Score breakdown
Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.
Why it matters
Useful for security and platform teams running AI coding agents (Claude Code, Codex, Cursor, OpenCode, Hermes, custom harnesses) that call external APIs (Slack, Gmail, GitHub, internal services, vendor SaaS) and need an auditable outbound boundary: CrabTrap is the MIT forward proxy that terminates TLS, evaluates every outbound request against deterministic rules first and an LLM policy judge secon
Who should use it
Who should skip it
Move on from brexhq/CrabTrap if the licensing terms, language support, or platform requirements do not fit your project.
About this signal
brexhq/CrabTrap is tracked by RepoRadar as a outbound http/https proxy with l in the MIT outbound HTTP/HTTPS proxy that sits between section. It was first seen on 2026-06-25 and last updated on 2026-06-25. The current verdict is 'try now' with a Gold tier and moderate setup difficulty. The standout signals for brexhq/CrabTrap are workflow potential (9.6) and maturity (9.1), while setup ease (6.4) trails — that balance shapes where it fits best. This page summarizes the evidence RepoRadar has captured from captured source metadata. The score, tier, risk label, and verdict on this page are never influenced by sponsorship, ads, or tips — they reflect only the usefulness, popularity, novelty, momentum, maturity, and evidence signals described in the RepoRadar methodology.
How this item is evaluated
RepoRadar assigned brexhq/CrabTrap a composite score of 8.5 out of 10, placing it in the Gold tier. This score combines weighted sub-signals: usefulness (35%), novelty (18%), momentum (14%), maturity (10%), open-source/build quality (7%), evidence quality (6%), workflow potential (6%), and setup ease (4%). Popularity is tracked separately at 686.0 and never affects the composite score or tier. The risk label of 'conditional' reflects inherent user-impacting hazards, not generic novelty. Items with no risk flag may still require normal code review before production use.
Risk explanation
**TLS termination with custom CA: the proxy sees all request content in cleartext, including headers like Authorization and Cookie.** The README is explicit that 'the proxy sees all request content in cleartext, including headers like Authorization and Cookie. This is by design; the trust boundary is the proxy itself.' Adopters must run CrabTrap on a host the team controls (not a shared multi-tenant machine) and the agent's gateway_auth_token is the proxy password — protect it like an API key. Anyone with read access to the PostgreSQL audit log can read the Authorization headers of every request, so the audit-log DB needs the same access controls as the agent's own credential store; **LLM judge is configurable but defaults to deny on unavailability; choose deliberately.** The default behavior when the LLM judge is unavailable is to deny the request, which is the safe choice for production but can break CI/CD pipelines that depend on agent network access. Adopters should set the fallback explicitly: deny-by-default for regulated environments (the README's recommended posture), passthrough only for dev sandboxes where availability matters more than strict policy. The circuit breaker trips after 5 consecutive LLM failures and reopens after a 10-second cooldown, so a degraded LLM judge does not silently fall through to passthrough; **Policy-builder agent can draft rules from observed traffic; review every auto-drafted rule before promoting.** The policy-builder agent analyzes observed traffic and drafts URL-pattern rules automatically. This is convenient but not zero-risk: an auto-drafted allow rule for a destination that looks legitimate in the observed traffic could be a prompt-injection target the agent didn't recognize. Adopters should treat every auto-drafted rule as 'needs human review' and run the audit-log replay eval against the candidate policy before promoting it to production.