works

Three SDK calls. Complete runtime governance.

Wrap your agent loop with beginRun, beforeStep, and afterStep. The control plane enforces your policy on every call — atomically, in under 10ms.

shield.beginRun()

Define run limits

Set a dollar budget, max iterations, timeout, and loop detection threshold. Returns a run handle tied to your API key and site.

run.beforeStep()

Gate every LLM call

A single atomic Redis round-trip checks all four limits — budget, iterations, timeout, loop — before the API call fires. Returns allowed or throws ShieldKilledError.

run.afterStep() + run.end()

Settle cost, close run

afterStep reconciles the actual token cost in Redis. end() writes the final summary to Supabase — total cost, iteration count, kill reason if applicable.

agent.ts

import { Thskyshield, ShieldKilledError } from '@thsky-21/thskyshield'

const shield = new Thskyshield({ siteId, apiKey })

const run = await shield.beginRun({
  budgetLimitUsd: 2.00,
  iterationLimit: 30,
  loopThreshold:  5,
})

try {
  while (!done) {
    const { requestId } = await run.beforeStep({
      stepType:        'llm',
      model:           'gpt-4o-mini',
      estimatedTokens: { input: 500, output: 200 },
      promptInput:     currentPrompt,
    })

    const result = await callYourLLM(currentPrompt)

    await run.afterStep({
      requestId,
      actualTokens: result.usage,
      model:        'gpt-4o-mini',
    })
  }
} catch (e) {
  if (e instanceof ShieldKilledError) {
    // e.reason: 'killed_budget' | 'killed_loop' | 'killed_iterations' | 'killed_timeout'
    console.log(`Agent stopped: ${e.reason}. Spent: $${e.spent}`)
  }
} finally {
  const summary = await run.end()
  console.log(`Total: $${summary.totalCostUsd}`)
}

Kill triggers — thrown as ShieldKilledError

killed_budget

Budget exceeded

spent + reserved > limit

killed_loop

Loop detected

same prompt ≥ loop_threshold

killed_iterations

Max steps hit

iter ≥ iteration_limit

killed_timeout

Timed out

elapsed > timeout_seconds

Why a Control Plane

Not a library. A layer above your code.

A library

your-app

budget-lib

service-b

no policy here

runs in-process · per developer · stops with the process

A control plane

Thskyshield

policy + audit

service-a

service-b

service-c

runs above your code · per org · persists across deploys

Drop-in budget libraries are great — for one developer protecting one script. They run inside your process, log to stdout, and stop where your code stops.

The moment you have a team, multiple services, policies that need to match across them, or a finance lead who wants to see what's actually happening — you need a layer above the code. A place where policy lives. A place where every decision is logged. A place that doesn't disappear when the process exits.

That's Thskyshield. The SDK is two functions. Everything else — policies, dashboards, audit logs, alerts, cross-service visibility — lives in the control plane.

Pricing

Simple. No surprises.

Free

Forever

1,000 agent runs / month
100 LLM-app active users
1 policy
7-day audit retention
—Webhooks
Community support

Get started

Popular

Pro

$49/mo

Everything in Free, plus:

Unlimited agent runs
Unlimited active users
Unlimited policies
90-day audit retention
Webhooks
Email + Slack support

Talk to us

Common questions.

{ } < > ;

Ship agents with a safety net.

Free tier. No credit card. Deploy in 60 seconds.

$npm install @thsky-21/thskyshield

Get started free Talk to us

Stop runaway agents.
Cap per-user spend.
Audit every LLM decision your team ships.

Runtime protection for every LLM call.

My agent might loop and burn $200.

My users could drain my OpenAI bill.

Your agent shouldn't be able to spend $200 on a $2 task.

Three SDK calls. Complete runtime governance.

Not a library. A layer above your code.

Simple. No surprises.

Common questions.

How is Thskyshield different from drop-in budget libraries or LLM observability tools?

Why not just set max_iterations=10?

How does the budget enforcement actually work?

What happens if your service goes down?

What LLM providers are supported?

Can I set different limits per user?

What is prompt deduplication / loop detection?

How accurate is the cost calculation?

Ship agents with a safety net.

Stop runaway agents. Cap per-user spend. Audit every LLM decision your team ships.

Runtime protection for every LLM call.

My agent might loop and burn $200.

My users could drain my OpenAI bill.

Your agent shouldn't be able to spend $200 on a $2 task.

Three SDK calls. Complete runtime governance.

Not a library. A layer above your code.

Simple. No surprises.

Common questions.

How is Thskyshield different from drop-in budget libraries or LLM observability tools?

Why not just set max_iterations=10?

How does the budget enforcement actually work?

What happens if your service goes down?

What LLM providers are supported?

Can I set different limits per user?

What is prompt deduplication / loop detection?

How accurate is the cost calculation?

Ship agents with a safety net.

Stop runaway agents.
Cap per-user spend.
Audit every LLM decision your team ships.