High-performance HTTP Proxy and Defense-in-Depth Edge Layer for Project GHOST SHIP.
Boundary Declaration: proxy (Layer A) and core (Layer B) are strictly pure infrastructure and engine layers. This gateway does not process data directly; it acts exclusively as the perimeter defense, authentication, and billing interceptor before routing traffic to the internal normalization engine.
We employ a Zero-Trust Hybrid Architecture to ensure speed, security, and scalability. All traffic lacking the injected X-Internal-Secret and X-Tenant-Id is dropped at the edge.
graph TD
A[🤖 AI Agent / Client] -->|HTTP POST| B(Layer A: Edge Gateway)
B -->|1. Auth Validate| Cache[(CF Cache)]
B -->|2. Prompt Injection Guard| Shield{Block/Pass}
Shield -->|Pass| C[3. Inject X-Internal-Secret]
C -->|Proxy Request| D(Layer B: Core Engine)
C -.->|4. executionCtx.waitUntil| P[Polar.sh Metered Billing]
Billing is handled natively at the edge without adding latency to the AI agent's request.
- Validation: Extracts the API key from the
Authorization: Bearerheader and checks validity via Polar.sh (or internal Edge Cache). - Proxy: Forwards the validated request to Layer B.
- Event Ingestion: Uses Cloudflare's
executionCtx.waitUntil()to asynchronously send anapi_requestevent ($0.10/call) to the Polar.sh API. - Resilience: If the billing request fails, the agent still receives the normalized data, ensuring 100% uptime for the user experience.
The infrastructure has passed complete penetration and functional testing.
Successfully validated Polar.sh key, appended Zero-Trust headers, and proxied to Layer B.
{
"timestamp": "2026-03-XXT10:00:00Z",
"level": "INFO",
"event": "proxy_success",
"tenant_id": "8f3a...291b",
"status": 200,
"billing_event": "queued"
}Successfully intercepted and dropped a payload containing "ignore previous instructions" at the edge, costing $0 in compute and 0 load on Layer B.
{
"timestamp": "2026-03-XXT10:05:12Z",
"level": "WARN",
"event": "security_violation",
"reason": "Prompt Injection Attempt Blocked",
"tenant_id": "anonymous_tenant",
"status": 403
}- Runtime: Cloudflare Workers (TypeScript)
- Framework: Hono
- Protocol: HTTP Proxy (MCP Compatible)
- Security: Prompt Injection Shield, R2 Privacy-Safe Audit Logging, Strict CORS.
npm installnpm run devnpx wrangler deploy --env production- Interactive Docs (Swagger): Human-readable API specs at https://api.sakutto.works/docs.
- Discovery Endpoint: Technical specs are hosted at https://api.sakutto.works/llms.txt.
- MCP Server Definition: Automated discovery at https://api.sakutto.works/.well-known/mcp.json.
This service is a pure data processing infrastructure, NOT an advisory service.
Please read our LEGAL.md carefully.
- We do NOT provide analytical predictions, automated decision-making, or specialized advisory.
- We do NOT maintain proprietary databases or closed-source intelligence feeds.
- The "Commerce" in our name refers strictly to our API Metered Billing Infrastructure for developers.
- Official Portal (sakutto.works) - Documentation & Discovery Hub.
- agent-commerce-core - The Normalization Engine (Layer B).
- ghost-ship-mcp-server - The Official MCP Server (Layer C).
- Get API Key (Polar.sh) - Purchase Quota & API Key Generation.
If this infrastructure helped you save time or scale your AI agents, consider supporting the development! Your support helps keep this project highly maintained and secure.
© 2026 Sakutto Works - Standardizing the Semantic Web for Agents.