# Vigil — agent-aware data plane

Vigil is the agent-aware data plane that sits between AI agents and the systems they touch (databases, APIs, services). It speaks both languages: it knows what agents are trying to do, and it speaks SQL, HTTP, and gRPC to the backend.

Open source. Single binary. Free for individuals. Version v0.1.0. Source: https://github.com/constantinexanthos/vigil

## The problem

Today's infrastructure (Postgres, Redis, Cloudflare rate limiters, AWS API Gateway) was tuned for human-shaped traffic. Agents shift the traffic shape from 1 user → 1 request → 1 response to 1 agent goal → 5,000 sub-requests → many of them redundant. Legacy infrastructure interprets agent traffic as a DDoS attack.

### Humans vs. agents

• - human: Click a button, wait for one response
  + agent: Fire 50 queries in 2 seconds
• - human: One person = one identity
  + agent: 5 agents share one API key, indistinguishable
• - human: Don’t repeat themselves
  + agent: Re-fire the same query 200 times because the LLM forgot
• - human: Rarely take down their own DB
  + agent: Do it casually

## What it does

1. Per-agent identity. Every agent gets a stable ID issued by Vigil. The proxy attaches it to every request. Now the database, the logs, and the rate limiter can all distinguish “Claude doing the refactor” from “Cursor running tests” from “your production web traffic.”
2. Per-agent rate limiting. Token-bucket throttling that knows which agent is which. The analytics agent gets 100 q/sec, the refactor agent gets 20 q/sec. They don’t starve each other and they don’t starve production.
3. Fan-out coalescing. When an agent fires the same query repeatedly (which they do constantly), Vigil deduplicates and serves cached results. The single biggest cost-saver: cuts agent infrastructure costs 40–80% in early benchmarks.
4. Blast-radius control (coming next). Coming in v0.1.0e. “Agent X cannot DELETE from production. Agent Y cannot touch the migrations folder. Agent Z requires human approval before touching auth.” Policies enforced at the proxy, not in the agent’s prompt where it can be jailbroken out of.
5. Audit trail. Every action — what agent, what request, what response, was it cached, was it rate-limited, was it blocked by policy — is signed and logged. When something does go wrong, you can replay it. When auditors come, you have answers.

## Scenario: 10-person startup, 5 coding agents

### Without Vigil

• [11:30] Agent A is refactoring. It runs SELECT * FROM users WHERE email = ? 200 times in 30 seconds because the LLM keeps “rediscovering” the same query.
• [11:31] Agent B starts an analytics task. Giant aggregation query against the same table.
• [11:32] Postgres CPU hits 100%. Query latency goes from 5ms to 800ms.
• [11:33] Your production website starts timing out. Customers complain.
• [11:35] Slack war room. Three engineers stop what they’re doing.
• [11:50] Database load is the obvious culprit, but nobody knows which agent did what. They all share the same DB credentials.
• [12:15] Identified and killed.
• [12:30] Postmortem. “We need rate limits.” Cloudflare rate limits are per-IP. All your agents come from the same Kubernetes pod.

### With Vigil

• [11:30] Agent A makes its 1st query. Vigil sees the agent’s identity, runs the query.
• [11:30] Agent A makes its 11th identical query. Vigil notices, serves cached result instantly. Logs “Coalesced 10 redundant queries from Agent A.”
• [11:31] Agent B starts the analytics aggregation. Vigil sees it competing with Agent A’s hammering and throttles Agent A first — Agent A is in a low-priority pool.
• [11:31] Production web traffic is isolated in a separate rate-limit pool entirely. Untouched.
• [11:32] Postgres CPU stays at 30%. Customers don’t notice anything.
• [12:00] You glance at the Vigil dashboard out of curiosity: Agent A: 437 queries → 89 actually executed (348 deduplicated, 0 rate-limited). Agent B: 14 queries → 14 executed. Production: unaffected.
• [12:05] You realize you saved yourself a war room.

Not glamorous. Deeply useful.

## Where we sit

Vigil sits in the request path between agents and your systems. Orchestration, observability, and identity tools sit adjacent to it — they spawn agents, watch what they did, and know who they are, but none of them sit in line on every request. Different layer, different job.

in the request path, not adjacent to it.

## Get the binary

Vigil ships as a single Go binary. Drop it between an agent and your data store, point it at a config file, watch the audit trail land. Free for individuals; paid tiers when you need team policy and cloud retention.

Source: https://github.com/constantinexanthos/vigil
Proxy quickstart: https://github.com/constantinexanthos/vigil/tree/main/proxy